Guarantees of confidentiality and anonymity are important considerations for whistleblowers seeking to report information on violations to regulators and other public entities. These guarantees ensure the safety of whistleblowers when filing complaints, often against entities with substantial resources and some authority over the whistleblower. When whistleblowers can provide information to the government without fear of losing their jobs or facing retaliation, blowing the whistle becomes a much safer proposition.
Confidentiality and anonymity also offer additional benefits to whistleblowers. When whistleblowers are confidential, wrongdoers must directly address the well-documented accusations themselves, rather than distracting from the issues with ad hominem attacks against the whistleblower – ensuring that legal proceedings focus on the wrongdoing in question. A report by the United Kingdom’s Royal United Services Institute has recognized strong confidentiality guarantees as a necessary part of a functioning whistleblower rewards program.[1]
In times where the government’s priorities do not necessarily align with those of whistleblowers, and good-faith norms may not be uniformly respected, the confidentiality and anonymity guarantees that whistleblower programs provide are increasingly important. For whistleblowers to have faith in a whistleblower program, confidentiality guarantees must be secure and reliable. Statutory guarantees, which can only be changed by Congress, are stronger than those contained only in regulations, which the agency can modify. In turn, guarantees codified in regulations are stronger than those in the program’s public statements, which can change and are harder to enforce. Another important consideration is the track record of trust that the program has developed. Whistleblowers must consider all of these factors before providing information.
This post reviews the confidentiality and anonymity protections offered by U.S. whistleblower programs to inform potential whistleblowers about the protections available. The post describes some of the strongest whistleblower anonymity and confidentiality protections in Dodd-Frank-style whistleblower programs, including the SEC and CFTC whistleblower programs, which were established by the Dodd-Frank Act, and the AML Whistleblower program, which was modeled on the SEC and CFTC programs.
Securities and Exchange Commission Whistleblower Program
The Securities and Exchange Commission’s (SEC) whistleblower program, established by the Dodd-Frank Act, provides strict, well-established, statutory confidentiality and anonymity protections. The program’s confidentiality provisions offer that “the Commission and any officer or employee of the Commission shall not disclose any information, including information provided by a whistleblower to the Commission, which could reasonably be expected to reveal the identity of a whistleblower,”[2] and the SEC has established regulations consistent with this guarantee.[3] Under these guarantees, the SEC is legally prohibited from revealing any information that could lead to revealing the whistleblower’s identity. Information that would lead to revealing the identity of a whistleblower is also exempt from Freedom of Information Act requests.[4]
The statute also provides that whistleblowers may provide information to the SEC anonymously, if represented by counsel.[5] This means that the Commissioners themsleves will not know the identity of the whistleblower, providing an increased level of safety for whistleblowers. The SEC regulations specify that the whistleblower’s attorney needs to know and confirm the identity of the whistleblower before submitting a TCR to the program.[6] The whistleblower does need to reveal their identity to the SEC before receiving an award, but the program’s confidentiality guarantees still apply at this point.[7]
The Dodd-Frank Act authorizes the SEC to provide whistleblower information to both domestic regulatory authorities and foreign law enforcement agencies “when determined by the Commission to be necessary to accomplish the purposes of this chapter and to protect investors.”[8] However, the Dodd-Frank Act, and accompanying regulations, dictate that the Commission may only share such information in any of these circumstances with “assurances of confidentiality,” meaning that the authority receiving the information will guarantee confidentiality to the same extent as the SEC.[9] Thus, the SEC’s ability to assist in domestic and foreign law enforcement efforts does not come at the expense of whistleblowers’ confidentiality and safety.
The statute does include a confidentiality exception for providing evidence in a criminal case: “Nothing in this section is intended to limit, or shall be construed to limit, the ability of the Attorney General to present such evidence to a grand jury or to share such evidence with potential witnesses or defendants in the course of an ongoing criminal investigation.”[10] This exception is due to a constitutional requirement established by the Supreme Court in Brady v. Maryland, which found that due process requires the accused to have access to evidence favorable to them in a criminal case.[11] Thus, if a whistleblower shares information that would benefit a party in an ongoing criminal investigation, the Attorney General is constitutionally required to share that information with the parties involved. Brady only becomes relevant as the case approaches trial, which is very rare in these types of cases, as most settle well before this point. There are also options available to if the whistleblower’s safety is at issue, including disclosure of information to the defendant’s attorneys, who are then prohibited from disclosing the whistleblower’s identity to their clients.
