On May 25, 2011, the Securities Exchange Commission ("SEC"), by a narrow 3-2 vote, adopted final rules to implement the securities whistleblowing provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank"). Anticipation of the final rules had grown over the last month since the SEC missed the April 21 statutory deadline, as it considered the views expressed in the more than 240 comment letters and approximately 1,300 form letters it received regarding the proposed rules issued in November 2010.
One of the most well-publicized elements of Dodd-Frank is the monetary incentive, or "bounty," for whistleblowers who voluntarily provide "original information" leading to the successful enforcement of an action brought by the SEC. Such whistleblowers are eligible to receive an award between 10 and 30 percent of the total monetary sanctions collected in cases where the SEC imposes sanctions exceeding $1 million. In crafting the final rules, the SEC targeted "significant" objectives in implementing this bounty program, including: (1) preserving the strength of company compliance programs; (2) excluding certain persons and information from award eligibility; (3) expanding the statutory criteria used to determine the amount of an award; (4) providing for the aggregation of smaller actions to satisfy the $1 million threshold required for award eligibility; and (5) adopting a simpler process for submitting information and claims to the SEC.
Preserving the Strength of Company Compliance Programs
Many commentators believed that the proposed rules did not go far enough in requiring or promoting whistleblowers' use of companies' internal compliance systems. Indeed, many employer advocates believe that the only way to preserve internal compliance systems in the face of this new bounty program would be to require any potential whistleblower to report any concerns internally before approaching the SEC. While the SEC acknowledged the importance of internal compliance programs, the final rules rejected this position and do not require whistleblowers to report concerns internally before alerting the SEC. The rules provide whistleblowers who first report violations to compliance or legal personnel with a 120-day grace period (up from 90 in the proposed rules) to submit information to the SEC, and permit the SEC to increase or decrease the amount of a whistleblower's award depending on whether the whistleblower followed or undermined the company's compliance procedures. Furthermore, a whistleblower may still receive an award for reporting original information to the company's internal compliance system, even when it is the company that provides the information to the SEC.
Limiting the Class of Qualified Whistleblowers and the Amount of Awards
The final rules prohibit certain professionals from exploiting their positions to recover under the incentive award program. Subject to few exceptions, any employee who receives information through the following means will be ineligible to receive an award for reporting a securities violation under Dodd-Frank:
- Through communications subject to attorney-client privilege;
- As a result of legal representation, where the attorney uses the information for his or her own benefit;
- When certain persons obtain information through company investigations or other such processes, including officers, directors, trustees or partners of the company, as well as employees whose principal duties involve compliance, or those employed by or otherwise associated with a firm retained to perform compliance or investigate possible violations of the law;1
- Through the performance of an engagement required of an independent public accountant, if that information relates to a violation by the engagement client or the client's directors, officers or other employees;
- By means or in a manner that violates applicable federal or state criminal law; or
- By obtaining information from persons who would otherwise be excluded under any of the above limitations, or providing the SEC with information about possible violations involving such persons.
The final rules also restrict the amount of the award to which certain otherwise-qualified whistleblowers are eligible. Dodd-Frank itself provided only that employees may not recover awards if they are criminally convicted for misconduct. The final rules make whistleblowers ineligible for a bounty based on any portion of the monetary sanctions ordered against a company whose liability is based substantially on conduct that the whistleblower directed, planned, or initiated.
Aggregation of Awards & Criteria for Determining the Amount of Awards
To satisfy the $1 million threshold for award eligibility, the SEC will aggregate awards from separate proceedings as long as the proceedings derive from the same nucleus of operative facts.
In the final rules, the SEC expands upon the statutory criteria used to determine the amount of an award. Specifically, in addition to considering the significance of the information provided by the whistleblower, the extent of the whistleblower's assistance and the degree to which an award enhances the SEC's ability to enforce federal securities laws, as stated above, the SEC also will consider whether the whistleblower participated in the company's internal compliance system. The final rules also set forth factors that may decrease the amount of a whistleblower award, including: the whistleblower's culpability, delay in reporting the alleged violation, and any interference with the company's internal compliance and reporting systems.
Simple Process for Receiving an Award
The final rules require that whistleblowers adhere to a two-step process when submitting information to the SEC. The information must be submitted to the SEC either online, through the Commission's website, or by completing a specific form (known as a Form TCR) and mailing or faxing that form to the SEC Office of the Whistleblower. A whistleblower also must simultaneously complete a declaration regarding the information submitted and, under penalty of perjury, attest that the information is true and correct to the best of the whistleblower's knowledge and belief. If the whistleblower wishes to remain anonymous, he or she must be represented by counsel. Counsel must (1) certify to the SEC that he or she has verified the whistleblower's identity, (2) review the accuracy of the submitted information, (3) obtain non-waivable consent from the whistleblower to provide the SEC with the original completed and signed Form TCR, and (4) consent to provide the signed Form TCR to the SEC, in the event of such a request. Nevertheless, the whistleblower must disclose his or her identity before the SEC pays out any award.
Definition of Whistleblower
Under the final rules, a "whistleblower" for purposes of receiving the bounty award is defined as an individual (not a company) who provides the SEC with information that relates to a possible violation of securities laws that has occurred, is ongoing, or about to occur. Dodd-Frank's anti-retaliation provision is broader and protects whistleblowers who (1) assist in an investigation or judicial or administrative action of the SEC based upon the provided information or (2) make disclosures that are required or protected under the Sarbanes-Oxley Act, the Securities Exchange Act, and any other law, rule, or regulation subject to the jurisdiction of the SEC. For purposes of the anti-retaliation provision, the final rules require that the whistleblower hold a reasonable belief that the employer has violated securities laws, a requirement not expressly stated in the statute. Moreover, the final rules make clear that the anti-retaliation protections do not turn on whether a whistleblower has successfully satisfied the procedures and conditions necessary to qualify for a bounty award.
Now that the SEC has issued its final rules and confirmed that the Investor Protection Fund has been fully funded, employers can expect to see heightened whistleblower activity and SEC investigations in the coming months. The new rules will take effect 60 days after their publication in the Federal Register. If you have any questions or concerns regarding the SEC rules or related issues, please contact the attorneys at Proskauer Rose.
Footnotes
1.These persons may still be eligible for an award when there is a reasonable basis to believe that disclosing the information to the SEC will prevent substantial injury to the financial interest or property of the company or when the company is impeding an investigation of the alleged misconduct. Such persons also are eligible for an award if at least 120 days elapsed since they provided the information to the company's audit committee, chief legal officer, chief compliance officer (or their equivalents) or supervisor, or when circumstances indicate that the company's audit committee, chief legal officer, chief compliance officer (or their equivalents) or supervisor was already aware of the information.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
