SEC Whistleblower Program

Stock Market represented on a graph, signifying SEC whistleblower program

SEC Whistleblower Program

As of April 2023, the U.S. Securities and Exchange Commission (SEC) Whistleblower Program has resulted in more than $5.4 billion in financial sanctions ordered against wrongdoers. This figure includes over $1.3 billion in disgorgement, interest, and penalties that have been returned or are scheduled to be returned to harmed investors. 

Since its inception in 2011, the program has awarded approximately $1.3 billion to whistleblowers. These numbers are subject to change as new cases are settled and additional awards are made.

What type of information can be submitted to the SEC?


The SEC offers monetary awards to eligible whistleblowers who “voluntarily” provide “original information” involving violations of federal securities laws.

The term “voluntarily” means providing information to the Commission, or another law enforcement agency, before a request, inquiry, or demand that relates to the same subject matter is directed to the whistleblower or the whistleblower’s legal representative.

SEC rules define “original information” as facts that are:

  • derived from the whistleblower’s independent knowledge or independent analysis;

  • not already known to the SEC or any other source (unless the whistleblower is the original source of the information); and

  • not derived exclusively from allegations made in a judicial or administrative hearing; a governmental report, hearing, audit, or investigation; or from the news media (unless the whistleblower is a source of the information).

Original information can be partially comprised of publicly available information provided that it contains a whistleblower’s independent analysis and is not already known to the SEC.

The Commission is more likely to investigate timely and credible information that contains detailed facts. Such information include facts about specific individuals involved in a particular scheme or undisclosed evidence corroborating  allegations of securities laws violations.

Criteria for Whistleblower Awards

If a whistleblower’s information results in an enforcement action in which more than $1 million in sanctions is ordered, an eligible whistleblower can receive between 10% and 30% of the collected proceeds.

In cases where the amount of the sanctions imposed is $5 million or less, and there are no contravening factors, there is a rebuttable presumption that the SEC will award 30% of the collected proceeds.

The 30% presumption can be rebutted if the whistleblower provided limited assistance during the investigation or if a maximum award would be inconsistent with the public interest, the promotion of investor protection, or the objectives of the SEC’s whistleblower program.

When the amount of the sanctions imposed exceeds $5 million, the SEC will consider additional factors in determining whether to increase or decrease the award percentage.

Factors that weigh in favor of increasing the award percentage include:

  • the significance of the information provided;
  • the level of assistance provided during the investigation;
  • the deterrent effects on particular securities violations; and
  • the extent to which the whistleblower participated in their company’s internal compliance process.

The dollar amount of an award is only considered for purposes of increasing, but not decreasing, the award percentage.

The Commission will also consider reducing the award percentage based on factors such as:

  • the whistleblower’s role and/or scope of involvement in the securities violations;
  • unreasonable delays in reporting the violations to the SEC; and
  • any interference by whistleblower with their company’s internal compliance and reporting processes.

Protecting Anonymity

The SEC will protect the anonymity of a whistleblower to the fullest extent allowable by law. The Commission will not, for example, reveal a whistleblower’s identity in response to a Freedom of Information Act request.

There are, however, circumstances when the SEC can be compelled to disclose a whistleblower’s identity. For example, in a judicial proceeding, a court could order the Commission to produce information or documents that would reveal the identity of the whistleblower.

While the SEC permits information to be submitted anonymously to its whistleblower program, a whistleblower must be represented by an attorney to be eligible for an award.

Protections Against Employer Retaliations

The Dodd-Frank Act prohibits employers from discharging, demoting, suspending, harassing, or in any way discriminating against an employee who provides information to the SEC through its whistleblower program or assists the SEC in an investigation or proceeding based on the information submitted.

The SEC is authorized to bring a cause of action against an employer who retaliates against a whistleblowing employee. Dodd-Frank also provides a private right of action that allows a whistleblower to sue their employer in federal court.  If the employee prevails, they can recover damages that include double back pay (with interest), reinstatement, attorneys’ fees, and reimbursement for certain litigation-related costs.

Under the Sarbanes-Oxley Act, employees of certain categories of companies can also file a complaint with the Department of Labor if they are subjected to retaliation for reporting violations of securities laws.

