One of the Dodd-Frank Act’s signature features was its creation of potentially massive bounties for whistleblowers that reported financial fraud to the SEC. During the time that the Dodd-Frank whistleblower program has been in place, the agency has made a number of significant bounty awards. Mary Jo White, the SEC chairwoman, has said that the program “has rapidly become a tremendously effective force-multiplier, generating high quality tips and, in some cases, virtual blueprints laying out an entire enterprise, directing us to the heart of an alleged fraud.” The SEC’s whistleblower program has also attracted the attention of other countries’ securities regulators, with the various countries reaching a variety of conclusions about the program, particularly its bounty award feature. In the past several days, securities regulators in Ontario and in Germany have each adopted their own whistleblower programs. The different approach the regulators have taken is interesting, as discussed below.
In a July 5, 2016 press release from Germany’s Federal Financial Supervisory Authority (BaFin), the agency announced that it has created a central reporting platform for whistleblowers to use to “report violations of supervisory provisions.” The agency also created a specific procedure to protect the identity of whistleblowers, as well as the identities of persons identified in the report. Whistleblowers have the option of contact in agency anonymously. The program, which was adopted to implement an amendment to the German Act on Financial Services Supervision, is aimed at persons with “a special knowledge of a company’s internal affairs – for example because they are employed there or have some other contractual relationship or relationship of trust.” In addition to BaFin’s own whistleblower reporting platform, the Act requires covered financial institutions to provide internal procedures for employees to report violations of supervisory rules.
According to a July 11, 2016 post on the Orrick law firm’s Employment Law and Litigation blog (here), the German regulator’s move to allow anonymous reporting “appears to represent a shift in German ideology toward a more favorable view of anonymous reporting, which for many years was discouraged in Germany and more broadly in the EU due to the risk of ‘organized systems of denouncement.’”
The blog post also notes that the German Act implements a recently adopted EU regulation, and that procedures for reporting violations of supervisory rules are currently being harmonized throughout Europe. Financial institutions “can expect similar provisions to be enacted in other EU jurisdictions.”
In a July 14, 2016 press release, the Ontario Securities Commission announced the launch of the Office of the Whistleblower, at the same time releasing a whistleblower program policy that outlines the program’s eligibility criteria and reporting procedures. The program includes a bounty feature that offers compensation of up to $5 million to individuals who come forward with tips that lead to enforcement actions. The program allows for anonymous reporting and also includes anti-reprisal features that allow the OSC to take enforcement actions against employers who retaliate against whistleblowers. With respect to the program’s bounty payment feature, the OSC said that “we believe that the payment of a financial incentive is most critical to the success of the program.”
According to a May 17, 2016 post on the Orrick law firm’s Employment Law and Litigation blog (here), the OSC relied primarily on the Dodd-Frank whistleblower program in establishing its own program and indeed cited the success of the “apparent success” of the U.S. program as among the reasons for setting the program up. However, the Ontario program differs somewhat from the U.S. program, in that the Ontario program award is capped, while the U.S. program allows bounty payments of between 10% to 30% of any recovery in an enforcement action, without limit.
According to the Orrick blog post about the new German reporting platform, these recent actions by regulators represent examples of the “growing efforts of governments to encourage reporting of wrongdoing to regulators.” While a growing number of countries are setting up platforms to allow whistleblowers to report directly to regulatory agencies, the approach the countries are taking is not uniform.
Thus, for example, while the Ontario program embraces the U.S. program’s payment of incentive bonuses, other countries have rejected this approach. The U.K. for instance, expressly rejected the payment of whistleblower bounties, on the grounds that they disproportionately reward a few whistleblowers without demonstrably improving the quality of information available to regulators or the overall quality of reported financial information. Obviously, Ontario came to a different conclusion about the merits of bounty payments, although it chose to cap the total amount of the award that a whistleblower might receive.
While the new German platform allows for anonymous reporting and incorporates features designed to protect whistleblowers’ anonymity, it does not appear to include anti-reprisal features of the type included in the Ontario and U.S. programs. The absence of these kinds of protections could well leave anyone making a report vulnerable. This vulnerability together with the absence under the German program of the kinds of incentive payments like those available under the Ontario and U.S. programs would suggest that the prospective whistleblower would both lack incentives to come forward and would also have disincentives to coming forward as well.
But though the approaches that the different countries are taking vary considerably, the fact is that the various regulators are taking affirmative steps to encourage whistleblowers to report wrongdoing. If the U.S. experience is any indication, the regulators in these countries can expect not only that they will receive whistleblower reports but that many of these reports may lead to enforcement actions.
These developments obviously should be a significant concern to companies with operations in the countries adopting these kinds of reporting procedures. (In that regard, it is important to note that after the U.S. procedures were adopted, many of the reports that were sent in came from outside the U.S.; the same phenomenon could well follow in the other countries adopting whistleblower programs.) The risks companies face include not only the possibility of a regulatory enforcement action but also include the possibility of follow-on civil litigation as well, if, for example, the revelations affect shareholders’ interests.
As the Orrick law firm’s blog post notes, “companies will want to have robust mechanisms for employees, as well as vendors and other third parties, to report violations of law internally and for those concerns to be promptly and properly investigated.”