International - Written by on Wednesday, May 30, 2012 15:03 - 1 Comment

Take care! Is your Whistleblower Your Compliance Officer?

Print Friendly

Today we welcome new friends of thebribery Ross Booher and Taylor Phillips from Bass Berry & Sims.  Ross and Taylor lay out why lawyers are important!!! Read on…

How Dodd-Frank Incentivizes Compliance Officers, Internal Auditors, Anti-Corruption Vendors & Others to Work for the S.E.C. – And What You Can Do About It Now

By Ross Booher & Taylor Phillips

Ross Booher (pictured)

Bass, Berry & Sims PLC

The whistleblower bounty provisions of the U.S. Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) have been covered in detail (including here and here).   As Barry and Richard have discussed before, the provisions can allow whistleblowers to collect 10-30% of securities law enforcement recoveries (including some Foreign Corrupt Practices Act recoveries), under certain circumstances.  Many readers also probably know that Dodd-Frank applies to companies that qualify as “issuers” under U.S. law, including companies organized outside the U.S. that have American depositary receipts.  One crucial aspect of the bounty program has not received much attention, however: even persons who owe your company fiduciary duties may be eligible for lucrative Dodd-Frank whistleblowing bounties.

Under the final Dodd-Frank rules promulgated by the U.S. Securities & Exchange Commission (“SEC”), a whistleblower can report an alleged securities law violation to the SEC without ever informing his or her company.  Even if a whistleblower chooses to inform his or her company, the whistleblower is required to report the alleged violation to the SEC within 120 days from the date of the internal report to be eligible for a bounty.[i] Moreover, once 120 days have elapsed since the company’s audit committee, chief legal officer, or chief compliance officer has received notice of the alleged violation, an officer (including a compliance officer), director, trustee, partner or other person with a fiduciary duty may become a whistleblower eligible for a bounty – even if he or she received the information about the alleged violation from someone else.[ii]

The upshot is that under Dodd-Frank, bounty-seeking whistleblowers can report an alleged securities law violation to the SEC anonymously through counsel.  With many Foreign Corrupt Practices Act (“FCPA”) enforcement actions exceeding US$100 million and the ability to remain anonymous until claiming the bounty, even well-compensated employees can have a strong incentive to report to the SEC.

What are the potential solutions?

On first read, some might simply consider strengthening their company’s confidentiality agreements with their most critical employees and vendors.  That would be exactly the wrong approach.  It is illegal for companies to prohibit the making of reports to the SEC, including through the use of confidentiality agreements.

Instead, there are two things that a company should do to reduce the risk that a fiduciary goes to the straight to the SEC after he or she learns of an internal report: quickly involving counsel to trigger the protection of the attorney-client privilege and responding with a swift, privileged investigation.


One of the requirements for a bounty is that a whistleblower must give “original information” to the SEC.  Information covered by the attorney-client privilege is not considered “original information,” however (so long as the information does not fall within narrow exceptions).[iii] Because information covered by the attorney-client privilege is not “original information” eligible for a Dodd-Frank bounty, companies should involve counsel as early as possible if there is a report of a violation of U.S. securities laws (including the FCPA).  If compliance personnel learn of allegations of violations when they are not acting at the direction of counsel, that information may qualify as “original information” and the compliance personnel or others who learn of the information may be eligible for a Dodd-Frank award by reporting it directly to the SEC. Information that does not qualify as privileged or attorney work product will also usually be subject to disclosure in civil and criminal proceedings in many jurisdictions.

Moreover, because many in-house counsel often act in multiple roles (e.g., legal, compliance, and business), it is less risky for companies to rely on outside counsel to direct any investigation.  This can help prevent whistleblowers or enforcers from later arguing that no privileged applied because an in-house attorney was directing the “investigation” only as part of her business compliance function.   Additionally, many enforcement actions may involve jurisdictions where the privilege is not recognized at all for in-house counsel.

A swift investigation

Once a person reports internally, the Dodd-Frank clock starts ticking.  If the whistleblower does not report to the SEC within 120 days of the initial report, he or she cannot be eligible for a whistleblower bounty under Dodd-Frank.  Additionally, once that 120-day threshold is crossed, even those with fiduciary responsibilities to the company may become eligible for bounties for reporting non-privileged information to the SEC (even information conveyed to them by others).  Moreover, these fiduciaries and compliance personnel may be much more likely to know of the Dodd-Frank program than a line-level or foreign employee who is aware of the problem.  To help the company preserve the option to self-disclose and be better prepared to pro-actively address the problem, the company should investigate the allegations quickly and, if at all possible, before its fiduciaries and compliance personnel potentially become eligible whistleblowers.  While it may be impossible to complete a thorough investigation within 120 days, the more privileged information the company has available early-on, the better.

The bottom line

Under certain circumstances, Dodd-Frank rewards even trusted compliance personnel if they report an alleged securities law (including FCPA) violation to the SEC.  To enable the company to quickly assert the privilege and initiate a more cost-effective investigation to reduce this risk, companies should prepare a rapid response plan in advance.  Rapid response plans can help prepare companies for anti-corruption problems in advance such as by identifying and planning for the swift deployment of outside counsel (both global and local) and other critical investigations personnel; identifying key evidence preservation steps; and, where possible, negotiating key support services rates.  These types of steps can help companies respond to future problems more cost effectively than if they wait until a whistleblower report has been received and the Dodd-Frank countdown has already begun.

© 2012 Bass, Berry & Sims PLC, Ross Booher & Taylor Phillips. Used with Permission.

[i] See Securities and Exchange Commission, Release No. 34-64545, Rule 21F-4(c)(3).

[ii] See Securities and Exchange Commission, Release No. 34-64545, Rule 21F-4 (b)(4)(v)(C).

[iii] See Securities and Exchange Commission, Release No. 34-64545, Rule 21F-4(b)(4)(i).


Share Button

1 Comment

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Coffee Talk Shop… » Blog Archive » High Tide: From Stuxnet’s Origin Story to Mapping Corruption in Morocco
Jun 1, 2012 13:30

[…] Howard Sklar airs FCPA TV and asks if China has 1.3 billion foreign officials. wonders if your compliance officer is actually your whistleblower. Mike Volkov examines environmental crime […]

Brought to you by...

Barry Vitou &
Richard Kovalevsky Q.C.

The views expressed on this website are those of Barry Vitou & Richard Kovalevsky QC and/or our guest authors from time to time. Please see our terms of use