The summer saw a significant new development in the Securities and Exchange Commission’s (“SEC”) whistleblower bounty program but failed to see any development on obtaining clarification as to the reach of the Dodd-Frank Act’s whistleblower protection provision. While the SEC was busy finalizing the first-ever award to an employee working in the area of compliance, the courts were intent on taking a break from dealing with attempts by whistleblowing employees, and their SEC amici, to achieve clarity on the issue of whether reporting internally, but not to the SEC, is sufficient to fall within the protections of the Dodd-Frank Act’s anti-retaliation provision.

On August 29, 2014, the SEC announced its first award to a whistleblower who worked in the area of audit and compliance. The news was met with significant interest because of the employee’s position with the company, but it also caused a splash because the SEC inadvertently published a reference number in the award decision that allowed news media to connect the award to a specific SEC complaint filed against Phillip J. DeZwirek in August 2013. News of the SEC’s leak highlighted the fact that the program still is in its infancy and the SEC continues to have to learn how to properly manage a whistleblower program that promises so much anonymity and encourages vast numbers of complaints.

Interestingly, the SEC’s leak overshadowed somewhat the importance of the actual award. To collect a whistleblower bounty, you must provide “original information,” andSection 240.21F-4 of the SEC’s Rules provides that the SEC will not consider information to be “original” if it was obtained in connection with a legal representation, an audit, or by an employee performing compliance or audit functions, except when the whistleblower has a reasonable basis to believe that disclosure will prevent the entity from engaging in conduct likely to cause a substantial injury to the financial interest or property of the entity or its investors; the whistleblower has a reasonable basis to believe that the entity is engaging in conduct that will impede an investigation of the misconduct; or at least 120 days have passed since the whistleblower reported the information internally.

According to the SEC, the whistleblower in this recent case, who was awarded a $300,000 bounty, worked in the area of compliance, reported the suspected wrongdoing internally and only reported to the SEC after 120 days had passed and the company failed to act on the information. As the SEC suggested in announcing the award, compliance employees are in the exact position to obtain the type of original information that the Act requires to support a whistleblower claim. Thus, companies should be aware that failure to act in a timely manner on a report of potential wrongdoing made internally by such an employee could lead to similar consequences.

Whereas this award represents a first for the Dodd-Frank whistleblower bounty program, the debate over whether an employee qualifies as a “whistleblower” if he or she reports the suspected misconduct only internally continues without resolution. Practitioners, whistleblowers, and likely even the SEC had hoped for guidance from the Second Circuit Court of Appeals in the case Liu Meng-Lin v. Siemens AG, No. 13-4385-cv. As I predicted in “If You See Something, Say Something, But Maybe Only to the SEC,” last month the court resolved the Liu case on extraterritoriality grounds and did not address whether the plaintiff’s internal report of misconduct implicated the Dodd-Frank Act’s anti-retaliation protections. Last week, the Eighth Circuit Court of Appeals also declined to weigh in on this issue by denying permission to file an interlocutory appeal to COR Clearing LLC (“COR”) in Bussing v. COR Clearing LLC, No. 14-8015. In that case, COR asked the appellate court to hear its challenge to the District of Nebraska federal court’s refusal to dismiss a retaliation claim by a former executive who reported misconduct to the Financial Industry Regulatory Authority (“FINRA”) and to COR executives, but not to the SEC.

It remains to be seen whether any other appellate court will follow the Fifth Circuit Court of Appeal’s ruling in Asadi v. G.E. Energy (USA), L.L.C., that an employee was not a Dodd-Frank “whistleblower” because he did not “provide information relating to a violation of the securities laws to the SEC.” (I analyzed the Asadi opinion and its likely effect on internal reporting in “When Is A ‘Whistleblower’ Not Really A ’Whistleblower’?”). As I have cautioned before, until there is clarity, employers should continue to act quickly to investigate potential misconduct reported by employees who likely will also report out to the SEC to ensure that they are protected from retaliation.