Whistleblower Programs in the United States

In the US there are several active and productive whistleblower programs that businesses, particularly payment processors, should be aware of and have strong compliance and best practices policies in place for. Whistleblowers are a prominent and important enforcement tool for various branches of the federal government.

Whistleblower types include insiders, former employee, outsiders and competitors, participants in the fraud or wrongdoing, and intentional whistleblowers. Notably, the last two categories are still eligible for the whistleblower rewards offered and issued by the government agencies. Avenues for whistleblower rewards are the False Claims Act (FCA), the SEC, the Commodity Futures Trading Commission, the IRS, the Department of Transportation, the Treasury Department (newly created in 2021), and the even newer Kleptocracy Asset Recovery Rewards Act (“KARRA”), created in 2022 in response to the Ukraine/Russian war.

Every whistleblower case is different but expect the process to take anywhere from three to five years for completion. The different branches have different minimum threshold requirements for when they will pay whistleblowers (i.e., the SEC requires a minimum $1 million fine for paying a whistleblower) but generally they pay 10-30 percent of the amount collected. 

In order to recover from an SEC whistleblower claim there must be a successful enforcement and the information must be “original” but this could include analysis of publicly known information. Areas of recover for the SEC include anything that the SEC has jurisdiction over, including securities fraud, items like misstating revenue or other financials, cryptocurrency fraud, and ponzi schemes. Additionally, anything covered by the Foreign Corrupt Practices Act (FCPA) can fall under this umbrella, which may be, for example, a publicly traded company accepting a bribe from a foreign entity.

The IRS has a $2 million recovery threshold for whistleblowers to recover, this includes interest and fees recovered. Anything below that threshold is discretionary. The types of behavior that this can involve includes underreporting income, offshoring, abusive tax shelters, crypto tax fraud, and transfer pricing schemes, and this can include companies that facilitate any of these practices. 

The FINCEN Bank Secrecy Act is aimed at 1) compliance program failures, 2) information gathering failures, and failures to file suspicious activity reports (SARs). Information gathering is extremely important to be aware of in the payments processing realm. A key is paying attention to and responding to red flags such as politically exposed persons (PEPs) and responding to possible money laundering.

Payment processors, specifically, are most likely to be involved with FINCEN, IRS, and SEC whistleblowers. The FINCEN component and BSA obligations can come into play even if the processor isn’t BSA registered. The SEC involvement is obviously for any publicly traded company but can be relevant for anything otherwise under SEC jurisdiction. IRS is important to monitor for anything that might be used to evade taxes. Payment processors need to pay especially close attention to internet businesses and the risk of offshoring money and tax sheltering.

A successful whistleblower compliance program has all of the following: 1) transparency, 2) forceful and immediate responses, 3) clear lines of communication, 4) sufficient trust in work environment, 5) support networks, 6) follow ups, and 7) willingness to change. And, importantly, do not fire whistleblowers.