United States: When Should Internal Auditors And Compliance Officers Become SEC Whistleblowers

In August of 2014 the SEC announced a modest whistleblower award of $300,000 to an unnamed company employee "who performed audit and compliance functions and reported wrongdoing to the SEC after the company failed to take action when the employee reported it internally."1

While the amount of the award was not particularly hefty, and was dwarfed by several multi-million dollar whistleblower awards given previously, it carried particular significance to astute observers in the corporate legal, internal audit, and compliance communities. Insiders know that compliance officers and internal auditors, beleaguered and sometimes frustrated as they may be, hold the "keys to the kingdom" when it comes to knowledge of corporate ethical and legal lapses within their companies. Prior to this award, it had generally been thought the SEC would continue to discourage such awards on the rationale that it would not want to encourage employees whose job it was to prevent corporate legal and ethical violations to profit from simply doing their jobs.

Nevertheless, the SEC Press Release contained a rationale for the award that set out what may represent a not-so-subtle change of opinion on the part of the agency. As the Director of the SEC's Office of the Whistleblower, Sean McKessy, stated in the Press Release:

"Individuals who perform internal audit, compliance, and legal functions for companies are on the front lines in the battle against fraud and corruption. They often are privy to the very kinds of specific, timely, and credible information that can prevent an imminent fraud or stop an ongoing one. These individuals may be eligible for an SEC whistleblower award if their companies fail to take appropriate, timely action on information they first reported internally."

It has generally been understood that compliance officers and internal auditors are not permitted to receive whistleblower awards because information they reported to a superior constituting allegations of misconduct was not to be considered "original information" under the Dodd-Frank Act and SEC rules.2

However, even early in the life of the whistleblower law, Mr. McKessy had alluded to the rationale for allowing these professionals to become whistleblowers, under what he then described as "limited" circumstances. In a 2011 speech at Georgetown University, he described the exceptions to the rule against whistleblowing by internal auditors and compliance officers:

"As for compliance and internal auditors, some claim the final rules allow for the possibility of an award to these professionals merely for doing what the company is paying them to do.

But... an employee with compliance or internal auditor responsibilities may only be eligible for a whistleblower award under... limited circumstances; that is if they have a reasonable belief that reporting is necessary to prevent actions that will result in imminent harm or impede an investigation... [A]llowing for the possibility of a whistleblower award under these circumstances does not encourage a breach of their responsibilities – it rewards them for taking those obligations seriously.

[Another] possibility of an award to compliance or internal audit personnel occurs only when more than 120 days have passed since the information was reported to certain officials – including the entity's audit committee, chief legal officer, chief compliance officer or supervisor.

In this case, an award is possible only after these professionals have done what they are paid to do: They reported wrongdoing internally with a view of having it addressed -- – but, for whatever reason, the entity failed to take timely remedial action.

Keeping in mind the ultimate goal to prevent or stop possible violations of the securities laws, I see nothing wrong with incentivizing compliance and internal audit employees to come forward when the internal compliance process has failed" (Italics added).

Mr. McKessy was describing the whistleblower opportunities enabled by the "exceptions" the writers of the SEC Final Rule crafted to narrow the general statutory prohibition against whistleblowing by compliance and internal audit professionals. In the process of drafting the Final Rule, the SEC considered many comments (including several from this writer) arguing that enforcing a general prohibition against compliance and internal audit personnel would deter the very individuals who may be in the best position as insiders to know of illegal activity.

Predictably, corporate interests took the opposite tack, and wanted absolute prohibitions on certain insider whistleblowers. The SEC responded by creating three generous "exceptions" to the general prohibition. As described by the SEC Implementation Release: "If any one of these circumstances is present, a person in one of the designated categories under [the Rule prohibiting whistleblowing] may be eligible for a whistleblower award that is otherwise excluded to that individual..." Id., Fed. Reg. June 13, 2001 at 34318. While these "exceptions" do not exactly "swallow the Rule," they give considerable latitude to a conscientious compliance officer or internal auditor who decides to "cross the Rubicon"3 and become an SEC whistleblower:

The Whistleblower "Exceptions" For Compliance Officers and Internal Auditors

(a) Substantial injury to the financial interests of the company or its investors.

