The DOJ’s recently announced pilot pay program for whistleblowers aims to provide another tool in the U.S. government’s arsenal for weeding out white-collar crime, including programs at the SEC, IRS and Commodity Futures Trading Commission (CFTC). Chris Hoyle of StoneTurn shares insights about the current corporate whistleblower landscape — and how it could soon change.
The new DOJ pilot program is yet another tool in the U.S. government’s toolkit to help weed out white-collar crime: the SEC, CFTC and IRS all have longstanding whistleblower programs, and FinCEN more recently was mandated to establish a whistleblower program under the AML Act of 2020. The DOJ has other existing programs, such as the False Claims Act/Qui Tam program, that account for whistleblowers for certain laws, and on a parallel path, recently announced a separate pilot program providing certain executives non-prosecution agreements for voluntarily self-reporting criminal conduct.
Each program focuses on different laws, regulations and/or industries. The SEC focuses on securities law violations, the CFTC on violations of the Commodities Exchange Act, the IRS on noncompliance with tax law or other areas the IRS investigates and FinCEN on money laundering and sanctions evasion.
Established whistleblower programs like the ones at the SEC, CFTC and IRS (and more recently, FinCEN) have paid billions of dollars in whistleblower rewards for tips that have led to enforcement actions. In 2023, the SEC issued its largest-ever whistleblower award of $279 million. The SEC cited that the award symbolized the “tremendous success” of its program.
The DOJ’s pilot program will increase the likelihood of whistleblowers coming forward and expand coverage to include nonpublic companies. The incentivization for whistleblowers to report wrongdoing as early as possible adds exposure for organizations that do not have effective programs to identify, investigate, remediate and report potential misconduct in a timely manner. Organizations should test and enhance compliance and self-reporting programs to avoid becoming the next poster child.
What is the difference between the SEC’s existing program and the DOJ’s pilot program, given what is currently known about the DOJ’s program?
The SEC whistleblower program is limited to SEC-enforced violations of securities laws (Ponzi schemes, theft or misuse of funds or securities, accounting fraud, insider trading, altering securities, fraudulent or unregistered securities offerings, money laundering, false or misleading SEC reports or financial statements) or violations of the Foreign Corrupt Practice Act (FCPA).
The DOJ’s pilot program includes violations of a broader swath of laws to “fill in the gaps” of the “patchwork quilt” of the other agencies’ programs, as Deputy Attorney General Lisa Monaco said in recent remarks. It requires that individuals are not involved in the criminal activity they report. The program also encourages a “first to the door approach,” which, on the surface, may incentivize whistleblowers to report directly to the DOJ rather than through internal channels. The final language remains to be seen if whistleblowers are encouraged to go directly to the DOJ versus an internal hotline.
Under the SEC’s whistleblower program, eligible whistleblowers can receive between 10% and 30% of the monetary sanctions collected if the information leads to successful enforcement actions exceeding $1 million. Although the DOJ indicated it expects to establish a monetary threshold to focus resources on the most significant cases, the threshold and reward factors have not been determined.
Unlike the SEC’s existing program, the DOJ’s program is expected to require that all victims of misconduct be compensated before financial rewards are paid to the whistleblower.
Although the department’s money-laundering and asset recovery section (MLARS) is leading the DOJ’s efforts to define and develop the pilot program eligibility requirements, it’s yet to be determined if a dedicated whistleblower office will be responsible for managing whistleblower complaints like the SEC’s program.
Despite the differences, the DOJ has indicated that the program intends to broaden the scope of current whistleblower programs and afford opportunities for the different agencies to work together.
What types of crimes/ethical issues is the DOJ most interested in?
Specifically, the DOJ is most interested in criminal abuses of the U.S. financial system; foreign corruption cases outside the jurisdiction of the SEC, including FCPA violations by non-issuers and violations of the recently enacted Foreign Extortion Prevention Act; and domestic corruption cases, especially involving illegal corporate payments to government officials. However, the DOJ has emphasized the importance of being first, and it seems that those who are not first to report may not receive the same rewards (if any).
Building or Enhancing Your Whistleblower Program? Do These 5 Things.
In the wake of SEC-record award, now’s the time to beef up your reporting channels
Read moreDetailsThere are press reports about negative ramifications for whistleblowers. What tools are in place to protect those who speak up?
