United States: whistleblowers and self-reporting

The interrelated questions of how to handle a whistleblower allegation and whether to self-report conduct to the US authorities have long been two of the most challenging problems in the investigations sphere. These questions are proving only more significant and difficult today as the US authorities continue to incentivise and protect whistleblowers, and make great new efforts to draw out self-reports. In this climate, it is unsurprising that many continue to take a conservative approach to these problems. Companies often are motivated to take any steps they can to avoid indictment when potentially criminal conduct arises. Separate from penalties themselves, a criminal action against a corporation presents a range of potential collateral consequences, including the possibility of suspension and debarment from government contracting, and increased scrutiny from current and prospective business partners. Yet, at the same time, there is a groundswell towards pushing back on the United States enforcement authorities’ role as prosecutor, judge and jury in corporate criminal matters.

This article focuses on the twin issues of whistleblowing and self-reporting by first examining the current landscape around them with a focus on some of the most recent developments, and then looking at some of the considerations that can help guide decision-making in this arena. It focuses especially on developments since our article in last year’s The Investigations Review of the Americas.

The current landscape

The current environment is marked by major government initiatives to incentivise and protect whistleblowers, as well as continuing attempts to incentivise voluntary self-reporting, with the promise of more certain, tangible benefits. The purpose of these initiatives is obvious – to generate leads from those with knowledge of potential wrongdoing.

SEC’s Whistleblower Program

Prior to passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010, the United States Securities and Exchange Commission (SEC) offered a limited ‘bounty’ programme for tips related to insider trading, but the programme was not well publicised, received few claims for rewards and was determined by the SEC itself not to have been well designed.¹ To remedy those flaws, the Dodd-Frank Act² created a more muscular programme designed to incentivise reporting potential violations of federal securities laws to the SEC. The SEC created the Office of the Whistleblower (OWB) to oversee the Dodd-Frank Whistleblower Program, and adopted rules for its implementation.³ The Whistleblower Program features both a potentially lucrative awards programme and strong anti-retaliation provisions.

Awards

The Whistleblower Program incentivises reporting by offering monetary awards for information leading to successful enforcement actions. To qualify for an award, a whistleblower must voluntarily provide original information that leads to a successful enforcement action in which the SEC obtains monetary sanctions totalling more than US$1 million, and the information must pertain to violations post-dating the enactment of Dodd-Frank.⁴4 Information is provided ‘voluntarily’ if the individual provides it to the SEC, Department of Justice (DOJ) or other government regulatory or enforcement agency before the individual is asked to provide it.⁵ To be considered ‘original information’, the tip must be derived from the whistleblower’s independent knowledge or analysis, and must not be in the public domain or already known to the SEC.⁶ A whistleblower qualifies under the regulations if he or she reports to another regulator, or if the whistleblower first reports through the company’s internal compliance systems, as long as the whistleblower also reports to the SEC within 120 days.⁷ What kind of information leads to a successful enforcement action is a fact-intensive question ultimately determined by the SEC, but as a general matter, information that identifies particular individuals, documents or financial transactions relating to relatively current allegations is more likely to qualify.⁸ Approximately half of whistleblowers are internal, and 80 per cent of those report the issue through internal compliance channels or supervisors first.⁹

The current structure also creates at least a potential incentive for whistleblowers to report quickly. Multiple whistleblowers may be eligible for a reward based on the same enforcement action, provided their respective information is sufficiently different to be considered ‘original’. But if two whistleblowers provide the same or similar information, it is possible that only the first is eligible to receive a reward. So far, however, the SEC appears to prefer to split awards between multiple claimants for the same notice of covered action rather than further incentivise a race to the courthouse. In September 2015, for example, the Commission ordered a joint award of 20 per cent – 11 per cent and 9 per cent – of the final monetary penalty to whistleblowers who reported original information.¹⁰This was the third time the SEC has split an award between multiple claimants.¹¹

Qualified whistleblowers may be entitled to be paid between 10 and 30 per cent of the amount of monetary sanctions collected by the SEC or other specified authorities in related actions.¹² Awards to eligible whistleblowers can be reduced if the whistleblower was involved in the securities violation, delayed reporting the violation, interfered with the company’s internal investigation and reporting protocols, or otherwise hindered efforts to investigate the violation.¹³The SEC posts on its website and on Twitter notice of any enforcement action for which a whistleblower could be eligible (eg, where the final judgment is greater than US$1 million). Individual claimants then have 90 days to apply for the award. OWB attorneys then evaluate the application and make a recommendation as to whether the claimant is eligible for an award.

