Whistleblower Regimes in the U.S. and UK, Contributed by Jeremy Cole, Daniel F. Shea, Lillian Tsu, Liam Naidoo and Roxanne Tingir, Hogan Lovells International LLP
By Jeremy Cole, Daniel F. Shea, Lillian Tsu, Liam Naidoo and Roxanne Tingir, Hogan Lovells International LLP
The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), signed into law on 21 July 2010, contains provisions designed to encourage whistleblowers to report violations of U.S. federal securities laws. Whistleblowers can obtain promised monetary awards and are protected from retaliation for providing information that leads to a recovery of more than $1 million in an enforcement action by the U.S. Securities and Exchange Commission (SEC).1 The final rules adopted by the SEC (Rules) became effective on 12 August 2011. Despite requests for the rules to require whistleblowers to report through internal compliance processes as a prerequisite to eligibility for an award, the SEC decided not to do so. This potentially undercuts internal whistleblower programmes that public companies have had in place for nearly nine years under the Sarbanes-Oxley Act of 2010 (SOX).
The effect of Dodd-Frank will not only be felt in the U.S. but also in the UK and Europe more generally. This article looks at both the U.S. and UK approaches to whistleblowing and provides guidance for companies subject to both regimes.
The Rules provide that the SEC shall pay awards, subject to certain limitations, to eligible whistleblowers who voluntarily provide the SEC with original information about a violation of the federal securities laws that leads to the successful enforcement of a judicial or administrative action, or a related action, that is subject to Dodd-Frank.2 The Rules attempt to strike a balance between encouraging whistleblowers to come forward to the SEC while simultaneously incentivising whistleblowers to report internally first. However, it remains to be seen whether they will be successful without undermining internal whistleblower programmes under SOX.
The widely-reported “bounty” programme under the Rules rewards individuals acting alone or with others who voluntarily report original information that leads to a successful judicial or administrative action in which the SEC obtains monetary sanctions of at least $1 million.
Original information reported directly to the SEC must be specific, credible, and timely enough to commence an SEC investigation that subsequently leads to a judicial, or administrative, action or it must significantly contribute to the success of an ongoing investigation. In order to constitute original information the information must be derived from independent knowledge or analysis and cannot be obtained from publicly available sources. The requirement that the SEC obtains monetary sanctions of at least $1 million allows for the aggregation of smaller actions that arise out of the same nucleus of operative facts.
The Rules attempt to encourage internal reporting by using measures that preserve an employee’s whistleblower eligibility if he or she first reports wrongdoing to the company, and the company subsequently reports the information to the SEC. The Rules also create a “look back” period to allow whistleblowers to hold their “place in line” if they first report their concerns internally to the company – provided the whistleblower subsequently reports that same tip to the SEC within 120 days. In this scenario, the whistleblower is protected as of the internal reporting date.
Reporting potential violations internally before turning to the SEC can also lead to a whistleblower’s eligibility for a larger reward, based on receiving credit for the information the entity submits to the SEC as a result of its internal investigation. However, because the Rules do not require whistleblowers to report through a company’s internal compliance programme to be eligible to receive an award, the effect of the Rules could encourage many whistleblowers to opt bypassing the internal compliance process altogether.
Eligible whistleblowers can earn a payout of 10 to 30 percent of any monetary sanctions collected because of their information. The amount of the “bounty” is determined by the SEC after taking into consideration the significance of the information the whistleblower provided, the degree of assistance provided by the whistleblower in the enforcement action, the programmatic interest of the SEC in deterring violations of the securities laws and the extent of the whistleblower’s participation in internal compliance systems.
Awards may be reduced based on a whistleblower’s culpability,3 reporting delay or interference with internal compliance systems. The bounty can be based on amounts collected in both SEC and “related actions” – this includes judicial or administrative actions brought by the U.S. Department of Justice, a state attorney general in a criminal case, a self-regulatory organisation, or other government agency.