The first exception allows whistleblowing "when the designated person has a reasonable basis to believe that the disclosure of the information to the [SEC] is necessary to prevent the [company] from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors."

Lawyers use the term "reasonable" when they have to define something that often cannot be defined precisely. Here, a "reasonable basis" should include anything that could be viewed by a typical compliance officer or internal auditor as knowledge of facts of a fraud, either in the past, ongoing, or potentially possible, the revelation or operation of which could substantially injure the company if exposed, or be allowed to continue to fester unchecked. An ongoing scheme to bribe foreign officials, a recurring "cooking of the books" by false accounting entries, off balance sheet efforts to improve financial results, improper revenue recognition, improper use of reserves, etc., significant insider trading, or any active scheme involving corporate fraud and corruption, or the present cover-up of past fraud, would probably qualify. A one-off event, perhaps in the past, that would not shake the company to its foundation if exposed might not qualify. As beauty is in the eye of the beholder, the "reasonable basis" to disclose would ultimately be in the determination of the SEC. The would-be whistleblower must take the leap of faith going in that his or her basis for disclosure is reasonable under the circumstances and that the SEC will ultimately determine that the information reported merits an investigation ultimately leading to a successful enforcement action.

As the SEC originally described it, the company must be shown to be up to some significant devious behavior:

"For purposes of the [Rule], in order for a whistleblower to claim a reasonable belief that disclosure of information to the Commission is necessary to prevent the [company] from committing substantial harm, we expect that in most cases the whistleblower will need to demonstrate that responsible management or governance personnel at the [company] were aware of the imminent violation and were not taking steps to prevent it. In short, the whistleblower must have a reasonable basis for believing that the entity is about to engage in conduct that is likely to cause substantial injury to the financial interests of the [company] or investors, and that notification to the Commission is necessary to prevent the entity from engaging in that conduct." Id. Fed. Reg. at 34319.

There is clearly a forward-looking thrust to this exception. It would seem that information designed to thwart, expose or otherwise terminate an ongoing or nascent fraud is what the SEC has in mind. It wants information to stop a fraud in its tracks, not necessarily to find out about an "old fraud" that is no longer active. Nevertheless, information about prior activity that could seriously damage the company if revealed, especially if it is being actively concealed by management, could "reasonably" be viewed by the whistleblower as being fair game for a whistleblower submission, particularly if the company was purporting to investigate it but was, in Mr. McKessy's words, "failing to take timely remedial action." This might involve, for example, failure to correct financial results for prior periods that were knowingly materially misstated, or failing to correct or improve internal controls that were known to have failed, or to sanction or remove officers or managers who had committed unethical or illegal acts and were likely, if left unfettered, to commit such acts in the future.4

It is interesting that in the very case in which the recent $300,000 award was made to a compliance officer, the underlying fraudulent activity consisted of insider trading and other violations committed by the former CEO of the company in the past, including trading that was by the time of the SEC action five years old.5 In this case, the whistleblower had reported the information to the company, which apparently did little or nothing about it. After waiting the requisite 120 days (see Exception Three below), the whistleblower reportedly informed the SEC of an internal investigation which amounted to a "whitewash."

So the would-be compliance officer or internal auditor must initially make what may be a difficult judgment call. Is his or her information viable enough to pass the SEC's test of "substantial harm" to the company or investors, if left unreported to the SEC? The whistleblower may not learn until well after the case had been brought whether the SEC will consider him or her a hero or a bum, just out to profit by front-running a legitimate corporate internal investigation.

Presumably, given the considerable career risk such a whistleblower is taking in going to the SEC, that individual will be careful to assemble, through documents or similar credible evidence, hard facts demonstrating that the company is in some respect acting in bad faith, either by ignoring altogether the facts presented to it by the whistleblower or others (the best case scenario), or looking into the matter in a demonstrably half-hearted manner overtly or covertly designed to reduce the chance it will have to report serious illegality to the SEC.

