Posted on 1 Comment

A Violation of Trust: Fraud Risk in Nonprofit Organizations

tornado money.jpg

The risk of fraud is a serious concern for all types of enterprises, but fraud can be particularly damaging to a nonprofit organization, for which a damaged reputation can have devastating consequences.

The Costs of Fraud in Nonprofit Organizations

According to the 2018 global fraud study by the Association of Certified Fraud Examiners (ACFE), the typical organization loses an estimated five (5) percent of its annual revenue to fraud. The ACFE reported that private companies suffered the greatest median loss, at $164,000; however, nonprofit organizations had the smallest median loss of $75,000. For some a $75,000 this may be insignificant, but for many nonprofits, financial resources are extremely limited and a loss of $75,000 can be particularly devastating.

Beyond the immediate financial loss, however, an even greater potential cost of fraud to nonprofit organizations is the reputational damage that can occur. Because most nonprofits depend on support from donors, grantors, or other public sources, their reputations are among their most valued assets. In addition, fraud in nonprofit settings often garners unrelenting negative media attention.

Vulnerability to Fraud

Nonprofits can be particularly attractive targets for fraudsters. Executives who are passionate about their agencies and their missions are naturally trusting of others who share their interest- or who pretend to. Moreover, board members and executives who are dedicated and talented in their particular fields may not be well versed in financial issues and internal controls.

In addition, nonprofits of all sizes may have only limited resources available to address internal controls. This makes them vulnerable to an employee who could recognize this lack of controls and use it as an opportunity to override controls, if they even exist, to commit fraud.

As the Center for Audit Quality has noted, “fraud cannot occur unless an opportunity is present. Opportunity has two aspects: the inherent susceptibility of the [organization’s] accounting to manipulation, and the conditions within the [organization] that may allow a fraud to occur.” In addition, the opportunity for fraud is also affected by an organization’s culture, a factor that is often overlooked.

The very nature of some nonprofits also makes them tempting targets. Many nonprofits distribute grants, scholarships, awards, or other types of financial aid to outside agencies or individual recipients. This opens yet another door for potential abuse or misappropriation and requires even more oversight to make sure funds are not being misappropriated. In addition, nonprofits tend to have large amounts of cash and checks coming in from various sources, making them vulnerable to skimming (when an employee accepts payment from an outside party but does not record the sale and instead pockets the money) or cash larceny (when an employee steals cash and checks from daily receipts before they are deposited in the bank).

Struggling agencies also frequently experience relatively high staff turnover, making training and adequate segregation of duties more difficult. Finally, many nonprofits depend heavily on volunteers and other community members, which can further complicate efforts to establish or maintain internal controls. It is important to remember that internal controls provide only reasonable—not absolute—assurance that the objectives of an organization will be met. As a result, no organization, even one with the strongest internal controls, is immune to fraud.


How Fraud Occurs and Why

While nonprofit organizations present particular temptations to fraudsters, the actual fraud schemes they might face are common to all types of organizations. Fraud schemes in nonprofits can include check fraud, embezzlement, ghost employees, expense fraud, misappropriation of funds for personal use, fictitious vendor schemes, kickbacks from unscrupulous vendors, and outright theft of cash or assets—to name a few.

One area in which nonprofit organizations seem particularly vulnerable is billing schemes, in which an employee fraudulently submits invoices to obtain payments he or she is not entitled to receive. According to the most recent ACFE survey, billing schemes were among the most common fraud methods in the cases studied for the 2012 report.

Billing schemes often involve the creation of a shell company. In such a fraud, a dishonest employee sets up a fake identity that bills for good or services the organization does not receive. In some instances, goods or services may be delivered but are marked up excessively, with the proceeds diverted to the employee.

Other scams include pay-and-return schemes that cause overpayments to legitimate vendors. When an overpayment is returned, it is embezzled by the employee. Another favorite is simply ordering personal merchandise that is inappropriately charged to the organization.

