The SEC as the Whistleblower’s Advocate

Mary Jo White is Chair of the U.S. Securities and Exchange Commission. This post is based on Chair White’s recent address at the Ray Garrett, Jr. Corporate and Securities Law Institute–Northwestern University School of Law in Chicago, Illinois; the full text, including footnotes, is available here. The views expressed in this post are those of Chair White and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

I am very honored to address the Garrett Institute, one of the most important programs in the country for corporate and securities lawyers, and to be in David’s home territory of Northwestern Law School where he served as Dean before going on to serve as a very distinguished Chairman of the SEC in the late 1980s.

Although the Garrett Institute was established 35 years ago to honor former SEC Chairman Ray Garrett, Jr., I really first came to learn about him when I did a bit of research for a speech I gave in honor of former SEC Commissioner Al Sommer on the importance of the SEC as an independent agency. Mr. Sommer, himself a legendary Commissioner, was recommended by Chairman Garrett to succeed him as Chairman. Seemingly, that did not come to pass because Commissioner Sommer was a Democrat during a Republican administration. That, however, did not stop Chairman Garrett, a Republican, from recommending the person he thought would be the best for the job.

Things have changed some since Ray Garrett chaired the Commission, although the core mission and many of the important issues have not. The SEC remains the Investor’s Advocate and there continues to be an emphasis on important issues related to corporate governance, disclosure, and market structure.

But what I have chosen to talk to you about today [April 30, 2015] is a topic and program that was not part of Chairman Garrett’s SEC in the mid-1970s—the SEC’s whistleblower awards program, established by the Dodd-Frank Act in 2010. The program, while clearly still developing, has proven to be a game changer.

Whistleblowers and awards for their information were, of course, around long before Dodd-Frank. The IRS and OSHA have had whistleblower programs for many years; the False Claims Act has had a whistleblower provision dating back to 1861; and the Dutch enacted a law in 1610 that banned naked short selling—defined then as selling more shares than were owned in a registered account—and provided for whistleblower awards. Offenders could have their sales cancelled and be assessed a penalty amounting to one-fifth of the value of the transaction, a third of which could be awarded to a whistleblower, with another third going to relief for the poor. The remaining third went to the officer who imposed the fine—I am glad I do not have to oversee that particular aspect of the incentive structure.

There have always been mixed feelings about whistleblowers and many companies tolerate, at best, their existence because the law requires it. I would urge that, especially in the post-financial crisis era when regulators and right-minded companies are searching for new, more aggressive ways to improve corporate culture and compliance, it is past time to stop wringing our hands about whistleblowers. They provide an invaluable public service, and they should be supported. And, we at the SEC increasingly see ourselves as the whistleblower’s advocate.

It has been nearly four years since the SEC implemented its whistleblower program. While still evolving and improving, we have enough experience now to take a hard look at how the program is working and what we have learned. Overall, I am here to say that the program is a success—and we will work hard at the SEC to build on that success.

The volume of tips has been greater and of higher quality than expected when the program was first adopted. We have seen enough to know that whistleblowers increase our efficiency and conserve our scarce resources. Importantly, internal compliance programs at companies also remain vibrant and effective ways to detect and report wrongdoing. But despite the success of our program, the decision to come forward, especially in the face of internal pressure, is not an easy one.

The ambivalence about whistleblowers can indeed sometimes manifest itself in an unlawful response by a corporate employer and we are very focused at the SEC on cracking down on such misconduct. We want whistleblowers—and their employers—to know that employees are free to come forward without fear of reprisals. In 2014, we brought our first retaliation case and, this month, our first case involving the use of a confidentiality agreement that can impede whistleblowers from communicating with us. This latter case has generated some controversy, which I will address shortly. But, first, let’s look a bit closer at the four-year track record of the program.

The SEC’s Whistleblower Program’s Successful Start

Increasing Volume of Tips

Our Whistleblower Office was fully operational by mid-2011. The number of tips we have received is high and has increased by more than 20 percent. In Fiscal Year 2014, the SEC received over 3,600 tips (about ten a day), which is up from about 3,200 tips in 2013. In the first quarter of this year, we have seen the numbers increase again—by more than 20 percent over the same quarter last year. And tips have come from whistleblowers from all fifty states and sixty foreign countries.

The tips span the full spectrum of federal securities law violations. Most commonly, they relate to corporate disclosures and financial statements, offering fraud, and market manipulation, but we have also received important tips about, for example, investment adviser fraud and broker-dealer rule compliance.

