Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data breaches and companies mishandling of customer data, a bipartisan consensus has emerged in support of legislation to give consumers more control over their personal information, require companies to disclose how they collect and use consumer data, and impose penalties for data breaches and misuse of consumer data. The Federal Trade Commission (“FTC”) has been held out as the best agency to implement this new regulation. But for any such legislation to be effective, it must protect the courageous whistleblowers who risk their careers to expose data breaches and unauthorized use of consumers’ private data.
Whistleblowers strengthen regulatory regimes, and cybersecurity regulation would be no exception. Republican and Democratic leaders from the executive and legislative branches have extolled the virtues of whistleblowers. High-profile cases abound. Recently, Christopher Wylie exposed Cambridge Analytica’s misuse of Facebook user data to manipulate voters, including its apparent theft of data from 50 million Facebook users as part of a psychological profiling campaign. Though additional research is needed, the existing empirical data reinforces the consensus that whistleblowers help prevent, detect, and remedy misconduct. Therefore it is reasonable to conclude that protecting and incentivizing whistleblowers could help the government address the many complex challenges facing our nation’s information systems. Continue reading →
Nearly 12% of tips received by the Securities and Exchange Commission (SEC) in FY 2018 were from international whistleblowers and the second largest source of these tips was the United Kingdom. The frequency of tips from the UK should come as no surprise because London is, of course, an important global financial center and many large firms operating in London are listed on US exchanges. We believe, however, that there may be another factor affecting the number of tips and one which is likely to play a much stronger role in the future. Continue reading →
New enforcement advisory encourages reporting of foreign corrupt practices that the agency intends to pursue under the Commodity Exchange Act.
On March 6, 2019, the Division of Enforcement (Division) of the US Commodity Futures Trading Commission (CFTC or Commission) announced that it will work alongside the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) to investigate foreign bribery and corruption relating to commodities markets. CFTC Enforcement Director James McDonald announced the agency’s new interest in this area as the Division issued an enforcement advisory on self-reporting and cooperation for violations of the Commodity Exchange Act (CEA) involving foreign corrupt practices.
For companies and individuals who participate in the markets for commodities and derivatives — or whose activities may impact those markets — the CFTC announcement adds a new dimension to an already crowded and complex landscape for anti-corruption enforcement. A range of industries, including energy, agriculture, metals, financial services, cryptocurrencies, and beyond, must now consider the CFTC and the CEA when assessing global compliance and enforcement risks relating to bribery and corruption. This article summarizes the new developments and outlines key considerations for industry participants and their legal and compliance teams. Continue reading →
In a recent submission (PDF: 2.36 MB) to Congress, the U.S. Securities & Exchange Commission (SEC) reported that, for fiscal year 2018, the SEC paid the largest whistleblower awards since the institution of its program in 2012 following the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Specifically, in FY 2018, the SEC awarded 13 individuals over $168 million collectively for tips that led to actions by the SEC to protect investors.
Other statutes likewise provide financial incentives to whistleblowing. Under the False Claims Act (FCA), for example, persons who report fraud in government contracting can receive up to 30 percent of the government’s recovery in an action. Many states, including New York, have enacted state-level equivalents of the FCA. For many decades, the FCA has contributed to large recoveries to the U.S. Treasury, with an expansion of recoveries in part due to the reporting of violations by whistleblowers. Continue reading →
The US Securities and Exchange Commission has long hailed its whistleblower program as a success, with the former SEC chair, Mary Jo White, calling it a “game changer” in enforcement and current Chairman Jay Clayton saying “the strength of our whistleblower program is a critical component in our investor protection toolbox.”
So it makes no sense for the SEC to adopt certain proposed rules (PDF: 837 KB)that would inject into the program uncertainty for whistleblowers and discourage those with detailed knowledge of massive fraud from stepping forward. Yet that’s what the SEC is considering doing by arbitrarily cutting awards for the most valuable whistleblowers to less than what they should be entitled to under the statute and current rules.
