Yesterday, the Securities and Exchange Commission released a 181-page set of Proposed Rules for the implementation of the new, robust whistleblower provisions enacted as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”).1 The provisions encourage whistleblowers to report violations of the securities laws to the SEC by offering bounties for information leading to successful enforcement actions.
The fact that the SEC acted unanimously and quickly in crafting this comprehensive proposal — well in advance of the April 2011 deadline to issue final regulations — suggests that it perceives the new whistleblower provisions as an important part of its enforcement toolkit. Recent blockbuster whistleblower payouts, including last month’s $96 million bounty awarded to a pharmaceutical company’s former employee under the False Claims Act,2 have reinforced concerns about the new whistleblower bounty provisions and their potential impact on the business community. The issuance of these Proposed Rules comes days after the SEC’s announcement that it has set aside a fund of $452 million for anticipated whistleblower claims.3
SYNOPSIS OF KEY PROVISIONS
While the comment period, which runs through December 17, 2010, may lead to changes in the final implementation of the Rules, we have prepared a preview and synopsis of some of the key provisions in the Proposed Rules to help our clients prepare for the changes ahead:
- Who Is A “Whistleblower”?
- The Proposed Rules do not significantly limit Dodd-Frank’s broad definition of “whistleblower,” which includes any individual, or two or more individuals acting jointly, who provide(s) to the SEC “original” information relating to a violation of the securities laws.
- While officers, directors, employees, shareholders, business competitors, agents, consultants, distributors, vendors, contractors, service providers, or customers can generally serve as whistleblowers, the Proposed Rules clarify that certain employees or directors, such as those with established professional obligations that play “a critical role in achieving compliance with the federal securities laws,” would not qualify as whistleblowers.
- The Proposed Rules explain that the whistleblower’s information need only relate to a “potential violation” of the securities laws, and that Dodd-Frank’s anti-retaliation protections do not depend on an ultimate determination about whether the reported potential violation constituted an actual violation of the securities laws.
- Who Is Not A Whistleblower?
- Dodd-Frank prohibits certain individuals from receiving bounties as whistleblowers, such as persons convicted of crimes related to the violation, persons who learned of the disclosed information by performing audits of financial statements as required by the securities laws, and persons who knowingly provide false, fictitious, or fraudulent information.
- The Proposed Rules further delineate who may receive bounties as whistleblowers by specifically excluding:
- persons who provide information after the company has received any formal or informal request, inquiry, or demand from the SEC (unless the company fails to provide the documents or information to the requesting authority in a timely manner);
- persons who provide information obtained through communications protected by the attorney-client privilege, or information obtained in connection with the legal representation of a client;
- persons who provide information obtained in connection with an independent public accountant’s performance of an engagement required under the securities laws;
- persons with legal, compliance, audit, supervisory, or governance responsibilities to whom information about potential misconduct was communicated with the reasonable expectation that they would take appropriate steps to respond to the alleged violation (unless the company does not disclose the information to the SEC in a timely manner or proceeds in bad faith);4
- persons who provide information obtained from or through a company’s legal, compliance, audit, supervisory, or governance functions (unless the company does not disclose the information to the SEC in a timely manner or proceeds in bad faith);
- persons who obtained the provided information in a manner that violates federal or state criminal law; and
- persons who provide information that was obtained from those who would otherwise be excluded under any of the above limitations.
- Whistleblower Anonymity.
- Under the Proposed Rules, a whistleblower would be permitted to provide information anonymously, but only if he or she is represented by an attorney who is identified to the SEC at the time of the initial submission and who certifies that he or she has verified the whistleblower’s identity. The whistleblower, however, would have to disclose his or her identity before the SEC could pay out any award.
- The SEC will not reveal the whistleblower’s identity, or disclose other information reasonably expected to reveal his or her identity, except under limited circumstances — for example, when such disclosure is required to a defendant or respondent in a SEC-initiated federal court or administrative action.
- The SEC may share information with other domestic and foreign regulatory and law enforcement agencies, but domestic agencies are required to maintain the information as confidential, and foreign agencies must provide the SEC with appropriate assurances of confidentiality.
- No Impediments Against Whistleblower Communications With the SEC.
- The Proposed Rules prohibit any person from taking any action to impede a whistleblower from communicating directly with SEC staff about a potential violation. This prohibition includes attempting or threatening to enforce a confidentiality agreement against the whistleblower, unless the confidentiality agreement deals with information covered under exceptions for the attorney-client privilege or legal representation.
- Aiming to ensure unobstructed communication between the Commission and the whistleblower, the Proposed Rules authorize SEC staff to communicate directly with the whistleblower, without first seeking the consent of company counsel. This rule would apply even to communications with high ranking directors and officers, to whom company counsel’s representation ordinarily would attach to preclude direct contact by outside counsel.
- Gains From One’s Own Misconduct?
- The Proposed Rules do not categorically prohibit wrongdoers from being rewarded as whistleblowers. To prevent wrongdoers from financially benefiting from their own misconduct, however, the Proposed Rules restrict how much of a sanction the SEC may consider as the basis for the whistleblower’s bounty. Specifically, the Proposed Rules prohibit the SEC from counting any monetary sanctions imposed against the whistleblower or against an entity for liability based substantially on conduct directed, planned or initiated by the whistleblower.
- As a result of these limits on conduct that can be considered in establishing the qualifying sanction amount, culpable individuals have an incentive to blow the whistle on others who engage in the misconduct alongside the whistleblower, although the whistleblower likely will do so only if he or she believes that the conduct attributable exclusively to others will sustain a hefty monetary sanction. The SEC is soliciting comments on whether to expressly limit the category of whistleblowers to only those individuals who provide information about another person’s potential violations.
- No Amnesty for Culpable Whistleblowers.
- In addition to precluding recovery from a whistleblower’s own misconduct, the Proposed Rules would clarify that whistleblowers who participated in the alleged wrongful conduct are not immune from prosecution or enforcement actions. Yet, under existing policy, the SEC retains discretion to determine whether, by how much, and in what manner to credit the whistleblower’s cooperation.
STEPS COMPANIES SHOULD CONSIDER TO MINIMIZE THE IMPACT OF THE NEW WHISTLEBLOWER LAW AND REGULATIONS
Experience with other statutes, such as the False Claims Act, shows that whistleblowers are often employees who first raised concerns internally and felt that their concerns were not adequately addressed by their corporate employer.
To minimize the risks presented by the Dodd-Frank whistleblower provisions, companies should consider doing more to ensure that their compliance systems are robust and state-of-the-art, and to demonstrate prompt, sincere attention to employee concerns. Companies should review their compliance and ethics programs to ensure that these programs allow them to identify, investigate, and handle potential misconduct quickly and effectively. Companies also should reinforce to their managers the importance of taking concerns seriously and respectfully. Our clients should consider the following specific steps, among others:
- Re-emphasize Culture of Compliance: Company management should regularly communicate the importance of compliance, and ensure that employees receive periodic training on compliance issues. Companies might consider incentivizing internal reporting and ethical decision-making.
- Hotline: Companies should examine Hotline procedures to ensure that employee concerns are adequately addressed in a timely and effective manner that consistently conveys that concerns are being taken seriously.
- Renewed Management Training, Especially Senior Management: Companies should emphasize education and training of management on recognition of whistleblower complaints, procedures to respond to complaints, and non-retaliation policies.
- Regular Compliance Audits and Risk Assessments: Companies should examine Hotline reports and other sources in developing and updating their compliance programs. Regular compliance audits and risk assessments should be conducted to detect potential risks and offenses.