By James K. Hein and Craig A. Foster
As discussed in a previous update, the Securities and Exchange Commission recently issued final rules implementing its new whistleblower program designed to encourage reporting of potential violations of the federal securities laws. The program was created pursuant to Section 922(a) of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which requires the SEC to pay awards to whistleblowers who voluntarily provide the SEC with original information that leads to a successful enforcement action by the SEC in which more than $1 million is recovered. The final rules include provisions designed to (a) discourage employees from bypassing internal compliance programs, (b) protect professional advice and internal supervisory functions, and (c) consider the culpability of the whistleblower in determining the amount of any award.
We discuss below some additional aspects of the SEC’s whistleblower program and suggest certain practical steps businesses can take to reduce exposure to whistleblowers.
Retaliation Against Whistleblowers Prohibited
Dodd-Frank prohibits retaliation against employee whistleblowers. Whistleblowers are defined broadly to include anyone who, individually or jointly with others, provides the SEC with information relating to a potential violation of the securities laws. A whistleblower does not need to actually meet the eligibility requirements for an award to be protected by the anti-retaliation provision. A whistleblower who is retaliated against has a right to sue directly in district court for: (a) reinstatement, with the same seniority status; (b) two times the amount of back pay; and (c) reasonable attorney fees and costs. The whistleblower is relieved of any obligation to pursue a complaint before an appropriate administrative agency first, opening the door to the much broader discovery rules of the district courts. The statute of limitations on a retaliation claim can be up to ten years in certain circumstances, which is far longer than the limitations periods for most other kinds of retaliation.
Employers can expect that disgruntled or terminated employees may report spurious claims to the SEC to claim the protections of Dodd-Frank against alleged retaliation. In addition, businesses may face difficult choices when enforcing no-tolerance policies against whistleblowers who are themselves involved in the wrongdoing.
The SEC May Contact Whistleblowers Directly
The final rules specifically allow the SEC to directly contact employees of an entity that has counsel if the individual initiated communication with the SEC concerning a possible securities law violation. This is contrary to the standard ethical rules prohibiting an attorney from contacting a represented party without its counsel’s consent. The ethical rules of most states typically include an exemption for such communications when “allowed by law,” and the final rules make clear that the SEC’s communications attempt to come within such exemptions.
Confidentiality of Submissions
The final rules provide confidentiality and anonymity to whistleblowers and prohibit the SEC from sharing information that would reveal a whistleblower’s identity except in certain circumstances. Those circumstances include situations where litigation has commenced over the violations and where the SEC believes it is appropriate to share information with other securities and law enforcement agencies, including foreign ones. Additionally, whistleblowers may report to the SEC anonymously through an attorney.
SEC Cooperation Initiative
In January 2010, the SEC published an “analytical framework” for assessing and crediting cooperation by individuals and entities in connection with the SEC’s investigation of securities laws violations. Depending on the circumstances, cooperating parties may be pursued for lesser sanctions or may not even be prosecuted at all. These possibilities, coupled with the new mandatory awards, create a very significant motivation for individuals and entities to report if they have exposure to securities law violations. It also provides a motivation for employers to self-report potential violations early in order to minimize the fallout. Reporting early also allows the employer to be proactive rather than reactive, and to better control the dialogue with the SEC.
What Should Businesses Be Doing Now?
Strong internal reporting and compliance programs are now more important than ever. Businesses cannot eliminate the possibility that an employee will blow the whistle after discovering a violation, but they can build robust internal reporting and compliance procedures to reduce that possibility. Developing a culture of compliance is the key to reducing exposure created by whistleblowers. Some key elements to consider:
- General Counsel will first need to determine whether a company’s present system for reporting misconduct is adequate or needs to be modified to accommodate the final rules.
- Employee manuals should obligate employees to report promptly potential misconduct to appropriate company personnel. Any procedures adopted should explicitly state to whom a given employee should report. Employees should be regularly trained on and acknowledge their internal reporting obligations.
- To encourage internal reporting, policies should emphasize that retaliation against any employee seeking to report potential wrongdoing is strictly prohibited.
- Human resources managers should be trained to respond to allegations of wrongdoing in connection with reviews, discipline and termination. Exit interviews are very important. The reasons for all actions taken should be well documented. Because the statute of limitations for retaliation claims can be up to ten years in certain circumstances, appropriate steps should be taken to retain records.
- Many businesses already have “hotlines” for reporting potential wrongdoing, but those hotlines will be used only if coupled with a credible procedure for investigating reports. Employees must perceive the hotline as providing anonymity and confidentiality, and they must have confidence that their report will lead to a prompt, appropriate investigation. Employees should have a channel for reporting violations outside of an employee’s normal line of supervision. Where a violation has occurred, fair and consistent discipline must be enforced.
- In order to create a corporate culture that supports internal reporting, management must make its support of these procedures publicly known. “Tone at the top” is generally seen as a very significant factor in whether these processes are used or ignored.
- Reports of wrongdoing should be tracked. Reporting procedures should be reviewed and tested regularly to ensure that they are working. Procedures for responding to employees regarding internal investigations of reported wrongdoing should be established. Progress reports are probably not desirable, but whistleblowers should be advised of the outcome of the investigation.
- While they may pale in comparison with awards under Dodd-Frank, some businesses are considering making their own awards to employees who report wrongdoing internally. Others are considering making hotlines for reporting violations available to customers, suppliers, and other third-parties, all of whom may be eligible for whistleblower awards under Dodd-Frank. One consultant even suggests that businesses consider paid whistleblower sabbaticals for employees who are uncomfortable remaining at work while their complaints are being investigated.
- Businesses should evaluate whether their current directors and officers liability insurance policies cover risks created by the new whistleblower program. For example, businesses may want to seek to expand coverage for both formal and informal SEC investigations and ensure such coverage applies to the company (entity or “Side C” coverage) as well as individuals.
This client update is intended to provide general information to our clients and should not be construed as legal advice. If you have questions regarding this client update, please get in touch with your principal contact at Tonkon Torp LLP, or Tom Palmer (503.802.2018 or firstname.lastname@example.org) or James Hein (503.802.2129 or email@example.com) of our Corporate Finance Practice Group.