Section 806 of the Sarbanes-Oxley Act of 2002 (“SOX”) protects employees of public companies who “blow the whistle” by reporting conduct that they reasonably believe constitutes a violation of federal law relating to financial, securities or shareholder fraud. Section 922 of the Dodd- Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), which was enacted in 2010, requires the Securities and Exchange Commission (“SEC”) to establish a new whistleblower program that will pay awards to whistleblowers who provide the SEC with information about violations of securities laws that lead to a successful enforcement action resulting in monetary sanctions exceeding $1 million. Section 922 of the Dodd-Frank Act also provides protection to whistleblowers by prohibiting retaliation by employers against individuals who provide to the SEC information regarding potential securities violations. The anti-retaliation protections authorize civil causes of action to address adverse employment actions taken against a whistleblower employee because that employee made a report to the SEC.

During OSHA’s investigation of the complaint, once the complainant demonstrates by a “preponderance of the evidence” that protected activity resulted in an adverse action, the burden of proof shifts to the respondentemployer. To avoid liability, the employer must prove by “clear and convincing evidence” (a heavier burden) that it would have made the same decision absent the protected activity.

We summarize below key provisions of regulations issued by the Department of Labor (“DOL”) and address recent decisions concerning SOX.

New Rules under SOX

Sections 922 and 929A of the Dodd-Frank Act amended SOX in 2010 by adding provisions that extended the statute of limitations for filing a complaint with the DOL’s Occupational Safety and Health Administration (“OSHA”) from 90 to 180 days, clarified that employees who bring claims under SOX have a right to a jury trial, prohibited the waiver of any rights or remedies provided for whistleblowers under SOX, and invalidated predispute arbitration agreements with regard to SOX claims. In addition, the Dodd-Frank Act expanded SOX coverage to include employees of “nationally recognized statistical rating organization[s]” as well as employees of subsidiaries or affiliates of publicly traded companies where that subsidiary’s financial information is included in the consolidated financial statements of the company.

OSHA’s revised interim final regulations under SOX include the following new provisions:

  • Aggrieved employees will have 180 days to file a complaint with OSHA, an increase over the 90-day filing period previously provided under SOX. The new rule also provides that SOX complaints can be made orally or in writing, in any language, and (with the employee’s consent) may be filed by any person on the employee’s behalf. Previously, complaints had to be submitted in writing.
  • During OSHA’s investigation of the complaint, once the complainant demonstrates by a “preponderance of the evidence” that protected activity resulted in an adverse action, the burden of proof shifts to the respondentemployer. To avoid liability, the employer must prove by “clear and convincing evidence” (a heavier burden) that it would have made the same decision absent the protected activity. OSHA must dismiss a whistleblower claim under SOX if either: (1) the complainant fails to demonstrate that the protected activity was a contributing factor in the adverse action; or (2) the employer rebuts the complainant’s proof by providing clear and convincing evidence that it would have taken the same adverse action absent the protected activity.
  • The prior SOX regulations provided that reinstatement would not be ordered where the respondent establishes that the complainant is a security risk. The new regulations removed that provision based on OSHA’s belief that the determination of whether reinstatement is appropriate should be based on the facts of each case and relevant case law. OSHA has commented that, where appropriate, the agency may order “economic reinstatement” instead of preliminary reinstatement, meaning that the complainant receives the same pay and benefits as before termination, without actually returning to work.

Protected Activity under SOX

Section 806 of SOX prohibits retaliation against an employee who reports any conduct the employee “reasonably believes constitutes a violation” of (1) federal criminal law provisions prohibiting mail, wire or bank fraud; (2) any rule or regulation of the Securities and Exchange Commission; or (3) any provision of federal law relating to fraud against shareholders. 18 U.S.C. § 1514A(a)(1). To qualify as having engaged in “protected activity” under SOX, a whistleblower must establish by a preponderance of the evidence that he or she had a reasonable belief that the acts complained of violated the laws specified in SOX.

In Wiest v. Lynch, 2011 WL 5572608 (E.D. Pa. Nov. 16, 2011), a federal court rejected a SOX claim made by a former employee of Tyco Electronics Corporation, holding that the plaintiff failed to establish that he held an objectively reasonable belief that the complained of conduct constituted shareholder fraud or a violation of one of the statutes or rules enumerated by SOX. The plaintiff relied on the DOL Arbitration Review Board’s (“ARB”) decision in Sylvester v. Parexel Int’l LLC, DOL ARB No. 07-123 (May 25, 2011), which rejected the evidentiary standard requiring that complainants “definitively and specifically” describe a violation of one or more of the laws enumerated in SOX. Instead, the Sylvester decision ruled that SOX protection is available so long as the employee provides information that he or she reasonably believes relates to a violation of one of the laws identified in Section 806 of SOX. In Wiest, the court ruled that the Sylvester decision, an ARB decision, was not binding authority on a federal district court. The court also held that, even if it were binding precedent, the Sylvester case would not change its conclusion that the plaintiff failed in his complaint to plead facts reflecting a reasonable belief that his communications regarding tax treatment of certain company expenses “related — in any way, definitively and specifically, or otherwise — to shareholder fraud of a violation of one of the statutes or rules listed in § 1514A.”