It has long been recognized in the compliance community that the internal culture at some companies pays mere lip service to compliance officers and their work, regardless of what the company's public statements and handbooks may proclaim. Faced with serious allegations of wrongdoing, the internal controls may be lacking, the compliance program inadequate, and the ultimate response clearly inadequate or worse. Fear of release of information that may have a negative impact on financial results or stock price may cause management to stall disclosure or subvert the internal investigation. In the case of an ongoing, unfolding fraud, the failure to respond forcibly should be apparent to insiders. An erstwhile compliance or internal audit person who can fully document and prove such failure (presumably aided by emails, memos, or perhaps corroboration from other employees) should have a strong case for satisfying the first exception.6

(b) Conduct that Impedes the SEC's Investigation

The Second Exception to the prohibition on whistleblowing by compliance and internal audit officers is more straightforward: it applies when "the [whistleblower] has a reasonable basis to believe that the [company] is engaging in conduct that will impede an investigation of the misconduct." This could include "destroying documents, improperly influencing witnesses, or engaging in other improper conduct that may hinder [the SEC's] investigation." Id., Fed. Reg. June 13, 2011 at 34319.

Of course, this is the "smoking gun" kind of activity that can quickly sink a company if it occurs and is ultimately uncovered. As dumb as such conduct would seem in the current enforcement climate, it still occurs, and once discovered will surely elevate the SEC's prosecutorial adrenaline. The evidence is, of course, often more complicated and incomplete. Management in self-protection mode can find various ways to intimidate witnesses into keeping quiet or altering their recollection just enough to muddle or conceal the facts. A company can appear to be taking swift and decisive action by singling out a few scapegoats for harsh treatment while knowing or having good reason to know that the illegal activity is likely more widespread. An internal investigation can be "slow-walked" to cause the SEC to lose interest or the company to lose key documents. A company can bury incriminating documents among thousands of pages of junk to overwhelm the limited staff resources of the SEC (a favorite trick in the old days of paper production, and one that can be even more effective if a bad email or two are part of a disc containing a million other garbage documents).

Here again the compliance officer or internal auditor may well see this happening in real time. A supervisor, for example, may announce that the investigation is being truncated or limited in some fashion which may appear reasonable to an over-worked SEC lawyer but in reality is carefully designed to take the SEC staff down a blind alley or leave untouched a area of inquiry the company desires to avoid. A key former employee who knows where "the bodies are buried" can be left undisturbed in his Florida retirement cocoon while other more company-friendly witnesses are produced to the SEC. If the higher-ups indicate, indirectly, or through subordinates, their desire for the investigation to reach a certain conclusion that skirts the truth, the compliance officer may see it better than anyone else. I would suggest this second exception is designed to cover all these situations. Again, the key is for the whistleblower to come to SEC with hard evidence, not just suspicions or what amounts to little more than water cooler gossip or undocumented conversations with superiors.

(c) The 120-Day Wait

The third exception, as written, is a convoluted piece of work to be sure, but in the end may be the most powerful of the three. In short, if the compliance office or internal auditor has provided information of a violation to his superiors, or he or she has received such information "under circumstances indicting that the entity's audit committee, chief legal officer, chief compliance office (or their equivalents), or his or her supervisor was already aware of the information", and he or she waits 120 days since these events have occurred to contact the SEC, that person can become a whistleblower. The SEC felt it necessary to adopt "an exception that will permit a person in one of these designated categories to become a whistleblower after a fixed period." Id. Fed. Reg. June 13, 2011 at 34319.

The SEC was concerned that a compliance officer, for example, should not be able to receive information of a violation, sit on it for four months telling no one else, then run to the SEC. This provision prohibits such chicanery. Rather, if the information is provided to the superiors and they either ignore it, or act on it slowly, the compliance officer or internal auditor can act after four months and go directly to the SEC with the same information, and qualify as a whistleblower. Even if the would-be whistleblower did not personally report the information up in the organization, he or she can still act on it after 120 days if they have good reason to believe under the circumstances that superiors have been aware of it for at least that long themselves.

This was the provision cited by the SEC to justify the recent $300,000 award.7 This exception is quite clear and unforgiving, the proverbial 400 pound gorilla in the C Suite. Henceforth, companies that sit on problematic information for more than four months without reporting it to the SEC have to be concerned that someone down below may be counting the calendar for the magic moment when he or she is free to run to the SEC and report the bad news.

