By Jeremy Cole, Daniel F. Shea, Lillian Tsu, Liam Naidoo and Roxanne Tingir, Hogan Lovells International LLP
The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), signed into law on 21 July 2010, contains provisions designed to encourage whistleblowers to report violations of U.S. federal securities laws. Whistleblowers can obtain promised monetary awards and are protected from retaliation for providing information that leads to a recovery of more than $1 million in an enforcement action by the U.S. Securities and Exchange Commission (SEC).1 The final rules adopted by the SEC (Rules) became effective on 12 August 2011. Despite requests for the rules to require whistleblowers to report through internal compliance processes as a prerequisite to eligibility for an award, the SEC decided not to do so. This potentially undercuts internal whistleblower programmes that public companies have had in place for nearly nine years under the Sarbanes-Oxley Act of 2010 (SOX).
The effect of Dodd-Frank will not only be felt in the U.S. but also in the UK and Europe more generally. This article looks at both the U.S. and UK approaches to whistleblowing and provides guidance for companies subject to both regimes.
The Rules provide that the SEC shall pay awards, subject to certain limitations, to eligible whistleblowers who voluntarily provide the SEC with original information about a violation of the federal securities laws that leads to the successful enforcement of a judicial or administrative action, or a related action, that is subject to Dodd-Frank.2 The Rules attempt to strike a balance between encouraging whistleblowers to come forward to the SEC while simultaneously incentivising whistleblowers to report internally first. However, it remains to be seen whether they will be successful without undermining internal whistleblower programmes under SOX.
The widely-reported "bounty" programme under the Rules rewards individuals acting alone or with others who voluntarily report original information that leads to a successful judicial or administrative action in which the SEC obtains monetary sanctions of at least $1 million.
Original information reported directly to the SEC must be specific, credible, and timely enough to commence an SEC investigation that subsequently leads to a judicial, or administrative, action or it must significantly contribute to the success of an ongoing investigation. In order to constitute original information the information must be derived from independent knowledge or analysis and cannot be obtained from publicly available sources. The requirement that the SEC obtains monetary sanctions of at least $1 million allows for the aggregation of smaller actions that arise out of the same nucleus of operative facts.
The Rules attempt to encourage internal reporting by using measures that preserve an employee’s whistleblower eligibility if he or she first reports wrongdoing to the company, and the company subsequently reports the information to the SEC. The Rules also create a "look back" period to allow whistleblowers to hold their "place in line" if they first report their concerns internally to the company – provided the whistleblower subsequently reports that same tip to the SEC within 120 days. In this scenario, the whistleblower is protected as of the internal reporting date.
Reporting potential violations internally before turning to the SEC can also lead to a whistleblower’s eligibility for a larger reward, based on receiving credit for the information the entity submits to the SEC as a result of its internal investigation. However, because the Rules do not require whistleblowers to report through a company’s internal compliance programme to be eligible to receive an award, the effect of the Rules could encourage many whistleblowers to opt bypassing the internal compliance process altogether.
Eligible whistleblowers can earn a payout of 10 to 30 percent of any monetary sanctions collected because of their information. The amount of the "bounty" is determined by the SEC after taking into consideration the significance of the information the whistleblower provided, the degree of assistance provided by the whistleblower in the enforcement action, the programmatic interest of the SEC in deterring violations of the securities laws and the extent of the whistleblower’s participation in internal compliance systems.
Awards may be reduced based on a whistleblower’s culpability,3 reporting delay or interference with internal compliance systems. The bounty can be based on amounts collected in both SEC and "related actions" – this includes judicial or administrative actions brought by the U.S. Department of Justice, a state attorney general in a criminal case, a self-regulatory organisation, or other government agency.
Almost any individual may be eligible to receive a whistleblower bounty. Employees, former employees, vendors, agents, contractors, clients, customers, and competitors are all potential sources of original information that could qualify for a whistleblower award. The following categories of individuals, however, are generally excluded from obtaining a whistleblower award under Dodd-Frank:
Notwithstanding these limitations, lawyers, public accountants and other compliance and internal audit personnel may take advantage of potentially broad exceptions and be eligible as whistleblowers. Such individuals are eligible to receive an award for information provided to the SEC as long as they:
In addition to the bounty programme, Dodd-Frank and the SEC’s implementing rule also expressly prohibit employer retaliation against a whistleblower. Such protection is not contingent on the whistleblower qualifying for an award or a finding of an actual violation of securities laws, as long as the whistleblower possesses a "reasonable belief" that the information relates to a possible securities law violation that has occurred, is ongoing, or is about to occur.
