SEC Adopts New 'Bounty Hunter' Rules Designed to Encourage Whistleblowers

The U.S. Securities and Exchange Commission (SEC) recently adopted “bounty hunter” whistleblower rules under section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 that are likely to encourage employees of public companies to report potential violations of securities laws directly to the SEC, rather than in accordance with established internal company compliance and reporting procedures. In a controversial move, the SEC did not include a provision in the final rules that would require whistleblowers to first report a claim pursuant to internal company procedures prior to being eligible for a bounty.

The final rules create a whistleblower program that rewards individuals who provide the agency with tips that lead to successful enforcement actions. The SEC will pay awards to whistleblowers who voluntarily provide the SEC with original information about a violation of securities laws that leads to a successful enforcement action brought by the SEC that results in monetary sanctions exceeding $1 million. The size of the bounty payments may range from 10% to 30% of the total monetary sanctions collected.

Adopted by the SEC in a 3-2 vote, the final rules are designed to encourage private citizens to assist federal regulators in their enforcement efforts, potentially turning employees and others into government informants. As SEC Chairman Mary Schapiro acknowledged, “it is critical [for the SEC] to be able to leverage the resources of people who may have first-hand information about violations of the securities laws. While the SEC has a history of receiving a high volume of tips and complaints, the quality of the tips we have received has been better since Dodd-Frank became law. We expect this trend to continue, and these final rules map out simplified and transparent procedures for whistleblowers to provide us critical information.”

As a result of these new rules, public companies can anticipate higher compliance costs, additional enforcement activities and more follow-on civil litigation.

Background: Section 922 of The Dodd-Frank Act

The Dodd-Frank Act included “bounty hunter” provisions to strengthen the enforcement of securities and commodities laws and to increase the voluntary reporting of securities and commodities violations. Prior to Dodd-Frank, the SEC's bounty program was limited to insider-trading cases, and the amount of an award was capped at 10% of the penalties collected in the action. The Act significantly enhanced whistleblower rewards and protections. The whistleblower provisions appear in section 922 (related to the SEC) and section 748 (related to the Commodity Futures Trading Commission, or CFTC). Both sections offer a bounty of up to 30% of collected monetary sanctions over $1 million recovered by the SEC, the CFTC, the U.S. Department of Justice (DOJ), self-regulatory organizations and other regulators. Congress instructed the SEC to promulgate the necessary rules to implement these measures, which the recent SEC action does.

Dodd-Frank's provisions are somewhat similar to the whistleblower provisions of the federal False Claims Act (FCA), which, the DOJ reports, led to the recovery of $2.4 billion during 2009, and more than $24 billion since 1986. FCA whistleblower actions have demonstrably increased the number of agency enforcement proceedings. In the health care industry, for example, more than three-fourths of the enforcement actions reported during 2009 relate to actions initiated by whistleblowers. It will be interesting to note whether a similar pattern emerges for SEC enforcement actions.

The SEC proposed new rules under section 922 on Nov. 3, 2010, which defined certain terms essential to the operation of the whistleblower program, outlined the procedures for applying for awards and the SEC's procedures for making decisions on claims, and generally explained the scope of the whistleblower program. More than 1,500 comment letters were submitted regarding the proposed rules, and after making some changes to the proposals (but keeping them mostly intact), the SEC adopted the final rules on May 25, 2011.

Internal Compliance

A significant issue discussed in the SEC's proposing release was the impact of the whistleblower program on companies' internal compliance processes. While the SEC determined not to include a requirement that whistleblowers report violations internally, the SEC said that it made changes to the rules to further incentivize whistleblowers to utilize their companies' internal compliance and reporting systems when appropriate, including the following:

• A whistleblower's voluntary participation in an entity's internal compliance and reporting systems is a factor that can increase the amount of an award;
• A whistleblower's interference with internal compliance and reporting is a factor that can decrease the amount of an award; and
• A whistleblower can receive an award for reporting original information to an entity's internal compliance and reporting systems, if the entity reports information to the SEC that leads to a successful SEC action.