Areas of Enforcement and Examination Priorities

While it reviews all information, complaints, and referrals it receives, the SEC prioritizes those areas it believes present the greatest risks to investors and the integrity of domestic markets. Young Law Group’s whistleblower attorneys review and analyze these trends by tracking current SEC enforcement actions. The following areas have been the focus of recent enforcement actions.

Decentralized finance (DeFi) is an evolving technology that eliminates third parties, such as banks and credit card companies, from financial transactions. It uses a decentralized database, known as a distributed ledger, that exists across a network to process, validate or authenticate transactions. Cryptocurrencies, such as Bitcoin and Ethereum, make use of blockchain, which is one type of distributed ledger.

In an article published in the November 2021 edition of The International Journal of Blockchain Law, SEC Commissioner Caroline Crenshaw included the SEC among a number of federal authorities that likely has jurisdiction over certain aspects of DeFi. Commissioner Crenshaw noted that the SEC has effective enforcement mechanisms for non-compliant DeFi development projects within the Commission’s jurisdiction.  Although she didn’t mention specifics, the Commissioner stated that she expected the SEC will continue to bring enforcement actions against DeFi offerings, projects, or platforms that operate in violation of securities laws.  As an example, Commissioner Crenshaw cited an enforcement action in which the SEC alleged that a purported DeFi platform, and its individual promoters, failed to register their offering, misled investors and improperly spent investors’ money on themselves.  To settle the allegations, the respondents agreed to disgorgement, interest, and civil penalties totaling more than $26 million.

A Special Purpose Acquisition Company (SPAC) is a publicly traded company created for the purpose of acquiring or merging with an existing private company.  A SPAC is formed by raising capital through an Initial Public Offering (IPO) to fund an acquisition or merger. At the time of the IPO, SPACs have no existing business operations nor do they disclose their acquisition or merger target. By not identifying a specific target, the SPAC can avoid the extensive disclosures normally required during an IPO.

Although SPACs have been in existence since the early 1990s, a recent resurgence in their popularity has sparked increased scrutiny by the SEC and transactions involving SPACs.  SEC Chairman Gary Gensler has empahsized the inherent risks associated with SPAC transactions and the need for closer regulation.

In July 2021, the SEC announced a settlement stemming from charges filed against a SPAC, the proposed merger target, and the CEOs of both companies.  The target company, a privately held company that purportedly provided infrastructure services for space travel, sought to go public through a SPAC. The SEC alleged that the target and its CEO mislead investors by making misrepresentations about the company’s technology and national security risks. The SEC also asserted that the SPAC engaged in misconduct by repeating and disseminating the target company’s misrepresentations which misled investors about material aspects of the target company’s business. In settlement of the charges, the target company paid a $7 million civil monetary penalty while the SPAC agreed to pay a $1 million penalty.

The SEC has made cybersecurity one of its major enforcement priorities in recent years. Public companies must maintain rigorous cybersecurity policies and procedures to ensure that their customers’ and clients’ personal information remains protected.

    The SEC created the Cyber Unit of the Division of Enforcement in 2017 and tasked it with enforcement of illegal cyber-related activities, including:

  1. market manipulation schemes involving false information spread through electronic and social media;

  2. hacking to obtain material nonpublic information;

  3. violations involving distributed ledger technology and initial coin offerings;

  4. misconduct perpetrated using the dark web;

  5. intrusions into retail brokerage accounts; and

  6. cyber-related threats to trading platforms and other critical market infrastructure.

Another aspect of the SEC’s enhanced cybersecurity strategy is to encourage public companies to be transparent with investors about material cyber risks and incidents. The Commission issued guidance to public companies emphasizing the importance of avoiding misleading disclosures in public filings.  As it relates to cybersecurity, misleading disclosures can include specific information about known trends, risks and uncertainties due to cyberthreats. It can also mean omissions such as a public company’s failure to disclose a known threat, security breach, or data theft.  Any of these scenarios could constitute a violation of one or more federal securities laws.