The number of awards is still not overwhelming compared to the number of tips, but the steady increase of both is unmistakable. The SEC received 3,923 tips in fiscal year 2015, over 300 more than the previous year. The SEC issued 139 notices of covered action in that year – identical to the number of notices issued in fiscal year 2014 – but received more than 120 award claims, which is a significant increase compared to previous years.¹⁴ These numbers suggest that the Whistleblower Program is becoming more visible to prospective claimants. Part of that increased visibility is, undoubtedly, a consequence of the increase in the amount and pace of awards. From the Program’s inception to 1 July 2016, the SEC has awarded US$85 million to 32 whistleblowers. Fifteen of those awards, totalling over US$65 million, have been issued from the start of fiscal year 2015,¹⁵which means nearly half of successful claims and three-quarters of all award money have been issued in the past 21 months. Sean McKessy, Chief of the OWB, also has posited that the increase in claims in 2015 is attributable both to growing public awareness in the programme and in response to the high payouts from reporting.¹⁶

Several recent cases highlight the trend toward more frequent and larger awards. June 2016 saw the second largest monetary award to date: a US$17 million award for a detailed tip from a company insider that, according to the SEC, ‘substantially advanced the agency’s investigation and ultimate enforcement action.’¹⁷ That award capped off a banner month for award claimants, who received more than US$26 million in five whistleblower awards between May and June 2016.¹⁸

Fiscal year 2015 also highlighted the Whistleblower Program’s continued international reach. In September 2015, the SEC issued awards to two foreign nationals who reported original information.¹⁹ This is the third example of the SEC issuing an award to a foreign national, though notably foreign nationals from 61 countries provided over 400 tips in fiscal year 2015.

Nonetheless, the SEC still denies far more whistleblower recovery claims than it grants.²⁰ The most common reasons for denial of an award, according to the SEC, were that it (i) lacked original information, (ii) did not lead to a successful enforcement action, (iii) was not timely, or (iv) concerned violations predating Dodd-Frank. With respect to one recent award, the SEC found that the individual had unreasonably delayed reporting violations, and thus decreased the award percentage.²¹ Specifically, the SEC noted that violations had continued and the respondents in the underlying action were able to profit, thus increasing the monetary sanctions upon which the claimant’s award was based.²²The SEC denied the claimant’s request to increase the award percentage, emphasising that the rules ‘should incentivize the prompt and early submission of high-quality, credible tips’.²³

Unsurprisingly, the steady growth in the number of tips and in award magnitude has occurred in tandem with an increase in frivolous award claims.²⁴ For example, in August 2015, the SEC issued a final order denying multiple claims from the same claimant, submitted in connection with 25 separate notices of covered action. The SEC determined that the claims lacked even a basic factual nexus with the notices at issue and were wilfully false, and, thus, barred the claimant from seeking awards in the future.²⁵ This incident follows one the previous year where the SEC denied multiple frivolous claims from a different claimant submitted in connection with 143 notices of covered action.²⁶It will be interesting to see whether any negative consequences befall whistleblowers making false or inappropriate claims in the future, perhaps counterbalancing a regime that right now offers considerable upside to those making damaging allegations.

Retaliation and whistleblower protection

A key component of the Whistleblower Program is protection from retaliation. Section 21F(h) of the Exchange Act prohibits an employer from discharging, demoting, suspending, threatening, harassing, directly or indirectly, or in any other manner discriminating against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower, including providing information to the Commission.²⁷ Sean McKessy, Chief of the OWB, has stressed the importance of whistleblower protection:

For whistleblowers to come forward, they must feel assured that they’re protected from retaliation and the law is on their side should it occur. [... The SEC] will continue to exercise [its] anti-retaliation authority in these and other types of situations where a whistleblower is wrongfully targeted for doing the right thing and reporting a possible securities law violation.²⁸

The SEC has been proactive about enforcing the anti-retaliation provisions, for example bringing a successful enforcement action related to whistleblower retaliation in 2012.²⁹

