By Jeremy Cole, Daniel F. Shea, Lillian Tsu, Liam Naidoo and Roxanne Tingir, Hogan Lovells International LLP
The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), signed into law on 21 July 2010, contains provisions designed to encourage whistleblowers to report violations of U.S. federal securities laws. Whistleblowers can obtain promised monetary awards and are protected from retaliation for providing information that leads to a recovery of more than $1 million in an enforcement action by the U.S. Securities and Exchange Commission (SEC).1 The final rules adopted by the SEC (Rules) became effective on 12 August 2011. Despite requests for the rules to require whistleblowers to report through internal compliance processes as a prerequisite to eligibility for an award, the SEC decided not to do so. This potentially undercuts internal whistleblower programmes that public companies have had in place for nearly nine years under the Sarbanes-Oxley Act of 2010 (SOX).
The effect of Dodd-Frank will not only be felt in the U.S. but also in the UK and Europe more generally. This article looks at both the U.S. and UK approaches to whistleblowing and provides guidance for companies subject to both regimes.
The widely-reported "bounty" programme under the Rules rewards individuals acting alone or with others who voluntarily report original information that leads to a successful judicial or administrative action in which the SEC obtains monetary sanctions of at least $1 million.
Original information reported directly to the SEC must be specific, credible, and timely enough to commence an SEC investigation that subsequently leads to a judicial, or administrative, action or it must significantly contribute to the success of an ongoing investigation. In order to constitute original information the information must be derived from independent knowledge or analysis and cannot be obtained from publicly available sources. The requirement that the SEC obtains monetary sanctions of at least $1 million allows for the aggregation of smaller actions that arise out of the same nucleus of operative facts.
The Rules attempt to encourage internal reporting by using measures that preserve an employee’s whistleblower eligibility if he or she first reports wrongdoing to the company, and the company subsequently reports the information to the SEC. The Rules also create a "look back" period to allow whistleblowers to hold their "place in line" if they first report their concerns internally to the company – provided the whistleblower subsequently reports that same tip to the SEC within 120 days. In this scenario, the whistleblower is protected as of the internal reporting date.
Reporting potential violations internally before turning to the SEC can also lead to a whistleblower’s eligibility for a larger reward, based on receiving credit for the information the entity submits to the SEC as a result of its internal investigation. However, because the Rules do not require whistleblowers to report through a company’s internal compliance programme to be eligible to receive an award, the effect of the Rules could encourage many whistleblowers to opt bypassing the internal compliance process altogether.
Eligible whistleblowers can earn a payout of 10 to 30 percent of any monetary sanctions collected because of their information. The amount of the "bounty" is determined by the SEC after taking into consideration the significance of the information the whistleblower provided, the degree of assistance provided by the whistleblower in the enforcement action, the programmatic interest of the SEC in deterring violations of the securities laws and the extent of the whistleblower’s participation in internal compliance systems.
Awards may be reduced based on a whistleblower’s culpability,3 reporting delay or interference with internal compliance systems. The bounty can be based on amounts collected in both SEC and "related actions" – this includes judicial or administrative actions brought by the U.S. Department of Justice, a state attorney general in a criminal case, a self-regulatory organisation, or other government agency.
In cases where it is found that an employer has unlawfully retaliated, the employer will be required to reinstate the whistleblower with the same seniority status, pay double back pay and pay the whistleblower’s attorney fees and other costs. Given that the anti-retaliation provision is part of the Dodd-Frank legislation, and the SEC has indicated that it will consider making awards to whistleblowers who provided information since the enactment of Dodd-Frank, it is possible that courts will consider employer retaliation for conduct occurring prior to the effective date of the Rules.
As the Rules have just recently become effective, it is difficult to predict precisely how the new provisions of Dodd-Frank will affect the U.S. whistleblower framework in the long-term. However, the SEC reports that it has seen a marked increase in both the number and quality of whistleblower tips since Dodd-Frank was signed into law. As such, a likely impact will be an increase in the number of whistleblower complaints, internal investigations and anti-retaliation claims.
A corporation subject to the U.S. whistleblower regime can take the following steps to reinforce its internal processes in the event that it faces increases in whistleblower complaints:
The UK Office of Fair Trading (OFT) incentivises whistleblowing in the competition sphere by offering rewards to companies and individuals who file reports about cartel activity that lead to fines or criminal prosecution. It deems this incentivisation necessary due to the harmful and far reaching effects of price-fixing and its secretive nature, which makes detection almost impossible without insider information.4
Arguably bribery and cartel activity share similar characteristics, and both corrupt fair trade and the market economy. Yet the Serious Fraud Office (SFO) does not have the power to provide financial incentives to individual whistleblowers in relation to violations of the UK Bribery Act 2010, which came into force in the UK on 1 July 2011 – and it is unlikely that it will in the near future. To do so would undermine the SFO and the UK Government’s message to companies about having effective internal controls, including whistleblower programmes.
