A 2019 report states that 15% of organizations typically do not recover funds lost to fraud and another 64% recover less than half their losses.1 In addition, 58% of professionals in charge of combating fraud say their organizations currently have inadequate levels of anti-fraud staffing and resources.2 One method to combat this problem is to encourage whistleblowing, or “the disclosure by organization members of illegal, immoral, or illegitimate practices under the control of their employers to persons or organizations that may be able to effect action.”3 This column discusses these programs and considerations for CPAs and those charged with governance.
SEC Whistleblower Program
Created as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) in 2010, the Securities and Exchange Commission (SEC) has a critical whistleblowing program. The Office of the Whistleblower (OWB) within its enforcement office helps identify and halt securities fraud early to minimize investor losses. In addition, an awards program was established to encourage the submission of high-quality information and confidentiality protections are provided to whistleblower submissions, including the ability to file a tip anonymously with the assistance of an attorney and prohibitions against employer retaliation for providing information to the SEC. Last year, the whistleblower program expanded in scope with significant tips received, awards furnished, and new amendments being considered.
In fiscal year 2019, the SEC received its second-largest number of whistleblower tips, slightly below the number received in fiscal year 2018, with over 5,200 tips. This marks a 74% increase since the beginning of the program. Pennsylvania submitted 332 tips, complaints, or referrals (TCRs) to the SEC, the second-highest submission for the year behind California. Among the most common complaint categories reported were corporate disclosures and financials (21%), offering fraud (13%), and manipulation (10%). This resulted in the SEC ordering about $60 million in whistleblower awards.
One tenet of the whistleblower program the SEC is interested in clarifying is retaliation protections. Exchange Act Rule 21F-17(a) of Dodd-Frank “prohibits any person from taking any action to prevent an individual from contacting the SEC directly to report a possible securities law violation.”4 A recent Supreme Court opinion, however, ruled that anti-retaliation coverage is limited under Dodd-Frank, reducing the categories of employees who are covered and invalidating a rule interpreting anti-retaliation protections to apply in cases where an employee had reported only internally.5 As a result, the proposed rule amendments will comport with the court’s holding by, among other things, establishing a uniform definition of “whistleblower” that would apply to all aspects of the Exchange Act. Another aspect for which the SEC has outlined improvements through the proposed amendments is for the claims review process.
Taxpayer First Act
Retaliation against whistleblowers remains a concern as organizations encourage employees to not only detect fraud but also to report it. However, as seen in the Supreme Court case of Digital Realty Trust Inc. v. Somers, the provisions of Dodd-Frank that were enacted to encourage whistleblowers and protect them from retaliation are still being adjudicated. As a result, those exhibiting the courageous action of blowing the whistle on corporate misconduct have little protection from retaliation within the organization. Congress took steps to protect whistleblowers in other respects with the passage of the Taxpayer First Act of 2019 (TFA). Specifically, legislators established protections for those raising concerns about tax fraud or violations of IRS regulations.
Section 1405 of the TFA contains a number of whistleblower reforms.6 The anti-retaliation provision, in particular, is an important step in providing protections for CPAs or other tax professionals who may be hesitant to report tax fraud or other IRS rule violations. This law includes protections for providing information or assisting in an investigation regarding underpayment of tax, conduct that the employee reasonably believes constitutes a violation of internal revenue laws or any provision of federal law relating to tax fraud, and testifying, participating in, or otherwise assisting with administrative or judicial action taken by the IRS relating to an alleged underpayment of tax or violation of internal revenue or federal law relating to tax fraud. The law also states that an individual who alleges discharge or other reprisals in violation of this provision may seek relief, including, but not limited to, job reinstatement and compensatory damages.
In addition to anti-retaliatory protections, the TFA also enhances the existing IRS whistleblower program by improving communication with tax whistleblowers about the status of their submission. Modifications to disclosure rules for whistleblowers include providing return information related to the investigation of any taxpayer with respect to whom the individual has provided such information and updating whistleblower investigations no later than 60 days after the case for which the individual has provided information has been referred for an audit or examination, along with a notice with respect to such referral. Increased transparency will help alleviate the frustration experienced by many tax whistleblowers desiring updates about the status of their claims.
Strategies and Implications
In terms of reporting to the SEC, CPAs should heed the advice contained in SEC’s Annual Report to Congress and follow the steps when submitting tips to the OWB. Although generous monetary incentives have been established for whistleblowing to the SEC, CPAs should understand the preconditions that must be met before receiving any such award. In addition, with passage of the TFA, accountants and tax professionals should expect anti-retaliatory protections when whistleblowing on IRS rule violations, such as underreporting or omitting income, claiming false deductions, keeping two sets of books, and other abusive tax schemes.
Organizations and those tasked with corporate governance need to maintain an ethical culture that better serves their own employees. Although they need to be aware of newly enacted legislation and familiarize themselves with the SEC whistleblower program, they should also continually review and update their own whistleblower policies. Specifically, organizations should strengthen their internal controls on their whistleblower policies to ensure all claims are not only investigated, but that they also are reported back to the individual(s) submitting the wrongdoing. Policies should also contain anti-retaliation provisions that protect their employees’ jobs and confidentiality.
CPAs and internal auditors are often a last line of defense on matters related to financial fraud and wrongdoing. Organizations should encourage and incentivize these individuals to report any wrongdoing they see. Internal auditors, specifically, should have the expertise to appropriately monitor and ensure compliance with appropriate policies and procedures. With many lacking the adequate levels of anti-fraud staffing and resources, these strategies can go a long way in preventing the consequences that have harmed many entities.
1 Association of Certified Fraud Examiners (2019). New report says 58% of anti-fraud professionals currently have inadequate levels of resources to fight fraud.
3 Janet P. Near and Marcia P. Miceli, “Organizational Dissidence: The Case of Whistle-Blowing,” Journal of Business Ethics (1985).
4 2019 Annual Report to Congress: Whistleblower Program, U.S. Securities and Exchange Commission (2019).
5 Digital Realty Trust Inc. v. Somers, Supreme Court of the United States (Feb. 21, 2018).
6 U.S. House of Representatives. 2019. Public Law 116-25-July 1, 2019 (H.R. 3151).
James W. Sunday, CMA, is a financial analyst at GWC Warranty in Wilkes-Barre and an accounting doctorate student at the University of Scranton in Scranton. He can be reached at firstname.lastname@example.org.