Why 120 days? No one outside the SEC knows. Four months goes by quickly in a big organization. The SEC was careful to add that it did not intend to suggest that companies have only a "120-day 'grace period' for determining their response to the violations." Id. But then the SEC Implementation Release immediately reminded its audience that "when considering whether and to what extent to grant leniency to entities for cooperating in our investigations and related enforcement actions, the promptness with which entities voluntarily self-report their misconduct to the public, to regulatory agencies, and to self-regulatory organizations is an important factor." Id.

Further complicating the guidance, the SEC added that the rule "is not intended to, and does not, create any new or special duties of disclosure on entities to report violations or possible violations of law to the Commission or to other entities." Likewise, the SEC states that it does not intend to suggest that an internal investigation "should in all cases be completed before an entity elects to self-report violations, or that 120 days is intended as an implicit 'deadline' for such an investigation." This is comforting, for rarely can a legitimate investigation of such matters be completed in just four months. Moreover, the SEC advises that the "staff may receive such information and agree to await further results of the internal investigation before deciding its own investigative course." Id. This is a big nudge to the company to tell the SEC something within 120 days, if only that it is undertaking a thorough internal investigation of the matter.

This SEC guidance reminds me of the fifth grade teacher who once told our class: "I know someone did this bad thing [fill in the blank from your experience] and I am giving you until the end of recess to tell me who did it." As I read it, the company better tell the SEC something in the first 120 days or it runs the real risk the whistleblower will be in the teacher's office before or immediately after the end of recess. But this guidance also puts an added burden on the would-be whistleblower: if he or she relies exclusively on this third exception and waits 120 days to go in, the company may report first, even if to say little more than it has an indication of a problem and will conduct a "thorough investigation" which may take months. Given this quandary, the compliance/internal audit whistleblower may consider going right in before 120 days run, if he or she feels they have a strong case for eligibility under either or both of the first two exceptions, which have no waiting period. In this sceanario, I would suggest consulting an attorney for guidance. An attorney will be necessary anyway if the whistleblower decides to remain anonymous.

Perhaps the answer lies in how the putative whistleblower perceives the company's good faith. If he or she truly believes the company is doing the right thing, even if it is getting into the matter more slowly that the whistleblower thinks appropriate, and there is as yet no hard evidence or obstruction or imminent harm to investors, then the 120 day wait may be a safer course. After all, exception three does not require any specific evidence of obstruction of the SEC's investigation or grave harm to the financial well being of the company, it only requires a four month wait to report any activity which may be questionable.

If the company at least appears to be undertaking an internal investigation in good faith, the compliance officer or internal auditor who knocks on the SEC's door on day 121 has used exception three correctly but still should have solid evidence of a failed or failing internal investigation, if not outright obstruction or continuing known fraud. If the whistleblower has nothing approaching this, he or she runs the risk of being labeled by the SEC staff, fairly or not, as a "front-runner" cravenly looking for a big whistleblower award. Presumably, unless such evidence is in hand, it would be highly unlikely a rational actor would risk his or her career on what could amount to a long shot. Conversely, if there is solid, even if not yet conclusive, evidence that the company is not approaching the investigation with vigor, and may in fact be deliberately trying to avoid the bad stuff while claiming full cooperation (or not reporting anything), then the 120 day wait may be time enough to assemble facts sufficient to persuade the SEC that the whistleblower has acted responsibly and could be in line for an award if the matter turns into a qualifying enforcement action.

(d) In the Immortal Words of Spike Lee, "Do the Right Thing."

The SEC increasingly relies on reporting companies to virtually police themselves in many instances. If a company pledges "full cooperation" and undertakes what only appears to be a full-throated internal investigation, it may be near impossible for an SEC staff lawyer to figure out he or she is being played by skillful company managers, who have a big stake in seeing the company sail through the storm. If a lonely compliance officer or internal auditor sees the emperor is wearing no clothes, he or she has a tough choice to make: leave it alone or go to the SEC with the real facts. These are gut wrenching personal decisions of enormous consequence, perhaps made around the dinner table with only their partners to consult, and with a career on the line.

If the decision is to go in to the SEC, then Ralph Waldo Emerson's old adage comes to mind: "Never strike a king unless you are sure you shall kill him." Your case must be documented thoroughly. If you are aware of insiders who will tell the truth if asked by the SEC, you have to be prepared to name them. You may need to copy and produce documents you are not supposed to disclose. The retaliation provisions of Dodd-Frank may in theory protect you, but you can't count on it (especially if you are acting from abroad). Even going in as an anonymous whistleblower through a lawyer gives no guarantee someone in the company won't figure out the source.