Interestingly, there is a clear circuit split over whether an individual must report to the SEC in order to qualify for the whistleblower protections. In the SEC’s view, individuals qualify for protection against retaliation under Dodd-Frank as long as they have a reasonable belief that information provided pertains to a violation of securities law, regardless of whether the information is reported to the SEC, to other agencies, or internally. Several district courts have deferred to the SEC’s definition.³⁰ However, at least one circuit has taken a different view. In Asadi v GE Energy (USA) LLC,³¹ the plaintiff alleged that his former employer violated the whistleblower protections of Dodd-Frank by retaliating against him for reporting possible FCPA violations through internal company channels. The Fifth Circuit held that the plaintiff was not a ‘whistleblower’ eligible for protection because he did not provide information directly to the SEC, as required by Dodd-Frank. Although this case dealt specifically with the private right of action arising out of Dodd-Frank anti-retaliation provisions rather than the SEC’s Whistleblower Program, it is potentially significant that the Court refused to defer to the SEC’s more expansive regulation defining who qualifies as a whistleblower.³² The SEC responded vigorously, filing numerous amicus curiae briefs in private retaliation litigation urging courts to defer to the SEC’s rule, and arguing that extending retaliation protections regardless of whether a whistleblower reports to the SEC is critical to the SEC’s enforcement scheme.³³

In Berman v [email protected] LLC,³⁴ the Second Circuit disagreed with the Fifth Circuit, holding instead that the whistleblower protection portions of the Dodd-Frank Act were sufficiently ambiguous to defer to the SEC’s interpretation of those provisions. Given the uncertainty surrounding when an individual qualifies as a protected whistleblower, an individual may rationally prefer to report to the SEC as a matter of course whenever he or she reports internally.

Confidentiality agreements

The intersection between confidentiality agreements and whistleblower protection remains a point of interest to the SEC. In 2015, the SEC came down hard on a company, KBR, for having an employee sign an agreement that precluded him from making a report to the Commission.³⁵ The SEC charged KBR with violating the whistleblower protection rule contained within Dodd-Frank because the company had its employees sign confidentiality statements during an internal investigation, with language warning them not to discuss the matters with outside parties without the prior approval of the company’s legal department. While the SEC found no instances where the company had specifically prevented any employee from communicating with the SEC, the SEC’s Director of Enforcement claimed that ‘KBR potentially discouraged employees from reporting securities violations to us.’³⁶ In concluding the announcement, the Chief of the OWB encouraged all companies to ‘review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.’³⁷

Criticisms of the Whistleblower Program

The most common criticism of the SEC’s Whistleblower Program is that it short-circuits companies’ internal reporting and compliance mechanisms, turning any allegation of wrongdoing, no matter how insignificant or incredible, into the proverbial ‘federal case’. The SEC contends that there are plenty of incentives for a whistleblower to report in-house first, including a potentially enhanced award, and a greater chance that the whistleblower’s tip will qualify as original information even if the company self-reports. The problem, however, is not just that a whistleblower will report a potential violation to the SEC before reporting in-house. Rather, the problem is that even if a whistleblower reports in-house first, the company has to assume the matter will be reported to the government.³⁸

The idea of incentivising whistleblowers with monetary rewards was given a chilly reception in the UK, a close collaborator with the US enforcement agencies on compliance issues in recent years. Two UK agencies commissioned by the Parliamentary Committee on Banking Standards to study whistleblower programmes recommended against adoption of a similar programme in the UK. The report noted: ‘There is no empirical evidence to suggest that the US system raises either the number or the quality of whistleblowing disclosures within financial services. Nor do the incentives in the US model appear to improve the protection available to whistleblowers.’³⁹

Incentivising self-reporting

There is no independent legal duty to self-report violations of US law, including the FCPA. However, there are various regulatory obligations that may separately require a disclosure that would, in effect, alert the US enforcement authorities to a potential problem. But even in those instances, companies are still not required to self-report and are never required to share the conclusions of any privileged review. Against this backdrop, the US enforcement authorities (DOJ and SEC) have worked to incentivise self-reporting by offering to exercise regulatory and prosecutorial discretion permitted by US law to impose a lesser penalty, or even no penalty, if violators self-report.

Both the SEC and the DOJ have taken great pains to prove the benefits of self-reporting. Numerous DOJ settlements emphasise the credit companies have received for self-reporting, in some cases attempting to quantify it. Indeed, in several FCPA settlements, the DOJ has specifically pointed out that it agreed to fines and penalties significantly below the base level established by the US Sentencing Guidelines range at least in part because the company voluntarily disclosed the violation.⁴⁰ And the vast majority of reported SEC complaints and consent orders indicate that self-reporting mitigates in favour of a reduced penalty.⁴¹ In two recent examples, the SEC entered into non-prosecution agreements with two firms that self-reported. Akamai Technologies agreed to pay over $650,000 in connection with providing meals and entertainment in China.⁴² Nortek Inc agreed to pay over $300,000 in connection with gifts to Chinese officials.⁴³ Both companies self-reported the conduct promptly and produced documents, appeared for interviews, and responded to inquiries when asked. Additionally, Akamai and Nortek established new compliance positions and terminated those who participated in the schemes.⁴⁴ The SEC wanted to show the favourable treatment these companies received for their self-reporting and cooperation.

