Following the widespread failures associated with Bernard Madoff, Congress hastily passed the Dodd-Frank Act and empowered the Securities and Exchange Commission to issue rules enforcing certain of its provisions, including the whistleblower bounty provision.
In effect, Congress has deputized employees of publicly traded companies to police their employers’ conduct, offering handsome compensation to those who do so effectively.
As discussed in the July issue of New England In-House (“FYI: wave of whistleblower claims on the way”), Dodd-Frank significantly expanded the whistleblower protection provision in Section 806 of the Sarbanes-Oxley Act of 2002, which prohibits publicly traded companies from retaliating against employees who report financial misconduct and provides a private cause of action against those that do.
Among other things, Dodd Frank expanded coverage of Section 806 to certain subsidiaries and affiliates of publicly traded companies, doubled the statute of limitations for retaliation claims, created a right to a jury trial in federal District Court, and directed the SEC to award bounties to whistleblowers who report suspected violations of the securities laws directly to it.
On May 25, 2010, after numerous hearings and extensive public commentary, the SEC released its final rules implementing Dodd-Frank’s whistleblower bounty provision and laying the groundwork for payment of six- or seven-figure bounties.
These rules add additional teeth to the already formidable Section 806 of SOX and, as expected, largely favor whistleblowers.
Notably, the rules were passed on a 3-2 party-line vote, with the SEC’s two Republican commissioners voting in the minority.
Viewed in conjunction with the increasingly pro-employee decisions being issued by the Department of Labor’s Administrative Review Board, which hears most SOX whistleblower cases, it is clear that now is the time for companies to step up internal compliance programs.
Only after gaining an understanding of these rules, however, can companies begin the necessary task of crafting practical and effective internal reporting, compliance, and anti-retaliation programs and strategies.
In short, the rules entitle whistleblowers to a bounty when they voluntarily provide the SEC original information that leads to the successful enforcement of a federal court or administrative action, and the SEC obtains sanctions exceeding $1 million.
The bounty can range from 10 to 30 percent of the sanctions awarded. For purposes of determining whether the $1 million threshold is met, the SEC may aggregate two or more smaller actions that “arise from the same nucleus of operative facts,” which, as a practical matter, will make bounties available to more whistleblowers in more cases.
Even if the $1 million threshold is met, whistleblowers must have provided “original information” to the SEC to be eligible for a bounty.
The rules define “original information” as information that is derived from the independent knowledge or analysis of the whistleblower that is not already known to the SEC from any other sources, and not exclusively derived from allegations made in a judicial or administrative hearing, government report, hearing, audit or investigation, or from the news media.
Nevertheless, most information that is gleaned internally from the whistleblower’s position of employment or other relationship with the company will be deemed “original.”
The rules define “independent knowledge” as factual information in the whistleblower’s possession that is not obtained from publicly available sources (e.g., corporate press releases and filings, media reports and information on the Internet), and sources that, though not widely disseminated, are generally available to the public (e.g., court filings and documents obtained through FOIA requests).
The definition does not require that whistleblowers have direct, first-hand knowledge of potential violations; rather, they may obtain such knowledge from observations, communications and independent analysis of publicly available information.
That said, independent knowledge does not include information that is:
(a) subject to the attorney-client privilege;
(b) learned through legal representation (including in-house counsel), even if not privileged, unless the disclosure has been authorized;
(c) secured through an engagement required under the securities laws by an independent public accountant if the information relates to a violation by the client or the client’s directors, officers or employees;
(d) obtained by officers, directors, trustees or partners of an entity who are informed of allegations of misconduct, or who learn the information in connection with the entity’s processes for identifying, reporting and addressing possible violations of the law (such as through a help line);
(e) obtained by employees whose principal duties involve compliance or internal audit responsibilities or employees of outside firms retained to perform compliance or internal audit work;
(f) obtained in a manner that is determined by a court to violate applicable federal or state criminal law; or
(g) obtained from a person who is subject to the above exclusions, unless the information is not excluded from that person’s use, or the whistleblower is providing information about possible violations involving that person.