Employee’s Misappropriation of Confidential Company Information May Be Permissible if Done to Assist Authorities and Employer in Detecting Fraud

The ARB decided recently that an employer’s interest in protecting its confidential information did not necessarily trump a SOX claimant’s use of such information in furtherance of enforcement of tax and securities laws. Vannoy v. Celanese Corp., DOL ARB 09-118 (Sept. 28, 2011). After suspecting abuse of company funds, the complainant filed an internal complaint alleging misuse of funds under Celanese’s Business Conduct Policy, as well as a disclosure under the IRS Whistleblower Rewards Program. The complainant attached to the complaint company documents relating to confidential employee information, including 1,600 of Celanese’s employees’ Social Security Numbers, which he had emailed to his personal e-mail account. Celanese terminated him for violation of the company’s confidentiality policy.

Reiterating its holding in Sylvester that an employee need not complain specifically about shareholder fraud to state a claim under SOX, the ARB determined that the complainant had engaged in protected activity. The ARB concluded that his complaints concerning Celanese’s business practices, assertions as to misstated financial records, and shortcomings in the company’s accounting controls supported the reasonableness of his belief that the company was engaging in accounting misconduct in violation of SOX.

The ARB also reversed the determination of the ALJ that reporting to the IRS does not constitute a complaint to “a Federal regulatory or law enforcement agency” as contemplated by 18 U.S.C. § 1514A. The ARB held that such a restriction was contrary to Congressional intent, and that SOX’s whistleblower protection provisions did not limit the agencies to which a complainant can report information.

Finally, the ARB held that whether the complainant’s appropriation of confidential company documents was “protected activity” depended on whether it provided “original information” that Congress intended to protect under the SEC bounty program. Thus, the ARB remanded the case to the ALJ for a hearing on: (1) whether the confidential information taken by the complainant was “original information” that Congress intended to protect under the IRS Whistleblower Program and the Dodd- Frank Act; and (2) whether the manner of the transfer of the information was protected under SOX. The ARB emphasized that the SOX legislative history suggests that Congress intended to protect “lawful acts to disclose information or otherwise assist criminal investigators, federal regulators, Congress, supervisors . . . or parties in a judicial proceeding in detecting and stopping fraud.”

SOX’s Application to Contractors and Subcontractors of Publicly-Held Companies

Liability under SOX may attach not only to a publiclytraded employer but also to agents of such entity. 18 U.S.C. § 1514A(a). In Lawson v. FMR LLC, 2012 WL 335647 (1st Cir. Feb. 3, 2012), two former employees of Fidelity Investments — investment advisors for the Fidelity family of mutual funds — brought claims under SOX. The named defendants were privately-owned organizations that provided management and administrative functions for the operation of the mutual funds, which are publicly-held companies supervised by a board of trustees and without any employees. The court decided that SOX did not apply to the defendants. Noting that the language of Section 806 bars “publicly traded companies . . . or any officer, employee, contractor, subcontractor or agent of such company” from retaliating “against any employee,” the court decided that “employee” means only an employee of the publicly-traded company itself. The Court based its decision on statements of congressional intent in SOX and even the section’s title — “Protection for Employees of Publicly Traded Companies Who Provide Evidence of Fraud.”

Exposure of Whistleblower’s Identity Was “Adverse Action”

The ARB recently held that a former Halliburton employee was subjected to an adverse action under SOX when the company disclosed in emails his identity as the employee who submitted accounting practice complaints to the SEC and an internal audit committee. Menendez v. Halliburton Inc., DOL ARB 09-002, 09-003 (Sept. 13, 2011). Section 301 of SOX requires that audit committees of issuers listed on U.S. exchanges establish procedures for confidential, anonymous submission by employees of concerns regarding questionable accounting or auditing matters. Halliburton’s assistant general counsel forwarded Menendez’s audit committee complaint to Halliburton’s general counsel and its CFO. The CFO then revealed his identity as a whistleblower to, among others, the very subjects of the complaint. The complainant alleged that his co-workers began to avoid him, the company’s auditors refused to interact with him and his responsibilities were reduced, prompting his resignation.

The ARB refused to limit “adverse action” to tangible job consequences, holding that complainant’s right to confidentiality was a “term and condition” of his employment. Rather, it adopted the standard used under Title VII — whether the activity would dissuade a reasonable employee from engaging in protected activity — and held in this case that a reasonable person in the complainant’s position would be deterred from filing a confidential disclosure regarding misconduct if there existed the prospect that his identity would be revealed to the very people implicated in the alleged misconduct.

Extraterritorial Application of Sox

In a recent ruling, the ARB rejected a former employee’s SOX claim on the grounds that SOX does not apply extraterritorially. Villanueva v. Core Labs NV, DOL ARB 09–108 (Dec. 22, 2011). Villanueva involved a non-U.S. citizen working in Bogotá, Colombia for a Colombian company, who alleged that he was denied a raise and fired after he complained about a tax evasion scheme that violated Colombian laws. The complainant named his employer’s parent company, a Netherlands company whose securities are registered under the Securities Exchange Act and are publicly traded on the New York Stock Exchange. The opinion identified the factors that should be assessed in determining whether a complainant’s claim would require extraterritorial application of SOX: the location of the protected activity, the location of the job and the company/employer, the location of the retaliatory act and the nationality of the laws allegedly violated. The ARB based its decision in this case on the facts that the alleged fraud involved two foreign companies and a perceived failure to comply with foreign tax law.