The agencies’ published material also seeks to emphasise the benefits of self-reporting. For example, the SEC’s Enforcement Manual has urged that the benefits of self-reporting may include a reduced penalty, no penalty or a decision not to prosecute at all.⁴⁵ The DOJ and SEC FCPA Guidance places a similarly high premium on self-reporting.⁴⁶

In addition, the agencies’ leaders continue to tout benefits of self-reporting. In his keynote speech at ACI’s 32nd FCPA Conference, Andrew Ceresney, Director of the SEC’s Division of Enforcement, noted some of the benefits of self-reporting, including discovering misconduct quickly, maximising benefits of cooperation, and eliminating the risk of the Enforcement Division finding out through its investigation or a whistleblower.⁴⁷ In addition, Ceresney announced that going forward the SEC will consider non-prosecution agreements and deferred prosecution agreements only where companies self-report.⁴⁸ SEC Commission Chair, Mary Jo White has also emphasised that self-reporting is an important factor in the SEC’s decisions as to whether to pursue an enforcement action and what penalty is appropriate.⁴⁹ Andrew Weissmann, the DOJ’s Chief of the Criminal Fraud Section, suggested that the DOJ is interested in incentivising early reporting to pry companies away from a strategy of waiting to self-report until late in an investigation or the moment before a whistleblower reports.⁵⁰ He also has indicated that the DOJ intends eventually to be able to resolve matters with self-reporting and promptly cooperating companies in one year, suggesting to would-be self-reporters that they are not in for an interminable investigation if they voluntarily disclose.⁵¹

One problem – as is perhaps belied by the constant promotion of self-reporting – is that it remains virtually impossible to predict its benefits. Some of this is simply because any enforcement action is going to be unique and fact-specific. Add to that the highly negotiated nature of any settlement, and it quickly becomes very difficult to concretise any benefit from self-reporting. The costs of self-reporting, however, are easier to imagine.

The government has recognised the need to clarify the tangible benefits of self-reporting and has sought to address that issue in part through the new FCPA Pilot Program (Pilot Program).⁵² The Pilot Program aims to flesh out what the Department considers voluntary disclosure, and what companies must do to reap the full benefits of cooperation. A company is credited as having disclosed ‘voluntarily’ where it (i) does so ‘prior to an imminent threat of disclosure or government investigation’; (ii) discloses the conduct to the Department ‘within a reasonably prompt time after becoming aware of the offense’; and (iii) discloses all relevant facts known to it, including all relevant facts about the individuals involved in any FCPA violation. The Pilot Program provides further that if a company’s disclosure is ‘voluntary’, then it may be eligible for cooperation beyond what is available under the Sentencing Guidelines. The DOJ outlined
11 required factors to qualify for this enhanced downward reduction, including full disclosure of criminal wrongdoing by employees, third parties, and other companies; attribution of specific facts uncovered during the investigation to specific sources where attribution would not violate privilege or privacy laws; timely updates on the company’s investigation; and facilitation of Department review of foreign witnesses and documents. When a company withholds a document, person or fact, the burden is on the company to demonstrate that a privilege or other legal right applies. For a company that fully complies with these requirements, the DOJ will consider declining prosecution, seeking up to a 50 per cent reduction off the bottom end of the Sentencing Guidelines if a fine is sought, and/or forgoing the need for a compliance monitor. Companies that do not meet all of the requirements may still receive a limited cooperation benefit; however, when no voluntary self-disclosure has been made, a company can be eligible for, at most, a 25 per cent reduction off the bottom of the Sentencing Guidelines fine range. While the attempt to clarify the requirements and benefits of self-reporting is laudable, the large number of requirements, grafted on to prosecutorial discretion, leaves the specific application of these principles an open question.

At the same time, another new DOJ pronouncement has provided a very visible reminder to companies of what a sober decision it is to self-report. In September 2015, Deputy Attorney General Sally Quillian Yates published a memo (the ‘Yates Memo’) outlining new DOJ policies for ensuring individual responsibility for corporate wrongdoing.⁵³ According to the Yates Memo, in order to be eligible for cooperation credit, corporations must disclose to the DOJ all relevant facts about individuals involved in corporate misconduct. The Yates Memo states that the extent of any credit granted to the corporation will be based on the timeliness and diligence of that disclosure. The Yates Memo also introduced a series of procedures within DOJ aimed at stepping up the prosecution of individuals when corporations self-report and resolve matters. There is nothing new about the idea that cooperating companies generally must turn over information requested by the DOJ, or about the idea that the DOJ is interested in prosecuting individuals. However, the stated hesitation around settlements with corporations if individuals are not also being pursued does remind companies of the probability that any self-report is likely to lead to a lengthy, uncomfortable exercise, even if it improves the end result.

