The UK government has long been pilloried for its poor efforts in tackling bribery and corruption. Its response to this is the enactment of the Bribery Act 2010 (the 2010 Act), in force from 1 July 2011. Pushing legislation through Parliament is all well and good, but the acid test of the 2010 Act, as with all pieces of legislation, will be in the enforcement of it. The Serious Fraud Office (SFO) has encouraged companies to self-report wrongdoing discovered in their ranks, with the incentive that the offences committed may be dealt with by civil means.
With the courts saying that corruption ought to be dealt with by criminal means, however, companies may feel increasingly reticent. What, then, are the chances of the regulators ever actually finding out about a company’s unlawful conduct? Recent legislation in the US means that this is now more likely than ever.
Potential whistleblowers across the world will be paying close attention to this development. Under a new act aimed at financial regulatory reform, whistleblowers in the US can make a windfall of between 10% and 30% of the monetary sanctions collected from offenders as a result of their information. The relevant provisions will come into force shortly after the 2010 Act, on 12 August 2011.
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the Dodd-Frank Act 2010) could turn worldwide employees of public companies, private companies that issue US depository receipts or pink slips and financial institutions into bounty hunters. With such a handsome reward for blowing the whistle in relation to the Foreign Corrupt Practices Act (FCPA) 1977 and securities law violations, it is inevitable that more employees will do so. Vague suspicions that once might have stayed an employee’s hand may now result in a full-blown regulatory investigation, whether the suspicions are well founded or not. The danger here is that an employee’s first port of call is likely to be the regulator rather than their own legal or compliance department.
LONG ARM OF US LAW
The US takes a broad view of its jurisdictional reach and the Dodd-Frank Act 2010 is no exception. The extraterritorial impact of the Dodd-Frank Act 2010 means that the risk of regulatory scrutiny for entities operating across the world is greatly increased. The Dodd-Frank Act 2010 itself deals with the provision of information to the Securities and Exchange Commission (SEC), but companies being investigated by the SEC could well face parallel actions by the US Department of Justice (DoJ) and the SFO, for example, as a result of the sharing of information.
Companies operating in the UK or elsewhere in the world that do not have a US presence could be forgiven for thinking that this development is of no concern to them. They would, however, be wrong because the Dodd-Frank Act 2010 covers non-US entities directly in certain circumstances. For instance, it is an offence in the US under various state and federal laws to make a misstatement or omit a material fact in connection with an offering of securities (the ‘anti-fraud provisions’). The Dodd-Frank Act 2010 contains a provision extending the SEC’s jurisdiction in this respect to:
- conduct occurring outside the US that has a foreseeable substantial effect within the US; and
- conduct within the US that constitutes significant steps in furtherance of a violation, even if the securities transaction occurs outside the US and involves only foreign investors.
This means that a whistleblower could be eligible for a bounty in cases brought by the SEC involving a non-US issuer of securities, a non-US exchange transaction and non-US investors.
WHO IS ELIGIBLE FOR AN AWARD?
Under proposed rules for implementation of the whistleblower provisions of the Dodd-Frank Act 2010 issued by the SEC for public comment in November 2010, there were minimal restrictions on the types of people who could receive a bounty. US company employees of any nationality, employees of non-US subsidiaries and even foreign public officials would be eligible to receive an award for information. However, final rules issued on 25 May 2011 clarified the list of eligible people, stating that it is not the SEC’s intention to incentivise people who are already under a duty to prevent violations to blow the whistle. Those who are not therefore eligible to receive a bounty include, for example:
- those who are already under a duty to report violations;
- employees who are responsible for compliance or internal audit;
- lawyers who obtain information through their retainer with the company; and
- those who obtain information by unlawful means and foreign public officials.
HOW MUCH COULD THEY MAKE?
Using recent historical cases as a benchmark, if an informant had provided the SEC with information derived from their own independent knowledge or analysis of which the SEC was not aware from any other source, they could have received:
- between $80m and $240m of the $800m paid to the SEC and DoJ (Siemens);
- between $55m and $165m (Goldman Sachs); and
- between $10m and $30m (Dell).
Note that for the reward provisions to apply, the monetary penalties must total $1m or more. The SEC has discretion as to the whistleblower’s eligibility for an award and the amount payable, taking into consideration, for example, the value of the information provided. The percentages apply to the total monetary sanctions imposed by the SEC, DoJ, or any other Dodd-Frank Act 2010 listed authority that brings an action based on the ‘original information’ provided to the SEC.
ALTERNATIVE MEANS OF DISCOVERY
It is not only in the US that regulators encourage employees to blow the whistle on their employers. The SFO launched a whistleblowing hotline at the start of 2009 and has posted an advertisement in the UK press: ‘Call us, because you don’t want us calling you.’
The Office of Fair Trading in the UK has its own whistleblower hotline for individuals with cartel information. It offers a reward of up to £100,000 in exceptional circumstances. The Financial Services Authority also has a whistleblowing hotline, but does not offer rewards and encourages individuals to report concerns to their employer in the first instance.
The UK is taking steps to make it easier for whistleblowers to pass their information to the regulators. New regulations under the Public Interest Disclosure Act (PIDA) 1998 provide that an employee bringing an employment tribunal claim need only tick a box on the claim form for any information regarding wrongdoing by the company to be passed directly to the relevant regulator.