The Foreign Corrupt Practices Act (FCPA) generally prohibits any type of payments to foreign government officials for the purpose of obtaining or retaining business or government contracts.  A government official need not be directly related to the award or retention of a government contract for the prohibited conduct to fall within the scope of the FCPA.  The language of the FCPA has been broadly interpreted to encompass any business purpose or conduct designed to gain a business advantage. The SEC offers some illustrative examples of conduct that constitutes obtaining or retaining business under the FCPA, including:

  • winning a contract

  • influencing the procurement process

  • circumventing the rules for importing goods

  • gaining access to non-public bid tender information

  • evading taxes or penalties

  • influencing the adjudication of lawsuits or enforcement actions

  • obtaining exceptions to regulations

  • avoiding contract termination

The FCPA also contains accounting provisions that apply to publicly traded companies. There are two primary components of the accounting provisions — the “books and records” provision and the “internal controls” provision. The books and records provision requires companies to keep accurate books, records, and accounts that fairly reflect their transactions and the disposition of their assets. The internal controls provision mandates that companies maintain a system of internal accounting controls that ensures management has control, authority, and responsibility over the company’s assets. FCPA violations can result in civil and criminal penalties, sanctions, and remedies, including fines, disgorgement, and/or imprisonment.

Recent FCPA enforcement actions suggest that the Commission has adopted a less restrictive view of bribery in cases involving violations of the accounting provisions.  In certain instances, the nexus to bribery has been so attenuated as to almost render a violation of the accounting provisions as a separate standalone offense. In one enforcement action, the SEC charged a foreign-based company with violating the FCPA’s books and records and internal controls provisions. The company, and its majority-owned indirect subsidiary, paid millions of dollars, directly and indirectly, to third-party offshore consultants and sales agents over a five-year period.  Although the payments were purportedly made for services related to a real estate project in Europe and the sale of real estate in the United States, the company and its subsidiary had no evidence that the consultants or sales agents had actually provided the contracted services when the payments were made.  The SEC found that the company failed to create and maintain sufficient internal accounting controls to provide reasonable assurances that the funds of the two companies would only be used as authorized, rather than be used to make corrupt payments.  The company agreed to a cease-and-desist order and to pay a civil money penalty for the FCPA accounting violations.

The SEC regularly brings enforcement actions involving accounting violations such as misstating revenue, expenses, or asset valuations with the intent to mislead investors, level out earnings instability, or conduct that results in the filing of a false or misleading report with the SEC.  Accounting fraud often involves improper accounting adjustments in violation of Generally Accepted Accounting Principles. A company can also face liability for failing to maintain sufficient internal accounting controls to prevent errors in their publicly filed financial statements.

The SEC’s Enforcement Division also pursues accountants who turn a blind eye to warning signs of potential fraud. For example, an accountant can face liability if they help prepare a company’s public filings but ignore red flags or fail to question the omission of information on which an investor would rely when deciding to purchase or sell an investment.  The SEC has not only targeted high-level management personnel in publicly traded companies, it has also pursued individuals who work “in the trenches,” such as auditors and consultants.

There is no statutory definition of “insider trading;” the rules prohibiting such conduct have been based largely on court interpretations of securities regulations.  Courts have defined insider trading as the purchase or sale of a security by a person who possesses material, nonpublic information about that security.  The access to nonpublic information often results from a breach of fiduciary duty or a duty arising out of a relationship of trust or confidence.

The SEC has not only prosecuted individuals who have traded on inside information, but also those who have passed on material, nonpublic information to others who executed trades based on that information. In Salman v. United States, 580 U.S. 39 (2016), the Supreme Court addressed the issue of whether a gift of confidential information to a friend or family member alone was sufficient to establish the “personal benefit” element necessary to support a criminal conviction for insider trading.  The Supreme Court answered in the affirmative and upheld the conviction of a man who received trading tips from an extended family member. The Court found that the personal benefit requirement of laws prohibiting insider trading may be met by “making a gift of confidential information” to a relative or friend.

The SEC investigates rule violations committed by various trading exchanges. Exchanges have been sanctioned for failing to enforce SEC rules; inadequately investigating compliance problems; and providing unauthorized accommodations for member firms.  An exchange can also be subject to sanctions when it implements a new business practice or modifies an existing practice without creating a new rule when required to do so.