Almost any individual may be eligible to receive a whistleblower bounty. Employees, former employees, vendors, agents, contractors, clients, customers, and competitors are all potential sources of original information that could qualify for a whistleblower award. The following categories of individuals, however, are generally excluded from obtaining a whistleblower award under Dodd-Frank:
- Officers, directors, trustees, or partners who are informed of allegations of misconduct;
- Individuals with primarily compliance or audit responsibilities who receive information about potential violations;
- Attorneys (both in-house and outside counsel) with information they obtained in the course of their representation of a client;
- Accountants providing information about a client or its directors or officers if obtained in the context of providing auditing services to that company;
- Foreign government officials;
- Whistleblowers convicted of a criminal violation related to the action or whistleblowers who knowingly offer false statements or documentation; and
- Individuals with a pre-existing legal obligation to report information about potential violations to the SEC or to other authorities.
Notwithstanding these limitations, lawyers, public accountants and other compliance and internal audit personnel may take advantage of potentially broad exceptions and be eligible as whistleblowers. Such individuals are eligible to receive an award for information provided to the SEC as long as they:
- Had a reasonable basis to believe that the disclosure of the information was necessary to prevent the company from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the company or its investors;
- Had a reasonable basis to believe that the company is engaging in conduct that will impede an investigation of the misconduct; or
- Blow the whistle after 120 days have elapsed since the whistleblower provided the information to the company’s audit committee, chief legal officer, chief compliance officer (or their equivalents), or to the whistleblower’s supervisor, or after 120 days have elapsed since the whistleblower received the information at a time when the above-listed persons were already aware of the information.
In addition to the bounty programme, Dodd-Frank and the SEC’s implementing rule also expressly prohibit employer retaliation against a whistleblower. Such protection is not contingent on the whistleblower qualifying for an award or a finding of an actual violation of securities laws, as long as the whistleblower possesses a “reasonable belief” that the information relates to a possible securities law violation that has occurred, is ongoing, or is about to occur.
In cases where it is found that an employer has unlawfully retaliated, the employer will be required to reinstate the whistleblower with the same seniority status, pay double back pay and pay the whistleblower’s attorney fees and other costs. Given that the anti-retaliation provision is part of the Dodd-Frank legislation, and the SEC has indicated that it will consider making awards to whistleblowers who provided information since the enactment of Dodd-Frank, it is possible that courts will consider employer retaliation for conduct occurring prior to the effective date of the Rules.
As the Rules have just recently become effective, it is difficult to predict precisely how the new provisions of Dodd-Frank will affect the U.S. whistleblower framework in the long-term. However, the SEC reports that it has seen a marked increase in both the number and quality of whistleblower tips since Dodd-Frank was signed into law. As such, a likely impact will be an increase in the number of whistleblower complaints, internal investigations and anti-retaliation claims.
Guidance For Corporations
The U.S. whistleblower regime extends beyond U.S. corporations and can reach foreign subsidiaries of U.S. public companies as well as foreign corporations listed in the U.S. or foreign corporations with subsidiaries subject to U.S. securities regulations.
A corporation subject to the U.S. whistleblower regime can take the following steps to reinforce its internal processes in the event that it faces increases in whistleblower complaints:
- Review the company’s code of conduct to address any potential inconsistencies with the whistleblower rules (e.g., provisions for possible disciplinary action in the event employees do not report all violations of law in the first instance to the company);
- Conduct a comprehensive review of all existing whistleblower and compliance programmes, including any up-the-line financial reporting process, to confirm that they are effective and result in timely reports of possible violations of law to management and to the audit or other oversight committee;
- Enhance communication and training efforts regarding internal whistleblower and compliance programmes to ensure a proper understanding of the importance of the programmes and to reinforce a culture of compliance;
- Ensure that the company can demonstrate to the SEC its ability to conduct a thorough and fair internal investigation (e.g., being able to present written guidelines for conducting an investigation and maintaining records regarding the timeliness of, and conclusions reached in, prior investigations);
- Train officers and other supervisors with respect to the anti-retaliation provisions of the rules; and
- Ensure that document destruction procedures are suspended upon learning the identity of a whistleblower so that all employment-related documents regarding the individual are retained for at least the 10 year period during which a retaliation claim may be made by the employee.
Whistleblower Regime in the UK
In the UK, the regulatory enforcement authorities have made efforts to create an environment where whistleblowers can readily report wrongdoing taking place in their company. Whistleblowers are protected by legislation – much like the anti-retaliation provisions in Dodd-Frank – and in some cases they may be able to absolve their own wrongdoing by highlighting the wrongdoing of others. However, there is only limited financial incentivisation for whistleblowers, namely in relation to cartel activity.
