PROTECTIONS FOR WHISTLEBLOWERS AND OTHERS

Selected Agency Actions Regarding Reports of Potential Wrongdoing

Report to Congressional Requesters

March 2026

GAO-26-107650

United States Government Accountability Office

A report to congressional requesters.

Contact: Yvonne Jones at JonesY@gao.gov

What GAO Found

Tips and disclosures from the public, including workers, are an important source of information for agencies that enforce the law or issue regulations. However, workers who wish to notify agencies of potential wrongdoing risk reprisals from their employers and may have concerns about what their organizations’ non-disclosure and employment agreements allow.

Differences in mission and statutory authority mean that federal agencies use a variety of mechanisms to protect disclosers and encourage them to report wrongdoing. These range from providing confidentiality to those who come forward with information to incentivizing disclosures through award programs. In addition, some agencies have warned that organizations’ overly broad non-disclosure agreements are unenforceable if they contain language that restricts employees’ ability to report concerns about wrongdoing to the government.

Agency	Pays Awards for Disclosures	Investigates Retaliation	Provides Relief for Retaliation	Provides Confidentiality
Internal Revenue Service	Yes	N/A	N/A	Yes
Securities and Exchange Commission	Yes	Yes	N/A	Yes
Occupational Safety and Health Administration (OSHA)	N/A	Yes	Yes	Yes
Federal Trade Commission (FTC)	N/A	N/A	N/A	Yes

Source: GAO Analysis of Agency Statutes and Annual Reports.  |  GAO-26-107650

Notes: For OSHA, confidentiality is only offered to certain non-complainant witnesses. FTC officials told us that, depending on circumstances, some instances of retaliation may violate the laws they enforce. Use of “N/A” indicates that the agency did not report using the mechanism.

Agency officials noted that accepting disclosures from the public may lead to challenges. For example, serving as a witness may risk revealing the discloser’s identity, and agencies generally consult with disclosers about these risks. 

Disclosures also lead to benefits, for both the government and disclosers.  Enforcement work by the Federal Trade Commission (FTC), the Securities and Exchange Commission (SEC), and Internal Revenue Service (IRS), using information from the public, has resulted in billions of dollars in collections returned to the U.S. Treasury since 2019. The Occupational Safety and Health Administration’s (OSHA) findings in retaliation cases have also led to employee reinstatement, as well as awards of backpay, attorney fees, and compensatory damages.

Why GAO Did This Study

Private sector employment practices can have adverse impacts on employees' willingness to report potentially illegal activity to federal authorities. However, federal law offers protections for disclosures and some agencies provide monetary incentives for information that leads to recovered funds that can help to encourage disclosures.

GAO was asked to review issues related to the potential effects of non-disclosure agreements on disclosures to FTC and other federal agencies. This report describes (1) employment practices that provide incentives or disincentives to employees who disclose potential wrongdoing, (2) mechanisms used to enforce private sector whistleblower protections, and (3) challenges selected federal agencies say they face in receiving tips and disclosures as well as the benefits of enforcing whistleblower protections.

GAO selected agencies using judgmental criteria to ensure representation across agency programs: 1) providing retaliation protection in the employment context, 2) acting against NDAs that prevent disclosure to the federal government, or 3) providing monetary rewards to individuals who disclose wrongdoing.

GAO analyzed documents and collected testimonial information from four agencies and six organizations with direct experience of issues relating to making and receiving disclosures. We used this to describe incentives and disincentives to disclosures, protections for disclosers, enforcement mechanisms used to protect disclosers, as well as challenges and benefits experienced by these agencies.

 

 

 

 

CRS                Congressional Research Service

FTC                 Federal Trade Commission

IRS                  Internal Revenue Service

NDA                Non-disclosure, non-disparagement, and related
                        agreements

OSHA             Occupational Safety and Health Administration

SEC                Securities and Exchange Commission

March 3, 2026

The Honorable Jan Schakowsky
Ranking Member
Subcommittee on Commerce, Manufacturing, and Trade
Committee on Energy and Commerce
House of Representatives

The Honorable Lori Trahan
House of Representatives

Whistleblowers play an important role in bringing reports of waste, fraud, and abuse to the federal government. GAO’s prior work on whistleblowing highlighted awards for whistleblowers reporting tax fraud and described key practices the Congress could consider when working with whistleblowers.[1]

However, non-disclosure, non-disparagement, and related agreements referred to in this report as non-disclosure agreements (NDAs) are common across numerous industries. While there are various federal laws protecting disclosures to federal authorities, potential whistleblowers may not understand these protections and may be reluctant to report for fear of potential consequences. Whistleblowers may also fear other forms of retaliation from their employers, such as being demoted, reassigned, or fired as a result of their actions, which may also have a chilling effect on potential whistleblowers’ willingness to disclose information.

The term “whistleblower” is agency- and condition specific and different agencies define the term as it applies specifically to the work done by that agency. As such, in this report, we refer generally to individuals who report allegations of wrongdoing to government officials as “disclosers”, except in cases where our evidence sources characterize the person specifically as a whistleblower.

You asked us to review issues related to federal agency mechanisms regarding individuals who disclose potential wrongdoing, including the potential effects of NDAs on the willingness to disclose potential wrongdoing to federal officials. This report examines:

1.    private sector employment practices that provide incentives or disincentives to employees exercising rights to disclose potential wrongdoing,

2.    mechanisms selected federal agencies use to enforce private sector whistleblower protections,[2] and

3.    challenges selected federal agencies say they face in receiving tips and disclosures, including those associated with employee NDAs and the benefits of enforcing protections for disclosures.

We chose four agencies using judgmental methods. These methods aimed at selecting from across agencies that employed certain identified strategies to facilitate whistleblowing. Using these methods, we first identified agencies that solicit tips and disclosures from the public. From this list we further researched agency strategies for soliciting tips, including rewarding disclosers or protecting them from retaliation, and identified agencies using particular strategies. We used this research to select agencies to have representation across these agency programs including those with responsibilities for the following:

·         providing retaliation protection in the employment context such as investigating retaliation by employers and reversing adverse employment actions found to be retaliatory,

·         acting against organizations’ non-disclosure agreements that that may inhibit or chill disclosures of wrongdoing to the federal government, or

·         providing monetary awards to those who disclose wrongdoing that eventually results in fines or recovered funds.

We selected the Federal Trade Commission (FTC), the Internal Revenue Service (IRS), the Securities and Exchange Commission (SEC), and the Occupational Safety and Health Administration (OSHA).

To address the first objective, we collected and analyzed documents and interviewed officials from the four federal agencies as well as six organizations that either assist individuals who wish to make disclosures, advise organizations on receiving disclosures, or advise businesses on employment practices related to disclosures.[3] We selected these organizations using judgmental selection methods as well as referrals based on their direct experience with issues relating to making and receiving disclosures. We used this information to describe incentives and disincentives to private sector employees exercising their disclosure rights.

