In the wake of the U.S. Supreme Court’s recent decision in Digital Realty, employees with knowledge of possible Federal securities law violations are now more incentivized to report such violations to the Securities Exchange Commission (“the SEC”) in lieu of, or before reporting to, their employers in order to take advantage of anti-retaliation protection under the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank” or the “Act”), which Digital Realty eliminated for purely internal whistleblowers. Further enhancing the incentive to report violations to the SEC is the agency’s recently announced $33 million Dodd-Frank whistleblower award, the largest Dodd-Frank whistleblower award to date. This necessarily places increased pressure on company compliance programs to encourage internal whistleblowing, and thus companies are strongly encouraged to ensure their monitoring, reporting, and investigation policies, procedures, and practices are in a position to sufficiently incentivize and encourage employees to report securities law violations internally.

Since the inception of the SEC’s Whistleblower Program, the Act’s whistleblower award provisions and implementing regulations have presented employees with a powerful incentive to report possible Federal securities law violations to the SEC (“external whistleblowing”): an award ranging from 10 to 30 percent in cases with sanctions over $1 million.[1] The SEC recently reminded would-be whistleblowers of this powerful incentive on March 19, 2018, when it announced a more than $33 million award—the largest Dodd-Frank whistleblower award to date—to a single whistleblower and a nearly $50 million joint award to two other whistleblowers in the same case.[2] According to the SEC’s heavily redacted order, the joint whistleblowers came to the SEC first with information leading to the opening of an investigation, while the individual whistleblower later provided the SEC with new information resulting in a separate investigation and forming the “cornerstone” of the agency’s subsequent enforcement action against the target company.[3]

Until the Supreme Court’s recent decision in Digital Realty, the SEC’s Whistleblower Program also arguably created a counterbalancing incentive for employees with knowledge of possible Federal securities laws violations to, at the very least, report them to employers (“internal whistleblowing”). Pursuant to regulations promulgated by the SEC under Dodd-Frank in 2011,[4] an employee could receive Dodd-Frank’s anti-retaliation protection so long as she reported the conduct to her employer, and external reporting was not required.[5] The Act does not impose time limits on anti-retaliation claims and thus is more generous than the Sarbanes-Oxley Act (“SOX”), which provides anti-retaliation protection to purely internal whistleblowers but only if retaliation is reported within 180 days.[6] Thus, for those would-be whistleblowers who are interested only in anti-retaliation protection but are unable or unwilling to meet SOX’s stringent filing requirements, the Dodd-Frank anti-retaliation regulations previously provided a reasonable basis upon which to speak up and make misconduct known internally.

However, in a unanimous February 21, 2018 decision in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), the U.S. Supreme Court (“USSC”) reversed the SEC’s anti-retaliation protection for internal whistleblowers by unanimously holding that the Act’s language clearly limits anti-retaliation protection to external whistleblowers. There, after a company terminated an employee who internally reported possible Federal securities law violations, he subsequently sued the company in federal court, alleging a violation of the Act’s anti-retaliation provision. The employee won in the lower courts, which afforded Chevron deference to the SEC’s interpretation. USSC still reversed because the employee did not alert the SEC of his suspicions before his termination and thus did not satisfy the Act’s unambiguous language. Notably, the majority opinion stressed that the Act’s purpose is to motivate external whistleblowing.

This decision should necessarily result in increased external whistleblowing amongst employees. Specifically, if prior to this decision an employee who felt compelled to report misconduct was not inclined to go to the SEC at all, the same employee must now seriously consider whether to report to the SEC before or at the same time as his employer in order to gain anti-retaliation protection. Further, employees who are willing to go to the SEC but only after an employer investigation has proven insufficient also must now undertake the same calculus.

Thus, employers should be ready for more employees to engage in external whistleblowing as a result of this decision. Indeed, speaking at Georgetown University Law Center’s Corporate Counsel Institute on March 15, 2018, the SEC’s Melissa Hodgman—an associate director in its Enforcement Division—shared that “the best guess out there is there’s going to be an increase in [Dodd-Frank whistleblower] reporting, some directly to us, some both internally and externally,” and that, consequently, the agency may add resources to the SEC’s whistleblower office.[7]

To date, the SEC’s Whistleblower Program has been very successful at encouraging external whistleblowing, particularly amongst employees. Since the Whistleblower Program’s inception, the SEC has received over 22,000 whistleblower tips, and it received over 4,200 tips and 4,400 tips in FY 2016[8] and FY 2017,[9] respectively, reflecting an “upward trajectory.” Additionally, in FY 2016, the SEC awarded over $57 million to thirteen whistleblowers,[10] while in FY 2017, the SEC awarded over $50 million to 12 whistleblowers,[11] which included three of the ten largest whistleblower awards made to date.[12] Through the date of the March 19, 2018 awards, the SEC has awarded more than $262 million to 53 whistleblowers.[13] Although the Program does not require whistleblowers to be employees of the target entity to be eligible for an award, about 62% of award recipients through 2017 “were current or former insiders of the entity about which they reported information of wrongdoing to the SEC.”[14] After Digital Realty, and the practical reporting considerations that will come out of it, one can reasonably expect these figures to continue to increase.

