How can public companies and financial institutions deal with whistleblower risks while avoiding actions that could be reasonably interpreted by the US Securities and Exchange Commission (SEC) as attempting to obstruct the SEC’s whistleblower program, or as illegally retaliating against whistleblowers?

  1. First and foremost, publicize your company’s internal mechanism for reporting suspected or actual misconduct confidentially and without fear of retaliation, encourage employees to use the mechanism, and explain the importance of the reporting policy and mechanism to the company’s compliance function.
  2. Ask employees periodically and in exit interviews whether they have witnessed any fraud, and document the answers.
    • Do not, however, suggest that answering in the negative is mandatory, and do not threaten or retaliate against an employee merely for failing to answer in the negative.
    • Nor should a company implicitly or explicitly tell an employee that to receive something of value from the company — income, a bonus, a promotion, severance payments, etc. — the employee must certify that they have not witnessed any fraud.
  3. Understand that implicitly or explicitly asking current or departing employees to certify that they have told the company about any confidential information they have given to US regulators may not be well received by the government.
  4. Consider carefully all the implications of including in your code of conduct or any other corporate policy an explicit requirement that employees report internally before reporting to US regulators. Such a requirement is viewed with disfavor by regulators. A regulatory requirement to that effect was expressly rejected by the SEC when it adopted the whistleblower award rules.
  5. Understand that actions that could be viewed as attempting to impede a whistleblower from communicating directly with the SEC about a possible securities law violation, including by enforcing or threatening to enforce a confidentiality agreement, could run afoul of SEC Rule 21F-17(a).
  6. Avoid asking or requiring employees to waive or limit their whistleblower anti-retaliation rights.