I. INTRODUCTION

The whistleblower and bounty hunter provisions of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank") make internal auditing, reporting and compliance programs more important than ever for covered employers. The SEC regulations implementing Dodd-Frank (the Final Rules), released on May 25, 2011, clearly illustrate that the government's objective is to stimulate reporting of violations of the federal securities laws through financial incentives to individuals—usually employees— who discover such violations. The Dodd-Frank regulations are— above all—a law enforcement tool that signals a fundamental change in the SEC's approach to corporate corruption. Only ten years ago, Congress passed the Sarbanes-Oxley Act of 2002 ("SOX") in response to the breakdown in internal corporate controls, demonstrated most dramatically in the Enron prosecution. Dodd-Frank is a step farther on that continuum. No longer content with the enhanced self-governance approach of SOX, the SEC now puts the fear of prosecution into the boardroom and executive suite by incentivizing employees of every covered employer to expose corruption for a price. In addition, Dodd-Frank provides enhanced employment protection for the whistleblower providing the information.

In presenting the new regulations, SEC Chairperson Mary L. Schapiro stated that "for an agency with limited resources like the SEC, I believe it is critical to be able to leverage the resources of people who have first-hand information about potential violations" of the securities laws. To that end, among other things, the final regulations:

  • Broaden the range of people who may qualify as whistleblowers;
  • Promise to pay informant/whistleblowers for "original source" information that leads to a successful enforcement action by the SEC;
  • Require only a "reasonable belief" that the information provided "relates to a possible securities law violation;"
  • Simplify the reporting process for whistleblowers;
  • Do not require an employee to make an internal complaint before reporting alleged unlawful conduct to the SEC, including complaints for unlawful retaliation.

As evidence of its serious commitment to enforcing its new program, the SEC recently leased 900,000 square feet of space for its expanding offices and has fully staffed a newly created "Office of the Whistleblower."1 The SEC has also allotted more than $450 million to its investor protection fund, out of which whistleblower awards will be paid. In short, the SEC has girded itself for a massive increase in whistleblower reports, investigations and enforcement actions and, with the potential for multi-million-dollar awards to qualifying whistleblowers, it is not likely to be disappointed. At the same time, the U.S. Department of Labor (DOL) has issued a number of recent decisions that expand whistleblower protections.

The financial incentives laid out in the SEC regulations suggest that covered employers will face some or all of the following:

  • Increased use of their ethics and compliance reporting procedures, because the regulations reward the use of those procedures;
  • A need for prompt and efficient corporate responses to internal complaints, because effective responses are rewarded by the SEC, the U.S. Department of Justice prosecution principles, and the Federal Sentencing Guidelines;
  • An increase in SEC and DOL investigations generally, because the bounty hunter system does not discourage reporting of questionable or borderline claims of misconduct; and
  • The need for sensitive and sensible HR responses to employee complaints, because the Dodd-Frank whistleblower provisions can insulate employees who use them as a shield against performance management and legitimate employer discipline.

In anticipation of this increased activity, businesses should pay renewed and focused attention to their internal compliance, ethics and anti-retaliation policies and procedures, and be vigilant concerning, and nimble in responding to, potential employee allegations of wrongdoing.

To assist in this effort, this Littler Report provides an overview of the some of the more significant aspects of the SEC's Final Rules for implementing Dodd-Frank, including the SEC's attempt to strike a balance between promoting internal compliance and encouraging reports of unlawful conduct to governmental agencies. We also offer some practical suggestions about steps employers can take to foster a culture of compliance, encourage internal reporting, and place themselves in the best possible position to defend against whistleblower and retaliation claims that even the most careful and compliant companies may face.

II. Who Can Qualif y as a Whistle blower ?

A. The Basic Definition

To qualify as a whistleblower under Dodd-Frank, an individual must be "an employee of a public company or subsidiary whose financial information is included in the consolidated financial statements of a public company or the employee of a nationally recognized statistical rating organization."2 The Final Rules define a whistleblower as one who possesses a "reasonable belief " that the information provided "relates to a possible securities law violation." The "reasonable belief " standard, also applicable in SOX and other whistleblower contexts, is intended to put "potential whistleblowers on notice that meritless submissions cannot be the basis for antiretaliation protection."3 The SEC notes that it included this phrase to deter frivolous claims so it could focus on more meritorious submissions and because of its concern about the cost of such claims to employers, not only in terms of the costs of litigation, but also because of "inefficiencies stemming from some employers' decisions not to take legitimate disciplinary action due to the threat of bad faith anti-retaliation litigation." 4

The use of the term "possible violation" in the definition of whistleblower in the Final Rules is also significant. In the proposed rules, the SEC had used the word "potential," but changed it to "possible violation" that "has occurred, is ongoing, or is about to occur" to be more precise and clarify that whistleblower status applies to those who provide "information about possible violations, including possible future violations, of the securities laws."5 The SEC rejected the use of the terms "probable violation" or "likely violation," stating that it thought that such a "higher standard" was "unnecessary" and would "make it difficult for the staff to promptly assess whether to accord whistleblower status to a submission."6 In the SEC's view, the language it adopted was sufficient to ensure that "frivolous submissions would not qualify for whistleblower status."7

The SEC also decided not to limit the scope of the term "possible violations" by including a requirement that the information provided relate to a "material" violation of the securities laws. In keeping with its objective of encouraging informants, the Final Rules express the SEC's concern that a materiality threshold might limit the number of reports made. The SEC states that "it is preferable for individuals to provide us with any information they possess about possible securities violations (irrespective of whether it appears to relate to a material violation) and for us to evaluate whether the information warrants action."8

B. Individuals Who Have a Legal or Contractual Duty to Report Violations Are Excluded

To qualify for receipt of an award under Dodd-Frank, a whistleblower must have "voluntarily" provided "original information" to the SEC that led to a successful enforcement action. The rules explain that an individual who reports information to the SEC pursuant to some legal or contractual duty has not done so "voluntarily" and therefore is not eligible for an award. Individuals who provide information following a request, inquiry or demand from the SEC or as part of an investigation by Congress or the Public Company Accounting Oversight Board or any self-regulatory body relating to the subject matter of the report are also deemed not to have "voluntarily" reported.