Considerations and problems

Next we discuss some considerations and problems in the whistleblowing and self-reporting area, to help with thinking through decision-making should an issue arise.

Investigating whistleblower complaints

Companies ignore whistleblower complaints at their own peril. Not only do the US enforcement agencies consider a company’s responsiveness to whistleblower complaints when deciding whether to pursue enforcement actions and levy penalties (including in future matters), but a credible internal investigation process may also foreclose external reporting entirely. While some whistleblowers may be primarily interested in the SEC’s potential reward, many report to the SEC after they decide that the company has ignored internal complaints or that they have been a victim of retaliation. Companies must take measures to ensure that the employees are comfortable reporting internally, that there is no retaliation against whistleblowers, and that complaints are investigated in a thorough and timely manner. Companies with transparent, navigable reporting systems and business cultures supportive of internal reporting, are often in a better position to respond to whistleblower complaints before they reach the US enforcement agencies.

Internal investigations, however, can be time-consuming, disruptive and expensive. Responding proportionally to an allegation, and neither over- nor under-reacting, is among the most urgent challenges in today’s environment. To help, companies may consider a two-stage process for vetting allegations. Especially where the plausibility of an allegation is not necessarily inherent on its face, the first stage of an investigation may be limited to an interview with the whistleblower or a small set of individuals involved in the alleged misconduct, or some sort of very limited review of records, just to make a preliminary assessment of the plausibility of the claim. If the preliminary assessment suggests that the whistleblower’s complaint is plausible (or at least that the government would think it plausible), then the company would embark on a more robust investigation by engaging outside counsel or in-house investigation specialists, reviewing documents and conducting additional interviews.

It is, of course, critical that, however the company proceeds with its investigation, it do so expeditiously so that it can make an informed decision regarding self-reporting. While there is no guide for when a report becomes ‘stale’, timeliness matters. Of course, whistleblowers may also have an independent incentive to move quickly. In addition to needing to be the first in with the information they possess, they may also need to report the alleged violation to the SEC within 120 days of reporting it internally so as not to become ineligible for a reward.

A thorny issue that may arise in an investigation is a whistleblower complaint that implicates privileged materials. The DC Circuit recently held that the attorney-client privilege applies broadly to documents generated through an internal investigation conducted by legal counsel.⁵⁴ As a general matter, the SEC does not consider information covered by the attorney-client privilege or information obtained through an internal audit or investigation to be ‘original information’ qualifying a whistleblower for a reward.⁵⁵ But that exclusion only applies to the privileged communications and materials themselves. Information obtained through the whistleblower’s independent knowledge still qualifies even if it covers the same underlying facts as reflected in the company’s privileged material. Moreover, even if a reward is unavailable, nothing except self-policed ethical rules prevents the SEC or DOJ from considering privileged information, and nothing prevents a whistleblower from claiming protection based on providing privileged information. Courts have different views as to whether and under what circumstances such disclosures waive privilege,⁵⁶ but a common thread in the analyses is that the disclosures from management,⁵⁷ or disclosures where a company’s efforts to protect privileged material are lax, support a finding of waiver.⁵⁸

Traditional waiver analysis thus appears to incentivise robust protection of privileged or otherwise confidential materials including where they are relating to the subject of a whistleblower complaint. However, in light of the SEC’s concern over confidentiality agreements or actions that discourage whistleblowers from reporting, counsel must be careful that assertions of privilege or discussions of privilege and confidentiality are not perceived as an improper suppression of self-reporting.⁵⁹ The SEC’s focus on the potential conflict between confidentiality agreements and the Whistleblower Program raises the troubling question of whether a company can take steps to protect the confidentiality of any information that reveals a potential securities violation. And perhaps more critically, there is the issue of how the SEC’s reasoning regarding the interplay between confidentiality and whistleblowing implicates privilege. For example, under the letter of the regulation, an attorney who issues Upjohn warnings to potential whistleblowers in an internal investigation containing a request that the discussion be kept confidential to protect the company’s privilege arguably ‘impede[s]’ an individual from reporting. While the SEC is not likely to take such an extreme position, absent greater clarity around the meaning of ‘impede’, companies may have difficulty in knowing how far they are allowed to go in protecting information that they believe to be confidential. At a minimum, companies should review employment agreements, severance agreements, codes of conduct and other confidentiality and non-disparagement agreements to be aware of anything that might be perceived as suppressing whistleblowing.

