Following last week's award of over $4 million, the U.S. Securities and Exchange Commission's (SEC) Office of the Whistleblower has paid out $111 million to 34 whistleblowers in its five short years of existence. This is all the agency had to say about the case in question. 

Washington D.C., Sept. 20, 2016 — The Securities and Exchange Commission today announced an award of more than $4 million to a whistleblower whose original information alerted the agency to a fraud.

While that sort of terseness may not be ideal for reporters, it points to one of the SEC whistleblower program's greatest strengths: its reputation for air-tight confidentiality. To date, the details the public knows about the office's cases hardly fill a paragraph.

A $22 million award last month stemmed from Monsanto Co.'s (MON) $80 million settlement with the SEC in February; the whistleblower's attorney revealed that much, but not the identity of his client, an ex-Monsanto executive. We do know the name of a Deutsche Bank AG (DB) executive who blew the whistle on his employer, because he wrote a scathing Op-Ed under his own name in the Financial Times last month.

Aside from those scraps, we have dates and dollar amounts. Such secrecy would seem to work against a crucial prerequisite for the program's success – publicity. If no one knows about the program, no one submits tips. Yet the trickle of information has apparently alerted potential whistleblowers to three key aspects of the program: their identities will be protected; they will be shielded from retaliation, should they be outed; and there's money in it for them – for their trouble, and as insurance against the career-ending retaliation they could conceivably suffer.

All things considered, the SEC has achieved something "remarkable and unprecedented," says Jordan Thomas, a partner at Labaton Sucharow LLP who represents whistleblowers in securities fraud cases. In a conversation with Investopedia Tuesday, he compared the office to a startup: "they opened up a business when Dodd-Frank was passed six years ago, there was no market awareness of the program, and there'd never been a program like it." Now 63% of U.S. financial services professionals are aware of the office, according to survey Labaton Sucharow carried out with the University of Notre Dame in 2015.

How Did the Whistleblower Program Begin?

In a September 14 speech, Andrew Ceresney, the director of the SEC's Division of Enforcement, described the beginnings of the program, which initially consisted of its first chief, Sean McKessy, his deputy, and five staff. Having swelled to 20 people today, the office is hardly a sprawling bureaucracy, but as McKessy – who left to join Phillips & Cohen LLP as a partner in July – put it to Investopedia Tuesday, it "started from a standstill." 

The program was created by the Dodd-Frank Act in 2010 and began operating in August of the next year. Part of the impetus was the SEC's failure to act on tips going back to 1999 that Bernie Madoff's wealth management business was a Ponzi scheme. At the time, options for whistleblowers were limited. The Department of Justice's program leaves nothing to the imagination: complaints are unsealed, meaning that the identities of whistleblowers ("relators" in False Claims Act jargon) are exposed. The IRS' program does not protect against retaliation. Prior to the whistleblower office's founding, the SEC only accepted tips related to insider trading cases, and rewards were capped at 10% of the penalties. (See also, How did the Dodd-Frank Act change whistleblower protection and processes?)

The new program faced its share of criticism, however, particularly for a provision that allowed whistleblowers to bypass internal compliance departments. The Sarbanes-Oxley Act of 2002 had forced companies to set these up in response to an earlier wave of scandals: Enron Corp., WorldCom Inc. and Tyco International Ltd. Companies pushed hard against the program's approval, including, the New York Times reported, General Electric Co. (GE), JPMorgan Chase & Co. (JPM) and Google Inc. (since reorganized as Alphabet Inc. [GOOG, GOOGL]). When the SEC decided to go ahead with the office's creation in a 3-2 vote in May 2011, the U.S. Chamber of Commerce thundered, "the SEC has chosen to put trial lawyer profits ahead of effective compliance and corporate governance." It elaborated:

Armed with trial lawyers and new large financial incentives to bypass these programs, whistleblowers will go straight to the SEC with allegations of wrongdoing and keep companies in the dark. This leaves expensive, robust compliance programs collecting dust, while violations continue to fester, eroding shareholder value.

To assuage these concerns, the agency tweaked the rules so that whistleblowers who report wrongdoing internally first receive a larger reward. According to Thomas, concerns that people would stop reporting internally haven't been borne out. (See also, What is the difference between the Sarbanes-Oxley Act and the Dodd-Frank Act?)

As of August 30 (before the most recent $4 million award), the program had received over 14,000 tips, and those from every state, D.C., and 95 foreign countries. The program's success is reflected in the accelerating rate at which are being submitted. Over $504 million has been ordered in sanctions, including $346 million in disgorgement and interest for wronged investors. As the SEC often points out, "No money has been taken or withheld from harmed investors to pay whistleblower awards." McKessy said, "you would be hard-pressed to find a government-sponsored rewards program that paid more people faster," adding, "it's very gratifying for me to look back and say we could accomplish that on my watch."

How Much Do Whistleblowers Get Paid?

