Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act authorized the SEC to pay bounties to individuals who provide the Commission with original information that leads to successful SEC enforcement actions and certain related actions. Dodd-Frank substantially expanded the agency's authority to compensate individuals who provide the SEC with information about violations of the federal securities laws. Since the enactment of Dodd-Frank, companies have been understandably concerned that the new whistleblower statute would undermine corporate compliance programs by incentivizing employees to provide information regarding potential violations to the SEC rather than vetting that information internally.

On November 3, 2010, the SEC issued proposed rules to implement the Dodd-Frank whistleblower provisions. In the proposed rules, the SEC attempts to address this concern. This alert discusses the proposed rules and steps that companies should take in light of the proposed rules.

Overview of the Proposed Rules

Under the proposed rules, an individual must satisfy five criteria if he/she is to be considered for a bounty award:

  1. The individual providing the information must not fall within one of the exclusions set forth in the proposed rules. People who are excluded under the proposed rules from being awarded bounties include: (a) entities (the whistleblower must be an individual or group of individuals); (b) people who have a pre-existing legal or contractual duty to report their information; (c) attorneys who attempt to use information obtained from client engagements to make whistleblower claims for themselves (unless disclosure of the information is permitted under SEC rules or state bar rules); (d) independent public accountants who obtain information through an engagement required under the securities laws; (e) foreign government officials; (f) employees of certain agencies, self-regulatory organizations, and the Public Company Accounting Oversight Board (PCAOB); and (g) people who are criminally convicted in connection with the conduct.
  2. The individual must provide the information voluntarily. In general, a whistleblower is deemed to have provided information “voluntarily” if the whistleblower has provided information before the government, a self-regulatory organization, or the PCAOB asks for it, either formally or informally.
  3. The information must qualify as “original information” within the meaning of the proposed rules. In general, original information must be based upon the whistleblower's independent knowledge or independent analysis, not already known to the Commission and not derived exclusively from certain public sources.
  4. The original information must lead to the successful enforcement by the SEC of a federal court or administrative action. A whistleblower's information can be deemed to have led to successful enforcement in two circumstances: (1) if the information results in a new examination or investigation being opened and significantly contributes to the success of a resulting enforcement action, or (2) if the conduct was already under investigation when the information was submitted, but the information is essential to the success of the action and would not have otherwise been obtained.
  5. The SEC must obtain monetary sanctions totaling more than $1 million in the resulting enforcement action(s). The SEC also would pay an award based on amounts collected in related actions brought by certain agencies that are based upon the same original information that led to a successful SEC action. Under the proposed rules, however, the SEC (in order to prevent wrongdoers from benefiting by, in effect, blowing the whistle on themselves) would not pay culpable whistleblowers awards that are based upon either the monetary sanctions that such people themselves pay in the resulting SEC action, or on sanctions paid by entities whose liability is based substantially on conduct that the whistleblower directed, planned, or initiated.

The proposed rules further define and explain these requirements.

Stating that it wants to implement Dodd-Frank “in a way that encourages strong company compliance programs,” the SEC drafted the proposed rules in an effort to support internal compliance programs. The proposed rules include a provision excluding from the bounty program people (a) with “legal, compliance, audit, supervisory, or governance responsibilities for an entity” if the information is reported to them in the expectation that they will take appropriate steps to cause the entity to respond to the violation, or (b) who learn about the violation(s) through a company's internal compliance program (such as company employees who obtain information as a result of being interviewed in the course of an internal investigation). The SEC intended that this exclusion would prevent company personnel from “front running” legitimate compliance efforts and internal investigations. Under the proposed rules, this exclusion ceases to be applicable if the company does not disclose the information to the Commission “within a reasonable time” or acts in bad faith. In these circumstances, such people can become whistleblowers entitled to bounty awards.

In addition to this exclusion, the proposed rules, while not requiring other would-be whistleblowers to first utilize their companies' own internal compliance processes, include provisions encouraging employees to first report potential violations internally. For example, the proposed rules:

  • Would treat an employee as a whistleblower under the SEC program as of the date that employee reports the information internally — as long as the employee provides the same information to the SEC within 90 days. Through this provision, employees will be able to report their information internally first while preserving their “place in line” for a possible award from the SEC.
  • Permit the SEC to consider higher-percentage awards for whistleblowers who first report their information through effective company compliance programs.

In an effort to avoid supplanting a company's internal compliance processes, the SEC's proposing release states that, in the event that employees report a potential violation to the SEC before reporting internally, the SEC Staff may “contact the company, describe the nature of the allegations, and give the company an opportunity to investigate the matter and report back.” The proposing release suggests that, in such circumstances, the company would receive the same Seaboard cooperation credit that would have been appropriate if the whistleblower had not gone to the SEC.

In addition, the proposed rules substantially extend Dodd-Frank's anti-retaliation provisions, which afforded protection to individuals who voluntarily provide original information to the SEC regarding violations of the federal securities laws. The proposed rules extend these protections to cover individuals who provide information to the SEC relating to a potential violation of the federal securities laws, regardless of whether the provision is “voluntary” and whether the information is “original.”

Steps to Be Taken

There is little doubt that Dodd-Frank's whistleblower provisions will increase the risk of detection for companies that violate the federal securities laws. The SEC's proposed rules highlight the importance of having an effective system to discover and timely respond to notice of such violations. First, if the compliance program appropriately responds to notice of a potential violation, employees charged with administering compliance and related programs may effectively be precluded from obtaining a bounty. Second, as the SEC appears to hope will be the case, an effective compliance program might increase the likelihood that concerned employees would first bring information regarding a potential violation to the attention of their supervisors or the company's compliance officers.

The proposed rules make clear that companies must respond promptly to notice of a potential violation. The “reasonable time” in which companies must disclose the subject information to the Commission in order to preclude “legal, compliance, audit, supervisory, or governance responsibilities” from receiving a bounty is not defined by the rules. The comments to the proposed rule state that, depending on the circumstances, “a reasonable time” could be “immediate.” Thus, whether the potential violation of the federal securities laws is first reported internally or to the SEC, companies must have action plans in place so that they can move swiftly upon receipt of information regarding a potential violation.

The enhanced protection afforded to whistleblowers under Dodd-Frank and the proposed rules also increase the importance of procedures to minimize the risk that a company will be perceived as having retaliated against a whistleblower. Dodd-Frank protections are triggered if an employer discharges, demotes, suspends, threatens, harasses, directly or indirectly, or in any other manner discriminates against a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower in providing information to the Commission or otherwise assisting any SEC investigation or enforcement action.

The proposed rules reflect an effort to protect the attorney-client relationship and to support effective compliance systems. Companies may wish to consider submitting comments to the SEC supporting this effort. Comments are due on or before December 17, 2010, and the SEC is expected to issue final rules implementing the Dodd-Frank whistleblower provisions on or before March 31, 2011.