The UK Office of Fair Trading (OFT) incentivises whistleblowing in the competition sphere by offering rewards to companies and individuals who file reports about cartel activity that lead to fines or criminal prosecution. It deems this incentivisation necessary due to the harmful and far reaching effects of price-fixing and its secretive nature, which makes detection almost impossible without insider information.4
Arguably bribery and cartel activity share similar characteristics, and both corrupt fair trade and the market economy. Yet the Serious Fraud Office (SFO) does not have the power to provide financial incentives to individual whistleblowers in relation to violations of the UK Bribery Act 2010, which came into force in the UK on 1 July 2011 – and it is unlikely that it will in the near future. To do so would undermine the SFO and the UK Government’s message to companies about having effective internal controls, including whistleblower programmes.
Protection of Whistleblowers Under UK Legislation
The two key pieces of legislation setting out the circumstances in which whistleblowers will be protected against detriment and dismissal are the Public Interest Disclosure Act 1998 (PIDA) and the Employment Rights Act 1996 (ERA). PIDA provides protection to workers who make a “qualifying disclosure” – one that in the worker’s reasonable belief tends to show that one or more of the following has occurred:
- A criminal offence;
- A failure to comply with a legal obligation;
- A miscarriage of justice;
- A danger to the health and safety of any individual;
- Damage to the environment; or
- A deliberate concealment of any of the above.5
As with Dodd-Frank, protection is afforded to the whistleblower whether or not the report proves to be accurate so long as the whistleblower possessed a reasonable belief. However, workers must act in good faith and disclosures will not be protected if motivated by malice or personal gain.
A qualifying disclosure is normally made to the employer. However, in some circumstances workers can rely on protection under PIDA when making a disclosure to certain other persons – for example, a responsible third party or a “prescribed person” (i.e., those on a list of bodies provided by Parliament including the SFO, the Financial Services Authority and the OFT).6
The categories of person who can make a protected disclosure are comparatively wide and include, for example, secondees and those on work placement.7
The SFO’s Position
In the lead up to the coming into force of the Bribery Act, the SFO’s director Richard Alderman spoke of a new era of enforcement of anti-corruption legislation that supports companies that wish to co-operate in tackling corruption. The SFO wants companies who have corruption issues to come forward on a voluntary basis and “self-report” and it has indicated that in such cases it will seek to reach a civil settlement. It believes that this will generate a greater level of trust between companies and the SFO while allowing companies to retain a high degree of control in relation to internal investigations. A similar approach is taken to individuals who have been involved in bribery – the message is that individuals who come forward and self-report will be dealt with leniently.
However, this is a policy approach by the executive SFO rather than one enforced by legislation that binds the courts. This nuanced difference came to the fore in the prosecution of Robert Dougall in 2010.8 Dougall was DePuy International Limited’s (DPI) director of marketing who had admitted his involvement in a multi-million pound bribery of Greek state doctors. Initially, the SFO had asked the Court to suspend his custodial sentence due to his co-operation. However, the Court refused and sentenced him to one year in prison. This dealt a blow to the SFO’s culture of co-operation. On appeal, the Court of Appeal held that due to his role in assisting the SFO investigation from an early stage he should be provided with some leniency and Dougall was spared prison. However, the Court of Appeal noted that the SFO should not assume that just because fraudsters co-operate with the SFO they will absolve themselves and avoid a custodial sentence. It remains to be seen how the Dougall case will effect Alderman’s vision.
Guidance for Corporations
UK legislation does not require an employer to establish a formal whistleblowing procedure. However, as employees who make a qualifying disclosure are automatically protected under PIDA, many employers choose to establish a procedure. It is therefore common for employers to limit the protection afforded to employees under their whistleblowing policy and procedure to the qualifying disclosures set out in PIDA.
There are other advantages for employers in choosing to implement a formal whistleblowing procedure:
- It can act as a deterrent to engage in improper conduct;
- It shows that an employer is serious about identifying and remedying wrongdoing;
- Once the wrongdoing has been brought to the attention of the officers of the company, the wrongdoing can potentially be eliminated before harm is done and the company can decide when and how to approach the authorities; and
- If it is easier for employees to report wrongdoing internally, they are less likely to go to the authorities who may conduct investigations on their own terms and to their own timetable – thus potentially avoiding a referral under Dodd-Frank.