No SEC whistleblower has ever come away with anything like ex-UBS Group Inc. banker (UBS) Bradley Birkenfeld's $104 million reward from the IRS's whistleblower office, but they still do alright, and the program is in its early days. Below are the top 10 awards, along with anything we happen to know about the circumstances surrounding them:

Award amount* Date* What we know
$30 million Sep 22, 2014 Paid to a foreign whistleblower*
$22 million Aug 29, 2016 Awarded to an ex-Monsanto executive as part of an $80 million settlement over the way the company booked sales of Roundup**
$17 million Jun 9, 2016 Offered to former Deutsche Bank executives for reporting accounting fraud in the wake of the financial crisis. Eric Ben-Artzi publicly refused his $8.25 million share of the award***
$14 million Sep 30, 2013  
$5-6 million May 17, 2016  
$4 million Sep 20, 2016  
$3.5 million May 13, 2016  
$3 million Jul 17, 2015  
$2 million Mar 8, 2016  
$1.4-1.6 million Apr 22, 2015  
Sources: *SEC; **Reuters; ***Financial Times

Whistlblowers can receive between 10% and 30% of the penalties companies pay, as long as these penalties exceed $1 million. Where the award falls in this range can depend on how helpful the information was to the regulators' case. It does not have to lead to an entirely new investigation, for example, but if it does, that could mean a bigger payout. As mentioned above, going through internal compliance procedures can boost the payout, although the incentives appear to be skewed towards reporting to the SEC simultaneously or soon after (within 120 days): that way, the whistleblower receives credit for any information that the company's compliance department subsequently provides.

Having participated in the wrongdoing is not a deal-breaker, but it will reduce the whistleblower's reward. Similarly, "unreasonably delayed" reporting reduces the payout, reducing the incentive to allow the wrongdoing to play out for a little bit (that tactic would increase the harm done, and consequently the penalties and size of the award). (See also, How do insurance companies use a whistleblower?)

Who Really Benefits?

The key question surrounding the program is who really benefits from it? Whistleblowers who receive multi-million dollar payouts whose identities are protected and who can count on federal heft to shield them from possible retaliation clearly come out alright. But who is paying these generous rewards? Not taxpayers, the SEC is at pains to clarify every time it announces a payout. The funds come from a $450 million pot established by Dodd-Frank that is funded by the penalties companies pay.

Source: SEC.

Who pays the penalties themselves has proved controversial, however. When Deutsche Bank's Eric Ben-Artzi refused his $8.25 million reward for blowing the whistle on the bank's inflated balance sheet, he explained that he was protesting the SEC's failure to go after the managers responsible for the wrongdoing. "I will not join the looting of the very people I was hired to protect," he wrote in a Financial Times op-ed last month. He asked that the award "be given to Deutsche and its stakeholders, and the award money clawed back from the bonuses paid to the Deutsche executives."

McKessy, who was chief of the whistleblower office when the SEC brought its case against Deutsche Bank, would not comment specifically on Ben-Artzi's op-ed. He pointed out that the whistleblower division was not responsible for enforcement, only for making recommendations regarding rewards. He also defended the work of the SEC's enforcement division, where he has worked in the past: "enforcement staff is very sensitive to the idea that holding individuals accountable should be part of the mandate." 

He also drew a contrast between "what you instinctively feel to be true" and "what you can prove in a court of law." Holding individuals accountable for corporate actions presents "interesting challenges when it comes to building an evidentiary base." Public frustration, he suggested, may be "overheating." 

But even if they still suffer as a result of executives' wrongdoing, shareholders may be enjoying some indirect benefit from the new system. McKessy thinks it has acted as a "catalyst for improvement" at compliance departments and a potential incentive for companies to self-report because it's always possible that a whistleblower has already gone to the SEC. Thomas echoed this sentiment, as did Jane Norberg, acting chief of the whistleblower office who spoke to Investopedia Tuesday. All else being equal, stronger internal safeguards mean fewer big fines and less negative publicity. 

How are Companies Fighting Back?

Naturally, some companies are pushing back against the potential threat to their reputations and finances. As mentioned above, a number of large corporations submitted comments to the agency opposing the program prior to its creation. Since it's been operating, some have attempted to discourage blowing the whistle or retaliated against those who have. (See also, What should a whistleblower do if their employer retaliates?)

The SEC has already begun to crack down on attempts to discourage whistleblowing, what McKessy calls "pretaliation." In April 2015 it settled with KBR Inc. (KBR) for $130,000 after the company required witnesses in internal investigations to sign confidentiality agreements saying they could be fired if they brought the issues up with outside parties. In June of this year Merrill Lynch, Bank of America Corp.'s (BAC) wealth management division, changed its policies after the SEC found it had included language in severance agreements that prevented employees from providing information to the regulator; it simultaneously paid $415 million to settle charges that it improperly used customer deposits for trading. Last month BlueLinx Holdings Inc. (BXC) and Health Net Inc. – since acquired by Centene Corp. (CNC) – agreed to pay $265,000 and $340,000, respectively, after requiring outgoing employees to waive their rights to whistleblower awards in order to receive severance packages.

Companies may still be trying to silence whistleblowers. Later in August Reuters reported that settlements between former employees and Wells Fargo & Co. (WFC), Advanced Micro Devices Inc. (AMD), Fifth Third Bancorp (FITB) and others, which the organization obtained through Freedom of Information Act requests, contained provisions that limit the workers' ability to collect rewards for whistleblowing.

Should You Blow the Whistle?

Many workers feel loyalty to their employer, even when they know bad actors are in management. They also justifiably fear reprisal, or as the old saying goes, "snitches get stitches." The old axiom doesn't apply, however, if the snitches can't be found. McKessy told Investopedia he is "not aware of a single incident when a whistleblower was outed," including when the SEC cut them multimillion-dollar checks. As Thomas put it, "anonymity is a powerful thing." If a whistleblower's identity were to slip out, however, there are safeguards in place to protect them from retaliation. Not only can the SEC go after vindictive employers, Dodd-Frank allows whistleblowers to sue their employers in federal court. That, of course, sounds like a career-killer, but once you're done tallying up your reinstatement, double back pay and potentially hefty reward, you might not care. Sometimes, snitches get riches.

Also worth noting: the only SEC whistleblower to out himself, Ben-Artzi, has a job. He works at BondIT, a startup based outside Tel Aviv.