This growth is likely to continue under recently proposed amendments to the program that will further pursue wrongdoers and protect whistleblowers. These proposed amendments would address areas related to whistleblower award eligibility, adjustments to award amounts, elimination of double recovery, and changes in the review process. The SEC also provided interpretations and further clarifications including a uniform definition of “whistleblower,” which was a direct response to the February 21, 2018, Supreme Court decision in Digital Realty Trust, Inc. v. Somers.

When announcing the potential changes June 2018, SEC Chairman Jay Clayton acknowledged the importance of the Whistleblower Program: “Whistleblowers have made significant contributions to the SEC’s enforcement efforts, and the value of our whistleblower program is clear. The proposed rules are intended to help strengthen the whistleblower program by bolstering the Commission’s ability to more appropriately and expeditiously reward those who provide critical information that leads to successful enforcement actions.”

The scope and impact of the current program and proposed amendments have important implications for public companies, CFOs, financial managers, and individuals tasked with corporate governance serving in such organizations. This article provides a brief background on the program and process, key tip and award type information, areas of program focus, proposed amendments, and implications to financial professionals and those charged with governance oversight.


The SEC Whistleblower Program was established in 2010 as part of the Dodd-Frank Act to incentivize individuals to report federal security law violations. (See “Whistleblower Timeline.”) Whistleblowers are eligible for payments between 10% and 30% of monetary sanctions collected if the enforcement action results in penalties greater than $1 million. The amount of the award is based on specific factors of the case. Factors that could increase or decrease the amount of the award include: importance of the information provided, degree of cooperation, extent to which the whistleblower followed or interfered with internal compliance policies, amount of enforcement interest, level of involvement in the reported wrongdoing, and amount of time between the discovery and reporting of the wrongdoing.

Whistleblowers aren’t required to be employed by the company they’re submitting information about. Employees with an internal compliance role can be eligible for the awards if they report the wrongdoing internally and no corrective action is taken within 120 days. Individuals can submit suspected wrongdoings to the SEC online or by paper copy through the tips, complaints, and referrals (TCR) form. The Whistleblower Program also prohibits retaliation and actions taken by employers against employees to impede reporting. This includes enforcing or threatening to enforce a confidentiality agreement that prevents an employee from reporting to the SEC.


Since its inception, the SEC Whistleblower Program has shown impressive results. It’s led to enforcement actions resulting in more than $1.6 billion of financial remedies against wrongdoers. In addition, the whistleblower awards have grown significantly especially over the last three years. As shown in Figure 1, fiscal year 2018—with more than $160 million in awards—has exceeded all of the other years’ results combined.

Based on SEC press releases, the volume of awards in fiscal year 2018 has remained consistent with the last few years. But the payment amounts per award have increased substantially. The two largest awards in the program’s history occurred within a seven-month period in 2018.

In March 2018, the SEC reported $83 million of awards with two whistleblowers sharing approximately $50 million and a third whistleblower receiving $33 million. The whistleblowers provided vital information that led to Bank of America Corp.’s Merrill Lynch agreeing to pay the SEC $415 million in 2016. Merrill Lynch was accused of misusing and failing to safeguard customers’ assets. Jane Norberg, SEC chief of the Whistleblower Program, stated that “these awards demonstrate that whistleblowers can provide the SEC with incredibly significant information that enables us to pursue and remedy serious violations that might otherwise go unnoticed. We hope that these awards encourage others with specific, high-quality information regarding securities laws violations to step forward and report it to the SEC.”

In September 2018, the SEC awarded $39 million and $15 million to whistleblowers whose critical information and support led the agency to enforcement action. The $39 million award is the second-highest amount to date. In the press release, Norberg stated that “whistleblowers serve as invaluable sources of information and can propel an investigation forward by helping us overcome obstacles and delays in investigation. These substantial awards send a strong message about the SEC’s commitment to whistleblowers and the value they bring to the agency’s mission.”

In addition to the awards and penalties, the whistleblower TCRs have also experienced steady growth since the program’s inception. Some of the common types of suspected wrongdoings reported to the SEC include: false or misleading financial statements, insider trading, fraudulent conduct associated with security transactions, theft or misappropriation of funds, and offering fraudulent securities. As seen in Figure 2, fiscal year 2018 represented an all-time high in the number of whistleblower TCRs.


In February 2014, the SEC expanded whistleblower rights to include anti-retaliation protection, which allowed the SEC to take enforcement actions against companies that retaliate against whistleblowers. The SEC also implemented Rule 21F-17(a), which prohibits employers from not allowing employees to contact the SEC to report a securities violation. This includes imposing or threatening to impose a confidentiality agreement with regards to whistleblower communication with regulators.