Despite the powerful incentives to engage in external whistleblowing after Digital Realty, companies should know that their compliance programs can contribute in meaningful ways to whether employees decide to report possible misconduct internally or externally. For instance, some have recognized that internal whistleblowers resort to external whistleblowing only when the organizational climate cannot prevent the misconduct.[15] Conversely, the SEC has recognized that research has demonstrated that the “likelihood of internal whistleblowing increases when ethical and legal compliance policies exist in an organization, particularly if specific whistleblowing procedures are in place.”[16] The SEC has also filed several amicus curiae briefs recognizing that “[1]f individuals are not assured that they will be protected from retaliation when they report internally, they will be less likely to report internally….”[17] Others recognize that whistleblowing generally is primarily motivated by a variety of ethical and cultural factors,[18] such as how strongly the worker’s organization supports whistleblowing, and whether the organization disseminates knowledge regarding the proper avenues for reporting unethical behavior.[19]

It would not be a stretch to argue that a strong compliance program that encourages and facilitates internal whistleblowing and imbues employee faith in internal reporting and investigation processes may also help a company avoid the imposition of independent monitors—an always burdensome and unwelcome penalty. At the Georgetown University Law Center’s Corporate Counsel Institute event referenced above, Sally Molloy, a senior prosecutor at the Department of Justice (“DOJ”), and Hodgman confirmed that the SEC and DOJ are less likely to impose a monitor on companies that affirmatively self-report misconduct. Specifically, Molloy shared:

It doesn’t make a lot of sense to me to impose a monitor where the company has affirmatively come to you and reported something … If a company is healthy enough, robust enough, the compliance program is such that you told the department before we knew about it, then that speaks volumes as to whether you need a monitor.[20]

Of course, self-reporting is much more likely if employees are comfortable speaking up and have enough faith in internal compliance programs to refrain from external whistleblowing pending company investigations and remediation of the problematic conduct where needed.

With the promise of Dodd-Frank’s anti-retaliation protection seemingly gone for purely internal whistleblowers, and the resulting increased reliance on employer compliance programs to foster the same, companies subject to the Act should formally evaluate and strengthen their monitoring, reporting, and investigations systems so as to minimize external whistleblower risks. Companies can undertake a number of steps in this regard, including, but not limited to:

  • Obtain periodic assessments of your risk profile and compliance program effectiveness as it relates to monitoring, reporting, and investigations. Policies and procedures that look good on paper can all too quickly become stale in light of a company’s evolving risk profile and thereby cease to be reliable in practice. This can lead to less reporting, as employees are less likely to internally report possible compliance violations if they lack faith in the existing reporting process or fear retaliation. As such, employers should periodically and formally reevaluate risk profiles and assess compliance program effectiveness, with a specific focus on monitoring, reporting, and anti-retaliation, to ensure that the program is adequately tailored to the company’s risk profile and concerns are effectively addressed and remediated.
  • Periodically evaluate and retrain middle management on appropriate responses and approaches to reporting and retaliation. It has been shown that employees most frequently raise their concerns first with a supervisor and then with higher management.[21] At the same time, it has also been noted that management can have a tendency to become tone-deaf to employee complaints and dismiss complaints deemed trivial or frivolous.[22] Thus, without effective training of middle management on reporting and retaliation, a company’s first opportunity to manage internal whistleblowers may be simply lost. Against this backdrop, companies should periodically train and evaluate management on appropriate and effective reporting and anti-retaliation practices and strategies.
  • Ensure thorough and timely follow-up on all whistleblower complaints. In each SEC Annual Report to Congress on the Dodd-Frank Whistleblower program since 2014, 80% or more of whistleblower award recipients had first raised their concerns internally (or knew that supervisors and/or compliance personnel were aware of the issues) before coming to the SEC.[23] Where whistleblowers perceive management as committed to serious and credible investigations of their complaints, they may feel less inclined to report externally. To help achieve that outcome, companies should ensure that they have refreshed investigative procedures in place around appropriate and timely whistleblower follow-up, requests for additional documentation, and investigation updates. The goal should be to both serve the investigative process and dispel any negative perception about the organization’s ability to adequately remediate potential misconduct. A thorough review of the investigations docket can also reveal any shortcomings that may exist.