On May 25, 2011, the SEC voted to approve the Final Rules implementing the whistleblower provisions of Dodd-Frank. Designed to incentivize whistleblowers to provide to the SEC “original information” regarding securities law violations, Dodd-Frank provides for bounties of 10% to 30% of the monetary sanctions exceeding $1 million resulting from an SEC enforcement action, or several enforcement actions rising out of the same set of facts. The bounty is available to any natural person who provides information that is “derived from the independent knowledge or analysis” of the whistleblower, that is “not already known to the [SEC] from any other source” and that is not “exclusively derived from an allegation made in a judicial or administrative hearing, in a government report, hearing, audit, or investigation, or from news media, unless the whistleblower is the source of the information.” This independent knowledge requirement is similar to one in qui tam False Claims Act cases, and thus the qui tam case law may be instructive.

The Final Rules address a number of contentious issues raised by the November 2010 proposed rules, including a whistleblower’s use of existing internal compliance and reporting systems before providing information to the SEC and becoming eligible for an award. Despite requests by the business community, the Final Rules do not require a whistleblower to first exhaust a company’s internal compliance procedures. Instead, a whistleblower’s voluntary participation in a company’s internal compliance and reporting system will be a factor that can increase the amount of an award. Additionally, a whistleblower can receive an award for reporting original information to a company’s internal compliance and reporting systems, if the company reports information to the SEC that leads to a successful enforcement action. If a whistleblower first uses internal mechanisms to provide the information to the company, the SEC will consider the information as having been provided to the Commission as of the date of the internal report, so long as the information is provided to the SEC within 120 days.

The business community argued that the bounty program risks undermining internal reporting mechanisms. While some whistleblowers may attempt to maximize their potential award by using internal compliance systems, those who do not will apparently still be eligible for awards that could be worth multiples of their lifetime earnings. Thus, the bounty program may create a disclosure race between companies and whistleblowers. The SEC has stated that upon receiving information from a whistleblower, it will contact a company, describe the allegations and give the company an opportunity to investigate the matter and to report back to the SEC. Such a process may weaken a company’s ability to avail itself of the benefits afforded under federal sentencing guidelines for self-reporting and cooperation.

In response to the significant concern expressed regarding the Proposed Rules, Rep. Michael Grimm (R-N.Y.) introduced a bill to amend Dodd-Frank requiring employees to exhaust a company’s internal reporting process before they are eligible for the whistleblower’s bounty contemplated by the rules. There is no indication yet if that proposal will gain any traction in Congress.

Significantly, awards for such information are not limited to employees and could be received by vendors, customers, investors, financial analysts, short-sellers, fund managers and others. The Final Rules generally exclude some obvious categories of persons from becoming whistleblowers:

  1. Outside counsel and in-house counsel: Anyone who obtains information through the attorney-client privilege (unless permitted by federal law or state attorney conduct rules) or otherwise in connection with the legal representation of a client on whose behalf such person or his employer or firm is providing services;
  2. Principals: An officer, director, trustee, or partner of an entity who received an allegation of misconduct from another person or in connection with the entity’s internal compliance processes;
  3. Compliance staff: An employee whose principal duties involve compliance or internal audit responsibilities, or a person who was employed or otherwise associated with a firm retained to perform compliance or internal audit functions for an entity;
  4. Internal Inquiry: Anyone employed by or otherwise associated with a firm retained to conduct an inquiry or investigation into possible violations of law;
  5. CPAs: Persons who receive information through the performance of an engagement required under the securities laws by an independent public accountant, if that information relates to a violation by the engagement client or the client’s directors, officers or other employees; and
  6. Theft of Information: Individuals who obtain information in a means or in a manner that violates applicable federal or state criminal law.

An exception exists for categories two through five if (i) the individual believes that disclosure is necessary to prevent substantial injury to the financial interest or property of the entity or investors, (ii) the individual believes that the entity is impeding the investigation of the misconduct or (iii) 120 days has elapsed since reporting such information internally or receiving the information (if the audit committee, chief legal officer, etc. are already aware of the information). Notably, culpable individuals are not excluded from whistleblower eligibility, although their culpability will be considered in determining the amount of any reward.

The Final Rules also prohibit employers from taking adverse employment action against any whistleblower who makes a disclosure to the SEC.

The Final Rules go into effect on or about July 25, 2011, but the bounty program applies to information provided for violations that occurred prior to enactment of Dodd-Frank.

You can find a copy of the Final Rules here and the Adopting Release can be found here.