In 2018, the SEC charged the New York Stock Exchange, and two affiliated exchanges, with multiple regulatory violations, including several events that caused a market disruption. It was first time the SEC prosecuted a violation of its Regulation Systems Compliance and Integrity (Reg SCI).  Reg SCI is a series of regulations designed to maintain business continuity and recovery from disasters.  Among the charges filed by the SEC were the erroneous implementation of a market-wide regulatory halt and negligent misrepresentation of stock prices as “automated,” even though the system experienced extensive problems before two exchanges completely shut down. The SEC also charged the exchanges with applying price collars during unusual market volatility, without a rule in effect to permit such actions, which reportedly resulted in slower resolution of order imbalances. The exchanges agreed to pay a $14 million penalty to settle the charges.

SEC Rule 10b-5 makes it unlawful for any person “[t]o make any untrue statement of a material fact or to omit to state a material fact . . .  [or] engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security.”  Simply stated, a misrepresentation is a false statement or omission of a material fact relating to an investment. A “material fact” is any information that an average investor would want to know before buying or selling a security. Examples of material facts include: (i) costs related to the purchase of a security, such as brokerage fees and commissions; (ii) risks associated with a particular investment; and (iii) important financial details such as revenue, liabilities, and condition of assets when the transaction involves a security offering.

Another area of frequent SEC enforcement is the misappropriation of investor funds for a broker’s personal or business expenses.  SEC rules strictly prohibit misrepresentations relating to the intended use of funds from a security offering or how a client’s account will be invested.  A company must have appropriate safeguards to protect client funds from unauthorized activity. For example, the SEC has brought enforcement actions against brokerage firms that failed to implement procedures preventing the misuse and misappropriation of client funds.  In one case, inadequate internal controls prevented a firm from detecting the illegal misappropriation of client funds for periods of more than a year.

The SEC has investigated cases involving inappropriate fees and expenses charged by brokerages and private equity firms. Private equity firms must register with the SEC when they charge charges clients for certain investment advisory fees. For example, many private equity firms charge portfolio companies with large transaction fees as part of a fund’s acquisitions and sales of securities. However, the negotiation of such transactions and the fees charged are usually considered investment banking activities that require registration as a broker-dealer.  Despite this restriction, many private equity firms operate as unregistered broker-dealers.

Enforcement actions involving improper fees can lead to sanctions, fines, and in some cases, rescission of investor purchases.  For example, in one enforcement action, the SEC found that investors had overpaid for Residential Mortgage Backed Securities because brokerage representatives deceived their clients about the price paid by the firm to acquire those securities. The SEC also found that the firm’s salespeople illegally profited from excessive, undisclosed commissions. In some cases, the commissions were more than twice the amount that customers should have paid. Many of these deceptive tactics continued unchecked because the brokerage lacked effective internal controls to identify and prevent such misconduct.

Market manipulation involves the use of techniques to artificially change the price or volume of a stock to attract other investors.  A common scheme involves issuing false and misleading press releases or statements to artificially inflate the price of the stock. In this type of “pump and dump” scheme, unscrupulous brokers and investors, who are privy to the scam, sell their shares before the stock price starts to plummet. The remaining investors are left holding a stock that is worth significantly less than what they paid for it. Micro-cap stocks are more susceptible to market manipulation than mid- or large-cap stocks.

In one SEC enforcement action, four individuals engaged in a scheme that generated nearly $34 million from the unlawful sale of stock.  The SEC alleged that the fraudsters manipulated the market and illegally sold the stock of a micro-cap issuer.  As part of the alleged scheme, the duplicitous traders hid evidence of their ownership and sales of shares of the company by using offshore bank accounts, sham legal documents, and anonymizing techniques. The traders also allegedly orchestrated a wide-reaching promotional campaign and used manipulative trading techniques to artificially inflate the share price.  The SEC obtained a court order that froze the proceeds from the sales of the stock.  After obtaining a default judgment against the group, the Commission established a recovery fund which returned more than $14 million to defrauded investors.

Market manipulation does not always involve the actual execution of orders. “Spoofing” and “layering” are also forms of market manipulation in which traders place bids on a stock with the premeditated intent to cancel the bid before execution. These fraudulent practices are designed to deceive other traders as to the true levels of supply or demand in the market thereby falsely manipulating the trading price.

Find the Help You Need
If you have important information about SEC fraud, please contact us TODAY