Of late we have been saturated with reports of discovery of fraud and corruption of one kind of another in all parts of the world, fueled by greed, easy money, lax enforcement, and modern technology run amok—where a bunch of hackers in an overseas internet café, or perhaps even connected to a government or two, can steal our money, stare at us through our own computers, steal our emails, or wipe out our bank accounts. Simultaneously, a different class of criminals—corrupt corporate managers and the political and government figures who enrich each other through bribes for official acts—have dominated international headlines.
The fact is that there now exist multiple fraud schemes operating internationally that seem to confound international law enforcement. Some are enabled by technology, such as internet frauds and cyber-attacks. Some involve the many forms of money-laundering, offshore accounts, straw-entities, and similar frauds. For example, from a recent Transparency International report we learn (perhaps surprisingly) that Canada "is one of the world's most opaque jurisdictions when it comes to ownership of private companies and trusts" which allows anonymous companies and trusts to "hide behind a veil of secrecy, while giving them access to bank accounts and the means to use their illegally obtained wealth in Canada's legal economy." Such individuals use shell companies to buy real estate, driving up prices in Toronto and Vancouver. The same secrecy may be occurring in sales of the new mega-high rise condos in New York City to various wealthy miscreants from around the globe, hidden behind layers of LLC's. The Panama Papers laid bare the staggering amount of wealth being shifted around the globe, much of which may be ill-gotten in one scheme or another.
In like fashion are the numerous massive international bribery and corruption plots that are repeatedly being disclosed, often ensnaring major international companies and their senior executives. In December a South American sports marketing company entered into a deferred prosecution agreement with the Department of Justice admitting its role in a 15-year scheme to pay tens-of-millions of dollars in bribes and kickbacks to a high-ranking FIFA official to secure his support for acquiring the rights to broadcast the four future editions of the FIFA World Cup.
In another New York federal courtroom in December, Odebrecht, Latin America's largest construction company, and its affiliated petrochemical firm Braskem, pled guilty to bribing government officials in a dozen countries. The firms will pay at least $3.5 billion in penalties to authorities in the U.S., Brazil and Switzerland in the biggest FCPA settlement ever. Odebrecht, which built the Miami International Airport and has operations in 27 countries, was accused of colluding with Petrobras, the Brazilian state-owned oil company, to take more than a billion dollars in kickbacks from the oil company. That case has resulted in 112 convictions of 83 people, and has rocked that country to its core. Odebrecht created a secret internal group officially known as the "Division of Structured Operations," but called the "Department of Bribery" by prosecutors, which "systematically paid hundreds of millions of dollars to corrupt government officials in countries on three continents."
Massive FCPA settlements are becoming almost routine. Teva Pharmaceutical, an Israeli company, paid $519 million in December. Och-Ziff Capital Management Group, a hedge fund, paid $412 million in September. VimpelCom, a Dutch telecom, paid almost $400 million earlier in 2016. Together with Odebrecht/Braskem at $420 million, these were four of the ten biggest FCPA cases of all time. Not too far behind last year were J.P Morgan Chase ($264 million), and Embraer SA ($205 million). In all, 27 companies paid about $2.48 billion in 2016 to resolve FCPA cases, involving millions in bribes spread all around the globe. Many of these cases involved close cooperation between the SEC and DOJ and foreign government enforcement authorities. Long gone are the days when U.S. companies complained that they were being singled out for paying bribes while foreign competitors were never touched. Now, the big money penalties seem more often to be extracted by non-U.S. companies who are within the broad jurisdictional reach of the SEC and/or the DOJ.
In one sense, it is encouraging that so many corrupt fraudsters are getting caught. Of course these cases take years to be investigated, at great cost and effort to the enforcement agencies in multiple countries. There have been tremendous successes brought about by hard work on the part of investigators and prosecutors around the world. But we cannot help but be distressed at the obvious fact that bribery and corruption on an international scale seems to be on the rise, and are taking new and more malicious forms, particularly cyber-crime, with its ominous potential for economic, social, and political upheaval and chaos. The bribes are now in the millions, even billions, and reach into every country on earth. The cyber-attacks are constant, and ingenious. The crooks hide in the shadows of internet cafes and the bright light of boardrooms and computer screens. Billions of corrupt dollars move secretly in wire transfers and between offshore accounts. Can anything be done?