To address our second and third objectives, we reviewed documentation and interviewed officials from: FTC, the IRS Whistleblower Office, the SEC Office of the Whistleblower, OSHA’s Whistleblower Protection Program and the Office of the Whistleblower Ombuds for the House of Representatives. We reviewed documentation related to their work with disclosures and any protections available for those who bring information forward. We also reviewed agency data and annual reports showing the work of these agencies over time. We assessed the reliability of the agency data by reviewing relevant documentation, corroborating various sources, and interviewing knowledgeable agency officials. In general, these data are also found in public releases from the relevant agency and their annual reports. We determined these data were sufficiently reliable to present. We used the documentation and interviews to collect information on protections for disclosers and enforcement mechanisms used to protect disclosers. We also describe challenges and benefits of disclosures cited by these agencies.

We conducted this performance audit from June 2024 to March 2026 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.

Background

Whistleblowing and Whistleblower Protections. The term “whistleblower” can have a variety of meanings. When used by the public it generally refers to a person, often an employee, bringing information about illegal or unethical conduct to the authorities or the press. GAO’s prior work on whistleblower protections covers protections for federal employees, for whistleblowers working for federal contractors or federal grant recipients, as well as for private sector employees who report their concerns to the federal government, among other topics.[4]

There are several federal statutes that offer protections for individuals who disclose information about wrongdoing. In some cases, individuals are eligible for awards for disclosing such information. These “whistleblower statutes” may include more technical definitions of a whistleblower and emphasize specific criteria for disclosing information and any resulting protections to the disclosers. The criteria could include the types of industries and information covered, as well as the designated recipients. See appendix II for more information on how “whistleblower” is defined at the agencies in our review.

While these statutes vary, in general, the laws allow employees to engage in “protected activity”, which includes disclosing information about serious wrongdoing to specified authorities, filing complaints, testifying or cooperating in a government investigation, and, in some cases, refusing to participate in illegal activities. When individuals covered by these laws report alleged wrongdoing to a specified government agency, they may be protected from retaliation for that disclosure.[5] Reports may address a wide range of potential issues, such as violations of laws, rules, or regulations, gross mismanagement, gross waste of funds, abuse of authority, or a substantial and specific danger to public health or safety (see also appendix I for more information about state level legal protections for disclosers).

Selected agencies’ responsibilities regarding disclosers vary. The federal agencies in our review vary in the way they protect disclosers. Some agencies administer award programs that incentivize disclosers to report wrongdoing. Additionally, agencies’ authorities in administering statutes that protect a discloser from retaliation vary.  For example, OSHA has authorities that protect disclosers from retaliation against their employer, while FTC does not enforce statutes to protect disclosers from retaliation.

·         The FTC solicits disclosures from the public on fraud, scams, and anticompetitive mergers or conduct they have encountered but does not have statutory authority to offer individuals that disclose alleged wrongdoing protection from retaliation or to provide them with other whistleblower protections. [6]

·         IRS is authorized to provide monetary incentives and protection from retaliation to individuals that report certain types of tax fraud or violations of tax law.[7]

·         The SEC’s whistleblower program was created by the Dodd-Frank Act of 2010, which authorized the program and the payment of awards to whistleblowers who voluntarily provide original information to SEC that results in enforcement actions of over $1 million in monetary sanctions against private sector companies. SEC also enforces laws against retaliation.[8]

·         OSHA is responsible for enforcing whistleblower provisions of more than 20 federal statutes that prohibit retaliation for private and certain public sector workers. OSHA also safeguards employees from retaliation when they report concerns about certain workplace safety and health and other perceived violations of the law.[9]

However, not every agency that receives disclosures from the public is statutorily authorized to offer incentives for disclosures or protection against retaliation for individuals who disclose wrongdoing.

Retaliation. For purposes of this report, we define retaliation as occurring when an employer takes any adverse action against an employee for engaging in any protected activity, such as reporting wrongdoing.[10] This can include firing, demotion, harassment, or other forms of punishment. Employers might retaliate against an individual to punish them for making a disclosure, or retaliatory action could be intended to discourage an employee from speaking out about a wrongdoing. Retaliation can also negatively impact employees that witness a colleague facing the consequences of making a disclosure.

Non-disclosure or non-disparagement agreements. For the purposes of this report, we define a non-disclosure agreement as a contract or contractual provision containing a person’s promise not to disclose any information shared by or discovered from a holder of confidential information, including all information about trade secrets, procedures, or other internal or proprietary matters.[11] NDAs can help businesses protect valuable or sensitive business information, as well as their reputation.

Employment Practices That Create Trust Incentivize Disclosures, While Fear of Retaliation and Other Consequences May Disincentivize, According to Stakeholders

Confidential or Anonymous Reporting Channels Allow Employees to Disclose with Confidence

Representatives from most of the organizations we spoke with that are knowledgeable about employees’ rights to disclose told us that employers can help incentivize employees to exercise their disclosure rights by providing easily accessible reporting channels and maintaining the confidentiality of the employee’s disclosure.[12]

Subject matter specialists from these organizations told us that employee awareness of reporting channels and their trust in the anonymity or confidentiality of the channels are both important factors that incentivize employees to exercise their right to disclose.

In addition, OSHA maintains guidance on retaliation, Recommended Practices for Anti-Retaliation Programs, which recommends that private sector employers should establish procedures that enable employees to report concerns through confidential or anonymous channels, when possible.[13]

Leaders Foster Employee Trust by Enforcing Discipline for Retaliators, Providing Anti-Retaliation Training, Monitoring Program Progress and Promoting a Speak Up Culture

As part of OSHA’s role in facilitating disclosures it investigates and responds to certain allegations of private sector employers retaliating against employees for making disclosures to other federal agencies. As such, the guidance it publishes is aimed at employers generally and describes how to ensure that employers do not retaliate or otherwise penalize an employee for the exercise of their rights to disclose. We reviewed the OSHA guidance and provided it to the organizations we interviewed to help corroborate their perspective on issues relating to employees making disclosures.

Discipline for retaliators. OSHA’s guidance on recommended practices identifies establishing a retaliation response system as a key element of an effective anti-retaliation program. The guidance states that when retaliation is reported, employers should conduct a timely and thorough investigation using an established retaliation response system. OSHA provides guidance on conducting investigations, including that investigations should take all reports of retaliation seriously, entities should investigate claims with an objective, independent complaint review process, and investigations should maintain employee confidentiality as much as possible to protect employees from future retaliation or isolation by coworkers. According to OSHA guidance, if the employer confirms that retaliation took place, it should remedy the retaliation and review its anti-retaliation program to determine why the system failed and what changes may be needed to prevent future retaliation.

In addition, some of the subject matter specialists we interviewed stated that when an organization identifies issues, retaliators should be held accountable. They told us that management should address instances of retaliation swiftly and consistently. These interviewees explained that organizations should implement a response system that establishes a penalty for violations, and the penalty should be consistent for all employees, regardless of seniority. However, the participants noted that if retaliators are rewarded instead, it will negatively impact the organization’s culture and employee trust in exercising their disclosure rights.

