Employees who discover SEC and CFTC fraud on the job face many difficult choices about reporting that fraud. At or near the top of that list is the question of whether to bring the wrongdoing to the attention of their employer’s internal compliance program.
There has never been a one size fits all answer to that question. Most companies pay lip service to the importance of ethics and integrity in the workplace and many offer some type of internal reporting hotline, or a dedicated office or person, to receive compliance violations and similar complaints. But all too often employees who raise such compliance issues internally suffer professional consequences. Those consequences can range from isolation to subtle, or not so subtle, messages about not fitting in with the corporate culture, to poor performance reviews or pretext disciplinary actions, to outright termination.
No wonder many employees feel hesitant about internal reporting.
In the Digital Realty Trust case, decided in February 2018, the Supreme Court created even more uncertainty about internal reporting when it ruled that only those employees who report securities violations to the SEC were entitled to the significant anti-retaliation protections under the Dodd-Frank Act. While Congress is currently considering legislation to overturn that decision, some commentators have wondered if internal compliance reporting in the securities and finance sectors would be going extinct.
SEC and CFTC Encourage Use of Internal Compliance Programs When Reporting Fraud
Recently, both the SEC and the CFTC made significant awards to whistleblowers reporting fraud who brought their complaints to those agencies after they first raised the same concerns internally. And both agencies used the recent announcements to encourage employees to consider reporting violations internally.
The CFTC Whistleblower Award
On May 9, 2019, the CFTC issued a press release announcing a $1.5 million award to a whistleblower who reported his concerns internally prior to reporting the same concerns to the CFTC. As part of that announcement, Chris Ehrman, the Director of the CFTC’s increasingly active Whistleblower Office, made clear “While there is no requirement that a whistleblower report internally before approaching the Commission, today’s award demonstrates that the Commission may pay enhanced awards to those that do – that is one of the positive factors set out in our rules for the Commission to consider in making its award determination.”
In other words, a whistleblower might receive a larger award if he or she reports internally before taking the concerns to the CFTC. The CFTC, like the SEC, rarely includes specific facts in announcing whistleblower awards (both agencies work very hard to protect the identity of their whistleblowers) so there is little to go on in the CFTC press release about the type of violation, the resulting investigation, the defendant company, or the position of the whistleblower at the company involved in the $1.5 million award.
The SEC Whistleblower Award
On May 24, 2019, the SEC issued a press release announcing an award of $4.5 million to a whistleblower whose internal tip caused a company to launch a formal internal investigation, and to thereafter self-report its violations to the SEC. The Wall Street Journal reported that the company was a subsidiary of the medical device maker Zimmer Biomet Holdings, Inc. and that the whistleblower was a former orthopedic surgeon in Brazil who raised concerns with company executives about an ongoing kickback scheme in that country which violated the Foreign Corrupt Practices Act.
The SEC’s formal Order Determining Whistleblower Award cites a specific rule that allows it to make awards to individuals who reported original information through a company’s “internal whistleblower, legal, or compliance procedures for reporting allegations of possible violations of law” at or before the time the same information is reported to the SEC. Under that rule, a whistleblower has up to 120 days from the time they report internally to submit the same information to the SEC. The SEC identified the rule as “one of several provisions we adopted as part of our whistleblower rules to incentivize whistleblowers to utilize internal compliance and reporting systems where appropriate.”
The Full Story of the SEC’s Internal Whistleblower
The story involving Zimmer Biomet Holdings might seem, on first reading, like something of an ideal whistleblower tale. First, a concerned and loyal employee alerts top executives to the possibility that illegal kickbacks are being paid by a subsidiary. Second, the company takes the tip at face value, rolls up its sleeves, and conducts a formal investigation which confirms that the kickback scheme is actually taking place. Third, the company self-reports the activity to the SEC (and, in this case, to the Department of Justice). It certainly seems like the story of a company which values concepts like integrity and ethics.
Before going any further into this corporate daydream, however, a few more facts need to be added to the mix. It turns out that the year before receiving this tip, Zimmer Biomet paid $22 million in fines to settle a previous SEC and DOJ investigation into its multi-year practice of paying kickbacks in Brazil, Argentina and China. In fact, Zimmer Biomet was operating under what is known as a Deferred Prosecution Agreement (a kind of corporate probation) with an appointed monitor when top executives received notice that their employees were continuing to pay illegal kickbacks.
One can only imagine the reaction at the Zimmer Biomet C-suite when that, no doubt very unwelcome, tip arrived. It is no surprise Zimmer Biomet moved to self-report so quickly; it was in serious danger of encountering the corporate equivalent of the ‘three strikes’ law.
How might a company that was not under such intense scrutiny, not operating under a Deferred Prosecution Agreement, or had not just been fined over $20 million for the same violations have reacted? Perhaps with the same diligence? Perhaps not?
What to Consider Before Using an Employer’s Internal Compliance Program When Reporting SEC and CFTC Fraud
Where does all this leave whistleblowers going forward? No doubt there are companies that mean it when they encourage their employees to use “internal whistleblower, legal, or compliance procedures for reporting allegations of possible violations of the law” as the SEC puts it. Employees fortunate enough to work at one of those companies who encounter and internally report serious wrongdoing need to be aware that they have 120 days to report the same information to the SEC in order to preserve their eligibility for a potential SEC whistleblower award.
But even the SEC noted that employees should only use internal reporting and compliance programs “where appropriate.” Employees need to carefully weigh available information about how prior whistleblowers were treated by the company. Did the company correct the improper conduct? If so, did the company publicly recognize that one of its own brought the matter to light? What happened to the whistleblower? Were they left alone? Commended? Punished? Employees should also consider the independence and the standing of the compliance program within the larger organization. To whom does the compliance officer report? The same person that the whistleblower is concerned about?
Information on the SEC and CFTC Whistleblower Programs
In weighing whether to report serious wrongdoing internally and/or to the SEC or to the CFTC, employees should be aware that both agencies allow individuals who are represented by counsel to submit their tip, complaint, or referral anonymously. Readers who believe they may know of significant violations of securities or commodities laws are urged to review materials on the Whistleblower Law Collaborative website for additional information on the SEC and CFTC whistleblower programs.