In cases where it is found that an employer has unlawfully retaliated, the employer will be required to reinstate the whistleblower with the same seniority status, pay double back pay and pay the whistleblower’s attorney fees and other costs. Given that the anti-retaliation provision is part of the Dodd-Frank legislation, and the SEC has indicated that it will consider making awards to whistleblowers who provided information since the enactment of Dodd-Frank, it is possible that courts will consider employer retaliation for conduct occurring prior to the effective date of the Rules.
As the Rules have just recently become effective, it is difficult to predict precisely how the new provisions of Dodd-Frank will affect the U.S. whistleblower framework in the long-term. However, the SEC reports that it has seen a marked increase in both the number and quality of whistleblower tips since Dodd-Frank was signed into law. As such, a likely impact will be an increase in the number of whistleblower complaints, internal investigations and anti-retaliation claims.
The U.S. whistleblower regime extends beyond U.S. corporations and can reach foreign subsidiaries of U.S. public companies as well as foreign corporations listed in the U.S. or foreign corporations with subsidiaries subject to U.S. securities regulations.
A corporation subject to the U.S. whistleblower regime can take the following steps to reinforce its internal processes in the event that it faces increases in whistleblower complaints:
In the UK, the regulatory enforcement authorities have made efforts to create an environment where whistleblowers can readily report wrongdoing taking place in their company. Whistleblowers are protected by legislation – much like the anti-retaliation provisions in Dodd-Frank - and in some cases they may be able to absolve their own wrongdoing by highlighting the wrongdoing of others. However, there is only limited financial incentivisation for whistleblowers, namely in relation to cartel activity.
The UK Office of Fair Trading (OFT) incentivises whistleblowing in the competition sphere by offering rewards to companies and individuals who file reports about cartel activity that lead to fines or criminal prosecution. It deems this incentivisation necessary due to the harmful and far reaching effects of price-fixing and its secretive nature, which makes detection almost impossible without insider information.4
Arguably bribery and cartel activity share similar characteristics, and both corrupt fair trade and the market economy. Yet the Serious Fraud Office (SFO) does not have the power to provide financial incentives to individual whistleblowers in relation to violations of the UK Bribery Act 2010, which came into force in the UK on 1 July 2011 – and it is unlikely that it will in the near future. To do so would undermine the SFO and the UK Government’s message to companies about having effective internal controls, including whistleblower programmes.
The two key pieces of legislation setting out the circumstances in which whistleblowers will be protected against detriment and dismissal are the Public Interest Disclosure Act 1998 (PIDA) and the Employment Rights Act 1996 (ERA). PIDA provides protection to workers who make a "qualifying disclosure" – one that in the worker’s reasonable belief tends to show that one or more of the following has occurred:
As with Dodd-Frank, protection is afforded to the whistleblower whether or not the report proves to be accurate so long as the whistleblower possessed a reasonable belief. However, workers must act in good faith and disclosures will not be protected if motivated by malice or personal gain.
A qualifying disclosure is normally made to the employer. However, in some circumstances workers can rely on protection under PIDA when making a disclosure to certain other persons – for example, a responsible third party or a "prescribed person" (i.e., those on a list of bodies provided by Parliament including the SFO, the Financial Services Authority and the OFT).6
The categories of person who can make a protected disclosure are comparatively wide and include, for example, secondees and those on work placement.7
In the lead up to the coming into force of the Bribery Act, the SFO’s director Richard Alderman spoke of a new era of enforcement of anti-corruption legislation that supports companies that wish to co-operate in tackling corruption. The SFO wants companies who have corruption issues to come forward on a voluntary basis and "self-report" and it has indicated that in such cases it will seek to reach a civil settlement. It believes that this will generate a greater level of trust between companies and the SFO while allowing companies to retain a high degree of control in relation to internal investigations. A similar approach is taken to individuals who have been involved in bribery – the message is that individuals who come forward and self-report will be dealt with leniently.
However, this is a policy approach by the executive SFO rather than one enforced by legislation that binds the courts. This nuanced difference came to the fore in the prosecution of Robert Dougall in 2010.8 Dougall was DePuy International Limited's (DPI) director of marketing who had admitted his involvement in a multi-million pound bribery of Greek state doctors. Initially, the SFO had asked the Court to suspend his custodial sentence due to his co-operation. However, the Court refused and sentenced him to one year in prison. This dealt a blow to the SFO’s culture of co-operation. On appeal, the Court of Appeal held that due to his role in assisting the SFO investigation from an early stage he should be provided with some leniency and Dougall was spared prison. However, the Court of Appeal noted that the SFO should not assume that just because fraudsters co-operate with the SFO they will absolve themselves and avoid a custodial sentence. It remains to be seen how the Dougall case will effect Alderman’s vision.