Common incidents and warning signals or red flags of potential billing fraud include but are not limited to:

  • Unfamiliar vendors
  • Invoices for unspecified or poorly defined services
  • Vendors that have only a post-office-box address
  • Vendors with company names consisting only of initials (many such companies are legitimate, of course, but fraudsters commonly use this naming convention)
  • Sudden increases in purchases from one vendor
  • Vendor billings issued more often than once a month
  • Vendor addresses that match employee addresses
  • Large billings that are broken into multiple smaller invoices that will not attract attention
  • Internal control deficiencies such as allowing a person who processes payments to approve new vendors

These warnings or red flags can be organized into four general categories (below) and can help in the design of internal controls and monitoring procedures –


  • Transactions conducted at unusual times of day, on weekends or holidays, or during a season when such transactions normally do not occur
  • Transactions that occur more frequently than expected — or not frequently enough
  • Accounts with many large, round numbers or transactions that are unusually large or small
  • Transactions with questionable parties, including related parties or unrecognized vendors
  • Misclassification of transactions


  • Missing or altered documents
  • Evidence of backdated documents
  • Missing or unavailable originals
  • Documents that conflict with one another
  • Questionable or missing signatures

Lack of Controls

  • Unwillingness to remediate gaps
  • Poor “tone from the top”
  • Inconsistent or nonexistent monitoring controls
  • Inadequate segregation of duties
  • Lax rules regarding transaction authorization
  • Failure to reconcile accounts in a timely manner


  • Financial difficulties or generally living beyond one’s means
  • Divorce, family problems, or addiction problems
  • Past employment-related or legal problems
  • Overly or suddenly charitable
  • An unusually close association with vendors or recipients of grants or services
  • Control issues and a general unwillingness to share duties
  • Refusal to take vacations
  • Irritability or defensiveness
  • Complaints about inadequate pay, lack of vacation, or comp time
  • Complaints about lack of autonomy or authority

It is also worth noting that fraud is not about obstruction; rather, it is about deception, deflection, and persuasion. When fraudsters or white-collar criminals are profiled, they often are found to be anxious, secretive, moody, hot-tempered, friendly, outgoing, and passionate. They often are good salespeople and will say what people want to hear in order to build rapport and gain trust. Moreover, often there are other warning signs or red flags hidden in plain sight…such as living beyond one’s means, having financial difficulties, maintaining an unusually close association with vendors, or exhibiting excessive control issues, which generally will not be identified by traditional internal controls. It is important to maintain a healthy level of skepticism and always remember that trust is a professional hazard; if you do not verify information, you could become a victim.

fraud tile.jpg

Some Common Frauds Schemes*

  • Skimming — Cash is stolen before the funds are recorded in the accounting records
  • Credit card abuse — Perpetrators either use organization-issued credit cards for personal use or use donor credit card numbers
  • Fictitious vendor schemes — Perpetrators set up a company and submit fake invoices for payment
  • Conflicts of interest — Board members or executives have hidden financial interests in vendors
  • Payroll schemes — Continued payment to terminated employees, overstatement of hours, or fictitious expenditure reimbursement
  • Sub-recipient fraud — Abuses by a sub-recipient entity include intentional charges of unallowable costs to the award, fraudulent reporting of levels of effort, and reporting inaccurate performance statistics and data
  • Deceptive fundraising practices
  • Misrepresentation of the extent of a charitable contribution deduction entitlement, misrepresentation of the fair market value of donated assets, and failing to comply with donor-imposed restrictions on a gift
  • Fraudulent financial reporting
  • Misclassifying restricted donations to mislead donors or charity watchdogs, misclassifying fundraising and administrative expenses to mislead donors regarding funds used for programs, and fraudulent statements of compliance requirements with funding sources
Source: ACFE

Implementing Controls

As with all risk issues, the ultimate responsibility for identifying gaps and developing fraud controls rests with management. To meet this responsibility, management should avoid complacency and not assume that if fraud occurs “the auditors will catch it.” Although having an annual audit is a good anti-fraud control, by the time an audit uncovers a fraud scheme, it is usually too late to prevent the financial and reputational damage that will follow.

Most board members and executives of nonprofits do not think as fraudsters do, which is a good thing. Unfortunately, this can make it difficult for them to develop controls that help reduce their organizations’ exposure to fraud risk. A critical step in the process of developing an effective fraud risk management program is assessing the board’s own skills and capabilities and deciding where professional help is most needed. The board is ultimately responsible for oversight of the organization’s risk management efforts, which senior management is then charged with carrying out.

