Pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act ("Dodd-Frank Act"), the Securities and Exchange Commission ("SEC") has issued final rules implementing the SEC whistleblower program created by the Dodd-Frank Act. The SEC adopted these final rules on May 25, 2011 by a 3-2 vote after having considered more than 1,500 comment letters submitted in response to proposed rules published in November 2010. The final rules will become effective 60 days after the rules are published in the Federal Register.  

SEC Whistleblower Program

The Dodd-Frank Act created a new SEC whistleblower program which provides a significant financial incentive for individuals to report possible violations of federal securities laws by public companies. This provision authorizes the SEC to award "bounties" to any individual who provides original information to the SEC resulting in significant monetary sanctions. In addition, the act created a new cause of action for those employees who are subject to retaliation for having provided the SEC with information about suspected violations.

For more information on the whistleblower provisions of the Dodd-Frank Act, please see an earlier article.

Defining "Whistleblower"

Under the final rules, a "whistleblower" is an individual who provides the SEC with information that relates to a "possible violation" of federal securities law that has occurred, is ongoing, or is about to occur.

In order to be eligible for an award under the program, the whistleblower must voluntarily provide the SEC with "original information" of a possible violation of federal securities law, which information leads to the successful enforcement action by the SEC, resulting in monetary sanctions totaling more than $1 million. Qualified whistleblowers may be eligible for an award of 10-30% of any monetary sanctions resulting from the SEC enforcement action or any related action.

Defining "Original Information"

The final rules clarify what constitutes "original information." To meet this definition, the information submitted must be derived from the individual's independent knowledge or analysis, not already be known to the SEC or another source, not exclusively derived from an allegation made elsewhere, and first provided to the SEC after July 21, 2010.


Under the final rules, certain individuals are generally excluded from the definition of whistleblower, including:

  • Attorneys who obtain the information through a communication subject to the attorney-client communication or in connection with legal representation of a client;
  • Individuals with a pre-existing legal or contractual duty to report their information to the SEC;
  • Officers, directors, trustees, or partners of an entity who are informed by another person f allegations of misconduct, or who learn the information in connection with the entity's processes for identifying, reporting and addressing possible violations of law;
  • An employee whose principal duties involve compliance or internal audit responsibilities;
  • Public accountants who obtain the information through performance of an engagement required of an independent public accountant under federal securities laws; or
  • Individuals who obtain the information in a manner that is determined by a U.S. court to violate applicable federal or criminal state law.  

However, these exclusions will not apply if:

  • The individual has a reasonable basis to believe that disclosure of the information to the SEC is necessary to prevent the relevant entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors;
  • The individual has a reasonable basis to believe that the relevant entity is engaging in conduct that will impede an investigation of the misconduct; or
  • At least 120 days have elapsed since the individual provided the information to the relevant entity's audit committee, chief legal officer, chief compliance officer, or his/her supervisor.  

In addition, certain individuals are disqualified from receiving awards under the Dodd-Frank Act, including law enforcement officials and individuals who are convicted of a criminal violation related to the information. The final rules also provide that any amounts that the whistleblower pays in sanctions will not be included in calculating the whistleblower's award.

Defining "Successful Enforcement"

The final rules clarify what constitutes "successful enforcement." To meet this definition, the information must be sufficiently specific, credible, and timely to cause the commencement of an investigation, the reopening of a closed investigation, or focus of a current investigation to shift toward different conduct, which results in a successful enforcement action by the SEC. With respect to an investigation that is already in process, the information must "significantly contribute" to the success of the enforcement action.

Non-Retaliation Provision

The final rules make clear that the statute's non-retaliation provision applies regardless of whether the whistleblower satisfies the requirements to receive a bounty under the program. This provision protects from retaliation any individual who provides information to the SEC (regardless of whether the individual is employed by a public company), with a reasonable belief that the information relates to a possible securities law violation (regardless of whether the SEC finds there to be a violation). The SEC clarifies in the final rules that individuals employed by a public company who make only an internal report about a potential securities law violation are covered by Sarbanes-Oxley's non-retaliation provision. To satisfy the "reasonable belief" standard, the individual must "hold a subjectively genuine belief that the information demonstrates a possible violation, and that this belief is one that a similarly situated individual might reasonably possess."

Interplay with Internal Compliance Programs

In response to the SEC's proposed rules, many commentators urged the SEC to require that whistleblowers first utilize internal compliance and reporting procedures prior to submitting a report to the SEC. However, the SEC refused to adopt such a requirement in the final rules. The SEC stated that it believed that "whistleblowers are in the best position to assess whether reporting potential securities violations through their companies' internal compliance and reporting systems would be effective."

In order not to penalize those employees who first report potential violations through the companies' internal compliance programs, the SEC created in its proposed rules a 90-day "lookback" period by which an individual could still qualify for a whistleblower award if he/she first reported possible violations to company personnel involved in compliance or similar functions and then within 90 days submitted the same information to the SEC. Under the final rules, the SEC extended this "lookback" period to 120 days so as to permit sufficient time for internal compliance or review programs to conduct a sufficiently through investigation.

In addition, the SEC added provisions to the final rules that are intended to incentivize internal reporting of potential violations of federal securities laws. First, the final rules added a new provision that allows a whistleblower to obtain the same award when he or she reports internally and the company informs the SEC about the violation. Second, the final rules provide that a whistleblower's voluntary participation in a company's internal compliance and reporting program is a factor that can increase the amount of an award. In addition, the final rules expressly provide that a whistleblower's interference with a company's internal compliance and reporting program is a factor that can decrease the amount of the award.


In light of the SEC's rejection of a requirement that whistleblowers first utilize a company's internal compliance and reporting procedures, whistleblowers may choose to circumvent these internal procedures by making a report directly to the SEC. To encourage employees to first utilize internal procedures, publicly held companies should ensure that they have instituted robust internal compliance programs in which company employees would feel confident in reporting potential violations of federal securities law. Companies should have plans in place to determine how any reported violations will be investigated and handled to ensure a prompt and appropriate response. In addition to making clear that employee concerns will be thoroughly investigated and acted upon, companies should also encourage employees to utilize these internal reporting procedures. And regardless of whether employees complain to company officials or the SEC, the company should train managers on the Dodd-Frank and Sarbanes-Oxley whistleblower provisions to ensure that a whistleblower is not retaliated against in any manner because he or she made a complaint.