In the final analysis, however, the real job of a compliance officer is not just training employees to know the FCPA or any of the myriad of laws and regulations that now govern corporate conduct, but doing his or her absolute best to help them comply with the law, and to identify the cases when they fail. An internal auditor is charged with making his or her investigations and reports, but not administering punishment. But the presumption in each case is that the company will take your work seriously and take action to correct and if necessary report the problem to regulatory authorities.

If this does not happen, or the company displays either a lack of good faith or competence in undertaking its end of the bargain, you may have to undertake corrective action, however unpleasant or personally risky. In truth, you owe this to the company, its vast majority of honest employees, and its investors. If certain people in the corporate structure are blind to the "bet the company" risk in ignoring or covering up wrongdoing, your jobis to insure that philosophy does not prevail. I suggest with respect that that duty should remain foremost in the personal decision as to whether and when a compliance officer or internal auditor should, if the situation demands and the law allows, become a whistleblower.


1. SEC Press Release, August 29, 2014.

2. CFR Sec. 240.21F-4(b) states that "[a]n employee whose principal duties involve compliance or internal audit responsibilities, or [who was] employed by or otherwise associated with a firm retained to perform compliance or internal audit functions for an entity" will not be considered sources of original information. See Federal Register, June 13, 2011 at 34318 (SEC Final Rule Implementation Release): "For example, a compliance officer is subject to the rule whether he or she learns about possible violations in the course of a compliance review or another employee reports the information to the compliance officer."

3. According to Wikipedia, "the idiom 'Crossing the Rubicon' means to pass a point of no return, and refers to Julius Caesar's army's crossing of the river in 49 BC, which was considered an act of insurrection." This may well describe the actions of a whistleblowing compliance officer or internal auditor, at least in the eyes of their employer.

4. The information provided might involve a case already under investigation by the SEC and involve the concealment from current investors of the damaging fact of that ongoing investigation. As described by Gretchen Mortenson recently in the New York Times, a whistleblower who was a marketing manager of a hedge fund learned of an investigation of the fund by the SEC and wanted to disclose this to prospective investors but was told by her superiors not to disclose anything until the SEC investigation was resolved. She refused and was fired. "Hedge Fund Kept U.S. Inquiry Quiet," New York Times, Dec. 7, 2014, p.5 (Business).

5. See SEC Litigation Release No. 22790, SEC v. Phillip J. DeZwirek, Sept. 3, 2013.

6. A striking recent example of such a culture is vividly provided in Matt Taibbi's recent expose' "The $9 Billion Dollar Witness: Meet JP Morgan Chase's Worst Nightmare," the story of in-house securities lawyer at the firm who ran into a massive brick wall in attempting to expose a massive securities fraud in the bank's mortgage operations. Rolling Stone, Nov. 6, 2014.

7. "Order Determining Whistleblower Award Claim", Securities and Exchange Commission Whistleblower Award Proceeding, File No. 2014-9, August 29, 2014.

Daniel J. Hurson is former Assistant Chief Litigation Counsel at the SEC and a former federal prosecutor. He practices securities enforcement defense in Washington, D.C., and represents SEC whistleblowers. His email is dan@hursonlaw.com. His website is http://www.hursonlaw.com

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:
  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.
  • Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.
    If you do not want us to provide your name and email address you may opt out by clicking here
    If you do not wish to receive any future announcements of products and services offered by Mondaq you may opt out by clicking here

    Terms & Conditions and Privacy Statement

    Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

    Use of www.mondaq.com

    You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


    Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

    The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


    Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

    • To allow you to personalize the Mondaq websites you are visiting.
    • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
    • To produce demographic feedback for our information providers who provide information free for your use.

    Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

    Information Collection and Use

    We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

    We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

    Mondaq News Alerts

    In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


    A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

    Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

    Log Files

    We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


    This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

    Surveys & Contests

    From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


    If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


    From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

    *** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


    This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

    Correcting/Updating Personal Information

    If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

    Notification of Changes

    If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

    How to contact Mondaq

    You can contact us with comments or queries at enquiries@mondaq.com.

    If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.

    By clicking Register you state you have read and agree to our Terms and Conditions