A qualifying disclosure is normally made to the employer. However, in some circumstances workers can rely on protection under PIDA when making a disclosure to certain other persons – for example, a responsible third party or a "prescribed person" (i.e., those on a list of bodies provided by Parliament including the SFO, the Financial Services Authority and the OFT).6
The categories of person who can make a protected disclosure are comparatively wide and include, for example, secondees and those on work placement.7
However, this is a policy approach by the executive SFO rather than one enforced by legislation that binds the courts. This nuanced difference came to the fore in the prosecution of Robert Dougall in 2010.8 Dougall was DePuy International Limited's (DPI) director of marketing who had admitted his involvement in a multi-million pound bribery of Greek state doctors. Initially, the SFO had asked the Court to suspend his custodial sentence due to his co-operation. However, the Court refused and sentenced him to one year in prison. This dealt a blow to the SFO’s culture of co-operation. On appeal, the Court of Appeal held that due to his role in assisting the SFO investigation from an early stage he should be provided with some leniency and Dougall was spared prison. However, the Court of Appeal noted that the SFO should not assume that just because fraudsters co-operate with the SFO they will absolve themselves and avoid a custodial sentence. It remains to be seen how the Dougall case will effect Alderman’s vision.
There are other advantages for employers in choosing to implement a formal whistleblowing procedure:
There is no requirement under legislation that the identity of whistleblowers is kept confidential or that employees are allowed to make reports anonymously. However, both are key practical considerations for employers in setting up a whistleblowing procedure. However, the European Commission’s Article 29 Data Protection Working Party (Working Party) expressly advises organisations against encouraging employees to make anonymous reports due to the practical problems that can arise for both the employer and the employee.
For example, anonymity might cause the employer difficulty in investigating and verifying a report. There might also be a detrimental effect on the working environment if employees are aware that anonymous reports concerning them may be filed through the process at any time. Instead the Working Party encourages whistleblowing schemes that ensure that where necessary the identity of the whistleblower is processed under conditions of confidentiality, and in which individuals are made aware that they will not suffer due to their action.10
As well as providing internal processes for whistleblowing, some employers choose to provide hotlines which allow reports to be made to an external third party (e.g., external counsel). The use of hotlines raises a number of concerns relating to the data protection principles set out in the Data Protection Act 1998 (DPA). In particular, the employer retains responsibility for ensuring that the processing of employee data by the third party is in accordance with the DPA.
In the aftermath of the Bribery Act, many companies are reviewing their internal whistleblowing policies. However, until Bribery Act prosecutions come to light in the coming years we will not be able to assess the extent to which consensual disclosure and whistleblowing is contributing to the detection of bribery offences. In the meantime, it is difficult to see why the Government would provide financial incentives for whistleblowers any time soon.
Jeremy Cole heads up the Global Bribery and Corruption Task Force at Hogan Lovells in London. Jeremy has more than 25 years of experience in international commercial litigation, focusing in particular on a broad range of cases involving bribery, corruption, and fraud Jeremy also specialises in contentious insolvency and asset recovery work. Telephone: +44 (0) 20 7296 2000; E-mail: email@example.com.
Daniel F. Shea is a partner in Hogan Lovells in Denver. Daniel focuses on defending corporations and their directors and officers in criminal and civil matters, particularly SEC investigations and securities class and shareholder derivative actions. Telephone: +1 303 454 2475; E-mail: firstname.lastname@example.org.
Lillian Tsu is a partner in Hogan Lovells’ corporate group in New York. She practices in the areas of corporate, securities, and general business law. Her practice includes the representation of publicly held corporations in connection with various business matters. Telephone: +1 212 918 3599; E-mail: email@example.com.
Liam Naidoo is a senior associate in Hogan Lovells' litigation practice in London, specialising in business crime, fraud, bribery and corruption. Telephone: +44 (0) 20 7296 5887; E-mail: firstname.lastname@example.org.
Roxanne Tingir is an associate in Hogan Lovells in New York. Roxanne's practice focuses primarily on corporate and business law, with a particular emphasis on mergers and acquisitions, securities, and corporate governance. Telephone: +1 212 918 3028; E-mail: email@example.com.
(c) 2011 Hogan Lovells International LLP
To view additional stories from Bloomberg Law® request a demo now