Commodity Futures Trading Commission Whistleblower Program
The Dodd-Frank Act also established the Commodity Futures Trading Commission (CFTC) Whistleblower Program. Its confidentiality protections are very similar to those of the SEC program. The statute establishing the CFTC program states that: “the Commission, and any officer or employee of the Commission, shall not disclose any information, including information provided by a whistleblower to the Commission, which could reasonably be expected to reveal the identity of a whistleblower,”[12] which is identical language to that of the SEC’s statutory confidentiality requirement. Regulations also prohibit the CFTC from disclosing “information that could reasonably be expected to reveal the identity of a whistleblower.”[13] This provides a high degree of protection for whistleblowers utilizing the program.
The CFTC’s guarantee of anonymity also mirrors the SEC rules. The CFTC’s statute allows whistleblowers to remain anonymous through counsel while providing information and making a claim for an award, although they are required to disclose their identity to the Commission before an award is paid.[14]
The CFTC is also permitted to share its whistleblower information with other agencies, provided that those agencies maintain the confidentiality of the information. The CFTC’s list of entities that it is allowed to share information with is more detailed than that of the SEC, including: “the Department of Justice; an appropriate department or agency of the Federal Government . . . ; a registered entity, registered futures association, or self-regulatory organization . . . ; a State attorney general . . . ; and a foreign futures authority.”[15] The CFTC’s regulations require agencies receiving information to maintain confidentiality at the same level as the CFTC.[16] The CFTC’s governing statute also includes a confidentiality exception for criminal cases per Brady v. Maryland, as discussed above.[17]
AML Whistleblower Program
The Anti-Money Laundering Act of 2020 established a whistleblower program run by the Financial Crimes Enforcement Network (“FinCEN”), a bureau of the Department of the Treasury. The AML program is relatively new compared to those of the SEC and CFTC. While originally passed in 2020, its original text included substantial flaws, including the requirement that Congress appropriate funds to pay whistleblower awards. It also made the granting of awards completely discretionary, rather than dependent on the sanctions collected in the relevant enforcement action. In 2022, after a successful grassroots campaign, the AML Whistleblower Improvement Act was passed, entitling whistleblowers to awards of “not less than 10 percent” of sanctions received in an enforcement action, and established a fund to pay whistleblower awards funded by sanctions (and therefore independent of Congressional appropriations).[18]
The AML Whistleblower Program offers statutory confidentiality and anonymity protections for whistleblowers that are very similar to those provided by the SEC and CFTC whistleblower programs. Employees of the Department of Treasury and Department of Justice, as well as any other departments they may share information with, “shall not disclose any information, including information provided by a whistleblower to either such official, which could reasonably be expected to reveal the identity of a whistleblower.”[19] Whistleblowers, through an attorney, may file claims anonymously but must disclose their identity before receiving an award.[20]
While the statutory provisions of the AML program are now strong, neither the Department of Justice nor the Treasury have yet released regulations on how they will implement the law. Such regulations are crucial to ensure that the reporting process for whistleblowers is not overly technical or inaccessible, create strong confidentiality protocols (especially for inter-agency sharing of information), and ensure that whistleblowers receive their awards in a timely manner.[21] While whistleblowers reporting to FinCEN are entitled to strong statutory protections, FinCEN does not currently have a public website for the program directing whistleblowers on how to report and file a claim, and is not currently processing awards.[22] Whistleblowers reporting to FinCEN can trust that their confidentiality is legally protected, but are likely to experience a less efficient and standardized process than those reporting to a more well-established whistleblower program.
The Department of Justice is also legally obligated to accept and protect whistleblower claims under the Anti-Money Laundering Act; however, it has so far failed to implement the program.[23] In particular, it refuses to accept anonymous reports from whistleblowers or adopt regulations permitting anonymous reports. This refusal and lack of action are a direct violation of its legal obligation under the statute. As said by leading whistleblower attorney Stephen Kohn, “Congress did its job; Justice has dropped the ball.”[24] Barring substantial changes to the DOJ’s policies regarding this program, whistleblowers hoping to submit claims under the Anti-Money Laundering Act should direct those claims to FinCEN. Despite its delay in developing regulatory structures, FinCEN is actively complying with and enforcing the law.
