Two and a half years after the Dodd-Frank Act’s whistleblower program passed and more than one year after key rules went into effect, the program has generated more than 3,000 tips, complaints, and referrals. It has also yielded the first Securities and Exchange Commission enforcement action this year.
The program’s first reward was made in August 2012 to a whistleblower that helped the Securities and Exchange Commission stop a multi-million dollar fraud scheme. Additionally, the Securities and Exchange Commission’s annual report on whistleblower provisions revealed that the judgments and orders, which were issued during the 2012 fiscal year, exceeded the program’s threshold of $1 million in 143 cases.
Although the entire scope of the whistleblower program has yet to completely unfold, the fact that over 3,000 people believe they each have credible information about fraud indicates that the program is gaining some serious traction. It also sends a clear message that regulated entities should be ready to react if a whistleblower investigation should arise. When it comes down to anticipating the risk, the primary concern should not be how to respond to a whistleblower qui tam suit, but how quickly the entity should respond.
Many large and complex corporations can fall subject to multiple self-reporting requirements with different time constraints. Examples of these can include the Securities and Exchange Commission’s zero-grace period (as was set out in the release for the whistleblower rules), the Financial Industry Regulatory Authority’s (FINRA) 30-day filing requirement (as set out in Rule 4530) and the Securities and Exchange Commission’s annual review requirement (as set out in the advisor and fund compliance rules).
When the Securities and Exchange Commission developed the whistleblower program rules, they made participating in internal compliance regulations a factor that could increase the amount of a whistleblower’s ultimate monetary reward. When whistleblowers contact an internal compliance officer with fraud information, they are given 120 days to report that data to the Securities and Exchange Commission. This grace period gives whistleblowers time to decide whether or not they really want to go forward with reporting the issue to the Securities and Exchange Commission.
At the same time, the Securities and Exchange Commission also says that how quickly a corporation or entity self-reports its own misconduct to the public, regulatory agencies and self-regulatory organizations would also be an important factor when they were considering whether (and to what extent) to grant leniency. It is basically a way to give entities incentive for cooperating in Securities and Exchange Commission investigations and related enforcement actions. While the Securities and Exchange Commission gives the whistleblower 120 days to officially provide information after making an internal report, no extra time is extended to the companies and entities who are receiving the reports.
The Securities and Exchange Commission emphasizes that the 120 days which are given to whistleblowers is not a “grace period” for companies to determine what their response to the allegations should be. It is, however, due to the fact that companies “frequently elect to contact the staff in the early stages of an internal investigation in order to self-report violations that have been identified.” In essence, the 120-day grace period applies only to the whistleblower. The 120-day period does not apply to corporations and should not affect how quickly they self-report fraud or misconduct to the Securities and Exchange Commission.