On August 27, 2021, the Securities and Exchange Commission (SEC) announced that it will be paying a collective award of over $1 million to three whistleblowers who provided information leading to a successful enforcement action. All three whistleblowers held compliance roles at the subject company.
Rule 21F-4 under the Securities Exchange Act of 1934 generally bars employees with compliance or internal audit responsibilities, or consultants who have been engaged to perform such functions, from eligibility for whistleblower bounties: “The Commission will not consider information to be derived from your independent knowledge or independent analysis … if you obtained the information because you were … [a]n employee whose principal duties involve compliance or internal audit responsibilities.” An exception exists, however, if over 120 days have elapsed since the whistleblower first reported the information internally or since the employee became aware that the information was already known within a company.
All three awards at issue in the SEC’s August 27 Order fell under this 120-day exception. The first two claimants reported the potential violations internally and then waited over 120 days before contacting the SEC. The third claimant reported the potential violations to the SEC over 120 days after receiving information indicating that senior management knew of the alleged misconduct.
Although substantially redacted, the SEC’s Order relates why each claimant is entitled to payment of a percentage of the monetary sanctions collected or to be collected in the covered action:
- Claimant 1 provided the most significant and comprehensive information about the charged misconduct that proved vital to the success of the covered action. Claimant 1 also provided “extraordinary assistance” during the investigation.
- Claimant 2 was the first claimant to report to the SEC. Information provided by Claimant 2 served as a framework for the SEC to develop information requests. Claimant 2 also provided continuing assistance.
- Information provided by Claimant 3 was helpful but not as significant to the overall success of the covered action as the information from Claimants 1 and 2. Claimant 3 also provided continuing assistance.
While only a handful of whistleblower bounties have been awarded to compliance personnel since the SEC first stood up its whistleblower program, the trend seems to be increasing in recent years. The first SEC award to a compliance whistleblower occurred in 2014, the second in 2015, and the third and fourth in 2020.
Key Takeaways and Best Practices
Given compliance personnel’s access to sensitive corporate information and the prevalence of sophisticated whistleblower counsel who are experienced in interacting with the SEC’s Office of the Whistleblower, the SEC’s recent compliance personnel whistleblower awards reflect an agency appetite for leveraging these insiders as the most knowledgeable, effective, and efficient facilitators of enforcement.
Indeed, the SEC’s August 27 Order reflects that one compliance employee claimant provided extraordinary assistance to the staff, presumably by sharing detailed information about corporate compliance functions and facts reflecting their intentional violation. Another compliance employee claimant provided the staff with a roadmap for document requests in furtherance of enforcement.
This counsels in favor of the following best practices:
- Compliance programs and their staffing should be designed and performed to anticipate the likelihood that a compliance official may supply nonprivileged factual information to the SEC.
- Though compliance employees are often trusted corporate advisers in performing their audit and gatekeeping function in the space between a company and its regulators, it is important to remain vigilant that such personnel may be seeking, or could be solicited to seek, substantial SEC whistleblower bounties for reporting alleged misconduct.
- Note, however, that express or implied restraints against the ability of compliance personnel to share information with the SEC may themselves constitute a securities law violation under Exchange Act Rule 21F-17: “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation.” The SEC has since imposed civil monetary penalties based on confidentiality provisions in separation agreements that violated Exchange Act Rule 21F-17.
- Both ordinary course and remedial compliance activities should continue, even if a company and its advisers suspect that compliance personnel may be cooperating with an agency-led enforcement investigation. This is true for two reasons. First, in accordance with Exchange Act Rule 21F-17, neither the SEC’s Office of the Whistleblower nor the SEC’s Enforcement Division will affirmatively (or even circumstantially) disclose the identity of a whistleblower to an investigative subject. So unless a whistleblower has self-identified (to secure anti-retaliation protection, for example), a company is left to discharge its compliance functions without necessarily tailoring them to whistleblower concerns. Second, and relatedly, the logic behind Exchange Act Rule 21F-4 is to give companies six months to address alleged compliance gaps without SEC interference. If companies halt or slow compliance activities in sourcing a tip, this may have the unintended effect of encouraging a compliance whistleblower to come forward.
- Other than if compliance communications are necessary to formulate attorney work product or to deliver legal advice, compliance employees are typically excluded from a company’s attorney-client privilege in the course of their work. The very real specter that SEC enforcement may ensue from receipt of compliance personnel tips makes ensuring the dividing line between compliance functions and legal/investigative functions even more critical.
- This includes when compliance reviews and remediation efforts run in parallel with privileged internal investigation activities and when internal and external company counsel seek information from compliance personnel related to a potential securities law violation.
- In defending SEC enforcement matters that have presumably arisen from a tip received from compliance personnel, companies are well advised to retain counsel who are accustomed to distinguishing between confidential internal investigative work (that may ultimately be shared with the SEC) and ongoing compliance activity that is structurally intended to be subject to regulatory scrutiny. And counsel must be prepared to tell the SEC when a compliance official’s tip may be tainted by the disclosure of privileged information, which could in turn infect the SEC’s use of that information.
- It is also important that counsel engaged in these matters be experienced in exploring and establishing – again, within the confines of Exchange Act Rule 21F-17 – a likely lack of firsthand knowledge and potential bias associated with a tip received from a compliance professional, while at the same time anticipating that the compliance employee’s inside access may, and likely will, result in increased deference from the SEC.