Key Provisions of the New 'Bounty Hunter' Rules

Definition of 'Whistleblower'

The final rules define a whistleblower as a person who provides original information to the SEC in accordance with the procedures set forth in the final rules, and the information relates to a possible violation of the securities laws that has occurred, is ongoing or is about to occur. A whistleblower must be an individual.

Certain people generally will not be considered for whistleblower awards under Dodd-Frank and the final rules, including people who have a pre-existing legal or contractual duty to report their information to the SEC; attorneys who attempt to use information obtained from client engagements to make whistleblower claims for themselves (unless disclosure of the information is permitted under SEC rules or state bar rules); people who obtain the information by means or in a manner that is determined by a U.S. court to violate federal or state criminal law; public accountants working on SEC engagements, if the information relates to violations by the engagement client; and, in certain circumstances, compliance and internal audit personnel.

Requirements to Be Considered for an Award

To be considered for an award, the final rules require that a whistleblower must satisfy four requirements:

1. Voluntarily Provide the SEC with Information '

A whistleblower is deemed to have provided information voluntarily if he or she has provided information before the government, or a self-regulatory organization or the Public Company Accounting Oversight Board asks for it directly from the whistleblower or the whistleblower's representative.

2. That Is Original Information Regarding a Violation of Federal Securities Laws '

Original information must be based upon the whistleblower's independent knowledge or independent analysis, not already known to the SEC and not derived exclusively from certain public sources.

3. That Leads to a Successful Enforcement Action '

A whistleblower's information can be deemed to have led to a successful enforcement action if: a) The information is sufficiently specific, credible and timely to cause the SEC to open or reopen an examination or investigation or open a new line of inquiry in an existing examination or investigation; b) The conduct was already under investigation when the information was submitted, and the information significantly contributed to the success of the action; c) The whistleblower reports original information through his or her employer's internal whistleblower, legal or compliance procedures before or at the same time it is passed along to the SEC; the employer provides the whistleblower's information (and any subsequently discovered information) to the SEC; and the employer's report satisfies either (a) or (b) above.

4. Resulting in Monetary Sanctions Totaling More
Than $1 Million

The rules permit aggregation of multiple SEC cases that arise out of a common set of operative facts as a single action. These may include proceedings involving the same or similar parties, factual allegations, alleged violations of the federal securities laws, or transactions or occurrences.

'Bounty' Provisions

The SEC will pay an award or awards of at least 10% and up to 30% to whistleblowers who satisfy the requirements of the final rules. The final rules also set forth a number of factors that the SEC will consider in determining the amount of an award, including the SEC's “programmatic interest” in deterring particular securities violations.

Procedures for Submitting Information and Claims

The final rules set forth a new form, Form TCR, to be submitted by a whistleblower under penalty of perjury. In order to be eligible for a reward, a whistleblower must, at the time he or she submits the Form TCR, declare under penalty of perjury that the information he or she is providing is true and correct to the best of his or her knowledge and belief.

Anti-retaliation

Under the rules, a whistleblower who provides information to the SEC is protected from employment retaliation if the whistleblower possesses a reasonable belief that the information he or she is providing relates to a possible securities law violation that has occurred, is ongoing or is about to occur. In addition, the rules make it unlawful for anyone to interfere with a whistleblower's efforts to communicate with the SEC, including threatening to enforce a confidentiality agreement.

Risks to Companies

A primary risk of the final rules is that a possible violation of law will be reported to the SEC, potentially involving a long process and high monetary and non-monetary costs (including sanctions), rather than a quick process at a relatively low cost through internal procedures. SEC bounty payments may motivate whistleblowers to report possible violations directly to the SEC, to delay reporting violations internally or even to interfere with internal procedures to increase the likelihood of receiving a bounty payment.

Dodd-Frank's whistleblower provisions and the final rules have created an opportunity for plaintiffs' securities attorneys and qui tam attorneys, who are targeting prospective whistleblowers as clients and raising the possibility of multimillion-dollar bounty payments. The Act and the final rules also increase the likelihood of civil litigation that often follows SEC enforcement actions.

Because potential whistleblowers are not limited to current or former employees ' whistleblowers can be independent contractors, consultants, joint venture partners or others ' business relationships with third parties may also represent increased risk as sources of potential whistleblower reports. Thus, the final rules represent an additional risk to and possible costs associated with being a public company in the United States.

