The following is an edited transcript of an April 30 speech by Securities and Exchange Commission Chairwoman Mary Jo White before the Ray Garrett Jr. Corporate and Securities Law Institute at Northwestern University School of Law in Chicago.
What I have chosen to talk to you about today is the SEC's whistleblower awards program, established by the Dodd-Frank Act in 2010. The program, while clearly still developing, has proven to be a game changer.
Whistleblowers and awards for their information were, of course, around long before Dodd-Frank. The IRS and [Occupational Safety and Health Administration] have had whistleblower programs for many years; the False Claims Act has had a whistleblower provision dating back to 1861; and the Dutch enacted a law in 1610 that banned naked short selling — defined then as selling more shares than were owned in a registered account — and provided for whistleblower awards. Offenders could have their sales canceled and be assessed a penalty amounting to one-fifth of the value of the transaction, a third of which could be awarded to a whistleblower, with another third going to relief for the poor. The remaining third went to the officer who imposed the fine — I am glad I do not have to oversee that particular aspect of the incentive structure.
There have always been mixed feelings about whistleblowers and many companies tolerate, at best, their existence because the law requires it. I would urge that, especially in the post-financial-crisis era, in which regulators and right-minded companies are searching for new, more aggressive ways to improve corporate culture and compliance, it is past time to stop wringing our hands about whistleblowers. They provide an invaluable public service, and they should be supported. And, we at the SEC increasingly see ourselves as the whistleblower's advocate.
PROGRAM A SUCCESS
It has been nearly four years since the SEC implemented its whistleblower program. While still evolving and improving, we have enough experience now to take a hard look at how the program is working and what we have learned. Overall, I am here to say that the program is a success — and we will work hard at the SEC to build on that success.
The volume of tips has been greater and of higher quality than expected when the program was first adopted. We have seen enough to know that whistleblowers increase our efficiency and conserve our scarce resources. Importantly, internal compliance programs at companies also remain vibrant and effective ways to detect and report wrongdoing. But despite the success of our program, the decision to come forward, especially in the face of internal pressure, is not an easy one.
The ambivalence about whistleblowers can indeed sometimes manifest itself in an unlawful response by a corporate employer, and we are very focused at the SEC on cracking down on such misconduct. We want whistleblowers — and their employers — to know that employees are free to come forward without fear of reprisals. In 2014, we brought our first retaliation case and, this month, our first case involving the use of a confidentiality agreement that can impede whistleblowers from communicating with us. This latter case has generated some controversy, which I will address shortly. But, first, let's look a bit closer at the four-year track record of the program.
Our whistleblower office was fully operational by mid-2011. In fiscal year 2014, the SEC received over 3,600 tips (about 10 a day), which is up from about 3,200 tips in [fiscal] 2013. In the first quarter of this year, we have seen the numbers increase again — by more than 20% over the same quarter last year. And tips have come from whistleblowers from all 50 states and 60 foreign countries.
The tips span the full spectrum of federal securities law violations. Most commonly, they relate to corporate disclosures and financial statements offering fraud and market manipulation, but we have also received important tips about, for example, investment adviser fraud and broker-dealer rule compliance.
As the program has grown, not only have we received more tips, but we also continue to receive higher-quality tips that are of tremendous help to the commission in stopping ongoing and imminent fraud, and lead to significant enforcement actions on a much-faster timetable than we would be able to achieve without the information and assistance from the whistleblower. The program has also created a powerful incentive for companies to self-report wrongdoing to the SEC — companies now know that if they do not, we may hear about the conduct from someone else.
Whistleblowers have provided us with original information leading to the opening of new investigations, “insider” views as to how a company approaches its disclosures to investors and highly technical analyses of rapidly evolving fraud schemes. Whistleblowers also have testified at temporary restraining order or asset freeze proceedings, enabling our staff to stop fraud schemes before investor losses mount; they have identified additional witnesses and encouraged those witnesses to come forward; and they have explained documents to enhance our understanding of cases.
In order for a whistleblower to receive an award, he or she must voluntarily provide the commission with original information that leads to a successful SEC en- forcement action or related action with monetary sanctions exceeding $1 million. If those criteria are met, the whistleblower may apply for an award, which can range between 10% and 30% of the amounts collected in the case. When deciding how much to award in that range, we consider a number of factors. Factors that favor a greater percentage include highly significant information, crucial assistance by the whistleblower, the importance of the law enforcement interest advanced, and the whistleblower's cooperation with the company's internal com- pliance systems. Factors that weigh against a higher award include the culpability of the whistleblower, delay in reporting, and interference with a company's internal compliance system.
