What We Know About the Department of Justice's Whistleblower Pilot Program
In her remarks to the American Bar Association's National Institute on White Collar Crime, Deputy Attorney General (DAG) Lisa Monaco outlined the forthcoming whistleblower program that seeks to fill in the gaps of existing federal government whistleblower programs. The Criminal Division announced the new Corporate Whistleblower Awards Pilot Program on August 1st. In summary, individuals who help the DOJ discover significant corporate or financial misconduct could qualify to receive a portion of the resulting forfeiture. The information must relate to one of the following areas:
- Certain crimes involving financial institutions, from traditional banks to cryptocurrency businesses
- Foreign corruption involving misconduct by companies
- Domestic corruption involving misconduct by companies
- Health care fraud schemes involving private insurance plans
Notably, companies that voluntarily self-report within 120 days of receiving an internal whistleblower report may be eligible for a presumption of a declination under the Criminal Division's Corporate Enforcement and Voluntary Self-Disclosure Policy if the company reports to the Department before it contacts the company.
If a whistleblower's claims result in a successful prosecution that includes criminal or civil forfeiture, they may be eligible for an award. There are a number of eligibility criteria for a whistleblower to receive an award, including a requirement that a whistleblower who reports conduct through internal compliance programs or hotlines must also report the conduct to the DOJ within 120 days of reporting it internally. Additionally, a whistleblower is eligible for payment under the program in the following circumstances:
- Only after all victims have been adequately compensated
- Only to whistleblowers who provide true information not already known to the government
- Only to whistleblowers not involved in the reported misconduct
- Only in cases where there is not an existing federal whistleblower program available
DAG Monaco notes that other whistleblower programs have proven successful in uncovering corporate and financial crimes but are limited to the jurisdiction of the agency that operates them. However, several disjointed programs – each limited in scope – do not cover the full range of misconduct the DOJ prosecutes. Taken together, DAG Monaco describes the existing whistleblower programs as "a patchwork quilt that doesn't cover the whole bed." Therefore, the DOJ's new program seeks to fill in the gaps. With this new pilot program and the potential for a presumption of declination if companies self-report, companies should be increasingly vigilant in responding to internal whistleblower claims timely and appropriately.
How does the DOJ's New Whistleblower Program Fit into the Structure of Existing Federal Government Whistleblower Programs?
As a gap filler for existing federal government whistleblower programs, businesses seeking to understand the DOJ's new program should also understand the jurisdictional gaps in the existing network of whistleblower programs.
The False Claims Act is limited in jurisdiction because it only targets businesses – typically government contractors – who have defrauded the federal government. Whistleblowers may bring qui tam actions against perpetrators of the fraud. If the government intervenes in the case, the whistleblower receives 15-20% of the government's settlement or award; however, if the qui tam plaintiff prevails in a non-intervened case, they are eligible to receive up to 30% of the award in certain cases.
The jurisdiction of the SEC whistleblower program is limited to misconduct in companies offering securities, thereby limiting the organizations subject to the program. The SEC is interested in information related to, for example, Ponzi and Pyramid schemes, theft and misappropriation of funds or securities, manipulating a stock's price or volume, insider trading and other securities fraud. If a whistleblower's information leads to an enforcement action resulting in sanctions of more than one million dollars, the whistleblower is eligible to receive 10-30% of the forfeiture.
The CFTC's whistleblower program is similarly limited in jurisdiction, only covering violations of the Commodity Exchange Act, which regulates trading commodity futures. The CFTC is interested in information about misconduct affecting U.S. derivatives markets, like futures, options or swaps. If a whistleblower provides information leading to an enforcement action with sanctions exceeding one million dollars, the whistleblower is eligible to receive 10-30% of the forfeiture.
The IRS whistleblower program only covers tax non-compliance, limiting the jurisdiction of the program. To receive an award, whistleblowers must provide information relating to tax non-compliance where the tax, penalties, interest, additions to tax, and other proceeds at issue exceed two million dollars. If the tip concerns an individual taxpayer, the taxpayer's gross income must exceed two-hundred thousand dollars. If the IRS uses the whistleblower's information, then they are eligible to receive 10-30% of the proceeds collected.
