Insights

Whistleblowing: Business Implications and Personal Risks

However well-intentioned the parties, whistleblowing has major financial implications for business—and for company executives. Chubb experts explain how to meditate the risks.

By Stuart Collins

Whistleblowing in the US and Europe

Whistleblowers are not always viewed favourably in the corporate world, but increasingly they are playing an important role in addressing corporate wrongdoing.

In recent years, whistleblowers have been central to some of the most high-profile regulatory
investigations, several of which have resulted in large settlements, fines and even criminal prosecutions.

Statistics suggest that whistleblowing is on the rise. An international survey of business managers by law firm Freshfields Bruckhaus Deringer found that 47% had witnessed or engaged in whistleblowing, up from 34% in 2014.

Regulators are a major driver of this trend, although many companies also now see it as a way to root out unacceptable behaviour, such as fraud, bullying and harassment, or the flouting of safety or environmental rules. In recent years the US has embraced whistleblowers, and as a result European companies with US listings have seen the introduction of tough whistleblowing requirements and protections under a number of regulations, including the Sarbanes-Oxley Act and Dodd-Frank.

The US has turned whistleblowing into an effective regulatory tool. Under the Securities and Exchange Commission (SEC) whistleblower programme, those who come forward can receive 10% to 30% of SEC settlements and fines if their information leads to a successful action that results in sanctions in excess of $1 million (€1.1 million).

In March 2018, three whistleblowers shared an $83 million award following a successful SEC prosecution of a Wall Street bank. Since the programme began in 2011, some 57 whistleblowers have received $320 million in awards, according to SEC statistics.

The SEC recently announced its intention to improve incentives for whistleblowers under its seven-year-old programme. In proposals published in June, the regulator says it plans to increase payouts for smaller cases, and limit awards for large settlements.

US derivatives regulator, the Commodity Futures Trading Commission (CFTC), also recently reported an increase in awards paid to whistleblowers. Before 2018, the CFTC had issued just four whistleblower awards amounting to less than $11 million. In July the Commission granted three more, totalling over $75 million, including a $30 million award paid to a whistleblower, the largest to date under the CFTC’s Whistleblower Program.

Daisy Laskey, Regional Financial Institutions Manager at Chubb, says whistleblowing in Europe is in its infancy compared with the US, but that is changing. She notes that a number of European countries have introduced tougher whistleblowing requirements to encourage the reporting of corporate wrongdoing.

France and Italy have introduced legislation requiring companies to put whistleblowing procedures in place, as well as introducing protections for people who speak out. The Freshfields Bruckhaus Deringer survey found that business managers in France are now the most likely among all countries to be involved in whistleblowing.

In the UK, the 2016 Senior Managers Regime introduced requirements on banks aimed at encouraging employees to speak out, and increased protections for employees that raise concerns. The UK’s Competition and Markets Authority (CMA) now offers whistleblowers a reward of up to £100,000 for information on cartels, as well as promising them anonymity.

In Europe, whistleblowing protections are less well developed. Only 10 EU member states currently ensure that whistleblowers are fully protected, according to the European Commission.
However, in April the EU proposed new laws to strengthen whistleblower protection across the EU.

The Commission wants to establish an EU-wide standard to establish safe channels for reporting breaches of EU law, as well as to protect whistleblowers from retaliation. Under the proposal, all companies with more than 50 employees or with an annual turnover of more than €10 million will have to set up an internal procedure to handle whistleblowers’ reports.

Growing risk

The desire to hold directors to account, together with the growing interest in whistleblowing from regulators, is leading to an increased exposure for executives and boards, Daisy believes. “As regulators have taken steps to encourage whistleblowing, we have witnessed an uptick in investigations and claims against D&O insurance. This is leading to an increase in liability and is of material concern to D&O insurers and policyholders alike,” she says.

Generally, whistleblowing takes one of two routes. The whistleblower can go direct to the regulator, or they can follow the internal whistleblowing procedure of the company, and the company can then go to the regulator. The route taken has important consequences for D&O cover.

Internal investigations are typically not covered by most D&O policies, explains Kurt Rothmann, Senior Partner in the Financial Lines Group at brokers JLT Specialty Ltd. “D&O policies tend to trigger following a self-report to a regulator in relation to a suspected or actual breach of legal or regulatory duties. However, insurers are generally reluctant to trigger cover if there is an internal investigation by a company ahead of a self-report being made, although they may agree to language that provides cover retrospectively if a self-report is actually made,” he says.

Insurers, including Chubb, have been amending D&O policies to take into account whistleblowing and the resulting internal investigations. For example, some D&O policies have been extended to include the costs incurred by individual directors during internal investigations conducted by the company when a self-report is made to a regulator (such costs were previously excluded by D&O policies).

According to Daisy, cases tend to be fact-specific and play out differently depending on the jurisdiction, the allegations, the regulators involved and where they are located, and the identity of the whistleblower (it could be a director). However, companies can work with their D&O insurers and brokers to ensure that policies will respond appropriately to different scenarios.

“Make sure that you know that your D&O policy is fit for purpose for whistleblowing cases. In particular, coverage for directors’ legal costs during internal investigations prior to a self-report that is formally made to a regulator should be included, insured vs insured exclusions should allow for whistleblowing by a director and that conduct exclusions will work in a whistleblowing scenario,” Daisy explains.

Kurt adds that it is very important to engage with insurers at the appropriate levels within the
organisation when making a claim. Careful consideration should be given to the drafting of the notice and subsequent communication. “D&O claims will often involve conflicts between directors sitting on the same board and revolve around serious allegations as to the appropriateness of their conduct,” Kurt continues. “Notifying this to insurers in an appropriate manner is an important part of the claims process.”

Kurt also advises directors to review their cover and focus on when their D&O cover triggers: “They should ensure they understand how to access the policy directly, as they may find that they are in conflict with their company and employer as a result of a whistleblowing procedure being activated. An adequate programme limit is also essential and should be determined following a detailed assessment of exposure.”

Above all, companies and their directors need to ensure that adequate internal whistleblowing procedures are in place. “Companies need to make sure that the right controls are in place and tested, and make sure that employees are made aware of the whistleblowing procedures,” Daisy says.

D&O insurance buyers should also review their excess policy forms, Kurt recommends. They should specifically ensure that these are fully ‘follow form’, meaning that they mirror the primary policy language and do not introduce any additional terms. This excess policy should also address “how insurers will respond where there is a compromised claims settlement or where the underlying insurers do not respond because of insolvency or policy language preventing aggregation of the limits available to the insured under different policies issued by the same insurer”.

Daisy concludes: “Failure to implement internal whistleblowing processes could result in claims against directors for their failure to do so. But inadequate whistleblowing procedures could allow bad behaviour to continue unchecked, eventually resulting in regulatory actions and litigation.”

D&O coverage tips

  • Loss scenarios – carry out whistleblowing loss scenario testing to work out the response of D&O cover.
  • Adequate limits – internal and pre-investigation cover will eat into the overall limit, especially where multiple directors are involved in an investigation, each requiring their own legal representation.
  • Conduct exclusions – D&Os need to consider clauses that preclude coverage for fraudulent, criminal or wilful misconduct in the context of internal investigations.
  • Insured vs insured – exclusions should allow for whistleblowing by a director.
  • Discrimination or wrongful termination – these kinds of allegation by the whistleblower against the company are not a D&O exposure, but they can lead to employment practice claims.

For more articles from Chubb UK, see Progress magazine.