Anti-Fraud Principles

Here are some important principles to keep in mind as you work to refine the anti-fraud control policies at your organization:

  • Form an effective and empowered audit committee or equivalent. One of the most important attributes of the audit committee is complete independence from management. In addition, the committee should be authorized to hire outside counsel and other advisers to assist it in discharging its responsibilities. Although your circumstances may warrant a larger committee, a committee of three to five members is generally workable and optimal for most nonprofits. At least one audit committee member should be a financial expert, but individuals with nonfinancial skills and expertise are also needed to provide additional perspective.
  • Establish and enforce a system of effective controls. Combinations of internal and cultural controls form the core of an anti-fraud program. Internal controls limit opportunities to hide the fraud trail and can discourage all but the most arrogant fraudsters. Common tools include security and access controls, such as dual authority or monetary authorization limits, as well as audits, inspections, and transaction monitoring. The recent ACFE survey pointed out that the presence of anti-fraud controls is notably correlated with significant decreases in the cost and duration of occupational fraud schemes.
  • Establish the right tone from the top. Mere mechanical compliance with internal controls can still leave the organization vulnerable, which is why the attitude and actions of management are so important. Actively and visibly promoting a culture of integrity and ethics will embolden honest employees to put a stop to fraud. Most organizations find that a strong ethical environment encourages self-policing, thereby increasing the level of oversight far beyond what internal control methods alone provide.
  • Provide a clear process for reporting suspicious behavior. Over the years in which the ACFE has been conducting its global fraud studies, the most effective means of detecting fraud has always been tips. In the most recent study, tips were responsible for uncovering nearly three times as many frauds as any other form of detection such as management reviews, surprise inspections, audits, or surveillance devices. While some nonprofits use a third-party hotline service for reporting suspicions about fraud, creating a culture where employees know that the nonprofit’s reputation and mission depend on their willingness to report suspicions of fraud is less costly and may be equally effective.
  • Develop a response plan in case deterrence fails. In spite of everyone’s best efforts, fraud still can occur. In many cases, the initial reaction of executives or board members is to confront the suspected fraudster outright or, if there is doubt, to begin collecting paper or electronic evidence. All too often, these are exactly the wrong things to do and could compromise an organization’s ability to prosecute. Confronting a suspected fraudster without adequate evidence is not only awkward and legally dangerous; it can also alert the suspect to cover his or her tracks. On the other hand, surreptitiously examining computer links and email archives could compromise the evidence and imperil the integrity of a formal investigation, making conviction and recovery more difficult. To avoid these various unintended consequences, nonprofit organizations should develop appropriate strategies in advance to deal with specific types of fraud or other misconduct. The protocol for dealing with an employee suspected of cheating on an expense report is different from that for an executive involved in a conflict of interest.
  • Confront the issue openly and directly. Perhaps the most common impulse when fraud is detected is to dismiss the offender, limit the damage, and hope the story can be kept quiet. This too is likely to fail. Eventually, word of the fraud gets out and the associated rumors are likely to be exaggerated, causing even more reputational damage than would have been done if the board had simply been forthright.

Suspect Fraud, Now What?

When the organizational suspects that fraud is occurring within their organization, they have a number of options. They can choose to do nothing, either to avoid the bad publicity or in the hope that the problem will disappear on its own, they can attempt to handle the issue internally, or they can engage outside investigators and/or forensic accountants to probe the issue more deeply.

The wisest course of action is the last one – to engage a team of forensic experts. These teams consist of a range of professionals such as lawyers and experienced fraud & forensic investigators. These experienced professionals can help identify how the loss occurred, identify “leakage” or others areas not originally thought to be an issue, preserve any available evidence, quantify the loss, control the flow of information and, in many cases, help stem the loss. The forensic team will then be able to aid the board of directors or governing body in enhancing their governance framework and fraud risk management program to help protect and preserve the organization.

Other Possible Issues

Improperly using organizational funds for personal benefit could challenge your tax exempt or 501(c)(3) status. In addition, depending on the circumstances it could trigger a violation under the False Claims Act** (Lincoln Law – 31 U.S.C. §§ 3729 – 3733.).

The above should be discussed with a competent attorney.

A Combination of Deterrence and Detection

As important as it is to respond quickly to fraud, avoiding the situation in the first place is the best plan of all. Although it is unrealistic to expect to completely eliminate the risk of fraud, the governing body and executives in a nonprofit organization can take effective steps to minimize the risk.

By establishing an environment in which ethical behavior is expected, closing gaps in internal controls, and developing a proactive fraud identification and response program, nonprofits can hopefully reduce the financial and reputational risks associated with fraud.