Is the International Response Enough?
What is the international community doing to combat this onslaught? How can law enforcement get the better of such malevolence, ranging from individual hackers and phone frauds to highly organized international corporate bribery involving billions, and everything in between? Fortunately, in recent years there have developed increasingly influential international efforts at curbing bribery. The Organisation for Economic Cooperation and Development (OECD) has undertaken an international effort to combat bribery and corruption of foreign officials. 41 countries are parties to its Anti-Bribery Convention, adopted in 1997, a legally binding international agreement, in which the "Parties to the Convention agree to establish the bribery of foreign public officials as a criminal offense under their laws and to investigate, prosecute and sanction this offence."1
OECD has an active "Working Group on Bribery" setting global standards for fighting foreign bribery. And as mandated in a recent Working Group report, "The Liability of Legal Persons: A Stocktaking Report" the signing parties, for example, must establish systems of liability of legal persons and to provide that firms found guilty of foreign bribery are subject to "effective, proportionate and dissuasive" sanctions. OECD has issued 195 monitoring reports covering the 41 signatories' foreign bribery laws and enforcement practices and activities, and has issued over 1450 recommendations for anti-bribery law and enforcement, most of which have been fully or partially implemented. 18 countries have introduced or strengthened whistleblower protections.
The Role of Whistleblowers
My particular area of interest is whistleblowers. These individuals are particularly effective in disclosing information about deeply hidden international frauds which may be difficult for US investigators to crack without insider help. As a former SEC enforcement lawyer and U.S. federal prosecutor, I was encouraged by the passage of the whistleblower provisions of the Dodd-Frank Act. I began to represent SEC whistleblowers about five years ago, and have now represented multiple individuals whose information has instigated ongoing SEC and DOJ investigations. The ambitious award program has been called a "game changer" by the SEC. At this writing, the program has awarded approximately $142 million to 38 whistleblowers, and has led to the recovery of financial remedies of $874 million by the SEC. Fortunately, one of my clients received one of these awards from the SEC, and I anticipate some others to follow.
The whistleblower program, as I tell would-be clients, is somewhat like the Powerball Lottery, with big awards but long odds. But I never discourage a potential whistleblower by focusing on the number of previous awards, in part because, as the SEC Office of the Whistleblower has indicated in its latest report to Congress, it is tracking over 800 ongoing investigations that came through the whistleblower program, and there are sure to be many more awards in the future.
While the amount of the awards get most of the attention, the protection of whistleblowers from retaliation by employers has been a major objective of the SEC program. An increasing number of cases have been brought by the SEC against employers who discourage or try to impede employee whistleblowing. Recently the SEC brought its first case against a company that retaliated against an internal whistleblower, and imposed a substantial ($1.4 million) fine.2
International Protection for Whistleblowers
On the international scene, the OECD has also focused on whistleblower protection. In a March 2016 conference in Paris, the OECD issued a new publication, Committing to Effective Whistleblower Protection, which reviewed signatory countries' approaches to protecting whistleblowers.3 It noted that voluntary disclosure or whistleblowing was the primary detection method in 33% of foreign bribery cases, according to a 2014 report. But it also found that 58% of Working Group on Bribery members still have inadequate whistleblower protection frameworks. It also noted that some "countries have recently adopted novel tools, such as monetary incentives for whistleblowers or reduced sanctions for voluntary disclosure, to promote reporting."
The OECD Report also reported some problems with whistleblower protections:
"However, there remain only a handful of OECD countries that have enacted widespread dedicated whistleblower protection laws that apply to both public and private sector whistleblowers. Protection of private sector whistleblowers remains a particular issue; many countries provide dedicated protection only to public sector whistleblowers. A majority of countries lack any dedicated whistleblower protection legislation, depending instead upon ad hoc protection which may discourage reporting and leave fraud and corruption unprotected. Countries should strive to establish a consolidated, dedicated law for the protection of both public and private whistleblowers."