Whether to self-report an allegation

Much of the discussion surrounding self-reporting presumes the alleged conduct occurred and the company is either determining the breadth of the problem or whether it occurred elsewhere. In those instances, US enforcement authorities stress that they have ever-increasing avenues for discovering the information themselves (eg, whistleblowers, competitors, industry sweeps), and cooperation credit is worth the price of self-reporting. In practice, however, a company is rarely able to confirm an allegation is true without at least commencing an investigation, which takes time. But if a company waits too long for an investigation to unfold, it may lose cooperation credit, or the opportunity for self-reporting may be pre-empted by an external disclosure.

Notwithstanding Andrew Weismann’s recent comments, noted above, self-reporting an unverified allegation (as opposed to a violation uncovered after a thorough investigation) can be costly and unnecessary. Once it becomes aware of a potential violation, an enforcement agency has the sole discretion to expand the scope of an investigation, while the target company must bear all the costs. Even if there is no violation, proving the absence of a violation can be very expensive for the target company. By contrast, the cost to an enforcement agency of requiring additional layers of investigation is near zero where the company offers to conduct the investigation and share its findings as part of its cooperation.

The DOJ and SEC are aware of the problem. Leslie Caldwell, the Assistant Attorney General for the DOJ’s Criminal Division, suggested recently that DOJ is conscious of the potential costs of investigation and that it is striving to limit investigations to the particular violation alleged:

We do not expect you to boil the ocean in conducting our investigation, but in order to receive full credit for cooperation, we do expect you to conduct a thorough, appropriately tailored investigation of the misconduct.⁶⁰

If the US enforcement agencies adopt a policy encouraging investigations that are proportionate to the alleged violation, this would lower the potential cost of self-reporting as it would reduce the risk of the enforcement authorities asking target companies to investigate further during cooperation sessions, and thereby reduce the risk that investigations spiral out of control. And perhaps Andrew Weissman’s recent suggestion of a one-year investigation process signals an intent to do exactly that. Nevertheless, even if enforcement authorities are more cognisant of the scope of investigations going forward, the incentives structure whereby the target company bears the costs while the enforcement agency dictates the breadth will remain unchanged.

Whether to self-report a violation

If a violation has in fact occurred, the board of directors should decide whether to self-report. The following factors are among those that may influence the decision: (i) the gravity of the violation; (ii) whether the violation will effectively be disclosed through required securities disclosures; (iii) whether the allegation implicates high-level employees or officers; (iv) the outcome of any preliminary investigation; (v) whether the company believes that a whistleblower will report the matter to an enforcement agency or the enforcement agency will likely discover the conduct some other way; (vi) the potential civil and criminal penalties; and (vii) the impact of disclosure on foreign enforcement authorities, stock holders and business relationships.

Note that even if the company does not self-report, it should thoroughly document its investigation in order to demonstrate to an enforcement agency that the investigation was rigorous and credible, and it should act quickly and responsibly to strengthen any weaknesses in controls or policy identified during the course of the review. Indeed, responding vigilantly to an allegation is often more important where a company does not self-report, since its actions will certainly come under scrutiny if the conduct is later detected, or if a similar issue arises at a later date.

Notes

1   
US Securities and Exchange Commission Office of Inspector General, ‘Evaluation of the SEC’s Whistleblower Program’, p. V (18 January 2013).

2   
15 U.S.C. section 78u–6 (2014).

3   
17 C.F.R. 240.21F-1–240.21F-17.

4   
240.21F-3.

5   
240.21F-4(a).

6   
240.21F-4(b). Attorneys, accountants and employees and officers whose work touches on internal investigations are normally deemed not to have ‘original’ information and, thus, are ineligible for a reward except in a few defined circumstances. One such circumstance is that they report more than 120 days after the company has notice of the allegation. 240.21F–4(b)(4)(v)(C); 240.21F-4(c).

7   
240.21F-4(b)(6)(vi). The interrelation between this provision and the provision that certain whistleblowers do not possess ‘original information’ until 120 days after the company has notice is not entirely clear. But a recent award to a whistleblower with internal audit responsibilities suggests the Commission sees no conflict between the two and, when the whistleblower has such responsibilities, he must wait 120 days to report to the Commission.