Lastly, larger organizations should strongly consider emulating Sarbanes-Oxley or SOx best practices. For example: Require the principal executive and financial officers of the nonprofit organization to certify the annual financial statements and Form 990 are accurate and complete and the organization has maintained adequate internal controls.


I welcome your thoughts and comments and please realize many of this can be applied to a for profit organization.



Jonathan T. Marks, CPA, CFE


*Not a complete list.

**The Justice Department reported its 2018 fraud statistics showing $2.8 billion in recoveries under the False Claims Act.  While this number is staggering, fiscal year 2018 recoveries were down from than $500 million from fiscal year 2017.  Nonetheless, companies in the healthcare, defense and financial industries continue to face significant False Claims Act risks.

Baker Tilly
Adapted from an article I wrote at my prior firm, Crowe
Section 302 of the Sarbanes-Oxley Act of 2002
Mike Volkov


Posted on

Tone From the Top, it Dissipates!

I am constantly reminding boards and Chief Executive’s or CEO’s of the strategic importance of ethics and values and that they should not be underestimated.

The nature of a corporate culture can be the difference between a thriving and a beleaguered organization, and it all starts at the top!

I have witnessed first hand that employees that have interpreted the lax tone set in executive offices as corporate approval to take on more risks, even with a well-defined and communicated risk appetite and risk tolerance, which sometimes crosses the line on fraud.


The control environment – that is, the overall attitude, awareness, and actions of directors and management regarding the internal control system and its importance to the organization – is the key to setting the tone of the organization because it influences the “control consciousness of its people.” Factors that contribute to the control environment include, but are not limited to –

  • Integrity and ethical values communicated by executive management in speaking and writing and demonstrated by action;
  • Responses to incentives and temptations – clear policies and actions that prohibit the acceptance of inappropriate gifts, for example;
  • Moral guidance, as communicated through a code of business conduct and ethics;
  • A commitment to competence, as demonstrated by robust human resource policies and clear job descriptions for the purpose of hiring and retaining qualified people;
  • A board of directors and audit committee that are engaged, ask questions, and take appropriate action;
  • A management philosophy and operating style that place high value on risk assessment and internal control;
  • A well-defined organizational structure that is appropriate to the company’s size and complexity;
  • Appropriate assignment of authority and responsibility, with well-defined authority and duties that are appropriately segregated to prevent or detect error and fraud;
  • Human resource/capital recruiting and retention policies and practices to ensure that human capital is valued; and,
  • Ways to settle internal differences, such as a forum to discuss and settle differences of opinion between management and employees.

In any organization, the buck stops with the CEO: He or she has ultimate responsibility for the internal control system.

A positive control environment is a big part of maintaining effective internal controls. More than any other individual, group, or function in the organization, the chief executive sets the tone from the top through various messages, conduct, and other activities that affects factors related to the control environment and other components of internal control, but its not a one and done exercise, or as I say one blast from the trumpet!

Mike Volkov once said, In reality, “tone-at-the-top” is not really just “tone-at-the top” it is a lot more.  I will try to be clear.  Most people think that tone at the top is satisfied once the CEO puts out a statement of commitment to compliance. 


Volkov is right and I believe we are closely aligned on the proper definition, which is “Tone from the Top” implies there is a strong and repeated commitment from the Chairperson of the Board, the CEO, and other senior leaders throughout the organization to emphasize the importance of compliance and ethical conduct, which is embraced, integrated, and operationalized into every level of business operations.

At or From?

You’ll notice that I use tone “from” rather than “at”. Why? For more than fifteen (15) years I have been barking about this subtlety. I’ve even expressed my opinions to Dave Richards and Richard Chambers, the former and current CEO’s at the IIA.

I strongly believe the tone needs to move or cut down, across, and even resonate through the organization and the extended enterprise. To me “at” implies the tone rests at the top and doesn’t move like I previously mentioned.


The Tone from the Top will dissipate quickly unless there is a true and on-going commitment from the board and senior leadership, which includes the Chief Compliance Officer and the Chief Audit Executive to send the right message using various mediums as well as building relationships throughout the organization one at a time.

Remember effective communication includes a sender, medium, receiver, and what’s often missing…feedback.

The actual message from the top is not just we will comply with the law.  The message must be broader. For example:

Our organization is committed to the highest ethical standards in every facet of our business, like our business practices, sales practices, legal counseling, human resource practices, and treatment of employees and customers. 

