Whistleblower award to former company officer underscores importance of diligence

March 31, 2015

WhistleblowerAbout three and a half years ago, I wrote about Dodd-Frank’s “whistleblower bounty” provision, in which I pondered the possible impact of the law, with the final rule for which only being adopted two months previous to the article’s publication in October of 2011.

The provision allows for monetary awards to individuals who provide original, useful information about a securities fraud that results in a successful Security and Exchange Commission (SEC) enforcement action with at least $1 million in sanctions.

In the years since its adoption, we’ve seen the provision in action, with 15 payouts since the adoption of the final rule and a record payout of over $30 million in September of 2014.

Considering the heavy monetary incentive presented by the program, many companies have been prudently taking measures to minimize their chances of a SEC investigation prompted by the tip of an employee-turned-whistleblower.  Such measures have included tightening up not only their regulatory compliance muscles, but also their internal channels of communication to ensure that the individuals who receive this information are only those who absolutely need to know.  Typically, these include officers and directors who can remediate the issue of noncompliance.

Because of certain exemptions in the final rule that prohibit awards to a whistleblower who is an “officer, director, trustee, or partner of an entity” who was informed of the alleged misconduct or learned of it “in connection with the entity’s processes for identifying, reporting, and addressing possible violations of law,” there has been little concern with these individuals learning of compliance violations from internal reports.

There is, however, an exemption to this exemption: these individuals are permitted to collect whistleblower bounties if the whistleblower “reports the information to the SEC more than 120 days after other responsible compliance personnel possessed the information and failed to adequately address the issue.”

This exemption recently resulted in the payout of about $500,000 to a former company officer – the first award of this kind.

This individual wasn’t the person who originally learned of and reported the possible violation; instead, 120 days after the violation was first reported internally, this person, having learned of it from another individual, reported it to the SEC, seeking the whistleblower bounty.

For every organization – even those who have already prepared for the rule in general by encouraging internal reporting and investigation procedures – this should come as a wake-up call.

Yes, because the SEC has shown that it’s serious about allowing officers and directors who discover information about securities violations to take advantage of the exception to the exemption; but more importantly, what this actually means for corporations is that they must be ever vigilant about their violation reporting processes to ensure that multiple parties are responsible for the investigation and resolution of such violations.

This is to ensure not only that all complaints are tracked from the moment they are reported, but also that there isn’t only one or two individuals responsible for remedying any violations, such that the issues aren’t “adequately addressed” within 120 days after reporting.

While we’re on that subject, it’s also very important to note that the SEC has not established explicit guidelines for whether a company has “adequately” addressed an issue within 120 days, instead noting that such determinations are made on a case-by-case basis.  This ambiguity should only further the necessity of having robust tracking and resolution processes in place to minimize any chances of being judged as “inadequate.”

Even with the most comprehensive procedures in place, however, organizations may still need to consider whether an issue can even be adequately resolved within 120 days.  If there is any significant chance that a particular issue cannot, the more prudent course may be for the company to self-report to the SEC to minimize its liability.

This new payout has shown that almost anyone within an organization can collect on a bounty, including officers and directors, no matter how it was discovered.  Considering that officers and directors tend to be the most financially savvy members of the company, the prospect of their “cashing in” creates the constant risk of an ongoing securities violation being reported after 120 days, regardless of how much progress has been made toward resolving it.

Organizations must be cognizant of this reality and adjust their internal policies accordingly.