The Dodd-Frank Wall Street Reform and Consumer Protection Act, enacted on July 21, 2010, established a whistleblower incentive program requiring the Securities and Exchange commission to provide monetary awards to whistleblowers who come forward with information about the violation of federal securities laws, including violations of the Foreign Corrupt Practices Act (FCPA). The Act also prohibits employers from retaliating against those who provide information about securities violations.
The reward for providing information that leads to a successful enforcement action by the SEC which results in monetary sanctions over $1,000,000 can be 10% to 30% of the penalty paid.
On its face, the idea of rewarding whistleblowers who tip off law enforcement about instances of financial fraud, bribery, and corruption seems to make sense. People with knowledge of misdeeds at companies are often reluctant to report their suspicions (or even hard evidence) of fraud because of the fear of a backlash. Offering monetary rewards to whistleblowers will likely cause more people in-the-know to come forward with key information. That may cause companies to be more diligent in their fraud prevention efforts.
That’s good stuff, right? Maybe. Maybe not.
One huge problem created by the whistleblower and reward provisions of the Dodd-Frank legislation is the potential that employees will not report any problems internally, and will go instead for the monetary rewards for whistleblowers. This is obviously detrimental to companies. It is especially detrimental to companies that have good compliance programs and are generally on the right side of the law.
Comments to the SEC prior to the adoption of Dodd-Frank suggested that the rule should require employees to first report wrongdoing internally before being eligible for any whistleblower rewards. Without a provision such as this in the final rule, it was argued that it is too easy for employees to skip internal reporting of suspicious activities (which deprives the company of the opportunity to correct the problems) and go right for the bounty.
The final rule did not include this provision. Instead, the rule included “incentives” for employees to report wrongdoing internally first. Voluntarily participating in a company’s compliance program by reporting misdeeds internally can increase the amount of the whistleblower’s reward from the SEC.
This isn’t enough. Even though it may encourage employees to utilize an internal compliance program with the potential for a larger reward, they can still bypass internal controls for a reward.
The SEC hasn’t done enough to help companies have successful compliance programs. When wrongdoing is discovered and an employee reports it internally, the company’s program has a chance to succeed. The company can take corrective action, and that is a major part of the compliance function. The SEC undermines that compliance program by enticing whistleblowers to skip internal reporting and go straight to the authorities.
Additionally, by using piles of money as incentives for employees to go straight to the government, the cost to companies will be much greater. It is generally less expensive to to perform an internal investigation as a routine part of the company’s compliance program. The costs to cooperate with a federal investigation tend to be exponentially higher.
It will be interesting to see how this all plays out. I fear that Dodd-Frank is going to increase costs for companies with good compliance programs that generally worked in the past, because employees will now run straight to the government without giving the companies a chance to correct the problems.