Last week, the SEC's Office of Compliance Inspections and Examinations (“OCIE”) issued a Risk Alert regarding examinations of investment adviser and broker-dealer registrants' compliance with key whistleblower provisions arising out of the Dodd-Frank Act.1 The Risk Alert comes weeks after a string of SEC settled actions against companies for whistleblower-related violations, including alleged violations of SEC Rule 21F-17 and the SEC's first case based solely on whistleblower retaliation.2 Rule 21F-17(a) provides that “[n]o person may take any action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation.” The Risk Alert reflects the most comprehensive guidance from the agency to date regarding its expectations for corporate compliance with the Dodd-Frank whistleblower provisions.

According to the Risk Alert, in examinations where OCIE Staff includes a review of registrants' compliance with Rule 21F-17, the Staff is analyzing a variety of documents, including:

  • compliance manuals;
  • codes of ethics;
  • employment agreements; and
  • severance agreements.

During these reviews, OCIE Staff will assess whether these documents contain provisions that: (a) purport to limit the types of information that an employee may convey to the Commission or other authorities; or (b) require departing employees to waive their rights to any individual monetary recovery in connection with reporting information to the government.

OCIE Staff will also assess whether registrants' documents contain other provisions that may contribute to violations of Rule 21F-17 in circumstances where their use potentially impedes employees or former employees from communicating with the Commission, such as provisions that:

  • require an employee to represent that he or she has not assisted in any investigation involving the registrant;
  • prohibit any and all disclosures of confidential information, without any exception for voluntary communications with the Commission concerning possible securities laws violations;
  • require an employee to notify and/or obtain consent from the registrant prior to disclosing confidential information, without any exception for voluntary communications with the Commission concerning possible securities laws violations; or
  • purport to permit disclosures of confidential information only as required by law, without any exception for voluntary communications with the Commission concerning possible securities laws violations.

The Risk Alert confirms that when examining registrants' compliance with Rule 21F-17, the Staff is citing deficiencies and making referrals to the Division of Enforcement. The SEC's recent enforcement actions along with this Risk Alert further highlight the agency's continued focus on corporate actions that could chill reporting of possible legal violations. For a detailed discussion of the SEC's focus on violations of the Dodd-Frank Act whistleblower provisions, see our recent Client Alerts here and here.