Steps Companies Should Take To Mitigate Risks

Notwithstanding that the new whistleblower rules create incentives to bypass internal reporting procedures, companies should consider taking the following actions to mitigate the aforementioned risks:

• Review existing governance, compliance and employment policies.
• Adopt measures to encourage and enhance the loyalty of employees and agents.
• Encourage a culture of compliance and internal reporting of potential problems.
• Make compliance policies accessible and easy to understand.
• Actively promote and regularly publicize the company's reporting procedures.
• Train employees regarding compliance matters.
• Be ready to deal with reports that are received and, if necessary, to quickly launch an internal investigation if credible reports of violations are received.
• Assure employees that there will be no retaliation for whistleblower reports.
• Review anti-retaliation policies to ensure that they comport with Dodd-Frank, which protects a broader range of disclosures than the Sarbanes-Oxley Act.

Even when a company learns about a whistleblower issue that has been or likely will be reported to the SEC, opportunities remain for companies to limit the likely damage. For one thing, companies may be able to help shape the SEC's decision about whether to proceed with an enforcement action. This is because currently the SEC is neither fully staffed nor prepared to handle the expected number of whistleblower complaints, which it estimates to be about 30,000 annually. Moreover, the SEC has said that its staff will continue the practice of receiving information from companies in the early stages of an internal investigation and may agree to await further results from the investigation before deciding what may be its next step. This makes it vital for companies to obtain the assistance of outside counsel to help advise them and oversee an expedited but thorough internal investigation.

Darrick M. Mix ([email protected]) is a partner in the Philadelphia office of Duane Morris LLP. He concentrates his practice in the areas of securities offerings and compliance, mergers and acquisitions and general corporate matters. Mix advises public companies with respect to SEC regulations, governance issues and other corporate and securities law matters. Michael E. Clark ([email protected]) is special counsel in the firm's Houston office. He practices in the area of litigation with concentrations in securities and financial fraud as well as white-collar law and health care law in both criminal and civil matters.

The U.S. Securities and Exchange Commission (SEC) recently adopted “bounty hunter” whistleblower rules under section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 that are likely to encourage employees of public companies to report potential violations of securities laws directly to the SEC, rather than in accordance with established internal company compliance and reporting procedures. In a controversial move, the SEC did not include a provision in the final rules that would require whistleblowers to first report a claim pursuant to internal company procedures prior to being eligible for a bounty.

The final rules create a whistleblower program that rewards individuals who provide the agency with tips that lead to successful enforcement actions. The SEC will pay awards to whistleblowers who voluntarily provide the SEC with original information about a violation of securities laws that leads to a successful enforcement action brought by the SEC that results in monetary sanctions exceeding $1 million. The size of the bounty payments may range from 10% to 30% of the total monetary sanctions collected.

Adopted by the SEC in a 3-2 vote, the final rules are designed to encourage private citizens to assist federal regulators in their enforcement efforts, potentially turning employees and others into government informants. As SEC Chairman Mary Schapiro acknowledged, “it is critical [for the SEC] to be able to leverage the resources of people who may have first-hand information about violations of the securities laws. While the SEC has a history of receiving a high volume of tips and complaints, the quality of the tips we have received has been better since Dodd-Frank became law. We expect this trend to continue, and these final rules map out simplified and transparent procedures for whistleblowers to provide us critical information.”

As a result of these new rules, public companies can anticipate higher compliance costs, additional enforcement activities and more follow-on civil litigation.

Background: Section 922 of The Dodd-Frank Act

The Dodd-Frank Act included “bounty hunter” provisions to strengthen the enforcement of securities and commodities laws and to increase the voluntary reporting of securities and commodities violations. Prior to Dodd-Frank, the SEC's bounty program was limited to insider-trading cases, and the amount of an award was capped at 10% of the penalties collected in the action. The Act significantly enhanced whistleblower rewards and protections. The whistleblower provisions appear in section 922 (related to the SEC) and section 748 (related to the Commodity Futures Trading Commission, or CFTC). Both sections offer a bounty of up to 30% of collected monetary sanctions over $1 million recovered by the SEC, the CFTC, the U.S. Department of Justice (DOJ), self-regulatory organizations and other regulators. Congress instructed the SEC to promulgate the necessary rules to implement these measures, which the recent SEC action does.