A total of 17 whistleblowers have thus far received awards. Payouts have totaled nearly $50 million and we have made individual awards in excess of $1 million three times. Our highest award to date is over $30 million. In the last fiscal year, the commission issued more awards to more people for more money than in any previous year — and that trend is expected to accelerate.
Administering the whistleblower program has presented a number of challenges for us. For example, our whistleblower office must address claims from “serial submitters” who file a claim for virtually every case in which over $1 million in sanctions is awarded, even when there is no connection between their tip and the case. Work by the staff is required to thoroughly assess every claim and make recommendations to the commission even when the award claims have no basis. And, because this is a new program, we have needed to address several issues of first impression. We, of course, have a responsibility to whistleblowers and the investing public to carefully consider the novel issues that will shape the contours of the program for years to come.
One of the issues of first impression that the whistleblower office and the commission are addressing relates to the circumstances under which officers and directors — and compliance and internal audit personnel — may be eligible to receive whistleblower awards. These individuals are generally not eligible to receive a whistleblower award, but the rules provide an exception to the general prohibition if the information is reported to the SEC at least 120 days after providing it to the employer's audit committee, chief legal officer, chief compliance officer, or a supervisor. These otherwise excluded personnel can also become eligible to receive an award where they have a reasonable basis to believe that disclosure to the SEC was necessary to prevent imminent misconduct from causing substantial financial harm to the company or investors.
Awards have recently been made under both of these exceptions. In March, the commission announced a payout of approximately $500,000 to a former company officer who reported information about a securities fraud at the company after reporting internally and waiting the specified time. And just this month, we announced an award of more than a million dollars to a compliance professional who provided information that assisted the SEC under the kind of exigent circumstances encompassed by our rules.
Let me say a bit more about company compliance programs. When the commission was considering its whistleblower rules, concerns were raised about undermining companies' internal compliance programs. Some commenters urged that internal reporting be made a precondition to a whistleblower award. That was not done, but the final whistleblower rules established a framework to give employees an incentivie to report internally first. A whistleblower's participation in internal compliance systems is thus a factor that will generally increase an award, whereas interference with those systems will surely decrease an award. And a whistleblower who internally reports will receive credit for any information the company subsequently self-reports to the SEC.
80% WENT IN-HOUSE FIRST
All indications are that internal compliance functions are as strong as ever — if not stronger — and that insiders continue to report possible violations internally first. Although there is no requirement under our rules that the whistleblower be a current or former employee, several of the individuals who have received awards were, in fact, company insiders. Notably, of these, over 80% first raised their concerns internally to their supervisors or compliance personnel before reporting to the commission.
Many in-house lawyers, compliance professionals and law firms representing companies have told us that since the implementation of our program, companies have taken fresh looks at their internal compliance functions and made enhancements to further encourage their employees to view internal reporting as an effective means of addressing potential wrongdoing without fear of reprisal or retaliation. That is a very good thing, and, so far, we believe that the whistleblower program has achieved the right balance between the need of companies to be given an opportunity to address possible violations of law and the SEC's law enforcement interests.
Dodd-Frank ex-panded the protections and remedies for retaliation against whistleblowers that were first laid out in Sarbanes-Oxley. The scope of the prohibition against retaliation is appropriately broad: Employers cannot “discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower” to provide information or assistance to the commission. Dodd-Frank establishes both a private right of action for the whistleblower and authority for the commission itself to bring an action against an employer for retaliation.
We at the SEC take these whistleblower protections very seriously and companies should too. In June 2014, we brought and settled our first action against a company for retaliating against a whistleblower who had reported a possible securities law violation to the commission. In that case, the head trader of a hedge fund advisory firm reported trading activity to the SEC that demonstrated the firm was engaged in prohibited principal transactions. After the trader notified the company of the report to the commission, the company immediately began retaliating, including by removing the whistleblower from the head trader position, stripping the whistleblower of supervisory responsibilities, and, ironically, changing the whistleblower's job function from head trader to a full-time compliance assistant.
CHARGED WITH RETALIATING
The commission charged the firm and its principal with engaging in prohibited principal transactions and making a false filing with the commission, and charged the firm with retaliating against the employee. Among other relief, the hedge fund and its principal paid over $2 million in monetary sanctions. And, I am pleased to report that just this week, we awarded the full 30% — over $600,000 — to the whistleblower who was the victim of that retaliation.