Anti-retaliation training. OSHA’s anti-retaliation guidance and two of the subject matter specialists we interviewed stated that providing anti-retaliation training and clear guidance can help encourage employees to disclose unlawful working conditions or conduct.[14] According to OSHA, training is essential because it provides management and employees with the knowledge, skills, and tools they need to recognize, report, prevent, and properly address hazards, potential violations of the law, and retaliation. OSHA offers guidance to organizations on what should be included in anti-retaliation training, including the following:

·         relevant laws and regulations,

·         commitment to creating an organizational culture in compliance with the law,

·         addressing workforce concerns,

·         complying with the organization’s code of ethics,

·         listing employee rights and obligations,

·         statutory rights protecting against retaliation,

·         elements of the anti-retaliation program, and

·         explanation of what constitutes retaliation.

In an interview with subject matter specialists from one organization, participants noted that effective training provides clear and concrete examples. However, interviewees acknowledged that this is challenging because disclosure cases are often very specific, and the details of any disclosure or retaliation claim are important. According to the specialists, when organizations train staff on an antiretaliation program, the increased awareness of how to report, and the existence of a reporting channel, may lead to an increase in reports.

Program monitoring and oversight. OSHA’s anti-retaliation guidance and one subject matter specialist stated that organizations should monitor anti-retaliation programs. OSHA’s Recommended Practices for Anti-Retaliation Programs states that employers should develop and implement a plan for oversight of the anti-retaliation program, review oversight findings, and ensure that the program is improved and modified as needed.[15]

One subject matter specialist told us that the structure of compliance programs should be well defined, including the roles and responsibilities for management, compliance officers, and the Board (as applicable). OSHA advises that organizations should review the compliance program and regularly monitor activities to address any issues as they arise.

Management promoting a “speak up” culture. According to OSHA guidance, leadership should demonstrate a commitment to valuing and addressing employee concerns regarding potential violations of the law and preventing retaliation against disclosers. Most of the subject matter specialists we interviewed told us it was important for organizations to ensure that their leaders and managers were committed to creating a “speak up” culture that promotes raising issues. Further, in one interview with subject matter specialists, participants explained that leadership’s commitment to this culture can be difficult to communicate to employees, but it is important because it sets the tone at the top of the organization. In addition, some specialists added that the organizational culture can be disincentivizing to employees if management does not display a commitment to supporting employee disclosure.

Fear of Retaliation, Burdensome Reporting, and Unclear Policies May Disincentivize Employee Disclosure

Retaliatory employment culture. OSHA’s Recommended Practices for Anti-Retaliation Programs guidance and most of the subject matter specialists we interviewed stated that a retaliatory employment culture can create employee distrust and may disincentivize employees from exercising their disclosure rights. Most of the subject matter specialists we interviewed agreed that retaliation, or fear of retaliation, discourages employees from bringing forward disclosures. Organizations that permit a retaliatory culture may disincentivize potential disclosers from coming forward. One subject matter specialist highlighted that some disclosers may anticipate some retaliation within their workplace, but blackballing or blacklisting—actions that prevent an individual from obtaining a job in their field of expertise, even outside their current organization—is a larger cost that potential disclosers may also fear. Another subject matter specialist noted that organizational cultures where highly visible retaliation is permitted and intended to be seen, creates disincentives for employees.

High costs of legal research and counsel. Two of the subject matter specialists stated that attorney fees related to engaging legal counsel for consultation may deter employees from exercising their disclosure rights. Employees may seek legal counsel, and incur costs for that counsel, to better understand their disclosure rights and liabilities as defined by NDAs or other employment policies.

Employees experiencing workplace retaliation may also face burdensome costs when consulting an attorney to file a retaliation complaint. Employers may raise legal challenges to enforce NDAs or to address retaliation complaints, which may result in higher legal fees for the employee. According to some of the subject matter specialists we spoke to, fear of a costly legal battle may dissuade employees from pursuing disclosure.

Unclear NDAs and other employment policies. In our interviews, some subject matter specialists stated that unclear or overly restrictive NDAs as well as other employment practices, such as poorly designed reporting channels, deter employees from bringing forward information.

Most subject matter specialists said that overly restrictive or unclear NDAs that do not specify permitted reporting channels can disincentivize disclosures. Subject matter specialists explained that even when NDAs are not legally enforceable and do not prohibit an employee from bringing forward information, they may have a chilling effect for employees. These specialists note that broadly worded NDAs will likely not be enforced in court, but employees covered by such agreements may not understand this.[16] As such, employees may be fearful of violating the NDA, which deters them from ever raising the concern.

According to specialists, reporting channels that lack independence, are inaccessible, or do not maintain the confidentiality or anonymity of employees may discourage potential disclosers. When reporting channels are not well known to employees or if there is no confidential or anonymous reporting option, it may prevent employees from raising concerns.

Subject matter specialists from two organizations we interviewed said that organizations should have truly confidential reporting that cannot be tracked by management. They noted that in many workplaces the employer can monitor employee communications and may find evidence of a disclosure. Another subject matter specialist, speaking from experience, stated that some organizations may staff reporting channels with a known retaliator. This sends a clear message to employees about how their reports will be handled and may discourage employees from raising issues.

FTC and Other Agencies Cite Using Varied Mechanisms to Protect Disclosers, with Some Differences Attributable to Variations in Authority

The agencies in our review told us they use a variety of mechanisms to protect disclosers. As summarized in table 1, these protections range from providing confidentiality to investigating retaliation against disclosers. However, the agencies we reviewed have differing statutory frameworks establishing their authorities and the programs they run differ in the way they solicit disclosures and protect those who bring that information forward. For instance, both IRS and SEC have statutes authorizing programs that incentivize disclosers bringing actionable information forward by paying a portion of recovered funds as awards for information leading to recoveries. In contrast, OSHA’s Whistleblower Protection Program is authorized to help enforce the anti-retaliation provisions of over 20 federal laws by investigating and addressing complaints of retaliation for bringing information to federal officials regarding, among other things, serious wrongdoing. However, OSHA is not authorized to investigate or address retaliation complaints for disclosures to FTC. For more information on the eligibility requirements and claims processes in place at these agencies, see appendix II.

Mechanisms	Internal Revenue Service	Securities and Exchange Commission	Department of Labor, Occupational Safety and Health Administration (OSHA)	Federal Trade Commission
Protect Discloser Identity
Agency provides confidentiality to protect identity	Yes – but enforcement proceedings may reveal discloser identitiesa
Address Impeding Non-Disclosure Agreements and Retaliation
Agency takes public position on restrictive non-disclosure agreements	Not applicable (N/A)	Yes	Yes	Yes
Agency takes action against restrictive non-disclosure agreements	N/A	Yes	N/A	N/A
OSHA’s Whistleblower Protection Program accepts retaliation complaints on laws administered by the agency	Yes	Yes	Yes	N/A
Agency investigates and issues findings on retaliation	N/A	Yes	Yes	N/A

Source: GAO analysis of federal law, agency guidance documents, and interviews.  |  GAO‑26‑107650

Notes: The variations between agencies demonstrated in this table are due to differences in agency programs and differing statutory schemes establishing their authorities.

^aAgencies may be required to reveal the identity of the disclosing employee in certain circumstances, such as in response to a court order directing disclosure. According to OSHA, confidentiality is only offered to certain non-complainant witnesses. Use of “N/A” indicates that the agency did not report using the mechanism.

