CFPB Proposes New Whistleblower Award Program

On March 6, 2020, the Consumer Financial Protection Bureau (CFPB) proposed legislation that would require the Bureau to pay monetary awards to whistleblowers “who voluntary provide[] original information” that leads to “any judicial or administrative action brought by the Bureau that results in monetary sanctions exceeding $1,000,000.” Subject to implementing regulations, any person who provides such information could receive between 10 and 30 percent of “what has been collected of the monetary sanctions imposed in the action.” The exact percentage of the award would be determined by the CFPB according to criteria such as the “significance of the information” and the “programmatic interest of the Bureau.”

Comparison to SEC Award Program

The structure of the proposed legislation closely mirrors that of the Securities and Exchange Commission’s (SEC) whistleblower legislation, 15 U.S.C. §78u–6, with two material differences. First, the proposed CFPB legislation provides a minimum award of $50,000 to a whistleblower for cases where the Bureau is “unable to collect at least $1,000,000 of the monetary sanction imposed.” Second and more significantly, the proposed CFPB legislation also caps whistleblower awards at $10,000,000. This is a noteworthy ceiling, as the SEC whistleblower program has granted at least 10 awards over the CFPB cap, including an award of $50,000,000. Despite these differences, the many similarities between the Bureau’s proposed program and the SEC’s existing whistleblower program suggest that the SEC program could prove to be a model for how the CFPB may use its rulemaking authority to further define the qualifications and procedures for submitting information and seeking a whistleblower award. The history of SEC whistleblower awards also serves as a useful case study for the potential impact of the CFPB’s proposed program.

In its 2019 Report to Congress, the SEC indicated that it had received 5,200 tips, representing a 74% increase since the beginning of the program in 2010. This increase has occurred despite the SEC paying out only 67 whistleblower awards since the program’s inception—though these awards collectively represent $387 million paid to whistleblowers. The report concluded that “[t]he whistleblower program continues to have a significant positive impact on the Commission’s enforcement efforts and protection of investors and market.” The history of the SEC program suggests that an award program run by the CFPB will similarly see a large number of incoming whistleblower tips, even if awards are granted to only a small fraction of those individuals.

Credit for “Responsible Business Conduct”

In parallel with its proposed whistleblower award legislation, the CFPB also published updated guidance on what it considers “responsible business conduct” for purposes of obtaining credit with the Bureau in the event of an investigation or enforcement action. This new guidance underscores the value of a corporation addressing and remediating internal complaints through effective programs and processes.

The CFPB specifically identified corporate activities it views as relevant to the Bureau’s consideration of “factors that may warrant favorable consideration.” Amongst these is a corporation’s efforts in “[s]elf-assessing,” which include identifying actual or potential violations through whistleblower activity and “. . . reflects a proactive commitment by an entity to use resources for the prevention and early detection of violations of Federal consumer financial law.” In analyzing self-assessing behavior, the CFPB states it will consider the effectiveness of a corporation’s compliance management system and whether that system is appropriately robust given the size and complexity of the business. In considering efficacy of these systems, the CFPB will look to whether a corporation has identified a violation internally and will allow credit where identification was the result of a “robust and effective compliance management system including adequate internal audit, monitoring and complaint review process” and through “whistleblowing activity.” Beyond this particular guidance, the CFPB also notes that its list “is not exhaustive” and that other activities that are both “substantial and meaningful” may also be taken into account.

Importantly, in determining whether to credit a company for self-assessing or other measures, the CFPB has indicated that effective programs could garner credit up to and including the CFPB “clos[ing] an enforcement investigation with no action or decid[ing] not to include Matters Requiring Attention in an exam report or supervisory letter.”

Building a Stronger Compliance Program

The CFPB’s proposed whistleblower award program may offer a good opportunity for companies to review their compliance programs with potential whistleblowers in mind. Even law enforcement agencies without whistleblower award programs have expressed their interest in seeing strong avenues for confidential reporting. As the Department of Justice highlights in their 2019 guidance on "Evaluation of Corporate Compliance Programs," the “hallmark of a well-designed compliance program is the existence of an efficient and trusted mechanism by which employees can anonymously or confidentially report allegations.” While any effective compliance program will be tailored to the needs and complexities of a particular corporation, all programs should contain several features. Below are some hallmarks of compliance programs that mitigate the risk of external whistleblower complaints:

• The program is in writing, well designed, with an effective process for receiving anonymous complaints, investigating those complaints, and resolving any issues identified both internally and with respect to third-party relationships maintained by the company.
• Sufficient resources, at the staff and management level, are allocated to design and operation of the program.
• Staff handling both intake and investigation of internal complaints are trained in the unique aspects that arise where claims of actual or potential retaliation are present.
• Procedures for submitting complaints are clearly and regularly communicated to personnel in writing and through training.
• Procedures are designed to facilitate employee confidence in a confidential and non-retributive claim submission and investigation process.
• Employees are provided incentives for complying with the program and/or disincentives for failing to comply.
• Investigative steps and outcomes are documented and conclusions are supported.
• Substantiated findings are communicated to appropriate corporate management, root analysis is conducted, and necessary changes to operations are implemented and documented.
• The program includes processes for frequently auditing and adjusting the complaints handling and compliance program.

In order to minimize the risk of an external whistleblower complaint, particularly in the presence of potentially lucrative government awards programs, it is critical to devote resources to an effective avenue for confidential internal complaints. The resolution of such complaints can be difficult and require delicate coordination among legal, compliance, and human capital departments. The value in potentially reducing exposure through external reporting is, however, significant.