8   
US Securities and Exchange Commission, 2015 Annual Report to Congress on the Dodd-Frank Whistleblower Program at 16, available at www.sec.gov/whistleblower/reportspubs/annual-reports/owb-annual-report-2015.pdf (2015 Report).

9   
Id. at 17.

10 
Order Determining Award Claim, Exchange Act Rel. No. 76000, File No. 2015-7 (28 September 2015).

11 
2015 Report at 12, available at www.sec.gov/whistleblower/reportspubs/annual-reports/owb-annual-report-2015.pdf.

12 
240.21F-5.

13 
2015 Report at 18.

14 
Id at 12.

15 
2015 Report at 1; US Securities and Exchange Commission, Press Releases for calendar years 2015 and 2016, available at www.sec.gov/news/pressrelease/2016-114.html.

16 
2015 Report at 1.

17 
US Securities and Exchange Commission, Press Release (9 June 2016) available at www.sec.gov/news/pressrelease/2016-114.html.

18 
US Securities and Exchange Commission, Press Releases for calendar year 2016.

19 
Order Determining Award Claim, Exchange Act Rel. No. 76000, File No. 2015-7 (28 September 2015); 2015 Report at 12.

20 
US Securities and Exchange Commission, Final Orders of the Commission (last accessed 3 July 2016), available at www.sec.gov/about/offices/owb/owb-final-orders.shtml.

21 
US Securities and Exchange Commission, Final Orders of the Commission, (last accessed 28 June 2016), available at www.sec.gov/about/offices/owb/owb-final-orders.shtml.

21 
US Securities and Exchange Commission, Final Order Release No. 76338 (4 November 2015), available at www.sec.gov/rules/other/2015/34-76338.pdf.

22 
Id.

23 
Order Instituting Cease and Desist Proceedings, In the Matter of Paradigm Capital Mgmt, Inc and Candace King Weir, File No. 3-15930, at 2, 6 (16 June 2014), available at www.sec.gov/litigation/admin/2014/34-72393.pdf.

24 
2015 Report at 14.

25 
US Securities and Exchange Commission, Final Order (5 August 2015), available at www.sec.gov/about/offices/owb/owb-final-orders.shtml.

26 
US Securities and Exchange Commission, Final Order (12 May 2014), available at www.sec.gov/about/offices/owb/owb-final-orders.shtml.

27 
15 U.S.C. section 78u–6 (h) (2014).

28 
US Securities and Exchange Commission, Press Release 2014-118, ‘SEC Charges Hedge Fund Advisor with Conflicted Transactions and Retaliating Against Whistleblower,’ available at www.sec.gov/News/PressRelease/Detail/PressRelease/1370542096307.

29 
Order Instituting Cease and Desist Proceedings, In the Matter of Paradigm Capital Mgmt, Inc and Candace King Weir, File No. 3-15930 (16 June 2014), available at www.sec.gov/litigation/admin/2014/34-72393.pdf.

30 
See Ellington v Giacoumakis, Civ. A. No. 13-11791-RGS, 2013 WL 5631046 (D. Mass. 16 October 2013); Genberg v Porter, 11-cv-02434-WYD-MEH, 2013 WL 1222056 (D.Colo 15 March 2013); Kramer v Tran-Lux Corp, No. 3:11-cv-01424, 2012 WL 4444820 (D. Conn. 25 September 2012).

31 
720 F.3d 620 (5th Cir. 2013).

32 
17 C.F.R. 240.21F-2(b)(1).

33 
2015 Report at 20.

34 
Berman v [email protected] LLC, No. 14-cv-4626, 2015 WL 5254916 (2d Cir. 10 September 2015).

35 
See US Securities and Exchange Commission, Press Release 2015-54, ‘Companies Cannot Stifle Whistleblowers in Confidentiality Agreements’, available at: www.sec.gov/news/pressrelease/2015-54.html.

36 
Id.

37 
Id.

38 
Indeed, the SEC has become watchful of companies that make any effort to encourage whistleblowers to keep matters confidential within the company. SEC Rules state that ‘no person may take any action to impede an individual from communicating directly with the [SEC] about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.’ 17 C.F.R. 240.21F-17(a). The Chief of the OWB has warned that the SEC is ‘actively looking’ at confidentiality or similar agreements that condition receipt of a benefit on not reporting potential violations. See Brian Mahoney, SEC Warns In-House Attys Against Whistleblower Contracts, LAW360 (14 March 2014), www.law360.com/articles/518815/sec-warns-in-house-attys-against-whistle-blower-contracts.