Conclusion
Confidentiality and anonymity are the strongest protections available to whistleblowers. By allowing whistleblowers to go unknown, to their employers and even to the government, these programs provide whistleblowers with the best chance to avoid retaliation for doing the right thing.
Dodd-Frank style whistleblower reward laws in the SEC, CFTC, and AML whistleblower programs are the gold standard for confidentiality and anonymity protections for whistleblowers. These programs provide statutory guarantees that the agency will protect the identity of whistleblowers and allow for anonymous filing for whistleblowers who are represented by an attorney. Along with strong statutory guarantees, the SEC and CFTC programs have a strong track record of protecting whistleblowers. The FinCEN program has the potential to also be a strong advocate for whistleblowers. However, reasonable regulations are needed to ensure the program’s success.
ENDNOTES
[1] Eliza Lockhart, The Inside Track: The Role of Financial Rewards for Whistleblowers in the Fight Against Economic Crime, 42-43 (December 2024),https://static1.squarespace.com/static/63e4aef3ae07ad445eed03b5/t/6756cfd024f33859fb718888/1733742545613/SOC-ACE-RP31_Whistleblowing-Dec+24.pdf.
[2] 15 U.S.C. § 78u-6(h)(2)(A).
[3] 17 C.F.R. 240.21F-2(c), F-7.
[4] 15 U.S.C. § 78u-6(h)(2)(A); 5 U.S.C. § 552(b)(3)(A).
[5] 15 U.S.C. 78u-6(d)(2)(A).
[6] 17 C.F.R § 240.21F-7(b)(1).
[7] 15 U.S.C. 78u-6(d)(2)(B).
[8] 15 U.S.C. § 78u-6(h)(2)(D)(i); 17 C.F.R. § 240.21F-7((a)(2).
[9] 15 U.S.C. § 78u-6(h)(2)(D)(ii)(II)17 C.F.R. § 240.21F-7((a)(2).
[10] 15 U.S.C. § 78u-6(h)(2)(C).
[11] Brady v. Maryland 373 U.S. 83, 87 (1963) (“We now hold that the suppression by the prosecution of evidence favorable to an accused upon request violates due process where the evidence is material either to guilt or to punishment, irrespective of the good faith or bad faith of the prosecution.”). The details of how Brady interacts with whistleblower confidentiality protections will be discussed in the following article on this issue.
[12] 7 U.S.C. § 26(h)(2)(A).
[13] 17 C.F.R. § 165.4(a).
[14] 7 U.S.C. § 26(d)(2)(B).
[15] 7 U.S.C. § 26(h)(2)(C).
[16] 17 C.F.R. § 165.4(a)(2)(C)(ii).
[17] 7 U.S.C. § 26(h)(2)(B).
[18] 31 U.S.C. § 5323(b)(1), (3).
[19] 31 U.S.C. § 5323(g)(4)(A); (g)(4)(D)(i).
[20] 31 U.S.C. § 5323(d)(2).
[21] Ensure that Federal Rules for AML Whistleblower Programs align with Anti-Corruption Priorities, NWC, https://www.whistleblowers.org/enact-aml-whistleblower-rules/.
[22] 31 U.S.C. § 5323(a)(1); Kate Reeves, Senators Demand Answers on FinCEN’s Delayed Implementation of AML Whistleblower Program, WNN (Feb. 5, 2024), https://whistleblowersblog.org/aml-rewards/senators-demand-answers-on-fincens-delayed-implementation-of-aml-whistleblower-program/; Letter from NWC to Merrick Garland, Janet Yellen, and Andrea Gacki, “AML Whistleblower Act Rulemaking Proposal” (Oct. 20, 2023), https://kkc.com/wp-content/uploads/2023/10/AML-Rules-Letter.pdf.
[23] Stephen M. Kohn, A New Year for Whistleblowers? Emergency Action Needed to Make Current Whistleblower Laws Work, National Law Review (Jan. 3, 2024), https://natlawreview.com/article/new-year-whistleblowers-emergency-action-needed-make-current-whistleblower-laws.
[24] Stephen M. Kohn, A New Year for Whistleblowers? Emergency Action Needed to Make Current Whistleblower Laws Work, National Law Review (Jan. 3, 2024), https://natlawreview.com/article/new-year-whistleblowers-emergency-action-needed-make-current-whistleblower-laws.
This post comes to us from Kohn, Kohn & Colapinto LLP.