Following is additional information on each element in table 1.

Agencies Cite Using Confidentiality as a Mechanism for Protecting Discloser Identity

All the agencies we spoke with report using confidentiality as a mechanism to protect the identity of those who provide information to them.

IRS and SEC officials told us that identity protections are offered during the course of the agencies’ investigations and do not end when awards have been made to disclosers as a result of the information they brought forward.[17] The other selected agencies we reviewed, OSHA and FTC, do not have statutory authority to offer awards for disclosures.

As shown in table 2, IRS made between 105 and 179 awards for information from disclosers during fiscal years 2020 through 2024. IRS also does not reveal the identity of disclosers in its public reporting on awards paid. In addition, the IRS website contains a section on whistleblower confidentiality. It states that IRS will protect the identity of a discloser to the maximum extent that the law allows.[18]

Award Information	2020	2021	2022	2023	2024
Number of awards	169	179	132	121	105

Source: GAO analysis of IRS Whistleblower Office Annual Reports, Fiscal Years 2020 – 2024.  |  GAO‑26‑107650

SEC officials told us that confidentiality is the main tool they use to protect people who disclose information to them. As shown in table 3, SEC made between 39 and 116 awards for disclosures leading to monetary sanctions against organizations during fiscal years 2020 through 2024. The identity protections provided during these investigations also continue after an award is made to the discloser. In public reporting on awards and sanctions, SEC does not identify a discloser or associate awards with particular SEC sanctions. SEC rules for disclosers seeking an award permit anonymous submissions of original information by an attorney acting on behalf of the discloser.[19]

Award Information	2020	2021	2022	2023	2024
Number of whistleblowers receiving awards	39	116	104	68	47

Source: SEC Office of the Whistleblower Award Data.  |  GAO‑26‑107650

OSHA’s Whistleblower Protection Program does not allow retaliation complainants to file anonymous or confidential complaints since the agency must investigate specific employment actions. However, they do allow certain witnesses to those allegations to make confidential statements in the course of their investigation.

FTC officials told us that they accept anonymous and confidential complaints. While the agency has no information, except the complaint itself, to reveal in the case of anonymous complaints, FTC officials told us they warn those who make confidential disclosures that the submitter's identity along with the complaint text may be revealed during the course of certain enforcement proceedings.

Some Agencies Take a Public Position on Non-disclosure Agreements

SEC. In 2016, SEC released staff guidance on disclosure compliance that identified some provisions of NDAs as contributing to violations of SEC rules.[20] Certain provisions in these agreements could impede employees and former employees from communicating with the SEC. SEC’s website also has guidance for disclosers.[21] This guidance informs disclosers that SEC rules prohibit any person from taking actions to prevent someone from contacting SEC to report a securities law violation. It cites enforcement of confidentiality agreements to prevent contact as an example of such prohibited action.[22]

OSHA. Similarly, in fiscal year 2024 the Department of Labor[23] published an enforcement report on coercive contract provisions that asserts that “workers have a right to report unlawful conduct to the Department and to cooperate in the Department’s investigations and litigation”.[24] It describes contractual provisions that bar workers from doing this as “not enforceable.”

Further, according to OSHA officials, OSHA does not take direct action against restrictive NDAs unless they are used in a retaliatory way. However, OSHA will not approve settlement agreements between a complainant alleging retaliation and their employer, or close complaint investigations, unless the language used in the settlement allows future reporting to government officials.

The OSHA Whistleblower Protection Program allows parties to a complaint to come to an agreement to settle a retaliation allegation. OSHA’s Whistleblower Investigations Manual provides a template for parties to use that makes explicit that nothing in the settlement agreement limits the right to provide information to the government.^[25] While parties are allowed to formulate their own settlement agreements, OSHA officials told us that they will not close the complaint and will continue their investigation notwithstanding a settlement if parties include restrictive NDA clauses in that settlement.

FTC. FTC has published statements warning that certain kinds of confidentiality provisions in NDAs, which impede agencies' ability to conduct lawful investigations, are not enforceable as they are contrary to public policy. In June 2023, the FTC Bureau of Competition published a memo on contracts that impede investigations.[26] It discusses the need for FTC to speak with a variety of stakeholders during its investigations, including businesses, customers, suppliers, trade organizations, and others. The memo concludes that “contractual requirements and limitations that impede … investigations are contrary to public policy and therefore unenforceable.” The memo notes that confidentiality, non-disclosure, and similar agreements that contain overly broad restrictions and requirements may chill potential disclosers from speaking voluntarily with the FTC. According to the memo, this chilling effect impedes the FTC from carrying out its statutory mandate to gather information and conduct investigations relating to entities engaged in commerce.

In July 2024, FTC issued a Commission policy statement aimed specifically at franchise businesses.[27] It expressed concerns that franchise owners may be reluctant or unwilling to voluntarily discuss or file reports about their experiences with franchisors, even if the franchisees believe a violation has occurred. The policy statement includes a discussion of contract provisions of NDAs and similar agreements that may restrict franchisees from speaking about potential violations. It notes that communications with franchisees are essential for the FTC to protect that community from unfair methods of competition and unfair and deceptive practices. It concludes that contractual clauses prohibiting franchisees from reporting potential violations to the government are considered unfair and unenforceable.

In addition, FTC officials told us that if impedance by NDA or retaliation were to violate the laws or regulations they enforce, there are enforcement tools available to them. FTC officials also told us that in rare cases, efforts to prevent disclosures could be seen as obstruction of justice. In those cases, FTC may refer the issue to its law enforcement partners at the Department of Justice.

SEC Acts Against Restrictive Non-disclosure Agreements

Restrictive NDAs are those that include clauses that could be used to inhibit or chill reporting to government officials. SEC officials we spoke with described mechanisms in use for addressing restrictive NDAs.

SEC officials told us the agency takes direct action against restrictive NDAs as a violation of SEC Rule 21F-17, which prohibits taking any action to impede an individual from communicating directly with the SEC about a possible securities law violation. The annual report to congress of SEC’s Office of the Whistleblower for fiscal year 2024 states that SEC brought 11 enforcement actions against entities and individuals who took action to impede whistleblowers from communicating with the SEC, including through the use of restrictive agreements. This was the greatest number of actions taken in any fiscal year since the program’s inception in 2011.[28]

OSHA’s Whistleblower Protection Program Accepts Retaliation Complaints on Laws Administered by IRS, SEC and OSHA

OSHA enforces whistleblower provisions for more than 20 federal statutes. OSHA’s webpage lists all of the laws that permit a discloser to file a retaliation claim if they suffer an adverse employment action as a result of their disclosure. These include the Taxpayer First Act which protects certain disclosure to IRS, the Sarbanes-Oxley Act of 2002 which protects certain disclosures to SEC, and Section 11(c) of the Occupational Safety and Health Act of 1970 which prohibits retaliation against disclosures by employees to OSHA.[29] However, according to FTC officials OSHA statutes do not offer specific retaliation protection to those who typically bring information to FTC.