Increasing Quality of Tips and Assistance

As the program has grown, not only have we received more tips, but we also continue to receive higher quality tips that are of tremendous help to the Commission in stopping ongoing and imminent fraud, and lead to significant enforcement actions on a much faster timetable than we would be able to achieve without the information and assistance from the whistleblower. The program has also created a powerful incentive for companies to self-report wrongdoing to the SEC—companies now know that if they do not, we may hear about the conduct from someone else.

Whistleblowers have provided us with original information leading to the opening of new investigations, “insider” views as to how a company approaches its disclosures to investors and highly technical analyses of rapidly evolving fraud schemes. Whistleblowers have also testified at TRO or asset freeze proceedings, enabling our staff to stop fraud schemes before investor losses mount; they have identified additional witnesses and encouraged those witnesses to come forward; and they have explained documents to enhance our understanding of cases.

Making Substantial and More Frequent Awards

In order for a whistleblower to receive an award, he or she must voluntarily provide the Commission with original information that leads to a successful SEC enforcement action or related action with monetary sanctions exceeding $1,000,000. If those criteria are met, the whistleblower may apply for an award, which can range between 10% to 30% of the amounts collected in the case. When deciding how much to award in that range, we consider a number of factors. Factors that favor a greater percentage include highly significant information, crucial assistance by the whistleblower, the importance of the law enforcement interest advanced, and the whistleblower’s cooperation with the company’s internal compliance systems. Factors that weigh against a higher award include the culpability of the whistleblower, delay in reporting, and interference with a company’s internal compliance system.

A total of seventeen whistleblowers have thus far received awards. Payouts have totaled nearly $50 million and we have made individual awards in excess of $1 million three times. Our highest award to date is over $30 million. In the last fiscal year, the Commission issued more awards to more people for more money than in any previous year—and that trend is expected to accelerate.

None of this would have happened without the hardworking and dedicated staff in our Office of the Whistleblower, many of whom joined at the inception of the program and have worked diligently to build it from the ground up, as well as our General Counsel’s Office and the Enforcement staff who work on the cases and deal with the whistleblowers on a day-to-day basis. And, I should not make any of this sound easy.

Administering the whistleblower program has presented a number of challenges for us. For example, our Whistleblower Office must address claims from “serial submitters” who file a claim for virtually every case in which over $1 million in sanctions is awarded when there is no connection between their tip and the case. But staff is required to thoroughly assess every claim and make recommendations to the Commission even when the award claims have no basis. And, because this is a new program, we have needed to address several issues of first impression. We, of course, have a responsibility to whistleblowers and the investing public to carefully consider the novel issues that will shape the contours of the program for years to come.

One of the issues of first impression that the Whistleblower Office and the Commission are addressing relates to the circumstances under which officers and directors and compliance and internal audit personnel may be eligible to receive whistleblower awards. These individuals are generally not eligible to receive a whistleblower award, but the rules provide an exception to the general prohibition if the information is reported to the SEC at least 120 days after providing it to the employer’s audit committee, chief legal officer, chief compliance officer, or a supervisor. These otherwise excluded personnel can also become eligible to receive an award where they have a reasonable basis to believe that disclosure to the SEC was necessary to prevent imminent misconduct from causing substantial financial harm to the company or investors.

Awards have recently been made under both of these exceptions. In March 2015, the Commission announced a payout of approximately $500,000 to a former company officer who reported information about a securities fraud at the company after reporting internally and waiting the specified time. And just this month, we announced an award of more than a million dollars to a compliance professional who provided information that assisted the SEC under the kind of exigent circumstances encompassed by our rules.

Supporting Internal Compliance

Let me say a bit more about company compliance programs. When the Commission was considering its whistleblower rules, concerns were raised about undermining companies’ internal compliance programs. Some commenters urged that internal reporting be made a pre-condition to a whistleblower award. That was not done, but the final whistleblower rules established a framework to incentivize employees to report internally first. A whistleblower’s participation in internal compliance systems is thus a factor that will generally increase an award, whereas interference with those systems will surely decrease an award. And, a whistleblower who internally reports, and at the same time or within 120 days reports to the Commission, will receive credit for any information the company subsequently self-reports to the SEC.

