The Securities and Exchange Commission (the “SEC”) on April 22, 2015 announced a Dodd-Frank whistleblower bounty award of more than $1 million to a compliance officer who provided information assisting the SEC in an enforcement action against the whistleblower’s employer.1 Whistleblower awards to company compliance personnel are rare under the five-year-old program.
In this instance, the SEC noted that the compliance officer reported the company’s misconduct to the SEC “after responsible management at the entity became aware of potentially impending harm to investors and failed to take steps to prevent it.” This award underscores the negative consequences to a company of both failing to take appropriate and timely action to address compliance problems once they are reported internally and of ignoring the warnings of its own compliance officers.
The Dodd-Frank whistleblower program rewards individuals who provide “original information” resulting in an SEC enforcement action involving sanctions against a violator exceeding $1 million.2 “Original” information is defined as deriving from the whistleblower’s “independent knowledge” or “independent analysis.” Under the program’s implementing regulations, the SEC will generally not regard information as derived from independent knowledge or independent analysis if the whistleblower obtained the information because of the individual’s position as an “employee whose principal duties involve compliance or internal audit responsibilities.”3 However, there are several exceptions to this general exclusion of compliance personnel from the whistleblower program.4
In making the recent award, the SEC invoked for the first time the exception that permits the SEC to reward information from an employee having compliance responsibilities if the individual has “a reasonable basis to believe that disclosure of the information to the Commission is necessary to prevent the relevant entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors . . . .”5 Without providing any details, the SEC’s release confirmed that the compliance officer had “a reasonable basis to believe that disclosure to the SEC was necessary to prevent imminent misconduct from causing substantial financial harm to the company or investors.”
The whistleblower in this matter will receive between $1.4 million and $1.6 million. Whistleblower awards can range from 10 percent to 30 percent of the financial penalties collected in an enforcement action. Pursuant to the SEC rules, neither the whistleblower nor the nature or target of the enforcement action was publicly disclosed.
According to the SEC, this is the second award it has made to an employee with internal audit or compliance responsibilities. In 2014, the SEC announced a whistleblower bounty of more than $300,000 to a company employee responsible for audit and compliance functions who had appropriately reported concerns of wrongdoing to the company, but the company took no action on the matter.6 In making that award, the SEC invoked a different exception permitting a whistleblower award to a compliance employee in circumstances when at least 120 days have elapsed between the time the individual first “provided the information to the relevant entity’s audit committee, chief legal officer, chief compliance officer (or their equivalents), or [a] supervisor . . .” and later reported it to the SEC.7
As the Dodd-Frank whistleblower program matures, it is clear that the SEC is willing to use the available exceptions to reward company compliance personnel, especially when compliance problems reported internally pose an imminent threat of harm to a company or are ignored or dismissed by company officials. It is therefore important for companies not only to have compliance policies that include robust procedures for responding to internal reports of misconduct but also to be committed to following those procedures through timely and appropriate action. To do otherwise is to risk opening the door to the whistleblower program to the company’s own compliance officers.
Click here to download the article.
1 The SEC’s press release is available here.
2 17 C.F.R. § 240.21F.
3 Id. § 240.21F-4(b)(4)(iii)(B).
4 Id. § 240.21F-4(b)(4)(v).
5 Id. § 240.21F-4(b)(4)(v)(A).
6 The SEC’s press release of Aug. 29, 2014 is available here.
7 17 C.F.R. § 240.21F-4(b)(4)(v)(C).