SEC and OSHA Address Retaliation to Further Industry Compliance and Protect Individual Disclosers

SEC and OSHA both address alleged retaliation against employees for their disclosures of perceived unlawful conditions or conduct to government regulators, among other things. Differing approaches to enforcement of these antiretaliation laws may be taken. For example, an individual that has been retaliated against for providing protected information to the SEC may bring a civil action for relief such as backpay or reinstatement. In some cases, OSHA is authorized to seek relief for those employees who have been retaliated against such as by ordering back pay or other relief. (see also appendix I for information about state level legal protections for disclosers and appendix II for a description of OSHA’s process for accepting and investigating retaliation complaints).

SEC protects against both retaliation to disclosers and an organization’s interference with disclosures, such as requiring employees to sign NDAs that purport to restrict their right to report to government officials. In both cases, sanctions are available, in part through penalties. SEC officials told us that their authorities are limited to bringing penalties and seeking court orders against a company to change its future behavior, but SEC cannot reverse a firing, or other employment action against a discloser. As of November 2024, SEC had filed a total of 32 enforcement actions concerning efforts to impede reporting and five anti-retaliation enforcement actions since the program’s inception in 2011. These cases include one that resulted in an $18 million penalty, the highest penalty ever imposed by SEC for violations involving an organization impeding a discloser’s reporting.

OSHA’s Whistleblower Protection Program, among other things, addresses claims of retaliation against employees for engaging in protected activities, including making protected disclosures. For example, OSHA is authorized to investigate a complaint by an employee alleging retaliation for filing a complaint related to workplace safety and health.[30] In its website guidance, OSHA also encourages, and helps facilitate, settlements in retaliation cases.

As shown in table 4, between fiscal years 2018 and 2023, OSHA’s Whistleblower Protection Program resulted in several hundred positive outcomes for complainants alleging retaliation for protected activities. Positive outcomes occur when both parties to the complaint agree to settle the case or because OSHA found reasonable cause to believe the employer retaliated. While remedies and OSHA’s authority to order them vary depending on the statute involved, OSHA is able to issue an order for relief in some cases where OSHA found the employer retaliated. Such orders may include remedies such as reinstatement, back pay, attorney fees, and compensatory or punitive damages, as well as non-monetary relief, such as providing a neutral reference if the employee seeks other employment.

Positive Outcomes from Retaliation Complaints	2018	2019	2020	2021	2022	2023
OSHA found reasonable cause to believe employer retaliated	44	26	41	39	30	23
Complaints settled through OSHA settlement process	341	335	416	325	389	509
Complaints settled outside of OSHA settlement process	354	396	401	421	324	359
Total	739	757	858	785	743	891

Source: OSHA Whistleblower Statistics.  |  GAO‑26‑107650

Note: OSHA’s data classifies cases resulting in merit or settlement determinations as positive outcomes for the complainant. Merit findings are made by OSHA when there is reasonable cause to believe that a violation of the relevant whistleblower statute has occurred. OSHA guidance states that some OSHA regional offices offer an Alternative Dispute Resolution program with an OSHA appointed representative to help parties come to a settlement. The guidance also states that parties can come to an agreement together and submit a settlement for OSHA approval.

In addition to each agency’s own work to investigate and issue determinations of retaliation, both SEC and some of OSHA’s anti-retaliation enforcement statutes permit a person who alleges retaliation for engaging in protected conduct to bring a suit for retaliation relief in district court.

Section 922 of the Dodd–Frank Wall Street Reform and Consumer Protection Act permits a person who alleges retaliation for disclosing a potential securities law violation to SEC to sue their employer and seek double back pay with interest, reinstatement, and reimbursement for attorneys’ fees and certain litigation costs.[31]

Some of the whistleblower statutes enforced by OSHA contain “kick-out” provisions that under certain conditions allow the complainant to bring a case in federal district court if the Secretary of Labor has not issued a final decision on their complaint within a certain time period, typically 180 or 210 days.[32]

Agencies Cite Challenges Including Securing Cooperation from Disclosers and Addressing NDAs, but Also Cite Monetary and Other Benefits

Agencies Identified Challenges Include Securing Cooperation, Contending with NDAs, and Processing and Coordinating Award Claims

We found that all the agencies we spoke with have experienced challenges securing cooperation from disclosers. According to agency officials, agencies may consult with disclosers about legal procedures that could reveal their identity and may contend with situations where organizations’ NDAs potentially inhibit the flow of information to government officials. In addition, the award programs run by SEC and IRS receive large numbers of submissions that do not meet the criteria for award consideration. These require resources to process and adjudicate, which can affect timeframes for processing meritorious submissions. The IRS Whistleblower Office’s Fiscal Year 2024 annual report states that statutory requirements related to protecting information creates coordination challenges with other federal agencies.

Agencies Consult with Disclosers About Revealing Identity When Seeking Their Cooperation

IRS. According to IRS officials, to protect the discloser during an investigation, IRS maintains a separate claim file with information about the discloser that is distinct from other examination files. IRS officials told us this discloser information must be kept confidential, and the identity or existence of a discloser must not be revealed to anyone except on a “need to know” basis in the performance of their official duties. However, if IRS needs the discloser to act as a witness, this role requires providing information in judicial proceedings, which will reveal the discloser’s identity. Officials told us IRS will make every effort to notify and consult with the discloser before deciding whether to proceed in such a case. They noted that a factor that helps determine whether a discloser serves as a witness is any concern expressed by the individual about risks stemming from revealing their identity.[33]

SEC. SEC protects discloser confidentiality and allows for anonymous submissions through an attorney acting as intermediary. However, SEC officials told us that pursuit of retaliation cases may reveal the identity of a discloser because SEC must investigate actions taken against that person. Officials told us that SEC staff may alert potential disclosers about the possibility of revealing their identity and they generally consult with disclosers in advance of taking actions that might reveal their identity. SEC’s frequently asked questions webpage on providing information while maintaining confidentiality notes, in part, “there are limits on [SEC’s] ability to shield your identity and in certain circumstances we must disclose it … For example, in an administrative or court proceeding, we may be required to produce documents or other information which would reveal your identity.”[34]

OSHA. OSHA does not offer identity protection to those who bring complaints alleging retaliation for protected activities because investigating the complaint requires a review of work conditions and personnel actions involving the complainant. However, OSHA investigators provide confidential reporting channels to potential non-management witnesses who do not wish to be identified as assisting OSHA investigators. OSHA investigators are instructed to inform the witness that their identity will be kept confidential to the extent allowed by law, but that disclosure may be required if the witness testifies in a legal proceeding.

FTC. FTC accepts reports anonymously but also generally provides confidentiality to disclosers. FTC officials also told us that the identity of confidential disclosers may be revealed in litigation. To mitigate identity revelations, officials told us that FTC typically argues in filings that the identity of confidential disclosers and confidential materials should be viewed by outside counsel only. In some instances, FTC may seek a restraining or protective order prohibiting efforts to discourage cooperation with the agency. In egregious circumstances where evidence suggests that efforts have been made to change a discloser’s testimony, it may be appropriate to refer conduct to law enforcement authorities for criminal consideration.