The Report identified major shortcomings in protections for private sector whistleblowers. It found that at least 27 Parties to the Anti-Bribery Convention did not provide effective protection to whistleblowers who report foreign bribery in the public or private sector. It also found that "very few governments have taken steps to raise awareness in business or industry of the importance of encouraging the reporting of wrongdoing and protecting those who report." I have found this to be an issue in the United States as well. I hear from clients that their companies ignored their complaints, hot-line disclosures produced no action, in-house lawyers and compliance offices were averse to respond, etc. While strict compliance procedures and anti-corruption policies are featured in booklets and at conferences, the reality continues to be that whistleblowers are viewed more often as disgruntled troublemakers than as individuals who truly have the best interest of the companies at heart. I often wonder how many multi-million dollar penalties will have to be imposed (usually on shareholders, not corporate officers) before these companies "get it".
The OECD also found that "internal whistleblower protections are rare; a third of companies surveyed in the OECD Business Integrity Survey had no written policy [of] whistleblower protection or were unaware of such a policy. Countries therefore need to increase efforts to promote and incentivize the establishment of internal company whistleblower protection mechanisms."
Disfavor of Anonymous Reporting
The OECD also commented upon the fact that many countries prohibit anonymous reporting, which is a staple of the SEC Whistleblower program. These parties were skeptical about anonymous whistleblowers, assuming they might be filing unreliable or vindictive allegations, and might attract "cranks, timewasters and the querulants."4 On the other side were countries that support anonymous whistleblowing, especially where it is culturally unsuitable to be a whistleblower, or where "the institutional safeguards are non-existent of too weak to provide adequate protection." Report p. 5. Overall, the OECD reported that (as of the 2014 survey) 41% of signatory countries did not allow anonymous whistleblowing.5
In my view, anonymous whistleblowing is essential to the success of any whistleblower program. In my practice, virtually all my clients wish to remain anonymous. The reality of whistleblowing is that legal protections against retaliation cannot prevent such reactions by employers and fellow employees. In the case of former employees or third parties who are whistleblowing, which is often the case, forcing them to identify themselves makes little sense, and can only encourage more aggressive retaliation, such as blacklisting the whistleblower in the industry in which he or she has made their living. This kind of retaliation, which I believe is rampant against whistleblowers, can rarely be stopped by lawsuits or other legal means, and is quite difficult to prove in any event. If the anonymous allegations are truly frivolous, the matter will quickly be disposed of. But if whistleblowers are forced to identify themselves, even if promised confidentiality (see below), most will be unwilling to run the risk.6
The OECD did come out strongly in support of strict "confidentiality" for whistleblowers, regardless of whether the country's laws provided for anonymous reporting. "Being certain that the information provided remains confidential, along with one's identity, is an essential factor in disclosing wrongdoing. Maintaining confidentiality is the first element of a whistleblower protection system, when this fails, reprisals may ensue." Id. But again, in my experience, and given the nature of the modern corporate workplace and the typical path an internal investigation may take after the whistleblower comes forward, it is nearly impossible to insure that the identity of the whistleblower will not become known or at least suspected within the company or organization. The information given, to be effective, must be direct, specific, and credible. It will generally have to be disclosed to numerous legal, management, compliance, and other officials, as well as to regulators. It may have to be disclosed in some form individuals the whistleblower knows to be culpable or antagonistic to him. Throughout all these steps, the likelihood that the identity of the whistleblower will emerge, or be surmised, is very great, regardless of what efforts are made to keep it confidential. This is true even when the whistleblower remains anonymous, but is almost certain to occur when he or she has to identify themselves to their employer. I believe that the OECD, and member countries, must revisit the confidentiality and anonymity issue and strongly consider a system of anonymous reporting such as that employed by the SEC. CFTC, and the DOJ in the United States.