The March 2016 Strategic Finance article “SEC Supercharges Whistleblower Program” stated that the SEC is focusing on companies’ retaliation actions and confidentiality agreements. As the authors predicted, fiscal years 2016 and 2017 saw the SEC levy significant penalties against eight companies for violations related to retaliation or impeding reporting. Table 1 provides a summary of the retaliation and impeding reporting penalties throughout the program. As noted at the bottom of the table, the penalties also may be associated with other SEC violations.

Click to enlarge.

With whistleblower tips at an all-time high, it doesn’t appear the program will slow down anytime soon. But a February 21, 2018, U.S. Supreme Court decision dealt a minor blow to whistleblower protections. In a unanimous decision, the court ruled in favor of an investment company and against a California man who was fired from his position for internally reporting that his supervisor was hiding cost overruns. In the ruling, Supreme Court Justice Ruth Bader Ginsburg stated that the employee “did not provide information ‘to the Commission’ before his termination” and therefore “did not qualify as a whistleblower.” This ruling was a setback to individual protection for internal reporting since approximately 83% of the whistleblowers internally reported their concerns before they went to the Commission.


A 2018 report by the Association of Certified Fraud Examiners (ACFE) found that tips (or whistleblowing) are the most effective means of uncovering fraud. Tips were found to uncover approximately 40% of the cases detected, with more than half of cases detected by company insiders. These findings are consistent with the SEC Whistleblower Program results since implementation. Given the upward trends, there’s no indication of a slowdown in whistleblower tips.

As demonstrated by significant penalties, the SEC is targeting companies for retaliation and impeding whistleblowing. This has created an environment with a perception of seriousness for organizations’ internal compliance structures. This could be evident by the fact that there were no penalties against companies for retaliation or impeding in fiscal year 2018.


The payouts continue to be strong, but proposed SEC whistleblower amendments that were issued in June 2018 could impact the magnitude of the payouts (see Table 2 for a full list of proposed amendments). These proposals mark a clear shift in the SEC’s payout policies and would allow the SEC greater flexibility to restrict awards for whistleblowers in cases with enormous payouts. The SEC would no longer be required to pay based on a rigid formula. Based on the current formula, a whistleblower who brings forth a case resulting in $150 million of penalties would be eligible for rewards between $15 million and $45 million. But under the proposed guidelines, the maximum award the whistleblower would be eligible for is $30 million.

Click to enlarge.

With large cases still awarding a maximum amount of $30 million, it’s hard to imagine this change would dissuade individuals from coming forward and reporting wrongdoings. SEC Chairman Clayton notes in his public statement regarding these amendments that “historic data shows that large majority of corporate officers and other high-ranking executives that have come forward and submitted tips and received awards under the program have done so in return for monetary awards of less than $5 million.”

Perhaps of greater significance is the SEC’s proposition to adjust awards upward, which would only impact smaller reward cases of $2 million or less. It was also noted that the SEC is soliciting comments for smaller award cases of less than $1 million. For employees, these changes could bring more whistleblowers forward since it “achieves the program’s objectives of rewarding meritorious whistleblowers and sufficiently incentivizing future whistleblowers who might otherwise be concerned about the low dollar amount of a potential award.”

It was disclosed within the SEC’s 183-page amendment proposal that the Investor Protection Fund (IPF) fell below the $300 million threshold for the first time in the program’s history. The statutory regulations require a replenishment mechanism to the IPF when this occurs. Given the recent large payments, this could signal more aggressive SEC enforcement actions against public companies in the future.

The recent Supreme Court ruling may encourage more whistleblowers to report wrongdoings externally (i.e., to the SEC) since the employees aren’t guaranteed anti-retaliation protections if they only report internally. Employers are now put in a delicate situation if the employee(s) completely bypass the internal reporting structure and go directly to the SEC. Not only could this increase unnecessary fines, but it would also be a publicity nightmare for large corporations. In terms of retaliation protections, SEC Chairman Clayton stated the following in the June 28, 2018, press release: “Let me be clear: retaliation protections are a key component of the whistleblower program, and we will bring charges against companies or individuals who violate the anti-retaliation protections when appropriate.”

