In its never-ending war on corporate fraud, the Department of Justice (“DOJ”) has just commissioned a private army to fight as never before. On August 1, the DOJ launched a three-year program to provide financial rewards to almost every corporate employee for reporting misconduct by their employer. See “Trial Program Offers Cash for Tips on Fraud, Bribery,” The Wall Street Journal, A5 (August 2, 2024). While “monetary incentives” for employees to become whistleblowers have existed for some time at select agencies such as the SEC and the IRS, the DOJ believes that those programs “don’t address the ‘full range of corporate and financial misconduct that the Justice Department prosecutes.’” Id. (quoting Deputy Attorney General Lisa Monaco). Thus, the Department decided to go big with its new program, “doubling down on a proven strategy to ferret out criminal activity that might otherwise go unreported.” Id.
The cast of corporate employees who might now “ferret out” their employer’s misconduct is not unlimited. “Tipsters can’t be meaningfully involved in the misconduct at question or have obtained the information through their work as a compliance officer or internal auditor of a company.” Id. But it is a substantial expansion of the number of such employees who might be motivated to conduct such in-house sleuthing. Indeed, that is the entire point of the new program.
What does this mean for employers? Obviously, it will be uncomfortable for any corporation to think about such an army of newly incentivized investigators in their midst. But it also poses real – and increased – risks that a company’s non-compliance with the law will be “ferreted out” and reported to law enforcement before the company is able to address and disclose the misconduct on its own. In the white-collar world, it is always better to be the one reporting misconduct to the authorities than the one being reported about.
So how should companies respond to the increased risks created by the DOJ’s new program of “bounties” for evidence of noncompliant corporate conduct? They should do so by, in turn, “doubling down” on their own compliance programs! If a company can detect misconduct on its own through application of its compliance programs, then the company will be in a position to remedy and/or disclose that misconduct before any whistleblower decides to report it. And if the company can “get ahead” of the potential whistleblower in this manner, then that may change the whistleblower’s risk analysis of whether to report at all. As a noted whistleblower lawyer told The Wall Street Journal, “[t]he calculus that whistleblowers make is always: Is this worth the risk to my career, to my safety?” Id. Misconduct already identified and remedied by Management may not pose the possibility of a large enough reward to pass that test.
Accordingly, in response to the DOJ’s new “bounty” program, companies should 1) review their existing compliance programs to make sure they are working as designed (and are not just “paper tigers”); 2) compare their existing compliance programs with “best practices” to make sure they are consistent with current standards in the industry (not old and outdated) and 3) consider tightening their existing compliance programs a protective step beyond best practices to increase the chances of identifying misconduct early (before a potential in-house whistleblower might decide to report it). Hopefully, these actions will significantly reduce the risk of in-house whistleblowers reporting company misconduct to DOJ. But if some such misconduct gets reported nonetheless, having taken the three steps outlined above will also give the company some very good things to say to DOJ in any subsequent dialog about the company’s “compliance culture” and law-abiding “tone from the top.”