The recent release of the Securities and Exchange Commission’s (SEC) annual report to Congress on the Dodd-Frank Whistleblower Program highlights the growing reliance of U.S. Government authorities on whistleblowers to identify and punish companies that engage in fraudulent behavior. Recent court decisions have provided further clarity on the scope of the whistleblower provisions, including with respect to eligibility for awards and anti-retaliatory measures protecting whistleblowers. These developments demonstrate the need for companies to aggressively take steps to address compliance concerns raised internally by their own employees, or else run the risk that employees may choose to report concerns to the SEC in the hope of obtaining potentially significant monetary rewards and protection from retaliation by their employers. Companies operating in the financial sector should be especially aware of the impact of the growing SEC Whistleblower Program on their activities, given that the most common categories of complaints reported by whistleblowers involved offering fraud and inaccuracies in corporate disclosures and financials.
Summary of Dodd-Frank Whistleblower Incentive Program
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank Act) amended the Securities Exchange Act of 1934 to establish, among other things, a whistleblower program to create incentives for individuals to inform the government of potential violations of U.S. securities laws, including the Foreign Corrupt Practices Act (FCPA), as well as the Investment Company Act of 1940 and the Investment Advisers Act of 1940.1 Under this program, individuals who report original information that leads the SEC to recover monetary sanctions from a company are eligible to receive awards ranging from 10-30% of that financial recovery. The SEC has established an Office of the Whistleblower (OWB) to process tips and determine awards for whistleblowers.2
In addition to establishing an award program, the Dodd-Frank Act prohibits retaliation against whistleblowers who report possible securities violations. In order to be covered under these provisions, a whistleblower must have a reasonable belief that a possible securities violation has occurred, is in progress or is about to occur and then (i) provide “original information” to the SEC; (ii) assist in an SEC investigation; or (iii) make “disclosures that are required or protected” under the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley Act), the securities laws, and other SEC regulations. U.S. courts have provided some additional clarity on the scope of these anti-retaliatory protections, as described in more detail below.
Highlights from the 2014 OWB Annual Report and Relevant Court Cases
Under the Dodd-Frank Act, the OWB is required to submit an annual report to Congress regarding whistleblower complaints and actions taken in response to such complaints during the past year. The 2014 Annual Report3 noted that the OWB received 3,620 whistleblower tips in FY 2014, which represents an increase of more than 10% from tips received in FY 2013 and an increase of more than 20% from FY 2012. The largest category of tips related to inaccuracies in corporate disclosures and financials, which accounted for 610 tips during FY 2014 (compared to 557 tips in FY 2013 and 547 in FY 2012). The next largest category related to offering fraud, which constituted 581 tips in FY 2013 (compared to 553 in FY 2012 and 465 in FY 2011). Tips related to potential FCPA violations also reached a new high in FY 2014, representing 159 tips, as compared to 149 in FY 2013 and 115 in FY 2012.
The OWB authorized whistleblower awards to nine individuals during FY 2014 for providing original information that led or contributed to a successful enforcement action, more than all previous years combined. Notably, one whistleblower was awarded more than $30 million – the largest award to date – for providing information related to ongoing fraud that otherwise would have been difficult for the SEC to detect.4 The SEC noted that this award could have been even higher if the whistleblower had reported the issues earlier, as the delay in reporting caused investors to continue to suffer significant monetary injury that otherwise could have been avoided. Future potential whistleblowers may choose to report violations even more quickly in the hope of securing the largest possible award from the SEC.