There are, however, broad exceptions to those limitations. In certain circumstances, for instance, compliance and internal audit personnel, as well as public accountants, can be whistleblowers, such as when they believe that disclosure may prevent substantial injury to investors or that the company engaging in conduct will impede the investigation.
Likewise, internal audit personnel and public accountants may become whistleblowers after 120 days have elapsed since the whistleblower reported the information to her or his supervisor or the company’s audit committee, chief legal officer, chief compliance officer, or since the whistleblower received the information, if the whistleblower received it under circumstances indicating that the foregoing individuals already are aware of the information. As a practical matter, that forces companies to address complaints quickly so as to avoid creating new potential whistleblowers.
A whistleblower also must have “voluntarily submitted” information to the SEC to be eligible for a bounty. Information is not deemed to have been voluntarily submitted when the whistleblower was required to report the information to the SEC, such as through a pre-existing legal duty, contractual duty, or duty that arises out of a judicial or administrative order.
Likewise, information is not voluntarily submitted when it is done so pursuant to a request by the SEC that relates to the subject matter of the submission, or in connection with an investigation, inspection, or examination by a self-regulatory organization or a government entity.
The rules also require a whistleblower to have a “reasonable belief” that the information being provided relates to a possible securities law violation (or, where applicable, to a violation of the provisions in Section 806 of SOX) that has occurred, is ongoing or is about to occur:
“The ‘reasonable belief’ standard requires that the employee hold a subjectively genuine belief that the information demonstrates a possible violation, and that this belief is one that a similarly situated employee might reasonably possess.”
In determining whether a whistleblower’s belief is reasonable, the SEC will consider whether the information provided is specific, credible and timely; whether it is related to a matter that is already under investigation by the SEC but significantly contributes to the investigation; and whether it was reported internally and then disclosed by the company (and satisfies either of the foregoing considerations).
Even if all the requirements described above have been met, whistleblowers who themselves have engaged in misconduct that is the subject of the SEC’s action or a related action may be barred from recovering a bounty or limited in the amount they are permitted to recover.
Whistleblowers convicted of criminal violations related to the action for which they provided information are unconditionally barred from recovery.
Whistleblowers who have engaged in misconduct, but are not convicted of such, however, can recover bounties. But the SEC will not include sanctions that the whistleblower is ordered to pay, or that are ordered against an entity whose liability is based “substantially” on conduct that the whistleblower directed, planned or initiated, in determining whether the $1 million threshold has been met.
Finally, while the SEC’s rules deal largely with bounties, they also protect whistleblowers who are not eligible for a bounty from retaliation and prohibit companies from hindering a whistleblower’s ability to communicate with the SEC.
What companies can do
The prospect of six- or seven-figure bounties provides potential whistleblowers with an incentive to bypass the internal compliance mechanisms mandated by SOX and complain directly to the SEC, which will make it difficult for companies promptly to address the allegedly fraudulent conduct.
Indeed, there is a growing fear that the bounty provision will actually encourage whistleblowers to let financial improprieties grow so that the size of the SEC’s recovery and their corresponding bounty is higher.
There are, however, steps that companies can take to minimize the risk of whistleblowers.
Perhaps most important, companies should adopt leadership models that foster a culture of open communication, integrity and accountability throughout the organization with an eye toward encouraging employees to raise complaints internally rather than to third parties such as the SEC.
To that end, companies should provide multiple avenues through which employees can report perceived misconduct without fear of retaliation; promulgate appropriate codes of ethics and anti-retaliation policies; and train managers to be receptive and responsive to employee complaints.
In-house counsel, human resources professionals and compliance teams must be encouraged and empowered to work closely to ensure that valid employee complaints are addressed properly and in a timely manner, to avoid the appearance of retaliation resulting from employee complaints and, when possible, to inform the employee that the matter is being taken seriously, even if confidentiality considerations preclude them from being told any details about the ultimate resolution.
While the obvious enticement of potential bounties may be too strong to completely combat, companies that understand the new rules and craft practical and effective internal reporting, compliance, and anti-retaliation programs and strategies, with the assistance of experienced counsel, will certainly be better positioned to avoid whistleblowers and limit their potential exposure in the event one surfaces.