Officials Noted that NDAs May Impede Disclosures and Limit Cooperation in Investigations

Officials from two agencies we spoke with expressed concerns about NDAs potentially inhibiting the flow of information to government officials. They told us that NDAs may prevent disclosers from coming forward or may limit cooperation in disclosures.

Officials told us that OSHA will not close investigations where the proposed settlement restricts rights to disclose. As discussed above, OSHA allows parties to a complaint to come to an agreement to settle the complaint. However, officials told us the agency objects to settlement agreements created independently that include NDA clauses or restrictions on reporting.

In these cases, OSHA’s Whistleblower Investigations Manual directs investigators to include language that makes explicit that nothing in a settlement agreement with a confidentiality clause limits the right to provide information to the government, file a complaint, or testify, among other protected activities. Officials told us that when settlements contain prohibited language, this may inhibit parties to the agreement from raising future whistleblower complaints.

NDAs limited or delayed disclosures to FTC. FTC officials told us that they sometimes encountered obstacles related to obtaining information from people covered by NDA agreements. NDAs sometimes specifically require those who are bound by them to report any contact with law enforcement to the investigation target. FTC officials have heard concerns from potential disclosers that their NDA prevents them from talking to FTC and, in some cases, have declined to cooperate, or limited, cooperation with FTC because of the NDA. Sometimes those covered by NDAs respond to FTC requests voluntarily, but only after notifying the target of FTC’s investigation. FTC officials explained that employee notification to the employer allows the investigative target to prepare focused answers and sculpt testimony in ways that are inconsistent with a full and transparent investigation.

Two Agencies Cite Challenges with Large Numbers of Inactionable Submissions, and IRS Cites Statutory Limitations on Coordination with Other Agencies

IRS and SEC report experiencing challenges related to inactionable submissions. Both the IRS and SEC award programs have experienced issues related to the volume of submissions received by the agency.

IRS officials also experience challenges due to inactionable submissions from the public. One of the primary goals of the IRS Whistleblower Office is to ensure high-value whistleblower claims with specific, timely, credible, and non-speculative information are referred to the IRS business units. Each year, IRS receives large numbers of inactionable claim submissions which require significant resources to process. As noted in the 2023 IRS Whistleblower Office Annual Report, IRS received hundreds of claims that are purely speculative in nature. The report also notes that the office uses significant resources responding to these claimants. The burdens of these claims far outweigh any benefit of the information to the IRS, according to the report. In September 2025, IRS officials informed us that the IRS Whistleblower Office is refining its intake and initial analysis process to efficiently process new claim submissions.

SEC officials told us that processing of meritorious award claims can be delayed because SEC must process numerous claims against the same SEC enforcement action that lack a clear connection between the tip and the actions for which the applicant is seeking an award. SEC officials told us this raises concerns because incentives to come forward are greater with quicker award payments. In addition, they told us that the office has received over 14,000 tip submissions from two individuals in fiscal year 2024.

To address award claims that lack a connection to the tip, officials told us SEC adopted a ‘three strikes’ rule in 2020 that allows barring complainants who submitted three or more award claims that had no connection to the enforcement action taken. This rule has allowed them to bar a few complainants since 2020. SEC also uses technical tools, such as CAPTCHA-style tests, to prevent automated tip submissions.

Statutory constraints limit IRS coordination with agencies. The IRS Whistleblower Office annual report for fiscal year 2024 describes limitations on the information it can share with other agencies due to IRS confidentiality requirements, which may lead to coordination challenges. For instance, the Taxpayer First Act created retaliation protections for disclosers, safeguarding them from actions from their employers.[35] Employees alleging retaliation may file a complaint with the Department of Labor acting in its anti-retaliation enforcement role through OSHA’s Whistleblower Protection Program.[36]

However, according to IRS officials, IRS is prevented by statute from affirming to the Department of Labor, OSHA, or other agencies that the complainant provided information to IRS. Similarly, IRS states that these confidentiality requirements also prevent IRS coordination with other agencies applying separate, but interrelated, whistleblower provisions. The report recommends amending certain statutory provisions to allow information sharing within the federal government for purposes of applying the whistleblower provisions. This would enhance the IRS’s ability to use information and pay awards to disclosures, according to the report. IRS Whistleblower Office first raised these concerns and limits on information sharing in its fiscal year 2021 annual report as legislative recommendations and has included in each subsequent annual report.

Agency Officials Cite Benefits from Disclosures Including Recovered Funds, Increased Compliance, and More Efficient Investigations

IRS and SEC Programs Recovered Funds and Report Increased Compliance

According to IRS officials, the IRS Whistleblower Program is a critical element of tax administration. Since issuing its first award in 2007, the IRS has paid over $1.4 billion in awards based on the collection of about $7.9 billion from noncompliant taxpayers. Table 5 provides amounts collected attributable to whistleblower awards in fiscal years 2021 through 2024. During that time period, IRS recovered over $1.2 billion in delinquent taxes, associated penalties, interest, and other recoverable funds.

Funds Recovered	2021	2022	2023	2024	2021- 2024 Total
Funds recovered for awards paid under Internal Revenue Code section 7623(b)	$115.3	$152.7	$326.3	$457.5	$1,051.8
Funds recovered for awards paid under Internal Revenue Code section 7623(a)	$130.0	$20.0	$11.7	$17.2	$178.9
Total Funds Recovered for Awards Paid	$245.3	$172.7	$338.0	$474.7	$1,230.7

Source: GAO Analysis of IRS Whistleblower Office Annual Reports, 2021 – 2024.  |  GAO‑26‑107650

Note: IRS pays awards for information that resulted in recovered funds pursuant to the Internal Revenue Code (26 USC 7623(a) and 26 USC 7623(b)). IRS is authorized to provide payments for detection of tax underpayments or when an individual is adjudicated guilty for violation of the laws IRS has authority to administer, enforce, or investigate. A whistleblower must meet several criteria to qualify for the Internal Revenue Code section 7623(b) award program including that the information involve an action where the proceeds in dispute exceed $2 million. If the information meets the criteria and substantially contributes to an administrative or judicial action that results in the collection of proceeds, the IRS will generally pay an award of at least 15 percent, but not more than 30 percent of the proceeds collected. If a submission does not meet the criteria for Internal Revenue Code section 7623(b), the Whistleblower Office may consider it for an award pursuant to its authority under Internal Revenue Code section 7623(a). See appendix II for more information about this program and its requirements.

As previously discussed, the IRS Whistleblower Office is authorized to pay monetary awards to eligible individuals whose information is used by the Secretary of the Treasury to recover delinquent taxes and associated penalties, interest, any additions to tax, and other funds provided under the laws the IRS is authorized to administer, enforce, or investigate. Depending on the use of the disclosed information, these awards generally comprise between 15 and 30 percent of the proceeds collected.[37]

SEC’s Office of the Whistleblower Annual Report to Congress for Fiscal Year 2024 states that as of the end of fiscal year 2024, a total of more than $2.2 billion had been distributed in awards for disclosures that led to sanctions. As discussed above, the SEC’s Whistleblower Program is authorized to award information that leads information that leads to recovered funds by paying a portion of the funds in rewards. To shield the identities of disclosers, SEC officials told us the agency does not report on total sanctions related to information from disclosures because this could be used to show which sanctions were associated with a disclosure. However, by statute, the aggregate amount awarded must be between 10-30 percent of the amounts collected from the sanctions.[38] These percentages provide a range for total sanctions collected due to disclosures of between $7.3 billion and $22 billion. For more information on the eligibility requirement and award processes in place at IRS and SEC, see appendix II.

