Securities law violations can be costly for companies in numerous ways, but in recent years they also have been particularly lucrative for whistleblowers. The SEC Whistleblower Program, launched at the start of the decade, created potential financial windfalls for employees who report potential securities violations to SEC regulators that lead to successful enforcement actions.

To minimize risk, DeYoung says that companies should take these steps:

Don’t retaliate or cut off contact with the whistleblower. “Whistleblowers are resources to be heard, not contagions to be quarantined. Positive contact with the whistleblower can support them while alerting the company to potential risks. Through this communication, companies can learn whether anyone in the company has discouraged the whistleblower or threatened retaliation and take appropriate remedial action.”

Encourage internal reporting Corporations need to know more about their internal affairs than the SEC. Regulators expect that companies will support and facilitate whistleblowers, and companies can demonstrate good faith compliance efforts by encouraging employees to report potential bad acts.

Get ahead of the investigation. Companies must collaborate with counsel to gather all facts relevant to the whistleblower’s allegations, and consider proactively disclosing information to the SEC.

Keep a paper record Every conversation, process, and response to whistleblowers should be credibly documented and preserved.

It’s never over. Compliance policies and procedures, including rules for addressing whistleblowers, warrant regular review and evaluation.