There have been many stories of whistleblowing gone wrong outside of the corporate sphere. However, in the corporate world, the company typically receives the negative consequence rather than the whistleblower. One of the main reasons for this is that the varying government entities that boast strong whistleblowing programs also support strong whistleblower protection as part of those programs — including anonymity, insulation from retaliation and, of course, monetary rewards.
For example, The Wall Street Journal reported that the record-shattering $279 million reward from the SEC was in response to the $1.1 billion Ericsson settlement. However, the WSJ notes, “The SEC didn’t name the enforcement action underlying the award and didn’t identify the tipster, in keeping with whistleblower protection rules that prevent the regulator from divulging this information to the public.”
Whistleblower allegations can be incredibly damaging for a company, especially once made public. On FCPA enforcement alone, the DOJ and SEC reported that they collected more than $500 million in fines and penalties from corporations in 2023. Additionally, the SEC’s Office of the Whistleblower FY2023 report showed a 50% rise in whistleblower reports from 2022 to more than 18,000 reports in 2023, resulting in nearly $600 million being paid out to 68 individual whistleblowers. Assuming payouts to whistleblowers are calculated between 10% and 30% of the outcome as the SEC advertises, that means the SEC easily collected more than a billion dollars in fines and penalties from corporations in that period.
These figures demonstrate that it is in an organization’s best interest to have a strong internal speak-up culture that encourages individuals to report wrongdoing and demonstrates real action and necessary course corrections in response to those reports.
The Association of Certified Fraud Examiners (ACFE) recently offered strong support for whistleblower hotlines. What is the impact of hotlines in empowering whistleblowers and uncovering fraud?
Whistleblower hotlines are an incredibly important tool for organizations to uncover wrongdoing, misconduct and unethical behavior. They often afford a level of anonymity or confidentiality that can help incentivize such reporting.
Organizations should also review and analyze the hotline reporting activity to identify trends (e.g., types of activity), hotspots (e.g., geographical or business areas) and areas that might also lack activity. There is sometimes a misconception that if a hotline is quiet, all must be well. This is not necessarily the case, and in fact, it may be an indicator that additional training or communication is required.
There also needs to be a healthy feedback loop across the organization. If a complaint is made, organizations must appropriately communicate what investigative actions were taken in response to that claim and where the outcome landed. Sometimes, reports may be unfounded, but it is critical to communicate that they were looked into nonetheless — or your employees will lose faith and the hotline will go quiet. If organizations don’t show they take reports seriously, individuals will begin to look elsewhere (such as government agencies or the press) to file their complaints.
However, whistleblower hotlines are just that — a tool. They will not be effective if organizations lack a strong speak-up culture rooted in compliance and tone at the top. Middle management must reinforce this culture and tone across teams, and encourage team members to speak up when something is amiss.
The ACFE report also highlights the importance of internal reporting mechanisms. How can companies enhance these systems to encourage employees to report fraudulent activities internally, which as the report shows, can save the organization in the long run?
An effective speak-up culture goes beyond whistleblowing. Organizations need to build a strong culture of ethics and integrity. This includes demonstrating that misconduct is not tolerated and celebrating compliance wins along the way.
Organizations should offer additional reporting mechanisms for misconduct and ensure reporting channels are clearly communicated to staff. It’s one thing to have a hotline or anonymous inbox for reporting; it’s another for employees to know how to access such systems or alternative reporting channels (e.g., managers). Also, managers should be trained to listen to employee concerns and escalation pathways when necessary. Organizations should also consider adding compliance-related activities, such as training and other acts, into compensation formulas.
It is also essential to make clear that retaliation against a whistleblower is not tolerated. Organizations should communicate this message consistently, train senior and middle management on preventing and identifying retaliation and enforce disciplinary measures if retaliation occurs, regardless of seniority or performance level.
All of these actions emphasize the importance of ongoing communication and supporting evidence (e.g., documentation, providing examples of taken actions) to demonstrate that the company is ”walking the talk.” Whether it’s promoting instances where someone spoke up and identified issues at the company, providing regular awareness about the avenues for reporting concerns, or conducting ongoing training for all levels, consistent and clear communication and testing implementation is critical to achieving a culture of compliance.