The FinCEN whistleblower program is limited in jurisdiction by targeting money laundering under the Bank Secrecy Act; recently, the program's scope has expanded to also target assets linked to foreign government corruption. Whistleblowers who provide information about violations of the Bank Secrecy Act are eligible to receive up to 30% of the resulting sanctions if in excess of one million dollars. Additionally, whistleblowers who provide information leading to the seizure, restraint or forfeiture of assets linked to foreign government corruption may receive an award of up to five million dollars.
Businesses Should Target Misconduct Before It Happens with Effective Internal Corporate Compliance Programs
A robust corporate compliance program is a company's best defense against whistleblowers. Though programs differ, effective corporate compliance programs generally have the following features: a culture of compliance, clear policies and procedures, continuing training and education, efficient internal hotline reporting and prompt, thorough internal investigations, effective enforcement and continuous program auditing.
Culture of Compliance – Corporate compliance programs that look good on paper but lack the support of leadership create risk for a company and will fail when faced with difficult and adverse circumstances. Executives must lead by example, communicating a culture of compliance and supporting appropriate independence and transparency for corporate compliance officers and programs. Companies can also show they value compliance by ensuring that compliance programs are adequately resourced. Corporate compliance officers should have direct reporting access to the highest levels of executive leadership and boards of directors, as applicable. Finally, compliance officers should be active and visible in the company so employees feel a report of misconduct will be handled appropriately and they will be protected from retaliation.
Clear Policies and Procedures – All effective corporate compliance programs should have a clear, written corporate compliance policy. To be effective, the policy language must be unambiguous and specify clear prohibitions and best practices, as well as the consequences for policy violations. To craft a policy that meets the needs of the business, the policy drafters should consider the size of the business, common types of misconduct in the industry and relevant regulations. Importantly, the company should ensure they are following corporate compliance policies, tailoring the policy as needed, as a company could find itself in jeopardy if it appears the compliance policy is not enforced by the business.
Continuing Training and Education – Policies turn into practice with effective notice and training. However, the benefits of compliance training when employees begin employment at the company quickly dwindle as the industry and compliance landscape changes. Regular recurrent training can help to cover gaps created through turnover, reorganizations, leadership changes or mergers and acquisitions. Further compliance training should emphasize not only requirements, but resources available to employees, so regular follow-up is essential.
Internal Hotline Reporting – All employees, from the most basic roles to senior executives, should have access to easy-to-use tools that enable them to report misconduct and, where the law permits, anonymous reporting. Employees and management should not be the only individuals who can raise concerns with the compliance officer; contractors, customers, clients and anyone with relevant information about misconduct should have access to a reporting channel. Further, to encourage reporting, the company must make it clear it will provide the reporter with anonymity when possible and legally permissible, and that the company will protect reporters against retaliation.
Effective Internal Investigations Enforcement – Immediately after a hotline report or otherwise learning of possible misconduct, the company should thoroughly investigate the matter. An investigation should also consider any necessary actions or notifications to law enforcement consumers or others for safety and prevention of further misconduct, including cooperation with any law enforcement efforts as appropriate. Upon a finding of misconduct, the company should take appropriate corrective actions, including termination if warranted. The ability to establish a pattern of prompt and effective enforcement of a compliance program is a powerful defense to any adverse actions from government authorities or other third parties. In addition to disciplining individuals involved in misconduct, the company must examine how the misconduct was permitted to occur and make any necessary changes to its compliance program to prevent future misconduct.
Continuous Program Auditing – Recognizing that compliance brings ever-changing challenges, a static compliance program is likely to be ineffective over time. Companies should test their program to determine what misconduct is missed, stay up to date on new patterns of misconduct in the industry and adapt to evolving regulatory requirements.
Thank you to Carson Cargill, a 2024 Summer Associate at Lathrop GPM, who contributed to the writing of this alert.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.