Lastly, some of the best organizations make ethics part of their corporate branding and values. Why? Because doing the right thing, even when no one is watching is profitable – this is called the Ethical Premium! There are several organizations that have examined the correlation between organizational justness and performance and the results are those organizations that have morals and ethics often outperform their competitors!

For those that like to read, I suggest picking up a copy of “Firms of Endearment: How World-Class Companies Profit from Passion and Purpose“, by Raj Sisodia. The book is interesting, because it points the way that all businesses should aspire to emulate and ultimately transcend.

I welcome your thoughts and comments.



Jonathan T. Marks, CPA, CFE


Posted on 1 Comment

New DOJ Guidance Addresses ‘Effectiveness’ of Compliance Programs


The DOJ issued New April 2019 Guidance  (“Guidance”, or “2019 Guidance”) detailing how prosecutors will evaluate the effectiveness of corporate programs to prevent fraud and other misconduct, a key consideration in determining the penalties imposed against companies.  This is an update from the On February 8, 2017, the DOJ published Guidance entitled, “Evaluation of Corporate Compliance Programs”.

Brian Benczkowski, the head of the Justice Department’s criminal division, said the revised guidance is intended to aid not only prosecutors but also companies, giving them deeper insight into what the government will demand of compliance programs.

The 2019 Guidance contains 12 high-level topics (below) that are grouped to track the Three Core Questions about compliance program effectiveness contained in Section 9-28.800 of the Justice Manual and candidly are the key questions the board of directors should be asking.  After all it’s expected the organization’s “governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight” of it (See U.S.S.G. § 8B2.1(b)(2)(A)-(C)).

core image

Three Core Questions

  1. Is the Corporation’s Compliance Program Well Designed?
  2. Is the Corporation’s Compliance Program Being Implemented Effectively?
  3. Does the Corporation’s Compliance Program Work in Practice?

“Any well-designed compliance program entails policies and procedures that give both content and effect to ethical norms and that address and aim to reduce risks identified by the company as part of its risk assessment process,” according to the Guidance. “As a threshold matter, prosecutors should examine whether the company has a code of conduct that sets forth, among other things, the company’s commitment to full compliance with relevant federal laws that is accessible and applicable to all company employees.”

Prosecutors, according to the guidance, “should also assess whether the company has established policies and procedures that incorporate the culture of compliance into its day-to-day operations.”

looking down.jpg

The High-level Topics

  1. Risk Assessment
  2. Policies and Procedures
  3. Training and Communications
  4. Confidential Reporting Structure and Investigation Process
  5. Third Party Management
  6. Mergers and Acquisitions (M&A)
  7. Commitment by Senior and Middle Management
  8. Autonomy and Resources
  9. Incentives and Disciplinary Measures
  10. Continuous Improvement, Periodic Testing, and Review
  11. Investigation of Misconduct
  12. Analysis and Remediation of Any Underlying Misconduct

The 2019 Guidance has a twelfth topic because it split the 2017 Guidance’ topic of “Confidential Reporting and Investigation” into two separate sections—”Confidential Reporting Structure and Investigation Process” (4)  and “Investigation of Misconduct (11).”

Under each of the above topics, the 2019 Guidance sets forth multiple sample questions that prosecutors are likely to ask during an investigation. A few examples are:

  • Risk Assessment: Risk Management ProcessWhat methodology has the company used to identify, analyze, and address the particular risks it faced?
  • Training and Communications: Risk Based Training What training have employees in relevant control functions received?
    • Has the company provided tailored training for high-risk and control employees that addressed the risks in the area where the misconduct occurred?
  • Confidential Reporting Structure and Investigation Process: Effectiveness of the Reporting MechanismDoes the company have an anonymous reporting mechanism, and, if not, why not?
    • How is the reporting mechanism publicized to the company’s employees?
    • Has it been used?
    • How has the company assessed the seriousness of the allegations it received
    • Has the compliance function had full access to reporting and investigative information?
  • Mergers and Acquisitions (M&A): Process Connecting Due Diligence to Implementation What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process
    • What has been the company’s process for implementing compliance policies and procedures at new entities?
  • Commitment by Senior and Middle Management: Conduct at the Top How have senior leaders, through their words and actions, encouraged or discouraged compliance, including the type of misconduct involved in the investigation?
    • What concrete actions have they taken to demonstrate leadership in the company’s compliance and remediation efforts?
    • How have they modelled proper behavior to subordinates?
    • Have managers tolerated greater compliance risks in pursuit of new business or greater revenues?
    • Have managers encouraged employees to act unethically to achieve a business objective, or impeded compliance personnel from effectively implementing their duties?
  • Continuous Improvement, Periodic Testing, and Review: Internal AuditWhat is the process for determining where and how frequently internal audit will undertake an audit, and what is the rationale behind that process?
    • How are audits carried out?
    • What types of audits would have identified issues relevant to the misconduct
    • Did those audits occur and what were the findings?
    • What types of relevant audit findings and remediation progress have been reported to management and the board on a regular basis?
    • How have management and the board followed up?
    • How often does internal audit conduct assessments in high-risk areas?
  • Continuous Improvement, Periodic Testing, and Review: Properly Scoped Investigation by Qualified PersonnelHow has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?