Reporting Internally—Let the Whistleblower Decide
The same can be said for programs or statutes which require whistleblowers to "report up" internally first, before going to the regulatory authority. Business interests tried strenuously to get this requirement written into the SEC whistleblower rules (and may well try again under the incoming US administration), but the SEC wisely rejected it. While "reporting up" is favored in the SEC Whistleblower rules, and can be a factor in increasing an award, it is not required. I have seen a number of cases in my practice where the whistleblower may have informally complained and got nowhere, or spoke up among fellow worker or an immediate supervisor and was discouraged or rebuffed. But to require whistleblowers to make some type of formal complaint to legal or compliance officials in the company (some of whom may be part of the fraud, or have already known of it), would surely shrink the pool of individuals who are willing to undertake such a perilous endeavor.
In a September 2015 UN report of the "Special Rapporteur on the Promotion and Protection of the right to freedom of opinion and expression," the author David Kaye made the following observation about whistleblowers and internal reporting:
"...internal [reporting] mechanisms present potential whistleblowers with serious risks. They often lack strong measures of confidentiality and independence from the organization in which they are embedded, putting whistleblowers at risk of retaliation. Many mechanisms are widely perceived as ineffective, so that the risk of retaliation may appear too great in the face of the low odds of success. For those reasons, among others, studies suggest that employees have relatively low confidence in whistle-blowing mechanisms. If States aim to have working whistle-blowing procedures that reduce public disclosure, they must ensure the effectiveness and trust in the full independence of whistle-blowing processes." My personal experience with whistleblower clients bears out this observation.
The SEC rules have a quirky, but perhaps effective, incentive to reporting up. If a whistleblower reports internally first, before going to the SEC, he still has 120 days before he must report to the SEC to get credit as if he reported to it on the day he went to the company. That means, for example, if the whistleblower reports internally, and the company itself (or any other whistleblower, inside or outside of the company) reports to the SEC on the same fraud or illegal activity, the whistleblower is treated as if he came to the SEC himself on the same day as he originally reported to the company, and he gets credit for reporting that information first. Reportedly, this provision has effectively forced companies to decide if they want to take the chance of failing to inform the SEC themselves within that 120 days and be treated by the SEC as if they had come in after the whistleblower already gave the SEC the information. This led to companies deciding to go ahead and promptly "self-report" to the SEC that they have received information concerning possible illegal activity and are undertaking an internal investigation to determine the extent of the issue. Nevertheless, in my experience at least, whistleblowers who decide to go to the SEC have not formally reported to the company first (assuming they are still employed there, which is often not the case) as this would necessarily have required them to disclose their identity to the employer
The SEC whistleblower rules are complex, and lengthy. That detail, however, was the product of a comprehensive comment process that allowed all interested parties (including this writer) to comment on every facet of the whistleblower proposal, from both the perspective of the employee and the company. As a result, the SEC rules (and the CFTC rules, which are nearly identical) should serve as a model for other countries who truly desire to create a program that will incentivize whistleblowers to report, and protect them after they have done so.
My impression at this point is that the international community has made considerable efforts, such as through the OCDC's anti-bribery efforts, to strongly encourage its member states to enhance whistleblower protections, but they have lagged at making it more attractive to whistleblowers to come forward in the first place. For example, a recent (Nov. 2016) Transparency International (TI) report concluded that "one out of four citizens in the European Union (EU) believes that reporting corruption is the most effective thing a person can do to fight it. Unfortunately, only a small minority of them would speak up. Why is this? Put simply, most fear the consequences: 35% of EU citizens said they are afraid of retaliation or a negative backlash such as losing their job." To overcome these fears, and to give the whistleblower at least the possibility of receiving a substantial monetary award to compensate them for their risk taking and the good possibility of no further gainful employment, the award, as opposed to any theoretical protection against retaliation, is an important component of the decision to proceed.
TI found that "legal protection is uneven across the EU—and poor to non-existent in most EU member states. Ireland adopted a strong bill in 2014, and last week France passed the Loi Sapin which includes whistleblower protection. But in other countries like Germany and Poland there is no progress at all, and the current whistleblowing legislation process in Italy is stuck in the Senate with an uncertain outcome."