Further, it is not just the disgruntled employee whistleblower that poses a threat. Money laundering disclosure obligations require anyone who receives relevant information in non-privileged circumstances to make a disclosure to the Serious Organised Crime Agency (SOCA). SOCA then automatically routes the information to the relevant regulatory authority.
CIRCUMVENTING INTERNAL WHISTLEBLOWING PROCEDURES
There has been a concern in the US that the incentives offered under the Dodd-Frank Act 2010 will persuade employees to go directly to the SEC instead of following their company’s own internal whistleblowing procedures. The feeling is that this flies contrary to the duties imposed on companies under the Sarbanes-Oxley Act 2002. The final rules issued by the SEC last month attempt to deal with this concern by, for example, providing for an increased payment in circumstances where an employee has reported the information to their company first and co-operates with an internal investigation.
PROTECTION FOR WHISTLEBLOWERS
Whistleblowers may also feel more inclined to contact regulators in their respective countries, rather than their own employers, given the protections they receive under PIDA 1998 in the UK and under the Dodd-Frank Act 2010 in the US. Under PIDA 1998, the employee has the right not to be subjected to any detriment on the ground that they have made a protected disclosure. If an employee is dismissed as a result of making a disclosure, the dismissal will be automatically considered to constitute unfair dismissal. The Dodd-Frank Act 2010 prohibits retaliation by employers against individuals who provide the SEC with information about securities violations, whether a successful enforcement action is brought or not. It provides for the payment of legal fees, reinstatement and double back-pay in such cases.
CHANGING THE GROUND RULES FOR SELF-REPORTING
Self-reporting and the plea negotiation process is well established in the US and the UK is starting to follow suit. Richard Alderman, director of the SFO, continues to encourage companies to make a voluntary disclosure when they find evidence of wrongdoing in their ranks and report this to the SFO. Doing so can result in a civil settlement rather than a criminal prosecution and a much lower penalty than would otherwise be applied.
The increasing risk of discovery may accelerate the process and change the ground rules when it comes to self-reporting. It is now increasingly likely that information will come into the hands of the regulators. The pace of change is also likely to pick up where the offer of a potentially huge financial reward is likely to overcome any feelings of doubt or guilt on the part of the whistleblower. After all, what is the downside if they are wrong? Unless acting in bad faith, the employee whistleblower will be protected under employment law.
Companies will therefore have to react more quickly to the discovery of potential wrongdoing and the decision to self-report may have to come sooner, not least because it is in the interests of the whistleblower to act quickly too, as they stand to gain more if the SEC was previously unaware of the information offered. This pits the employee against the company, where loyalty may count for little in the face of a large financial bounty.
Despite the incentives of self-reporting, the decision to do so may not be an easy one. This is particularly so in the UK. The sentencing remarks of Lord Justice Thomas in R v Innospec Ltd dealt a blow to the SFO’s plea discussion strategy and their offer of a potential civil resolution. The judge said that it would rarely be appropriate for criminal conduct by a company to be dealt with by means of a civil recovery order (rather than a criminal prosecution). This has caused uncertainty as regards the level of penalty a company could find itself vulnerable to. If the SFO loses its ability to encourage self-reporting by the offer of a civil settlement, will it take a different tack and encourage whistleblowers with the offer of financial rewards? Might other countries follow suit?
The SFO is currently under pressure to achieve results against a background where proposals for a separation of its investigatory and prosecutorial powers are being debated. It may feel the need to pursue more cases that have the potential for a lucrative fine, thereby adding to its own coffers and those of HM Treasury. It has every incentive to encourage contributions from whistleblowers by turning them into UK bounty hunters and adopting the US model.
HOW CAN COMPANIES PROTECT THEMSELVES?
It is possible for companies to minimise the risk of employees going to a regulator first by having a strong, effective, well-publicised internal whistleblowing policy and by investigating allegations as soon as they are raised. If the allegations are substantiated, the business can consider the possibility of making a voluntary disclosure to the relevant regulator. This can earn substantial credit in any subsequent settlement discussions. Often, employees simply wish to see that something is being done about their concerns. A proactive approach from their employer may persuade them that their concerns are being taken seriously and minimise the risk that they will go straight to the regulator. An employee will also need to be reassured that their behaviour will not be penalised, particularly where their suspicions turn out to be unfounded.
Training in relation to relevant international laws, such as the FCPA 1977 and the 2010 Act, may also assist in reducing the instances of unfounded or mistaken reports being made. The time and wasted costs involved in investigating such reports is an incentive to have good training programs in place. However, care should always be taken when implementing whistleblowing hotlines outside the UK and particularly in Europe. In France, for example, there are strict rules on when hotlines can be used and the types of information they can be used for.
It is not too late for a company to help itself when it learns that a whistleblower has passed information to a regulator. In an era where self-reporting is becoming the norm, the company will need to act quickly to steer itself into a good position and to get the maximum credit it can by co-operating with law enforcement agencies. There are several basic steps any company should take to protect its position and other more complex considerations at a strategic level. Legal, commercial and reputational objectives sometimes conflict, and making the right decision is not always straightforward. The company will be judged by the regulator and potentially by the media on how it handles the allegations. It is important for the company to get this right, to minimise the impact of any investigation and to save as much value as it can for its shareholders. These are turbulent times and the Dodd-Frank Act 2010 will undoubtedly add to the risk of companies being investigated by law enforcement agencies. The best companies can do is to be aware of the risks and issues, and be ready to respond immediately if the worst happens and a whistleblower report comes down the line.