SEC's New Whistleblower Rules Become Effective
The Securities and Exchange Commission (SEC) recently adopted whistleblower rules that became effective on August 12, 2011. These rules permit individuals who provide the SEC with tips that lead to successful enforcement actions to receive a portion of the SEC’s monetary sanctions. The SEC has created a formal Office of the Whistleblower to administer these new rules, promulgated several new forms to be used in submitting a tip or requesting an award, and launched a new website (with FAQs) to provide information on the program. Several law firms have set up their own whistleblower websites as well.
There seems little doubt that these new rules will increase whistleblower claims and will thus pose a potentially significant risk to the effectiveness of corporate compliance programs, which depend on prompt reporting of wrongdoing from employees. These rules also raise the possibility of a rash of frivolous tips, each of which will require company resources to investigate.
Who is a Whistleblower?
Under the final rules “[y]ou are a whistleblower if, alone or jointly with others, you provide the Commission with information pursuant to the procedures set forth in [the rule] and the information relates to a possible violation of the federal securities laws (including any rules or regulations) that has occurred, is ongoing, or is about to occur.”
To be considered for an award, a whistleblower must voluntarily provide the SEC with “original information” that leads to an SEC enforcement action in which the SEC obtains monetary sanctions greater than $1 million. A whistleblower may be eligible to 10 to 30 percent of the monetary sanctions.
To determine whether the $1 million in monetary sanctions threshold has been satisfied, the SEC will aggregate awards from separate proceedings that were based on the same underlying facts.
The rules generally exclude from eligibility original information:
- Obtained by a person with legal, compliance, audit, supervisory, or governance responsibilities for a company, such as an officer or director, if the information was communicated to the whistleblower through the company’s internal compliance mechanisms
- Gained by an independent public accountant through the performance of an audit
Note that the rules do not necessarily make a whistleblower ineligible to receive an award if the whistleblower engaged in the same fraud or misconduct that he or she is reporting. Instead, the SEC will consider the nature and severity of the misconduct to determine if the whistleblower may collect an award.
Impact on Internal Compliance Programs
The SEC responded to concerns that its whistleblower award program, as originally proposed, might negatively affect a company’s internal ethics and compliance processes by providing incentives for a whistleblower to participate in a company’s internal compliance and reporting system. However, the rules do not require a whistleblower to report violations of securities laws internally to qualify for an award under the SEC’s program. Under the rules, voluntary participation in a corporate internal compliance and reporting system may increase the reward while interference with a corporate internal reporting program may reduce the reward.
If a whistleblower reports information through the company’s internal compliance and reporting system, the whistleblower has 120 days from the original date the information was reported within the company to report the information to the SEC. The whistleblower will receive credit as if the original information was reported to the SEC on the date it was reported internally. The rules also provide that if a whistleblower reports information through the employer’s internal compliance and reporting system, and the company subsequently self-reports to the SEC, the whistleblower is credited with the report and is eligible for any resulting award.
In addition to the new award system, the Dodd-Frank Act also significantly expanded anti-retaliation employment protections and remedies for whistleblowers. Various laws, including the Sarbanes-Oxley Act and the employment laws of many states, prohibit retaliation against whistleblowers. Dodd-Frank added substantially to those protections.
Dodd-Frank prohibits discharging, demoting, suspending, threatening, harassing, or otherwise discriminating in any way against whistleblowers—including whistleblowers the SEC deems ineligible for an award—because of any lawful act performed by the whistleblower in connection with their reporting. Companies are also prohibited from requiring employees to only report violations internally and may not require employees to waive or limit their rights under the whistleblower rules, including anti-retaliation provisions.
These protections extend to whistleblowers who reasonably believe that the information being provided relates to a possible securities law violation that has occurred, is ongoing, or is about to occur, and who provide the information in a manner described in Dodd-Frank, which includes:
- Providing information to the SEC whistleblower program
- Initiating, testifying in, or assisting in any SEC investigation or judicial or administrative action based on or related to whistleblower program information
- Making disclosures required or protected under the Sarbanes-Oxley Act, Exchange Act Section 10A(m) (public company accounting and auditing requirements), or any other law, rule, or regulation subject to the SEC’s jurisdiction
Violations of these anti-retaliation rules may be enforced against employers by the SEC, through other state and federal agencies, or directly by the whistleblower in
Impacts of New Whistleblower Award Program
The SEC whistleblower program is just one element in a shift in the government’s focus from fostering internal corporate compliance to encouraging external reporting. As a result, companies are now more likely to find themselves hearing about potential wrongdoing from a regulator rather than through their internal compliance and reporting systems.
Further, notable awards may result from conduct outside the United States since violations of the Foreign Corrupt Practices Act are subject to the new rules. Together, SEC and DOJ FCPA actions yielded more than $1.5 billion of judgments and settlements in 2010 alone, with the number of FCPA enforcement actions nearly doubling between 2009 and 2010. Representatives of the SEC have said that the quality of tips received has gone up since the passage of Dodd-Frank, and that tips now often include supporting documentation and are submitted by attorneys representing the whistleblower.
To counter the incentive for employees to bypass internal corporate processes and contact the SEC first, companies will need to think about how best to persuade employees to relay their concerns internally. Companies will need to make sure employees understand that avoiding illegal business conduct is a priority for the company and that they will be protected if they raise legitimate compliance concerns in good faith. In this sense, little needs to be changed as a result of the new rules. Most public companies (and their employees) do the “right thing” every day and have corporate cultures and formal compliance programs that support this behavior.
Companies also will need to review and improve compliance and investigatory functions to ensure that whenever anyone raises a credible issue regarding possible non-compliance with the securities laws, including possible overseas FCPA violations, the company has processes, procedures, and personnel—both internal and external, as appropriate—to respond quickly and minimize the likelihood of receiving a call from the SEC.
Companies will want to consider the following:
- Creating an action plan or protocols for addressing whistleblower complaints that assumes every internalcomplaint of a type within the whistleblower rules will be reported by that employee to the SEC
- Reviewing and updating as necessary corporate compliance policies, including provisions for anonymous reporting, hotlines, and related policies
- Offering periodic training on the internal reporting policy and procedures
- Conducting exit interviews of appropriate employees leaving the company to ask if they suspect or know of any compliance violations, as former employees will likely be a significant source of whistleblower “tips” to the SEC
In addition, and most importantly, companies will want to continue to do what they have been doing for many years:
- Cultivating a corporate culture that emphasizes the importance of legal and regulatory compliance and ethical conduct
- Ensuring that the corporate compliance program receives high-level oversight within the company
- Ensuring that all employees understand that retaliation for reporting legitimate concerns of potential misconduct through appropriate channels is illegal and will not be tolerated