Officials from both SEC and IRS told us that they believe the incentives and identity protections provided by award programs strengthen voluntary compliance and deterrence in the areas they regulate. For instance, IRS officials told us that these programs increase the voluntary compliance of taxpayers. They explained that compliance is taken more seriously when the possibility of a disclosure of noncompliance exists. Similarly, SEC officials told us they believe that cultural change toward increased compliance is created when businesses know someone may be willing to offer or provide information. This, in turn, creates accountability and serves as a check on the business.

FTC Uses Disclosures to Recover Funds, Refund Consumers, and Track Fraud Reports

As shown in table 6, FTC’s work recovered almost $341 million in fiscal year 2024, which was either refunded to consumers or sent to the Treasury. From fiscal years 2019 through 2024 refunds to consumers, or recoveries to the Treasury, totaled almost $8.8 billion. FTC reports that whenever possible, the FTC uses the money it collects from defendants to issue refunds to consumers and cover the administrative costs to do so. FTC’s website describes how it provides refunds and states that when a refund program is not feasible, or funds remain after the refund program is complete, the FTC sends unused funds to the Treasury.

Recovered Funds	2019	2020	2021	2022	2023	2024	Total 2019- 2024
Funds Returned to Consumers or Sent to U.S. Treasury	$971.1 million	$5.65 billion	$562.1 million	$639.8 million	$623.6 million	$340.8 million	$8.79 billion

Source: FTC, Annual Performance Report for Fiscal Year 2024.  |  GAO‑26‑107650

FTC’s Bureau of Consumer Protection collects fraud and other reports from the public and shares them with law enforcement using its Sentinel Database. FTC reports that it generally targets its law enforcement resources to violations that cause the greatest consumer harm.

The Sentinel Database collects reports from consumers about instances of fraud and other problems they experience in the marketplace, including reports of monetary loss. In addition to taking consumer reports directly from the public, the Sentinel Database also includes reports filed with other federal, state, local, and international law enforcement agencies, as well as other organizations, like the Better Business Bureau. FTC invites the public to report fraud, scams, or bad business practices through their online portal at ReportFraud.ftc.gov and allows anonymous submissions. While FTC does not resolve individual reports, the database is used to investigate and bring cases against fraud, scams, and bad business practices.

FTC’s law enforcement partners also use the database to spot trends, identify questionable business practices and targets, and enforce the law. As shown in table 7 below, in 2024, FTC reported the top 10 categories of fraud captured in the database. The categories of reported fraud related to online shopping, job opportunities, and debt management, among others.

Rank	Category	Number of Reports from the Public	Percent of Reports with Monetary Loss Due to Fraud	Total Monetary Loss Reported (in millions)
1	Imposter Scams	845,806	22	$2,952
2	Online Shopping and Negative Reviews	383,441	76	$432
3	Business and Job Opportunities	126,217	36	$751
4	Investment Related	118,960	79	$5,697
5	Internet Services	118,261	28	$164
6	Prizes, Sweepstakes, and Lotteries	97,350	22	$351
7	Telephone and Mobile Services	92,520	39	$56
8	Health Care	78,763	51	$80
9	Travel, Vacations, and Timeshare Plans	58,347	67	$274
10	Mortgage Foreclosure Relief and Debt Management	34,159	21	$82

Source: FTC, Sentinel Database, Annual Data Book, 2024.  |  GAO‑26‑107650

Note: The FTC Sentinel Database collects, but does not confirm, reports of fraud from consumers.

Agency Officials Say Disclosures Allow Them to Conduct More Efficient Investigations and Uncover Issues That Might Have Been Undetected

Agency officials from IRS and SEC provided examples of some ways that information provided by disclosers creates efficiencies during investigations.

IRS officials told us that whistleblower information is essential for promoting fairness, accountability, collecting funds from noncompliant taxpayers, and key in identifying fraud, as well as cross-border and emerging scams and schemes. They said that disclosures may reveal the existence of funds for collections that would be unknown to IRS otherwise. Similarly, disclosures provide information on schemes that were previously unknown to IRS, and which can extend beyond U.S. borders.

SEC officials told us that disclosures from company insiders can direct SEC to useful documents or explain how practices work. The time and resource savings allow SEC to more efficiently conduct investigations.

Agency Comments

We provided a draft of this report to IRS, SEC, Department of Labor, and FTC for review and comment. IRS, SEC, Department of Labor, and FTC provided technical comments, which we incorporated as appropriate.

We are sending copies to the appropriate congressional committees, the Acting Commissioner of Internal Revenue, the Chairman of the SEC, the Secretary of Labor, the Chair of the FTC, and other interested parties. In addition, the report is available at no charge on the GAO website at https://www.gao.gov. If you or your staff have any questions about this report, please contact Yvonne Jones at jonesy@gao.gov. Contact points for our Offices of Congressional Relations and Media Relations can be found on the last page of our report. Key contributors to this report are listed in appendix III.

Yvonne D. Jones
Director, Strategic Issues

Our request asked for examples of state-level protections for disclosers. To develop this information we reviewed documentation created by the Congressional Research Service (CRS) as well as state guidance and conducted interviews with agency officials and representatives from organizations with experience advising on issues related to disclosures.

CRS Research Indicates That States Have Statutes Referring to the Protection of Employees from Retaliation for Disclosing Information

The Office of the Whistleblower Ombuds is a legislative nonpartisan support office established in 2019 to advise the House of Representatives on best practices for working with whistleblowers. Officials told us that the office regularly updates a research memo on its website describing state whistleblower laws prepared by the Congressional Research Service (CRS).[39] This memo identifies anti-retaliation laws that prohibit retaliation against whistleblowers or other individuals in all 50 states and the District of Columbia. It also identifies state laws outside the employment context that provide protections for disclosures of wrongdoing.

The CRS memo includes over 1,400 entries describing anti-retaliation provisions of various state statutes. CRS categorized the provisions it identified into several broad subject areas, including

·         Labor and Collective Bargaining;

·         Government; and

·         Safety, Protection, and Care for Vulnerable Groups.

Additionally, CRS identified a few industry-specific areas in its categorization, such as Transportation; Public Utilities; and Finance, Banking, Securities, and Insurance. Of the statutory provisions included in the memo, CRS also indicated those that contain some form of remedy provision.