Rewards are a major reason for the SEC whistleblower program’s success. They have ranged from $50,000 to $50 million. Continue reading →
With limited time, corporate directors are accustomed to monitoring firms by using aggregated information that is supplied by firms’ management. Nearly every task conducted by a board of directors involves data curated by employees working for a firm’s CEO. A critical challenge for directors is to be informed of important situations that may have been lost in data aggregation or that may have been selectively not reported. Indeed, this is why firms with stellar directors and high-quality external auditors still have major public debacles. One way a corporate director can obtain unfiltered information regarding a firm’s operations and potential problems within a firm is by reviewing reports made by employees through internal reporting systems (also known as internal whistleblowing systems). The problem with this solution is that there have been differing views and understandings as to how to appropriately manage these systems and interpret these submitted reports—until now. Continue reading →
Over 3,000 commenters submitted letters to the Securities and Exchange Commission (“SEC”) concerning the agency’s recently proposed amendments to its whistleblower rules. This response reflects the perceived importance of the SEC’s proposal to companies and employees.
The most controversial of the proposed amendments would allow the SEC discretion to decrease the size of an award if it determines that the award would otherwise be too large to advance the goals of the whistleblower program. Under current rules, if a whistleblower qualifies for an award, the SEC determines the size of the award by considering a number of specified factors that can increase or decrease the award amount within the range of 10 to 30 percent of the monetary sanctions recovered. To decrease the amount of an award, the SEC can consider only the culpability of the whistleblower; whether the whistleblower unreasonably delayed reporting the misconduct to the SEC; and whether the whistleblower interfered with the company’s internal compliance and reporting systems.Continue reading →
The Court of Appeal reversed the High Court’s decision and found that all of the interviews conducted by ENRC’s external lawyers were covered by litigation privilege, and so too was the work conducted by the forensic accountancy advisors for the books and records review. The Court of Appeal found that ENRC did in fact reasonably contemplate prosecution when the documents were created. Moreover, while determining that it did not have to decide the issue, the Court of Appeal also stated that it may also have departed from the existing narrow definition of “client” for legal advice privilege purposes in the context of corporate investigations. Continue reading →
On July 12 and 16, 2018, the U.S. Commodity Futures Trading Commission (“CFTC”) announced two awards to whistleblowers, one its largest-ever award, approximately $30 million, and another its first award to a whistleblower living in a foreign country. These awards—along with recent proposed changes meant to bolster the Securities and Exchange Commission’s (“SEC” or “Commission”) own whistleblower regime—demonstrate that such programs likely will continue to be significant parts of the enforcement programs of both agencies and necessarily help shape their enforcement agendas in the coming years.
The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) authorized the CFTC to pay awards of between 10 and 30 percent to whistleblowers who voluntarily provide original information to the CFTC leading to the successful enforcement of an action resulting in monetary sanctions exceeding $1 million. Following the introduction of implementing rules, the CFTC’s program became effective in October 2011. Over the next six-and-a-half years, the CFTC has paid whistleblower bounties on only four prior occasions, with awards ranging from $50,000 to $10 million. The $30 million award announced last week, thus, reflects a significant increase. This week’s award to a foreign whistleblower also represents another first for the CFTC’s program and reflects the global scope of the program. Continue reading →
Avoiding retaliation for reported workplace misconduct is essential for companies and enforcement officials. Companies are accountable not just for their bad acts, but also for the cover up, including how they respond to allegations. A new survey of conduct in the US workplace by the Ethics and Compliance Initiative (ECI) has some bad news. Employees say that retaliation against whistleblowers is on the rise, doubling in the past four years. These disturbing results should motivate companies to (1) encourage candid internal discussions of what exactly constitutes retaliation (and what does not); (2) train managers to handle retaliation concerns and to avoid unintended acts of retaliation; and (3) ensure anti-retaliation programs are supported by a strong ethical culture.
The ECI Survey
Since 2000, ECI, a leading ethics and research organization for compliance professionals, has surveyed workplace conduct from the employees’ perspective. Their 2017 survey of more than 5,000 employees across the US has good and bad news. Continue reading →