Whistleblower bounty risks
By incentivizing wrong conduct, bounty programs undermine corporate compliance efforts
The Ontario Securities Commission (OSC) is considering adopting U.S. style bounties to incentivize whistleblowers to report misconduct in exchange for cash. While the encouragement and protection of good faith whistleblowers is indisputably important, adoption of a bounty program would likely do more harm than good.
Canadian public companies typically expend considerable efforts and resources on the development of compliance systems aimed at ensuring ethical business conduct. These systems usually include internal whistleblower reporting processes and protections that create an employee obligation to report any wrongdoing they become aware of, and a reciprocal corporate obligation to protect whistleblowers. This internal reporting obligation is a fundamental component of a robust compliance program, as the reporting of improper conduct allows companies to identify the problem, fix it, and improve internal systems. By creating an incentive for employees not to meet their ethical employment obligations, but rather to run to the regulator for personal financial gain, whistleblower bounty programs incentivize the wrong conduct and undermine corporate compliance efforts.
This risk is particularly pronounced given that many whistleblower programs (including the one currently under consideration by the OSC) require that the conduct at issue is not already known to the regulator, creating the risk that whistleblowers seeking a reward will be motivated to bypass internal reporting structures and “race to the regulator” for fear of losing bounty eligibility. While a 2014 report to Congress on the U.S. Dodd-Frank Whistleblower Program concluded that 80 per cent of whistleblowers first reported internally, it is noteworthy that whistleblowers under the Dodd-Frank Program gain eligibility based on the date they first report internally, effectively removing the incentive to “race to the regulator.”
The OSC does not propose to require internal reporting as a prerequisite for bounty eligibility and is currently noncommittal about recognizing internal reporting, effectively undermining internal compliance programs by creating a competing personal profit motive to circumvent internal reporting obligations.
While the OSC is considering exclud- ing certain compliance personnel from eligibility for bounties, bounty programs nevertheless allow for payments to be made to employees who have shirked their duties by either allowing improper conduct to occur, or even directly engaging in wrongdoing. A blatant example of the kind of potentially troubling results brought about by bounty programs is found in a recent case where the United States Internal Revenue Service paid a $104 million bounty to a whistleblower, notwithstanding that the whistleblower served jail time for his participation in the tax fraud scheme he ultimately profited from. While such an extreme result is highly unlikely in Canada given the OSC’s likely imposition of a $1.5 million cap, the current OSC proposal nevertheless allows for a bounty payment to individuals who participated in the illegal conduct from which they are profiting.
The payment of bounties in the U.S. has also led to a cottage industry of U.S. contingency fee lawyers, themselves aiming to cash in on the promotion of whistleblowers, whether in good faith or not. If the goal is to promote ethical business conduct, the promotion of personal greed is likely not the best means to achieve that goal.
The primary argument in support of whistleblower bounties is that they encourage reporting of unlawful behaviour by compensating whistleblowers for the risks inherent in whistle-blowing. The more direct solution, however, is to eliminate or reduce those risks by cooperation between regulators and industry participants to promote internal ethical compliance practices and, when necessary, to make robust use of laws that protect good faith whistleblowers. Section 425.1 of the Criminal Code imposes up to five years jail time, or unlimited fines for corporations, as penalties for retaliation against whistleblowers. Companies or individuals who retaliate against whistleblowers do so at their own peril. Surely the goal should be to utilize existing laws and compliance structures to ensure a safe environment for whistleblowers, rather than treating retaliation against whistleblowers as inevitable and a cost of doing business. This is the approach taken by securities regulators in the United Kingdom and Australia, which have strong whistleblower protection programs, though do not pay bounties.
Whistleblowers seeking a reward will be motivated to bypass internal reporting structures and “race to the regulator”