California’s “Silenced No More Act” States Its Purpose Is to Restrict the Use of Non-disclosure Agreements to Silence Disclosures about Discrimination, Harassment, and Other Wrongdoing

California’s “Silenced No More Act”, which went into effect in 2022, prohibits employers from using any non-disparagement agreement related to the employee’s separation from employment that would prevent the disclosure of information about unlawful acts in the workplace.[40] Interviewees told us that the law was aimed at ensuring that individuals are able to speak out about discrimination, harassment, and other types of unlawful conduct in the workplace. Under the law, any agreement that contains a non-disparagement or similar clause must also contain language stating that nothing in the agreement prevents employees from discussing or disclosing information about unlawful acts in the workplace, such as harassment, discrimination, or other conduct that an employee has reason to believe is unlawful. Additionally, employers are prohibited from requiring employees to sign a release of claims against the employer as a condition of employment.

This appendix collects information on the eligibility requirements and processes in place at Internal Revenue Service (IRS), Securities and Exchange Commission (SEC), and Occupational Safety and Health Administration (OSHA). Table 8 describes the eligibility requirements to qualify as a whistleblower under the laws administered by IRS, SEC, and OSHA respectively. Table 9 provides information on the processes disclosers use to claim an award from the IRS and SEC award programs as well as the process used by OSHA to investigate and address retaliation claims.

Although FTC solicits disclosures from the public, officials told us it does not have statutory authority to offer individuals that disclose alleged wrongdoing protection from retaliation or to provide them with other protections on the basis of any disclosure. As such, it does not appear in this appendix.

Agency	Selected Whistleblower Program Eligibility Requirements, by Agency
Internal Revenue Service (IRS)		IRS whistleblower awards are processed either as an Internal Revenue Code section 7623(a) or 7623(b) award claim. In order to qualify for the Internal Revenue Code section 7623(b) award program, a whistleblower’s information must be: signed and submitted under penalties of perjury, involve an action in which the proceeds in dispute exceed $2,000,000, and if the subject of the claim is an individual, the individual’s gross income must also exceed $200,000 for any taxable year subject to such action. If the whistleblower claim does not meet the criteria for Internal Revenue Code section 7623(b), the IRS will consider it for the discretionary program under Internal Revenue Code section 7623(a).
Securities and Exchange Commission (SEC)		For an SEC action, a whistleblower is defined as any individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of the securities laws to SEC, in a manner established, by rule or regulation, by SEC under Section 21F of the Exchange Act (15 U.S.C. § 78u-6(a)(6).
Department of Labor, Occupational Safety and Health Administration (OSHA)		Any employee or other individual who is covered by a relevant OSHA whistleblower statute, is permitted to file a whistleblower complaint with OSHA alleging retaliation for engaging in a protected activity. Protected activities include ·          reporting potential violations or hazards to management; ·          reporting a work-related injury or illness; ·          providing information to a government agency; ·          filing a complaint; ·          assisting, participating, or testifying in proceedings; ·          certain types of work refusal.

Source: GAO analysis of agency websites and documentation.  |  GAO‑26‑107650

Note: Whether a discloser is deemed a whistleblower depends on the facts and applicable statute. The administering agency is responsible for determining whether a discloser is entitled to any whistleblower protections and awards.

	Securities and Exchange Commission (SEC), Office of the Whistleblower	Internal Revenue Service (IRS), Whistleblower Office	Occupational Safety and Health Administration (OSHA), Whistleblower Protection Program
Office Mission	The SEC’s whistleblower program pays monetary awards to individuals who report information about possible federal securities laws violations that leads to an SEC enforcement action that results in sanctions of over $1 million.	The IRS Whistleblower Office pays monetary awards to individuals who provide information on violations of laws the IRS is authorized to administer, enforce or investigate when the Secretary of the Treasury collects proceeds based on the information.	OSHA’s Whistleblower Protection Program enforces the provisions of over 20 federal laws protecting employees from retaliation for reporting concerns about hazards or other violations of law.
Intake	To be considered for an award, an individual must submit information either through SEC’s online Tips, Complaints and Referrals portal, or equivalent paper form, and answer “yes” to the questions regarding participating in the whistleblower program.	Individuals submit information on the alleged noncompliance, descriptions of supporting documentation, and other materials with a signed IRS Form 211, Application for Award for Original Information, with the Whistleblower Office.	Employees who believe that their employers retaliated against them because of activity protected by one of the whistleblower laws OSHA enforces, must file a complaint with OSHA, typically within certain time limits.
Investigation	All disclosures, complaints, and referrals received by the SEC are reviewed. During the evaluation process, the Office of Market Intelligence examines each disclosure to identify those with high-quality information that warrant the additional allocation of SEC resources and refers the tip to other divisions, as appropriate, for further review or investigation.	The IRS Whistleblower Office analyzes whistleblower submissions to identify those with high-quality, actionable claims of tax law violations as well as other laws the IRS is authorized to administer, enforce, or investigate.	OSHA will first review the claim to ensure basic requirements are met, such as whether the complaint was filed on time. If so, OSHA will investigate to determine whether there is reason to believe the employer retaliated against the employee for engaging in protected activity. OSHA may also attempt to assist the employer and employee in reaching a settlement of the case.
Outcome	SEC posts a Notice of Covered Action for Commission actions resulting in sanctions exceeding $1 million on its website so that individuals who believe they voluntarily submitted new information that led to successful enforcement in the Covered Action may apply for an award. The SEC pays 10 — 30 percent of the collected monetary sanctions to eligible whistleblowers.	The IRS is authorized to pay an award of between 15 — 30 percent of the proceeds collected attributable to the information submitted by the whistleblower. IRS will only issue an award once a final determination has been made, and as such, award payments cannot be made until the taxpayer has exhausted all appeal rights.	If the evidence gathered gives reasonable cause to believe that unlawful retaliation occurred, OSHA will either file a complaint in an appropriate federal district court or issue an order requiring the employer, as appropriate, to put the employee back to work, pay lost wages, and provide other possible relief. If the evidence gathered does not establish a reasonable cause to believe a violation occurred, OSHA will dismiss the complaint.

Source: GAO analysis of agency websites, fact sheets, and FAQs.  |  GAO‑26‑107650

GAO Contacts

Yvonne D. Jones, jonesy@gao.gov

Staff Acknowledgments

In addition to the contact named above, Ty Mitchell (Assistant Director), Brett Caloia (Analyst in Charge), Serae LaFache-Brazier (Senior Analyst), Steven Putansu, Crystal Wesco, and Amalia Konstas made key contributions to this report.

GAO’s Mission

The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost is through our website. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. You can also subscribe to GAO’s email updates to receive notification of newly posted products.

Order by Phone

The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm.

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.

Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information.

Connect with GAO

Connect with GAO on X, LinkedIn, Instagram, and YouTube.
Subscribe to our Email Updates. Listen to our Podcasts.
Visit GAO on the web at https://www.gao.gov.

To Report Fraud, Waste, and Abuse in Federal Programs

Contact FraudNet:

Website: https://www.gao.gov/about/what-gao-does/fraudnet

Automated answering system: (800) 424-5454

Media Relations

Sarah Kaczmarek, Managing Director, Media@gao.gov

Congressional Relations

David A. Powner, Acting Managing Director, CongRel@gao.gov

General Inquiries

https://www.gao.gov/about/contact-us