Offering Awards to Whistleblowers—A controversial incentive
The OECD March 2016 Conference took note of the fact that "[c]ountries have recently adopted novel tools, such as monetary incentives for whistleblowers...to promote reporting." It observed that "these efforts can be particularly valuable in countries where the public is generally reluctant to blow the whistle." I am not sure in which countries citizens are eager to blow the whistle, but I do note that the SEC (which does give awards) has, since inception its program, received tips from 103 countries outside the US. In FY 2016, the SEC received tips from individuals in 67 countries. Many of my clients have come from outside the US. The largest award yet given to an SEC whistleblower, $30 million, went to a foreign-based whistleblower. It would seem that the prospect of a monetary reward incentivizes whistleblowers world-wide, as it should.
But the concept of giving a monetary award does not seem to have caught on in many countries. The United Kingdom is a good example. In FY 1916 it contributed 63 whistleblower tips to the SEC, the third largest of any foreign country. But in the UK itself, the Public Interest Disclosure Act does not provide any reward for whistleblowing. It does provide compensation for retaliation, however. The whistleblower must have a reasonable belief that the disclosure is made in the public interest and meet certain other criteria. It must be made to the employer or to a "prescribed person" such as a regulatory body. There are rewards for "detriment" or "unfair dismissal." There is no cap on compensation, and the law even allows compensation for being denied promotion or even "injury to feelings." In fact, this approach appears to me to be more "whistleblower friendly" that the convoluted and frustrating process of pursuing compensation for retaliation in the US through the OSHA process required by the Sarbanes-Oxley Act or the requirement to file a federal court case under SOX or Dodd-Frank. But the UK law does nothing to encourage a whistleblower to come forward before any retaliation in the hope of obtaining a multi-million dollar award, as the SEC program offers. UK regulators have looked at the possibility of giving awards, but apparently concluded that "reporting wrongdoing should be its own reward." This may be in part why so many SEC tips come in from the UK.
As for the French, they have just enacted a new law on "transparency, anti-corruption and economic modernization" the so-called Sapin II bill. It obligates French companies having 500 or more employees and revenue exceeding 100 million Euros to implement anti-corruption compliance programs consisting of 8 concrete measures, including codes of conduct, internal alert systems, and due diligence and risk assessment procedures. It also introduces a French-style deferred prosecution agreement. It strengthens whistleblower protections and sets forth a structured procedure for whistleblowers to raise claims and to protect against retaliation, including financial compensation in the event of litigation. The law makes it a crime (two years' prison and a 30,000 Euro fine) to retaliate against a whistleblower, violate the whistleblower's confidentiality, and interfere with a "public interest" disclosure (something the US should seriously consider).
A new independent institution, the "Defender of Rights" is created with the authority to enforce the law and to grant financial compensation to victimized whistleblowers, including return to their job and preservation of salary. But the worker has to report to the employer first, not to the Rights Defendant, and has to prove they have disclosed the information in "good faith." As with the UK, there are no awards for providing the information. Last year the SEC got only 3 tips from France. Several of the biggest FCPA cases have been against French companies (Alstom, $772 million, Total SA $398 million). Maybe the tips from France will increase.
Canada has created a confused system. Whistleblower programs have been created by the Ontario Securities Commission (OSC) and the Autorite des marches financiers (AMF) in Quebec. Whistleblowers meeting certain criteria will be eligible for a monetary reward by the OSC for a breach of Ontario securities law, if they provide meaningful information and the penalties exceed $1 million. The award can range between 5-15% of the penalty but is capped at $1.5 million unless the OSC receives more than $10 million, in which case the maximum award can go to $5 million. The program requirements appear to closely follow the SEC and CFTC programs in the United States. Retaliation protection is also similar to US law. But the AMF program does not offer awards, just retaliation protection. That body studied various whistleblower programs in other countries and "concluded that it cannot be established with certainly that financial incentives generate more quality reporting of wrongdoing, and that the key component of any whistleblower program is in fact the protection offered to whistleblowers."7 Having by now represented many whistleblowers, I must disagree.