Dodd-Frank's provisions are somewhat similar to the whistleblower provisions of the federal False Claims Act (FCA), which, the DOJ reports, led to the recovery of $2.4 billion during 2009, and more than $24 billion since 1986. FCA whistleblower actions have demonstrably increased the number of agency enforcement proceedings. In the health care industry, for example, more than three-fourths of the enforcement actions reported during 2009 relate to actions initiated by whistleblowers. It will be interesting to note whether a similar pattern emerges for SEC enforcement actions.

The SEC proposed new rules under section 922 on Nov. 3, 2010, which defined certain terms essential to the operation of the whistleblower program, outlined the procedures for applying for awards and the SEC's procedures for making decisions on claims, and generally explained the scope of the whistleblower program. More than 1,500 comment letters were submitted regarding the proposed rules, and after making some changes to the proposals (but keeping them mostly intact), the SEC adopted the final rules on May 25, 2011.

Internal Compliance

A significant issue discussed in the SEC's proposing release was the impact of the whistleblower program on companies' internal compliance processes. While the SEC determined not to include a requirement that whistleblowers report violations internally, the SEC said that it made changes to the rules to further incentivize whistleblowers to utilize their companies' internal compliance and reporting systems when appropriate, including the following:

• A whistleblower's voluntary participation in an entity's internal compliance and reporting systems is a factor that can increase the amount of an award;
• A whistleblower's interference with internal compliance and reporting is a factor that can decrease the amount of an award; and
• A whistleblower can receive an award for reporting original information to an entity's internal compliance and reporting systems, if the entity reports information to the SEC that leads to a successful SEC action.

Key Provisions of the New 'Bounty Hunter' Rules

Definition of 'Whistleblower'

The final rules define a whistleblower as a person who provides original information to the SEC in accordance with the procedures set forth in the final rules, and the information relates to a possible violation of the securities laws that has occurred, is ongoing or is about to occur. A whistleblower must be an individual.

Certain people generally will not be considered for whistleblower awards under Dodd-Frank and the final rules, including people who have a pre-existing legal or contractual duty to report their information to the SEC; attorneys who attempt to use information obtained from client engagements to make whistleblower claims for themselves (unless disclosure of the information is permitted under SEC rules or state bar rules); people who obtain the information by means or in a manner that is determined by a U.S. court to violate federal or state criminal law; public accountants working on SEC engagements, if the information relates to violations by the engagement client; and, in certain circumstances, compliance and internal audit personnel.

Requirements to Be Considered for an Award

To be considered for an award, the final rules require that a whistleblower must satisfy four requirements:

1. Voluntarily Provide the SEC with Information '

A whistleblower is deemed to have provided information voluntarily if he or she has provided information before the government, or a self-regulatory organization or the Public Company Accounting Oversight Board asks for it directly from the whistleblower or the whistleblower's representative.

2. That Is Original Information Regarding a Violation of Federal Securities Laws '

Original information must be based upon the whistleblower's independent knowledge or independent analysis, not already known to the SEC and not derived exclusively from certain public sources.

3. That Leads to a Successful Enforcement Action '

A whistleblower's information can be deemed to have led to a successful enforcement action if: a) The information is sufficiently specific, credible and timely to cause the SEC to open or reopen an examination or investigation or open a new line of inquiry in an existing examination or investigation; b) The conduct was already under investigation when the information was submitted, and the information significantly contributed to the success of the action; c) The whistleblower reports original information through his or her employer's internal whistleblower, legal or compliance procedures before or at the same time it is passed along to the SEC; the employer provides the whistleblower's information (and any subsequently discovered information) to the SEC; and the employer's report satisfies either (a) or (b) above.

4. Resulting in Monetary Sanctions Totaling More
Than $1 Million

The rules permit aggregation of multiple SEC cases that arise out of a common set of operative facts as a single action. These may include proceedings involving the same or similar parties, factual allegations, alleged violations of the federal securities laws, or transactions or occurrences.