Some Other Points of Focus

  • Compliance must adopt a risk-based approach (See Closing Thoughts below).
  • Compliance must have appropriate processes for the submission of complaints, and processes to protect whistleblowers.
  • The word “resource” appears twenty one (21) times in the Guidance, so I am certain that if your organization is not properly resourced that will more likely than not be a problem.
  • Compliance must have independent access to the Board and Audit Committee.
  • Compliance needs to be integrated with other functions like internal audit, and depending on structure, the legal function. See discussion on whether the compliance should be a separate function!
  • Compliance must adopt strong third-party controls.
  • Root cause was mentioned nine (9) times in the Guidance! Treating symptoms and the not the root cause could at some point result in recidivism, which will more likely than not be problematic!

Closing Thoughts

The 2019 Guidance seeks to understand how the organization approaches compliance and then what worked and what didn’t.  So, one might consider reading both the old and new Guidance to understand how the evaluation of an organization’s compliance programs has changed.

If you are going to have your organization’s compliance program evaluated and you should!

Why? Prosecutors must evaluate if the organization has engaged in meaningful efforts to review its compliance program and ensure that it is not stale.

Then you might want to first make sure your risk profile is up to date as well as your fraud or misconduct risk assessment!  Why?  The section within the Guidance on “Risk Assessment” was moved to be first of the 12 topics addressed in the 2019 Updated Guidance (Note: It was the fifth topic addressed in the 2017 Evaluation Guidance) and just maybe the DOJ is sending a subliminal message here, which some of us have already picked up and that is the risk assessment drives the compliance program!

By the way if you’re already a client don’t worry. We have been doing all of this for some time and this is not a best practice guide!  This doesn’t mean the writing should be ignored, I use it as a tool to help me think through compliance programs strategically and evaluate risk.  Boards and senior management should use the guidance for the same.

I welcome your comments.



Jonathan T. Marks, CPA, CFE



Posted on

SEC Challenged Over Delay on Whistleblower Award Decision

man and hour glassTipsters have grown frustrated with the length of time it has taken the the SEC (“Commission”) to determine whether a tip warrants a reward.  Between 2014 and 2017, the Commission took an average of more than two (2) years, according to a sample of whistleblower award decisions analyzed by The Wall Street Journal (“WSJ”) to decide if a whistleblower deserved a reward. That is more than twice (2x) as long as in 2012 and 2013, the early years of the whistleblower program.

This doesn’t shock me because the Commission received over 5,200 whistleblower tips in FY 2018. This represents the highest increase in tips since the beginning of the program – a nearly seventy-six percent (76%) increase since FY 2012. In FY 2018 alone, the SEC awarded more than $168 million in whistleblower awards to 13 individuals whose information and cooperation assisted the Commission in bringing successful enforcement actions. This amount exceeds the total amount awarded in all prior years combined and reflects the significance of the information that whistleblowers are reporting to the Commission.

Closing Thoughts

I’m anticipating it will probably get worse before it gets better.  Why?  Because the Digital Realty matter made it clear that a person must report a possible securities law violation to the Commission in order to qualify as a whistleblower protected against employment retaliation under Section 21F(h) of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

According to the WSJ, suing the SEC in an effort to force a decision isn’t without precedent. In 2015, a similar lawsuit argued that the SEC had taken an unreasonable amount of time to come to a decision. The case was dismissed less than 60 days later because the agency had made a determination on whether to offer a reward.

Lastly, employees who witness acts of wrongdoing should seek counsel before acting.

I welcome your comments.


Jonathan T. Marks, CPA, CFE