UK legislation does not require an employer to establish a formal whistleblowing procedure. However, as employees who make a qualifying disclosure are automatically protected under PIDA, many employers choose to establish a procedure. It is therefore common for employers to limit the protection afforded to employees under their whistleblowing policy and procedure to the qualifying disclosures set out in PIDA.
There are other advantages for employers in choosing to implement a formal whistleblowing procedure:
Crucially, a whistleblowing policy and procedure is an essential part of the so-called "adequate procedures" that companies must have in place if they want to avoid criminal prosecution under the Bribery Act for failing to prevent bribery. An effective procedure will go a long way to preventing endemic bribery and identifying early one-off violations.
A key source of guidance for both public and private companies is the British Standards Institution (BSi) Whistleblowing Arrangements Code of Practice (Guidance) which sets out key elements of an effective whistleblowing procedure.9 The Guidance introduces a number of considerations for employers such as offering confidentiality to employees who raise a concern and offering an independent employee hotline.
There is no requirement under legislation that the identity of whistleblowers is kept confidential or that employees are allowed to make reports anonymously. However, both are key practical considerations for employers in setting up a whistleblowing procedure. However, the European Commission’s Article 29 Data Protection Working Party (Working Party) expressly advises organisations against encouraging employees to make anonymous reports due to the practical problems that can arise for both the employer and the employee.
For example, anonymity might cause the employer difficulty in investigating and verifying a report. There might also be a detrimental effect on the working environment if employees are aware that anonymous reports concerning them may be filed through the process at any time. Instead the Working Party encourages whistleblowing schemes that ensure that where necessary the identity of the whistleblower is processed under conditions of confidentiality, and in which individuals are made aware that they will not suffer due to their action.10
As well as providing internal processes for whistleblowing, some employers choose to provide hotlines which allow reports to be made to an external third party (e.g., external counsel). The use of hotlines raises a number of concerns relating to the data protection principles set out in the Data Protection Act 1998 (DPA). In particular, the employer retains responsibility for ensuring that the processing of employee data by the third party is in accordance with the DPA.
In the aftermath of the Bribery Act, many companies are reviewing their internal whistleblowing policies. However, until Bribery Act prosecutions come to light in the coming years we will not be able to assess the extent to which consensual disclosure and whistleblowing is contributing to the detection of bribery offences. In the meantime, it is difficult to see why the Government would provide financial incentives for whistleblowers any time soon.
Although both the UK and U.S. approaches to whistleblowing attempt to stamp out non-compliance, U.S. and UK whistleblower frameworks diverge in the motivations and the degree of statutory protection afforded to whistleblowers. Given that whistleblowers who assist the SEC, including those residing outside of the U.S., are eligible for the SEC’s bounty programme, organisations operating outside the U.S. may experience increased whistleblower activity, possibly prompting heightened scrutiny or civil and criminal claims. Notwithstanding the differences, however, engendering the submission of high-quality information that leads to successful enforcement actions remains the underpinning of both frameworks.
Jeremy Cole heads up the Global Bribery and Corruption Task Force at Hogan Lovells in London. Jeremy has more than 25 years of experience in international commercial litigation, focusing in particular on a broad range of cases involving bribery, corruption, and fraud Jeremy also specialises in contentious insolvency and asset recovery work. Telephone: +44 (0) 20 7296 2000; E-mail: email@example.com.
Daniel F. Shea is a partner in Hogan Lovells in Denver. Daniel focuses on defending corporations and their directors and officers in criminal and civil matters, particularly SEC investigations and securities class and shareholder derivative actions. Telephone: +1 303 454 2475; E-mail: firstname.lastname@example.org.
Lillian Tsu is a partner in Hogan Lovells’ corporate group in New York. She practices in the areas of corporate, securities, and general business law. Her practice includes the representation of publicly held corporations in connection with various business matters. Telephone: +1 212 918 3599; E-mail: email@example.com.
Liam Naidoo is a senior associate in Hogan Lovells' litigation practice in London, specialising in business crime, fraud, bribery and corruption. Telephone: +44 (0) 20 7296 5887; E-mail: firstname.lastname@example.org.
Roxanne Tingir is an associate in Hogan Lovells in New York. Roxanne's practice focuses primarily on corporate and business law, with a particular emphasis on mergers and acquisitions, securities, and corporate governance. Telephone: +1 212 918 3028; E-mail: email@example.com.
(c) 2011 Hogan Lovells International LLP
To view additional stories from Bloomberg Law® request a demo now