Considerations Related to Internal Reporting
The 2014 Annual Report also noted that while whistleblowers need not be company insiders, more than 40% of whistleblowers receiving awards to date were former or current employees, and an additional 20% were contractors, consultants, or were solicited to act as consultants for the company committing the alleged securities law violation. The remaining whistleblowers receiving awards were investors, professionals working in the same or similar industries, or individuals with some other form of personal relationship with the defendants. Of those whistleblowers who were current or former employees, more than 80% made internal reports before reporting information to the SEC. The Chief of the SEC’s Division of Enforcement FCPA Unit noted in a recent conference that the overwhelming majority of whistleblower tips received by the OWB involved cases where the whistleblower initially reported concerns within the company, but the company did not take any action to investigate the report.5
The Dodd-Frank Act whistleblower program generally does not require whistleblowers to report concerns internally first in order to be eligible for monetary rewards from the SEC. However, persons with compliance or internal audit responsibilities – including directors or officers who receive information from others in a company or as a result of internal compliance reviews – who provide information to the SEC generally are not eligible for awards unless an exception applies. One exception applies to situations in which such an individual first reports the violation internally and then waits at least 120 days before reporting to SEC. In August 2014, the SEC made its first award (of over $300,000) to an individual with compliance/audit responsibilities under this exception, who reported wrongdoing to the SEC after the company failed to take action in response to internal reports.6 Exceptions also may apply if the individual believes that the relevant entity is impeding an investigation of the misconduct, or if the individual has a reasonable basis to conclude that reporting is necessary to prevent the entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors.
As noted above, the Dodd-Frank Act prohibits companies from retaliating against individuals who report potential violations to the SEC. In June 2014, the SEC for the first time charged a company, Paradigm Capital Management, for violating these provisions.7 In that case, the SEC charged that the company’s head trader was subject to various retaliatory measures after reporting concerns to the SEC, including changes in job function and stripping of supervisory responsibilities. Paradigm Capital was required to pay $2.2 million to the SEC to settle the anti-retaliation and related charges.
U.S. courts recently have considered the scope of anti-retaliatory provisions under Dodd-Frank and Sarbanes-Oxley on several occasions. Notably, the U.S. Supreme Court ruled earlier this year that anti-retaliatory protections apply not only to employees of public companies, but also to employees of a public company’s private contractors and subcontractors that report potential violations to the SEC.8 That case involved an employee of a private investment advisory firm who reported concerns regarding inaccuracies in a draft registration statement prepared by his firm for mutual fund clients, and another employee of a private brokerage firm who reported concerns regarding the overstatement of expenses associated with managing various mutual funds. This ruling represents a significant expansion in the scope of “employees” covered by Dodd-Frank’s anti-retaliation provisions.
In contrast, the Second Circuit recently decided that Dodd-Frank’s anti-retaliation protections do not apply to a non-U.S. employee employed abroad by a non-U.S. corporation publicly-traded on the New York Stock Exchange, where all events related to the disclosures occurred outside of the United States. In that case, an employee claimed that he was subject to retaliation for reporting concerns internally and to the SEC regarding potential FCPA violations related to the sale of medical equipment in China and North Korea. The court ruled that Dodd-Frank’s anti-retaliation provisions generally do not apply extraterritorially to activities conducted outside of the United States, even though the employer had securities listed on a U.S. stock exchange.9 It should be noted that the $30 million whistleblower award described above related to a non-U.S. whistleblower employed by a non-U.S. company. In making the award, the SEC explicitly acknowledged the Second Circuit’s ruling regarding the scope of anti-retaliation provisions, but stated that the decision is not relevant with respect to whistleblower award provisions due to differences in focus and purpose. Therefore, even if non-U.S. whistleblowers may not be eligible for anti-retaliation protections, they still can receive significant monetary rewards for reporting concerns to the SEC.
Courts also have wrestled with the question of whether anti-retaliation provisions cover whistleblowers who report concerns internally but have not yet reported issues to the SEC before being subject to retaliation. For example, the Fifth Circuit held that an employee who reported a potential FCPA violation to his supervisor and the company ombudsman, and then was subject to alleged retaliatory acts including his dismissal, was not a protected whistleblower under Dodd-Frank since the conduct was only reported internally and not to the SEC.10 In contrast, other courts have held that anti-retaliatory protections apply equally to persons who submit reports to the SEC and those who only report internally.11
The SEC currently is considering whether the use of confidentiality, severance and other types of agreements may stifle or interfere with an employee’s ability to report potential wrongdoing to the SEC.12 Further developments in this area are to be expected.
The continued increase in whistleblower reports to the SEC, and resulting awards to individuals who provide information leading to significant enforcement actions, suggest that companies must take credible steps to respond to internal reports of potential violations of the securities laws. If not, there is a significant risk that individuals – even if they are located outside of the United States and/or have compliance or internal audit responsibilities – who feel that their concerns are going unaddressed may turn to the SEC in the hopes of reaping potentially significant awards, necessarily at their employers’ eventual expense.