All indications are that internal compliance functions are as strong as ever—if not stronger—and that insiders continue to report possible violations internally first. Although there is no requirement under our rules that the whistleblower be a current or former employee, several of the individuals who have received awards were, in fact, company insiders. Notably, of these, over 80% first raised their concerns internally to their supervisors or compliance personnel before reporting to the Commission.

Many in-house lawyers, compliance professionals, and law firms representing companies have told us that since the implementation of our program, companies have taken fresh looks at their internal compliance functions and made enhancements to further encourage their employees to view internal reporting as an effective means to address potential wrongdoing without fear of reprisal or retaliation. That is a very good thing, and, so far, we believe that the whistleblower program has achieved the right balance between the need of companies to be given an opportunity to address possible violations of law and the SEC’s law enforcement interests.

Preventing and Punishing Retaliation

Dodd-Frank expanded the protections and remedies for retaliation against whistleblowers that were first laid out in Sarbanes-Oxley. The scope of the prohibition against retaliation is appropriately broad: employers cannot “discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower” to provide information or assistance to the Commission. Dodd-Frank establishes both a private right of action for the whistleblower and authority for the Commission itself to bring an action for retaliation against an employer. This provision reflects Congress’ recognition of the severe chilling effect retaliation has on whistleblowers if their company is able to fire or demote them because they have reported a possible violation of law to the SEC.

We at the SEC take these whistleblower protections very seriously and companies should too. In June 2014, we brought and settled our first action against a company for retaliating against a whistleblower who had reported a possible securities law violation to the Commission. In that case, the head trader of a hedge fund advisory firm reported trading activity to the SEC that demonstrated the firm was engaged in prohibited principal transactions. After the trader notified the company of the report to the Commission, the company immediately began retaliating, including by removing the whistleblower from the head trader position, stripping the whistleblower of supervisory responsibilities, and, ironically, changing the whistleblower’s job function from head trader to a full-time compliance assistant.

The Commission charged the firm and its principal with engaging in prohibited principal transactions and making a false filing with the Commission, and charged the firm with retaliating against the employee. Among other relief, the hedge fund and its principal paid over $2 million in monetary sanctions. And, I am pleased to report that just this week, we awarded the full 30%—over $600,000—to the whistleblower who was the victim of that retaliation.

The SEC also has intervened in several private cases to argue that the anti-retaliation protections of Dodd-Frank should apply to individuals who internally report potential securities laws violations as well as to those who make disclosures directly to the Commission. Strong enforcement of the anti-retaliation protections is critical to the success of the SEC’s whistleblower program and bringing retaliation cases will continue to be a high priority for us.

Rigorous Attention to Ensure Open Lines of Communication Between Whistleblowers and the SEC

In addition to protecting whistleblowers from retaliation once they have reported information to the Commission, Rule 21F-17 also prevents individuals and entities from taking steps to silence potential whistleblowers before they contact us, including through the threatened enforcement of confidentiality agreements.

The Enforcement Division has been focused on companies that use agreements or other mechanisms to improperly stifle whistleblowers from coming forward. On April 1, 2015, we announced our first enforcement action against a company for using confidentiality agreements that could potentially stifle the whistleblowing process. We charged the company with violating Rule 21F-17 because it required witnesses in certain internal investigations to sign confidentiality statements with language warning that employees could face discipline, including termination, if they discussed the subject matter of the interview with outside parties without prior approval. Under the rule, the Commission is not required to establish that the confidentiality agreement actually prevented employees from communicating with the SEC. The potential and significant chilling effect of blanket prohibitions on reporting information is also prohibited by the rule.

This case has prompted considerable discussion. Some have asserted that the Commission has applied an overly broad interpretation of the rule and engaged in rulemaking by enforcement, which, in turn, has created uncertainty as to the enforceability of all confidentiality agreements. Neither concern is warranted.

Rule 21F-17 clearly states that no action may be taken to impede an individual from communicating directly with the Commission staff about possible securities law violations, including by enforcing or threatening to enforce confidentiality agreements that could be read to limit such communications. The agreement in question ran afoul of the prohibition by, among other things, covering underlying facts and requiring pre-approval by the company’s legal department before reporting information and threatening disciplinary action for violating this pre-approval requirement. Requiring pre-approval before reporting may have, among other chilling effects, discouraged a potential whistleblower who wished to remain anonymous, which is an enormously important safeguard. This confidentiality agreement, in our view, violated the plain language of Rule 21F-17. And enforcing a rule for the first time does not mean that we are engaged in rulemaking by enforcement.

