Resolving a Circuit split, the United States Supreme Court unanimously held last week that an employee must report a securities violation to the Securities and Exchange Commission if he wishes to avail himself of the anti-retaliation protections for whistleblowers in the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act.
As background, Dodd-Frank shields "whistleblower[s]" from retaliation, prohibiting employers from discharging, demoting, suspending, threatening, or harassing a whistleblower. 15 U.S.C. 78-6(h). A "whistleblower" is "any individual who provides . . . information relating to a violation of the securities laws to the Commission" (i.e., the SEC). 15 U.S.C. 78-6(a)(6).
In Digital Realty Trust, Inc. v. Somers 2018 U.S. LEXIS 1377 (2018), Paul Somers reported suspected securities law violations by his employer to senior management but did not alert the SEC. Following his termination, Somers sued his former employer, alleging that the company had retaliated against him in violation of Dodd-Frank's whistleblower protections. The Supreme Court concluded that Somers did not qualify as a "whistleblower" under the statute because he only reported the alleged wrongdoing internally, and did not "provide pertinent information `to the Commission.'"1 Writing for the majority, Justice Ginsburg reasoned that Dodd-Frank's whistleblower protections are intended to assist the SEC's enforcement work by "motivat[ing] individuals with knowledge of illegal activity to `tell the SEC.'"2
Practically, the requirement that individuals report misconduct to the SEC may reduce the overall number of whistleblower retaliation lawsuits. But it is likely to result in additional complaints to the SEC when employees seeking Dodd-Frank's protections choose to "report out" instead of "reporting up." This could result in employers facing government scrutiny before being alerted to a problem or having the opportunity to conduct an internal investigation.
Despite the narrowing of Dodd-Frank's whistleblower protections, employers should remain vigilant of the other applicable federal and state schemes protecting whistleblowers. As the Supreme Court noted in Digital Realty Trust, the more permissive Sarbanes-Oxley Act ("SOX") still protects individuals who report possible wrongdoing to an internal supervisor or another federal agency. Civil lawsuits arising from SOX violations are less prevalent, however, because SOX's whistleblower provisions are limited in ways Dodd-Frank's are not; under SOX, complaining employees must comply with a 180-day limitations period and are required to first file a complaint with the U.S. Department of Labor.
Employers should also remember that state laws may provide anti-retaliation protections for employees who do not qualify as "whistleblowers" under federal law. For example, New Jersey law protects employees who disclose a possible violation of law "to a supervisor or to a public body," and New York extends the same protection to whistleblowers who disclose or threaten to disclose to a supervisor or public body a possible violation that "creates and presents a substantial and specific danger to the public health or safety."3
In the aftermath of the Digital Realty Trust decision, employers should carefully review the whistleblower protections under state and federal law and may wish to explore internal policies incentivizing employees to report suspected wrongdoing internally. Employers should also ensure that their policies do not bar reporting to agencies like the SEC, as this can violate Dodd-Frank and SOX. Best practices include (1) prohibiting whistleblower-based retaliation; (2) creating protocols for handling internal complaints; (3) promptly investigating suspected wrongdoing and engaging outside counsel early in the process; and (4) documenting the investigation and outcome, preferably within the context of an attorney-client relationship.