These proposed changes, especially the measures targeting frivolous reward seekers, could help speed up the award process. According to August 5, 2018, reporting from The Wall Street Journal, the average time it takes the SEC to award a whistleblower is more than two years. As Norberg states, “No application is cookie cutter for us to process. The volume of claims received is a reflection of the program’s success.” With this potential change, it’s clear that the SEC is looking to maximize its resources, increase efficiencies, and eliminate any unnecessary waste in its review process. The change would allow the SEC to swiftly discard less credible whistleblower claims and focus on valuable ones.


Following the proposed amendments, the SEC allowed a comment period in which it received considerable feedback from the public. There was strong opposition to the proposed award caps, especially from law firms and whistleblower advocacy groups. In addition, Senator Charles Grassley (R.-Iowa) submitted a letter to the SEC in which he referenced a 2013 Office of Inspector General Report finding that the SEC whistleblower award levels were “reasonable and should not change at this time.”

There’s also concern that these proposals would allow the SEC more discretion in its decision making. For example, the “independent analysis” modification would require whistleblowers to provide information “beyond what would be reasonably apparent to the Commission from publicly available information.” This could impact the awarding process since the SEC would essentially assess whether the information was “inferred from the facts available in public sources.” Ambiguity and less prescriptive language such as this could discourage whistleblowers from coming forward.

With so much at stake, whistleblowers are typically looking for assurance before they come forward. Even SEC Commissioner Robert Jackson acknowledged, “when whistleblowers take these risks for the benefit of all investors, what they need from us is certainty. They are, in the parlance of economics, risk-averse individuals, and we’re asking them to put their livelihood on the line to help us enforce the law.”


With the success of the whistleblower program and awards, penalties, and TCRs at high levels, CFOs, financial managers, and individuals tasked with corporate governance need to be prepared in today’s whistleblower environment. The following are strategies that companies can take.

  1. Strengthen the internal controls on company whistleblower policies to ensure all whistleblower claims are investigated quickly and within a satisfactory timeline. All outcomes of the investigation should be reported back to the individual(s) submitting the wrongdoing(s). This will help gain employee trust throughout the entire process. If action is necessary, follow through with the corporate governance functions.
  2. Tighten the internal controls on the financial processes that have a higher risk of fraud. Potential areas of emphasis may include processes related to reviewing financial reserves, revenue recognition methodology, related party transactions, and account reconciliations. In addition, this should include safeguarding proper separation of duties and assessing the risks of management override controls. Set clear accounting policies and thresholds that are approved by the CFO and reviewed on an annual basis.
  3. Ensure that human resources policies and procedures protect employees from retaliation and contain language that maintains confidentiality. This involves educating employees and managers of employee rights and promoting a safe workplace. In addition, corporate governance functions should review the language of employment, separation, confidentiality, or compensation agreements to guarantee there are no violations.
  4. Set the tone at the top and promote an environment of transparency and open communication. Endorse a reporting structure in which employees are encouraged to report potential violation concerns internally. This includes ensuring there’s an effective hotline available and that employees are aware of it through mandatory annual education and poster placement throughout the organization.
  5. Ensure appropriate communication between key governance parties including internal auditors having access to the audit committee, external auditors providing continuous feedback to the audit committee, and the audit committee updating other board committees about any issues that may arise.
  6. Strive for an audit committee that achieves industry best practices. Based on Deloitte’s 2015 Audit Committee Resource Guide, some of the best practices include: ensuring the audit committee composition consists of appropriate independent, financial, and industry experts; rotating audit committee members periodically; meeting at least once per quarter (or more frequently); limiting the size of the audit committee to four or five members to maximize efficiency; and engaging independent experts when necessary. Consider periodically rotating the external audit firm for the annual audit.
  7. Utilize the internal audit department to investigate special areas of concern and higher areas of risk. In addition, internal auditing should monitor the whistleblower phone logs and transcripts to ensure compliance with the appropriate policies and procedures.

The SEC Whistleblower Program has been very successful in its short existence. Not only are the key stats quantifying its value, the program is also achieving its key objectives. When asked “Would the Commission receive specific, timely, and credible high-quality tips that would lead to successful enforcement actions?” SEC Chairman Clayton’s response was “based on our experiences, I think the answer is a resounding ‘yes.’

The Commission’s Whistleblower Program has contributed significantly to our ability to detect wrongdoing and better protect investors and the marketplace, particularly where fraud is well-hidden or difficult to detect. As we continue our pursuit of enforcement initiatives focused on misconduct that impacts the retail investor, the strength of our whistleblower program is a critical component in our investor protection toolbox.” Companies need to be prepared for these changes, which are designed to further advance the program.

About the Authors