Crucially, a whistleblowing policy and procedure is an essential part of the so-called “adequate procedures” that companies must have in place if they want to avoid criminal prosecution under the Bribery Act for failing to prevent bribery. An effective procedure will go a long way to preventing endemic bribery and identifying early one-off violations.
Sources of Guidance
A key source of guidance for both public and private companies is the British Standards Institution (BSi) Whistleblowing Arrangements Code of Practice (Guidance) which sets out key elements of an effective whistleblowing procedure.9 The Guidance introduces a number of considerations for employers such as offering confidentiality to employees who raise a concern and offering an independent employee hotline.
There is no requirement under legislation that the identity of whistleblowers is kept confidential or that employees are allowed to make reports anonymously. However, both are key practical considerations for employers in setting up a whistleblowing procedure. However, the European Commission’s Article 29 Data Protection Working Party (Working Party) expressly advises organisations against encouraging employees to make anonymous reports due to the practical problems that can arise for both the employer and the employee.
For example, anonymity might cause the employer difficulty in investigating and verifying a report. There might also be a detrimental effect on the working environment if employees are aware that anonymous reports concerning them may be filed through the process at any time. Instead the Working Party encourages whistleblowing schemes that ensure that where necessary the identity of the whistleblower is processed under conditions of confidentiality, and in which individuals are made aware that they will not suffer due to their action.10
As well as providing internal processes for whistleblowing, some employers choose to provide hotlines which allow reports to be made to an external third party (e.g., external counsel). The use of hotlines raises a number of concerns relating to the data protection principles set out in the Data Protection Act 1998 (DPA). In particular, the employer retains responsibility for ensuring that the processing of employee data by the third party is in accordance with the DPA.
In the aftermath of the Bribery Act, many companies are reviewing their internal whistleblowing policies. However, until Bribery Act prosecutions come to light in the coming years we will not be able to assess the extent to which consensual disclosure and whistleblowing is contributing to the detection of bribery offences. In the meantime, it is difficult to see why the Government would provide financial incentives for whistleblowers any time soon.
A Unified Approach
Although both the UK and U.S. approaches to whistleblowing attempt to stamp out non-compliance, U.S. and UK whistleblower frameworks diverge in the motivations and the degree of statutory protection afforded to whistleblowers. Given that whistleblowers who assist the SEC, including those residing outside of the U.S., are eligible for the SEC’s bounty programme, organisations operating outside the U.S. may experience increased whistleblower activity, possibly prompting heightened scrutiny or civil and criminal claims. Notwithstanding the differences, however, engendering the submission of high-quality information that leads to successful enforcement actions remains the underpinning of both frameworks.
Jeremy Cole heads up the Global Bribery and Corruption Task Force at Hogan Lovells in London. Jeremy has more than 25 years of experience in international commercial litigation, focusing in particular on a broad range of cases involving bribery, corruption, and fraud Jeremy also specialises in contentious insolvency and asset recovery work. Telephone: +44 (0) 20 7296 2000; E-mail: firstname.lastname@example.org.
Daniel F. Shea is a partner in Hogan Lovells in Denver. Daniel focuses on defending corporations and their directors and officers in criminal and civil matters, particularly SEC investigations and securities class and shareholder derivative actions. Telephone: +1 303 454 2475; E-mail: email@example.com.
Lillian Tsu is a partner in Hogan Lovells’ corporate group in New York. She practices in the areas of corporate, securities, and general business law. Her practice includes the representation of publicly held corporations in connection with various business matters. Telephone: +1 212 918 3599; E-mail: firstname.lastname@example.org.
Liam Naidoo is a senior associate in Hogan Lovells’ litigation practice in London, specialising in business crime, fraud, bribery and corruption. Telephone: +44 (0) 20 7296 5887; E-mail: email@example.com.
Roxanne Tingir is an associate in Hogan Lovells in New York. Roxanne’s practice focuses primarily on corporate and business law, with a particular emphasis on mergers and acquisitions, securities, and corporate governance. Telephone: +1 212 918 3028; E-mail: firstname.lastname@example.org.
(c) 2011 Hogan Lovells International LLP
This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. Bloomberg Finance L.P. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.