The SEC adopted new rules, effective August 12, 2011, to implement Section 21F of the Securities Exchange Act of 1934, which was added by the Dodd-Frank Act. Section 21F directs the SEC to pay awards to whistleblowers who voluntarily provide the SEC with original information about a violation of the securities laws that leads to a successful enforcement action that results in monetary sanctions exceeding $1 million. The rules define certain terms and outline the procedures for making a claim for a whistleblower award and the SEC's procedures for making a decision on such claims. Since the rules have been proposed, they have been controversial because of concerns that the whistleblower program, as adopted, would impact a company's internal compliance processes, as discussed further below.
The whistleblower program provides a bounty to any individual or individuals who provide original information to the SEC that relates to a possible violation of the securities laws that has occurred, is ongoing, or is about to occur, in an amount of 10% to 30% of the monetary penalty when over $1 million, in the discretion of the SEC as described further below. The SEC will also pay awards based on amounts collected in certain related judicial or administrative actions brought by the U.S. Attorney General, an appropriate regulatory authority, a self-regulatory organization or a state attorney general in a criminal case as long as the related case is based on the same original information that the whistleblower provided to the SEC.
In order for the whistleblower to avail himself or herself of the program, the whistleblower must provide the information to the SEC before a request, inquiry or demand that relates to the same subject matter is directed to the whistleblower or his or her representative, by the SEC, the PCAOB, any self-regulatory organization or any other authority of the federal government, state attorney general or securities regulatory authority. Further, the whistleblower cannot have been required to report the information pursuant to a pre-existing legal duty, a contractual duty that is owed to the SEC or other organization referred to above, or a duty that arises out of a judicial or administrative order.
The information provided by the whistleblower must be original information, meaning it must be:
- derived from the whistleblower's independent knowledge (factual information in the whistleblower's possession that is not derived from publicly available sources) or independent analysis (the whistleblower's own analysis whether done alone or in combination with others);
- not already known to the SEC;
- not exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media; and
- provided to the SEC for the first time after July 21, 2010, which is the date of enactment of the Dodd-Frank Act.
The SEC would not consider information to be derived from a whistleblower's independent knowledge or independent analysis in any of the following circumstances:
- If the whistleblower obtained the information through a communication that was subject to the attorney-client privilege, except in limited circumstances;
- If the whistleblower obtained the information in connection with the legal representation of a client on whose behalf the whistleblower or the whistleblower's employer is providing services and the whistleblower seeks to use the information to make a whistleblower submission, except in certain limited circumstances;
- If the whistleblower obtained the information because he or she was (a) an officer, director, trustee or partner of an entity and another person informed the whistleblower of allegations of misconduct, or he or she learned the information in connection with the entity's processes for identifying, reporting and addressing possible violations of law, (b) an employee whose principal duties involve compliance or internal audit responsibilities or is employed by a firm retained to perform such functions, (c) employed by or otherwise associated with a firm retained to conduct an inquiry or investigation into possible violations of law or (d) an employee of, or other person associated with, a public accounting firm if the whistleblower obtained the information through the performance of an engagement required of an independent public accountant under the federal securities laws;
- If the whistleblower obtained the information in a manner determined by a U.S. court to violate applicable federal or state criminal law.
However, the SEC will consider information from those referred to in the third bullet above, if (a) the whistleblower has a reasonable basis to believe that disclosure of the information to the SEC is necessary to prevent the relevant entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors, (b) the whistleblower has a reasonable basis to believe that the relevant entity is engaging in conduct that will impede an investigation of the misconduct or (c) at least 120 days has elapsed since the whistleblower provided the information to the relevant entity's audit committee, chief legal officer, chief compliance officer or their equivalent, or the whistleblower's supervisor, or if the whistleblower received the information under circumstances indicating that any such party was already aware of the information.
In exercising the SEC's discretion in determining the appropriate award percentage, the SEC may consider the factors set forth in the rules and may increase or decrease the award percentage based upon its analysis of these factors. Factors that may increase the amount of a whistleblower's award include the significance of the information provided by the whistleblower, the assistance provided by the whistleblower, the interest in the information provided by the whistleblower to law enforcement and whether the whistleblower participated in the entity's existing internal compliance and reporting systems. Factors that may decrease the amount of a whistleblower's award include the culpability or involvement of the whistleblower in matters associated with the action, whether there was any unreasonable reporting delay and whether the whistleblower interfered with the internal compliance and reporting systems of the entity.
The rules also provide for procedures for submitting the information, confidentiality of the submissions and procedures for determining awards based upon a related action, among other things.
As part of the anti-retaliation provisions of the rules, employers are prohibited from taking an adverse action against the whistleblower for acting as a whistleblower. The anti-retaliation provisions apply whether or not the whistleblower satisfies the requirements, procedures and conditions to qualify for an award, as long as the whistleblower had a reasonable belief that an actual violation occurred. In light of the new anti-retaliation rules, it is advisable for companies to re-examine their policies and train managers and supervisors to avoid taking actions against employees that could later be deemed retaliatory.
The SEC, in adopting the final rules, declined to make it mandatory for whistleblowers to report wrongdoings through an entity's internal compliance procedures, as many commentators to the proposed release requested. Instead, the SEC refined the proposal so that whistleblowers are not required to go through internal compliance procedures, but tried to balance the competing interests by incentivizing whistleblowers to in fact do so by providing that the whistleblowers who report problems to the company would still be eligible for an award if the company then passes the tip and any other subsequently discovered information to the SEC. Additionally, as stated above, the SEC will take into account whether a whistleblower bypassed the company's internal compliance procedures when determining the appropriate award percentage.
As a result, it is important that companies highlight to their employees the importance of internal compliance and reporting programs to avoid situations where employees bypass such programs in an attempt to collect on the award. Companies should also review their existing internal compliance and reporting programs to reduce opportunities for wrongdoing and to ensure these programs allow them to identify, investigate and handle possible misconduct quickly and effectively.