'Bounty' Provisions

The SEC will pay an award or awards of at least 10% and up to 30% to whistleblowers who satisfy the requirements of the final rules. The final rules also set forth a number of factors that the SEC will consider in determining the amount of an award, including the SEC's “programmatic interest” in deterring particular securities violations.

Procedures for Submitting Information and Claims

The final rules set forth a new form, Form TCR, to be submitted by a whistleblower under penalty of perjury. In order to be eligible for a reward, a whistleblower must, at the time he or she submits the Form TCR, declare under penalty of perjury that the information he or she is providing is true and correct to the best of his or her knowledge and belief.

Anti-retaliation

Under the rules, a whistleblower who provides information to the SEC is protected from employment retaliation if the whistleblower possesses a reasonable belief that the information he or she is providing relates to a possible securities law violation that has occurred, is ongoing or is about to occur. In addition, the rules make it unlawful for anyone to interfere with a whistleblower's efforts to communicate with the SEC, including threatening to enforce a confidentiality agreement.

Risks to Companies

A primary risk of the final rules is that a possible violation of law will be reported to the SEC, potentially involving a long process and high monetary and non-monetary costs (including sanctions), rather than a quick process at a relatively low cost through internal procedures. SEC bounty payments may motivate whistleblowers to report possible violations directly to the SEC, to delay reporting violations internally or even to interfere with internal procedures to increase the likelihood of receiving a bounty payment.

Dodd-Frank's whistleblower provisions and the final rules have created an opportunity for plaintiffs' securities attorneys and qui tam attorneys, who are targeting prospective whistleblowers as clients and raising the possibility of multimillion-dollar bounty payments. The Act and the final rules also increase the likelihood of civil litigation that often follows SEC enforcement actions.

Because potential whistleblowers are not limited to current or former employees ' whistleblowers can be independent contractors, consultants, joint venture partners or others ' business relationships with third parties may also represent increased risk as sources of potential whistleblower reports. Thus, the final rules represent an additional risk to and possible costs associated with being a public company in the United States.

Steps Companies Should Take To Mitigate Risks

Notwithstanding that the new whistleblower rules create incentives to bypass internal reporting procedures, companies should consider taking the following actions to mitigate the aforementioned risks:

• Review existing governance, compliance and employment policies.
• Adopt measures to encourage and enhance the loyalty of employees and agents.
• Encourage a culture of compliance and internal reporting of potential problems.
• Make compliance policies accessible and easy to understand.
• Actively promote and regularly publicize the company's reporting procedures.
• Train employees regarding compliance matters.
• Be ready to deal with reports that are received and, if necessary, to quickly launch an internal investigation if credible reports of violations are received.
• Assure employees that there will be no retaliation for whistleblower reports.
• Review anti-retaliation policies to ensure that they comport with Dodd-Frank, which protects a broader range of disclosures than the Sarbanes-Oxley Act.

Even when a company learns about a whistleblower issue that has been or likely will be reported to the SEC, opportunities remain for companies to limit the likely damage. For one thing, companies may be able to help shape the SEC's decision about whether to proceed with an enforcement action. This is because currently the SEC is neither fully staffed nor prepared to handle the expected number of whistleblower complaints, which it estimates to be about 30,000 annually. Moreover, the SEC has said that its staff will continue the practice of receiving information from companies in the early stages of an internal investigation and may agree to await further results from the investigation before deciding what may be its next step. This makes it vital for companies to obtain the assistance of outside counsel to help advise them and oversee an expedited but thorough internal investigation.

Darrick M. Mix ([email protected]) is a partner in the Philadelphia office of Duane Morris LLP. He concentrates his practice in the areas of securities offerings and compliance, mergers and acquisitions and general corporate matters. Mix advises public companies with respect to SEC regulations, governance issues and other corporate and securities law matters. Michael E. Clark ([email protected]) is special counsel in the firm's Houston office. He practices in the area of litigation with concentrations in securities and financial fraud as well as white-collar law and health care law in both criminal and civil matters.