The SEC also has intervened in several private cases to argue that the anti-retaliation protections of Dodd-Frank should apply to individuals who internally report potential securities laws violations as well as to those who make disclosures directly to the commission. Strong enforcement of the anti-retaliation protections is critical to the success of the SEC's whistleblower program and bringing retaliation cases will continue to be a high priority for us.
In addition to protecting whistleblowers from retaliation once they have reported information to the commission, Rule 21F-17 also prevents individuals and entities from taking steps to silence potential whistleblowers before they contact us, including through the threatened enforcement of confidentiality agreements.
The enforcement division has been focused on companies that use agreements or other mechanisms to stifle whistleblowers from coming forward. On April 1, we announced our first enforcement action against a company for using confidentiality agreements that could potentially stifle the whistleblowing process. We charged the company with violating Rule 21F-17 because it required witnesses in certain internal investigations to sign confidentiality statements with language warning that employees could face discipline, including termination, if they discussed the subject matter of the interview with outside parties without prior approval. Under the rule, the commission is not required to establish that the confidentiality agreement actually prevented employees from communicating with the SEC. The potential and significant chilling effect of blanket prohibitions on reporting information is also prohibited by the rule.
The rule is not, however, a sweeping prohibition on the use of confidentiality agreements. Companies conducting internal investigations can still give the standard Upjohn warnings that explain the scope of the attorney-client privilege in that setting. Companies may continue to protect their trade secrets or other confidential information through the use of properly drawn confidentiality and severance agreements.
A NEED TO SPEAK CLEARLY
The SEC is not trying to dictate the language of these agreements or warnings — that is the company's responsibility. But a company needs to speak clearly in and about confidentiality provisions, so that employees, most of whom are not lawyers, understand that it is always permissible to report possible securities laws violations to the commission.
In our recent 21F-17 action, the company addressed the issue by changing the violative language to say explicitly that the agreement does not prevent individuals from reporting possible violations of the law to federal law enforcement agencies. And to remedy any potential harm already done, the company also undertook to notify employees who had signed the original agreement that they are not required to seek permission before communicating with any governmental agency concerning possible violations of federal law. Companies would be well-served to review their own agreements and policies to ensure that they are consistent with Rule 21F-17 and all of the whistleblower rules.
As we have intensified our focus in this area, a number of other concerns have come to our attention, including that some companies may be trying to require their employees to sign agreements mandating that they forgo any whistleblower award or represent, as a precondition to obtaining a severance payment, that they have not made a prior report of misconduct to the SEC. You can imagine our enforcement division's view of those and similar provisions under our rules.
ASSESSING THE PROGRAM
To sum up, after nearly four years of experience, what is our assessment of the Dodd-Frank whistleblower program and how should companies be responding?
First, we know that the regime does, in fact, create powerful incentives to come to the commission with real evidence of wrongdoing that harms investors and it meaningfully contributes to the efficiency and effectiveness of our enforcement program. And whether the whistleblowers are reluctant or eager, motivated by a desire to do what's right or by the prospect of financial reward, or both, they have, and will continue to, come forward.
This reality should create at least equally strong incentives for companies to build truly effective compliance programs and to foster atmospheres where internal compliance reporting is not only tolerated, but actively encouraged. To that end, companies should take a hard look at whether their boards and senior management are promoting these priorities. By some accounts, there is more work to be done. In one survey of 2,500 executives worldwide, as few as 7% of companies said whistleblowing is important for their organization and 44% said they do not have whistleblower policies or fail to publicize them. If that is so, it is little wonder that we are still wrestling with troublesome corporate cultures.
We also know that retaliation against whistleblowers occurs, sometime starkly, sometimes more subtly — and that is very troubling. For the SEC's part, we are working hard to foster a safe environment for whistleblowers by investigating and charging those who retaliate as well as those who, whether inadvertently or not, take actions or use agreements that could chill the willingness of employees to report violations of law to the SEC. Companies should be asking themselves if they have created an environment where employees can report internally without fear of retaliation. Are they creating uncertainty through nondisclosure and other confidentiality agreements that could imply that such reporting might not be allowed? Again, there is some indication that management may need to work harder at this — those same 2,500 executives in the survey reported that 40% of their companies discourage whistleblowing.