On May 25, 2011, the Securities and Exchange Commission (SEC) adopted final rules by a 3-2 vote that significantly impact the role of internal corporate compliance programs. The rules implement the whistleblower provisions in Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). Section 922 of Dodd-Frank requires the SEC to pay rewards of 10 to 30 percent of monetary sanctions obtained, as long as total sanctions exceed $1 million, to individuals who voluntarily provide the SEC with original information about a violation of the federal securities laws that leads to a successful SEC action.

This “bounty” provision creates a strong incentive for employee whistleblowers to bypass a corporation’s internal reporting system and bring claims directly to the SEC. Accordingly, it will undermine the internal controls corporations have established in response to the Sarbanes-Oxley Act of 2002, which were designed to serve as a “front line” defense to address potential corporate wrongdoing.

Since the SEC announced its proposed rules in November 2010, numerous commentators, including Arent Fox LLP, encouraged the SEC to implement Section 922 in a manner consistent with Sarbanes-Oxley. The final rules, however, continue to encourage employees to bypass their own company’s internal compliance programs, and report directly to the SEC.

The final rules will be effective 60 days after they are submitted to Congress or published in the Federal Register. To read the SEC’s final rules, click here. To read Arent Fox’s October 25th and December 15, 2010 letters to the SEC, click here.

Internal Compliance Programs

The SEC’s final rules treat an employee as a whistleblower as of the date that the employee reports the information internally to the company, as long as the employee provides the same information to the SEC within 120 days. Accordingly, employees are allowed to report their information internally first, without losing their “place in line” for a possible award from the SEC, but are offered no real incentive to do so. The final rules state only that the SEC “may,” not “must,” consider higher percentage awards for whistleblowers who first report their information through effective company compliance programs.

Excluding Individuals with Legal Obligations From Whistleblower Awards

The final rules clarify that individuals with certain legal obligations, such as lawyers, auditors, and internal compliance personnel, cannot use their positions to “front run” internal programs and reap benefits under Section 922. The rules do this by excluding the following individuals from consideration for whistleblower awards:

  • People who have a pre-existing legal or contractual duty to report their information.
  • Attorneys who attempt to use information obtained from client engagements to make whistleblower claims for themselves (unless disclosure of the information is permitted under SEC rules or state bar rules).
  • Independent public accountants who obtain information through an engagement required under the federal securities laws.
  • Foreign government officials.
  • People who learn about violations through a company’s internal compliance program or who are in positions of responsibility for an entity, and the information is reported to them in the expectation that they will take appropriate steps to respond to the violation.

Unfortunately, senior management, internal audit personnel, and legal personnel are not specifically excluded from eligibility to receive rewards under the final rules. We continue to believe that such individuals, with direct fiduciary duties to address potential federal securities laws violations, should be barred from eligibility under the program.

Excluding Wrongdoers From Whistleblower Awards

Lastly, the final rules clarify that the SEC will not pay awards to individuals who are directly responsible for the securities law violations they report. Specifically, the SEC will not pay culpable whistleblowers awards that are based upon either the monetary sanctions that such individuals themselves pay in the resulting SEC action, or on sanctions paid by entities whose liability is based substantially on conduct that the whistleblower directed, planned, or initiated. However, co-conspirators whose conduct is actionable, but who are determined to be less than “substantially” responsible for the entity’s wrongdoing, remain eligible to receive SEC “bounty” payments.

What’s Next

These whistleblower rules have serious implications for all public companies subject to the SEC’s jurisdiction. As adopted, the final rules may be subject to legal challenges from, among others, the US Chamber of Commerce. In addition, legislation recently introduced by Congressman Grimm (R-NY), if adopted, would among other things, exclude compliance officers from recovery under Dodd-Frank, make employee internal reporting a required pre-condition of any “bounty” payment, eliminate the minimum 10 percent award requirement, exclude whistleblowers with any culpability, and prohibit contingency fee arrangements with attorneys representing whistleblowers. Accordingly, the SEC’s final whistleblower rules may turn out not to be so final after all.