The rule is not, however, a sweeping prohibition on the use of confidentiality agreements. Companies conducting internal investigations can still give the standard Upjohn warnings that explain the scope of the attorney-client privilege in that setting. Companies may continue to protect their trade secrets or other confidential information through the use of properly drawn confidentiality and severance agreements.

The SEC is not trying to dictate the language of these agreements or warnings—that is the company’s responsibility. But a company needs to speak clearly in and about confidentiality provisions, so that employees, most of whom are not lawyers, understand that it is always permissible to report possible securities laws violations to the Commission.

In our recent 21F-17 action, the company addressed the issue by changing the violative language to say explicitly that the agreement does not prevent individuals from reporting possible violations of the law to federal law enforcement agencies. And to remedy any potential harm already done, the company also undertook to notify employees who had signed the original agreement that they are not required to seek permission before communicating with any governmental agency concerning possible violations of federal law. Companies would be well-served to review their own agreements and policies to ensure that they are consistent with Rule 21F-17 and all of the whistleblower rules.

As we have intensified our focus in this area, a number of other concerns have come to our attention, including that some companies may be trying to require their employees to sign agreements mandating that they forego any whistleblower award or represent, as a precondition to obtaining a severance payment, that they have not made a prior report of misconduct to the SEC. You can imagine our Enforcement Division’s view of those and similar provisions under our rules.

Overall Assessment

To sum up, after nearly four years of experience, what is our assessment of the Dodd-Frank whistleblower program and how should companies be responding?

First, we know that the regime does, in fact, create powerful incentives to come to the Commission with real evidence of wrongdoing that harms investors and it meaningfully contributes to the efficiency and effectiveness of our Enforcement program. And whether the whistleblowers are reluctant or eager, motivated by a desire to do what’s right or by the prospect of financial reward, or both, they have, and will continue to, come forward.

This reality should create at least equally strong incentives for companies to build truly effective compliance programs and to foster atmospheres where internal compliance reporting is not only tolerated, but actively encouraged. To that end, companies should take a hard look at whether their boards and senior management are promoting these priorities. By some accounts, there is more work to be done. In one survey of 2,500 executives world-wide, as few as 7% of companies say whistleblowing is important for their organization and 44% say they do not have whistleblower policies or fail to publicize them. If that is so, it is little wonder that we are still wrestling with troublesome corporate cultures.

We also know that retaliation against whistleblowers occurs, sometime starkly, sometimes more subtly—and that is very troubling. For the SEC’s part, we are working hard to foster a safe environment for whistleblowers by investigating and charging those who retaliate as well as those who, whether inadvertently or not, take actions or use agreements that could chill the willingness of employees to report violations of law to the SEC. Companies should be asking themselves if they have created an environment where employees can report internally without fear of retaliation. Are they creating uncertainty through non-disclosure and other confidentiality agreements that could imply that such reporting might not be allowed? Again, there is some indication that management may need to work harder at this—those same 2,500 executives in the survey report that 40% of their companies discourage whistleblowing.

As with any enforcement program, the ultimate goal of our whistleblower program is to deter further wrongdoing. It is no doubt too early to draw conclusions about whether the program has altered corporate behavior and reduced wrongdoing. But we certainly hope it has and will continue to do so. And we are not alone in this hope and expectation.

One early measure of our program’s success is how many other regulators are seeking to replicate it. Last fall, then-Attorney General Eric Holder suggested that legislation was needed to enhance the whistleblower provision in the Financial Institutions Reform, Recovery, and Enforcement Act (FIRREA), which is currently capped at $1.6 million, to improve DOJ’s ability to gather evidence of wrongdoing in complex financial crimes. And, in February, the New York State Attorney General called for legislation to establish a state program modeled on the SEC’s.


The bottom line is that is that responsible companies with strong compliance cultures and programs should not fear bona fide whistleblowers, but embrace them as a constructive part of the process to expose the wrongdoing that can harm a company and its reputation. Gone are the days when corporate wrongdoing can be pushed into the dark corners of an organization. Fraudsters rarely act alone, unobserved and, these days, the employee who sees or is asked to make the questionable accounting entry or to distribute the false offering materials may refuse to do it or just decide that they are better off telling the SEC. Better yet, either there are no questionable accounting entries or false offering materials to be reported in the first place or companies themselves self-report the unlawful conduct to the SEC.

Both comments and trackbacks are currently closed.