39 
Financial Conduct Authority, ‘Financial Incentives for Whistleblowers,’ at 7 (31 July 2014).

40 
US v Pride, Int’l, Cr. No. 10–766, Deferred Prosecution Agreement, paragraphs 6, 8–9 (4 November 2010) (approving downward departure greater than 50 per cent); US v Control Components Inc, SA Cr. No. 09-162, Plea Agreement paragraphs 13–16 (22 July 2009) (approving downward departure greater than 30 per cent); US v Latin Node Inc, Cr. No. 09-20239, Government’s Sentencing Memorandum, at 4–5 (3 April 2009) (approving downward departure greater than 50 per cent); see also Note, Sarah Marberg, ‘Promises of Leniency: Whether Companies Should Self-Disclose Violations of the Foreign Corrupt Practices Act,’ 45 Vand. J. Transnat’l. Law 557, 583–84 (June 2012).

41 
SEC v Orthofix, Complaint paragraph 22 (10 July 2012); US v Orthofix Int’l, NV, Deferred Prosecution Agreement paragraph 4 (10 July 2010); SEC Non-Prosecution Agreement with Ralph Lauren, paragraph 11 (22 April 2013); SEC Litigation Release No. 22450, ‘SEC Charges Oracle Corporation with FCPA Violations Related to Secret Side Funds in India’ (16 August 2012).

42 
US Securities and Exchange Commission, Press Release (7 June 2016), available at www.sec.gov/news/pressrelease/2016-109.html.

43 
Id.

44 
US Securities and Exchange Commission, Non-Prosecution Agreement (7 June 2016), available at www.sec.gov/news/press/2016/2016-109-npa-nortek.pdf; US Securities and Exchange Commission, Non-Prosecution Agreement (7 June 2016), available at www.sec.gov/news/press/2016/2016-109-npa-akamai.pdf.

45 
Securities and Exchange Commission Enforcement Manual, section 6.1.2 at 121 (9 October 2013).

46 
Criminal Division of the US Department of Justice and the Enforcement Division of the US Securities and Exchange Commission, ‘FCPA: A Resource Guide to the US Foreign Corrupt Practices Act,’ at 54 (November 2012).

47 
Andrew Ceresney, ACI’s 32nd FCPA Keynote Address (17 November 2015), available at www.sec.gov/news/speech/ceresney-fcpa-keynote-11-17-15.html#_ftn30.

48 
Id.

49 
Mary Jo White, ‘A Few Things Directors Should Know About the SEC,’ (23 June 2014), available at www.sec.gov/News/Speech/Detail/Speech/1370542148863#.U6rivcRDt1b.

50 
Adam Dobrik, ‘We’ll Improve Incentives for Early Self-Disclosure, Says DOJ Fraud Chief’, GIR (4 June 2015).

51 
Remarks of Andrew Weissmann, GIR Live, 9 February 2016.

52 
Department of Justice, ‘The Fraud Sections Foreign Corrupt Practices Act Enforcement Plan Guidance’, 5 April 2016, available at www.justice.gov/opa/file/838386/download; see also Department of Justice, ‘Criminal Division Launches New FCPA Pilot Program’, (last accessed 3 July 2016), available at www.justice.gov/opa/blog/criminal-division-launches-new-fcpa-pilot-program.

53 
Sally Quillian Yates, Individual Accountability for Corporate Wrongdoing (9 September 2015), available at www.justice.gov/dag/file/769036/download.

54 
In re Kellogg Brown & Root, Inc, 2014 U.S. App. LEXIS 12115 (D.C. Cir. 27 June 2014).

55 
17 C.F.R. 240.21F-4(b)(4).

56 
Resolution Trust Corp v Dean, 813 F. Supp. 1426 (D. Ariz. 1993).

57 
Commodity Futures Trading Comm’n v Weintraub, 471 U.S. 343, 348-49 (1985).

58 
Maldonado. New Jersey by & through the Admin. Office of the Courts-Prob. Div., 225 F.R.D. 120, 127-32 (D.N.J. 2004); Lois Sportswear v Levi Strauss, 104 F.R.D. 103 (S.D.N.Y. 1985).

59 
See supra at 2.

60 
Leslie R Caldwell, ‘American Conference Institute’s 31st International Conference on the Foreign Corrupt Practices Act’, (19 November 2014), available at: www.justice.gov/opa/speech/assistant-attorney-general-leslie-r-caldwell-speaks-american-conference-institute-s-31st.