CONCLUSION
International corruption has reached dangerous levels, and law enforcement is only scratching the surface with the prosecutions undertaken and reported to date. Various international bodies and NGO's have done a good job of alerting the world to the extent of these dangers, and have proposed numerous well-founded recommendations, including many to protect whistleblowers. But the will or ability to enforce the various patchwork of laws prohibiting retaliation of whistleblowers leads much to be desired.
The SEC and CFTC whistleblower programs, which provide substantial monetary rewards to whistleblowers, have clearly set the standard for such efforts, although some of the European laws may provide, at least on paper, greater retaliation protections. Moreover, the European programs, by and large, seem to rigidly cling to outmoded concepts prohibiting anonymous reporting and requiring reporting up to potentially corrupt superiors, at the risk of disclosure of the whistleblower's identity. But the awards programs offered by the US enforcement agencies truly provide the incentive to whistleblowers initially to come forward, which after-the-fact retaliation protections alone cannot. In contrast, the European programs seem to shun awards, even to a whistleblower who could expose a complex fraud which nets the regulator millions or even billions of dollars in penalties.
As the SEC program in particular continues to turn out huge multi-million dollar payments to even a small and select group of whistleblowers, it will continue to attract quality tips from around the world (its number of tips has increased 40% since the program's inception, and continues to grow). If other nations truly desire to successfully prosecute sophisticated and entrenched international corruption, they must rethink their opposition to making significant awards to whistleblowers who risk their safety, reputation, and careers to uncover and disclose that corruption by the highest levels of corporate and government power.
Footnotes
1. "Fighting The Crime of Foreign Bribery—The Anti-Bribery Convention and the OECD Working Group on Bribery." OECD, www.oecd.org/corruption/anti-bribery.
2. In the Matter of SandRidge Energy, File No. 3-17739, December 20, 2016.
3. www.oecd.org/corruption/whistleblower-protection.htm.
4. A "querulant" (as defined by Wikipedia):
"In the legal profession and courts, a querulant (from the Latin querulus - "complaining") is a person who obsessively feels wronged, particularly about minor causes of action. In particular, the term is used for those who repeatedly petition authorities or pursue legal actions based on manifestly unfounded grounds." While of course none of my clients fit this definition, I am not sure I can say the same for some parties (and their counsel) I have opposed in litigation.
5. In 2014, the Council of Europe published an aggressive set of standards for the protection of whistleblowers. Protection of Whistleblowers, Recommendation CM/Rec(2014)7. But, when it came to anonymous reporting, even the Council expressed concerns:
"In most legal systems, there is little or no readily available protection for someone who makes a report to a public authority or a disclosure to the public even if it is made honestly, is justified and is reasonable. Accordingly, such reports or disclosures are often made anonymously in the hope that the source will be protected. However, anonymity raises a host of issues. More often than not, anonymous allegations are assumed to be malicious or are considered to be less credible by those who receive them. Anonymous disclosures can also be much more difficult to investigate and even impossible to remedy. Finally, anonymity is not a guarantee that the source of the information will not be unmasked. Where the person is identified, the fact that they acted anonymously can be seen as a sign of bad faith, further jeopardizing their position. In the worst cases such people forfeit their career. Their plight then attracts media attention, which can only discourage others from sounding the alarm."
6. In the SEC and CFTC programs, the whistleblower eventually does have to confidentially identify herself in order to claim an award. The SEC also cautions whistleblowers that it cannot guarantee confidentiality if the matter goes into litigation, as defendants will have discovery rights to the SEC files. Fortunately, the vast majority of these cases are settled before extensive discovery.
7. Canadian Securities Law, Strikeman Elliott, July 15, 2016.
Dan Hurson practices law in Washington, D.C. and Annapolis, MD. He is a former Assistant United States Attorney for Maryland and Assistant Chief Litigation Counsel for the Securities and Exchange Commission. He is former Chair of the D.C. Bar's Corporation, Finance and Securities Section. He represents SEC and CFTC whistleblowers. dan@hursonlaw.com Website: www.hursonlaw.com.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.