C. Individuals in Compliance-Related Roles Are Excluded

To be deemed "original information," a whistleblower's report must, among other things, be derived from his or her own "independent knowledge or analysis." The rules apply this definition to exclude several categories of professionals who obtain information about violations because of their compliance-related roles:

  • Attorneys, including in-house counsel, and non-attorneys who learn information from an attorney-client communication.
  • Officers, directors, trustees or partners9 of an entity if they obtained the information because another person informed them of allegations of misconduct, or they learned the information in connection with the entity's processes for identifying, reporting, and addressing potential noncompliance with the law.
  • Employees whose principal duties involve compliance or internal audit responsibilities, as well as employees of outside firms that are retained to perform internal compliance or internal audit work.
  • Those employed or otherwise associated with a firm retained to conduct an inquiry or investigation into possible violations of the law.
  • Employees of a public accounting firm who acquire information through an audit or other engagement required under the federal securities laws relating to an alleged violation by the engagement client.

D. Exceptions to the Exclusions

The categories of individuals listed above may nevertheless be eligible for whistleblower status under certain circumstances. For attorneys, the Final Rules include an exception for attorney disclosures permitted under state bar rules. These rules vary, but most permit disclosures necessary to prevent the commission of a crime or fraud. The exception for permitted attorney disclosures applies equally to non-attorneys who receive the information in an attorney-client communication.10

Individuals in the other excluded categories listed above may be considered whistleblowers in the following circumstances:

  • If they can demonstrate they have a "reasonable basis" to believe that disclosure of the information to the SEC is necessary to prevent "conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors."11 This is similar to the crime-fraud exception applicable to reports by attorneys. The SEC explains that "in most cases" a whistleblower who seeks to collect an award on the basis of this exception will need to demonstrate that management or governance personnel at the entity were "aware of the imminent violation and were not taking steps to prevent it."12
  • If they have a reasonable basis to believe that the "relevant entity is engaging in conduct that will impede an investigation,"13 such as impermissibly influencing witnesses or destroying documents.
  • 120 days after (a) providing information to the entity's audit committee, chief legal or compliance officer or his supervisor, or (b) receiving information under circumstances indicating the audit committee, chief legal or compliance officer, or supervisor was already aware of the information.

The Final Rules also clarify that an individual cannot collect an award on the basis of information obtained from someone who is excluded from eligibility for an award as a whistleblower. There is an exception to this rule, however, for information that the original source could permissibly report or if the whistleblower is providing information about possible violations involving the person from whom the information was obtained. For example, if an auditor learns from a colleague about his involvement in a client's securities law violation, the auditor could report the violation to the SEC and collect an award as a whistleblower if the report led to a successful enforcement action.

E. Criminal Violators

Consistent with its basic focus on aiding law enforcement, the Final Rules incorporate the concept of "using a rogue to catch a rogue,"14 to enhance the SEC's ability to detect federal securities violations and obtain evidence for its enforcement actions. Rejecting the suggestion by some commenters that the rules exclude from "whistleblower" status those who are themselves guilty of violations, the SEC notes that "[i]nsiders regularly provide law enforcement authorities with early and invaluable assistance in identifying the scope, participants, victims, and ill-gotten gains" from fraudulent schemes.15 In further support of its position the SEC states, "[t]his basic law enforcement principle is especially true for sophisticated securities fraud schemes which can be difficult for law enforcement authorities to detect and prosecute without insider information and assistance from participants in the scheme or their coconspirators."16

However, in response to public policy concerns about rewarding wrongdoers, the Final Rules provide that the SEC will not count monetary sanctions against the whistleblower or any entity "whose liability is based substantially on conduct that the whistleblower directed, planned, or initiated" in determining whether the $1,000,000 threshold for an award has been met.17 In addition, any award the whistleblower receives will be decreased by amounts attributable to the whistleblower's conduct.

The rules also deny whistleblower status to those who obtain information "where a domestic court determines that the whistleblower obtained the information in violation of federal or state criminal law."18 The SEC rejected recommendations to extend this provision to information obtained in violation of civil law. The exclusion also does not apply to information obtained in violation of a protective order.

Footnotes

1 http://www.sec.gov/foia/docs/oig-553.pdf.

2 17 C.F.R. pts. 240 & 249, Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934 ("Final Rules"), at 17. The Final Rules can be found on the SEC's website at http://www.sec.gov/spotlight/dodd-frank.shtml17.

3 Final Rules at 218.

4 Id. at 219.

5 Id. at 12.

6 Id. at 13.

7 Id.

8 Id. at 14.

9 Officers or other designated persons are not precluded from recovery as whistleblowers if they actually observe the violations rather than, for example, learning of them through an employee report. Also, notably, the SEC removed non-officer supervisors from the list of designated persons.

10 Final Rules at 59.

11 Id. at 145.

12 Id. at 74.

13 Id. at 145-146.

14 Id. at 193.

15 Id. at 195.

16 Id. at 194-195.

17 Id. at 195.

18 Id. at 80.

19 15 U.S.C. § 78u-6 (h)(1)(A).

20 Final Rules at 18.

21 Id. at 15.

To view full article click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.