On May 25, 2011, the U.S. Securities and Exchange Commission (SEC or Commission) decided by a 3-2 vote to adopt final rules1 implementing the “Securities Whistleblower Incentives and Protection” provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank or the Act). Despite well-reasoned criticism voiced by both corporate America and the two dissenting Republican Commissioners (Kathleen L. Casey and Troy A. Paredes) that the SEC’s proposed whistleblower rules would eviscerate companies’ internal compliance programs mandated by the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley), the Commission refused to incorporate a requirement that employee-whistleblowers report possible violations of the federal securities laws to their companies before contacting the SEC directly. Instead, the Commission added a few incentives to encourage internal reporting. It also modified the definition of “whistleblower” and the anti-retaliation provisions, in an effort, albeit modest, to deter the submission of frivolous claims.

Below is a brief summary of some of the key differences between the SEC’s final rules and the rules it originally proposed.2

Statutory Context

Dodd-Frank provides powerful financial incentives to employees and other potential whistleblowers to report directly to the SEC suspected violations of the federal securities laws by public companies and/or their subsidiaries. The Act directs the SEC to pay awards, subject to certain limitations and conditions, to any one or more whistleblowers who “voluntarily” provide the SEC with “original information” about a violation of the securities laws that leads to a “successful enforcement” action resulting in monetary sanctions exceeding $1 million. Dodd-Frank further requires that an eligible whistleblower receive an award between 10 percent and 30 percent of the total monetary sanctions imposed in the SEC action or related actions. The Act also protects employee-whistleblowers from retaliation for disclosing such information to the Commission or for making reports required or protected under Sarbanes-Oxley or the Securities Exchange Act of 1934.3

The Final Rules’ Enhanced Incentives to Encourage Internal Reporting

The SEC has incorporated into its final rules the following incentives to encourage employee-whistleblowers to report possible securities law violations to their companies before contacting the SEC:

  • giving whistleblower credit to an employee who reports original information internally if his or her company passes the information along to the SEC – regardless of whether the employee reports the information to the SEC; and attributing to the employee any additional information the company may gather from an internal investigation initiated by the employee’s internal report
  • allowing (but not requiring) the SEC to consider a whistleblower’s participation in (or interference with) a company’s internal compliance system when determining the amount of his or her award, and
  • extending the “look back” time period within which a whistleblower may report a possible securities violation to the SEC after making an internal report and still be treated as though he or she had reported to the SEC as of the earlier date from 90 days to 120 days.

Refined Definition of ‘Whistleblower’

The SEC’s proposed rules defined a “whistleblower” as someone who provides the SEC with information relating to a “potential violation” of the securities laws. In its final rules, the SEC has modified the definition by requiring that the whistleblower provide information about a “possible violation” that “has occurred, is ongoing, or is about to occur.” As explained in the SEC’s May 25 release, a possible violation need not be “material,” “probable,” or even “likely.” Instead, “the information should indicate a facially plausible relationship to some securities law violation – frivolous submissions would not qualify for whistleblower status.”

Addition of ‘Reasonable Belief’ Requirement for Anti-Retaliation Protection

To further deter the submission of frivolous or bad-faith whistleblower reports, the SEC has modified the anti-retaliation protections of its whistleblower program to require that, when an employee provides information to the SEC regarding a possible violation of the securities laws, he or she must possess a “reasonable belief” that the information relates to a possible violation that has occurred, is ongoing, or is about to occur. As explained in the SEC’s commentary, “[t]he ‘reasonable belief’ standard requires that the employee hold a subjectively genuine belief that the information demonstrates a possible violation, and that this belief is one that a similarly situated employee might reasonably possess.”

Expansion of Award Eligibility

By modifying the definitions of “voluntary submission of information” and “independent analysis,” the SEC’s final rules expand the universe of whistleblowers. Under the final rules’ definition of “voluntary submission of information,” a whistleblower can qualify for an award for information he or she provided the SEC even if the government had already begun an investigation and requested the same information from the whistleblower’s employer so long as the government did not request the information directly from the whistleblower or the whistleblower’s personal representative. A whistleblower is also award-eligible under the final rules if the information he or she submitted to the SEC was requested by a state authority so long as the state requestor is not the state attorney general or securities regulator.

Under the final rules’ definition of “independent analysis,” a whistleblower who is an officer, director, auditor, compliance personnel, or person in a similar role is now eligible to receive an award for information he or she provided to the SEC so long as the whistleblower: (a) had a reasonable basis to believe that the disclosure of the information was necessary to prevent the company from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the company or its investors; or (b) had a reasonable basis to believe that the company is engaging in conduct that will impede an investigation of the misconduct; or (c) 120 days have elapsed since the whistleblower provided the information to the company’s audit committee, chief legal officer, chief compliance officer (or their equivalents), or to the whistleblower’s supervisor, or 120 days have elapsed since the whistleblower received the information at a time when the above-listed persons were already aware of the information. Under the proposed rules, people in these roles would not qualify for a whistleblower award unless the company did not disclose the alleged wrongdoing within a reasonable amount of time or proceeded in bad faith.

Companies Must Proactively Manage the Risks Created by the SEC’s Whistleblower Program

Reports from the SEC that it has received a marked increase in both the number and quality of whistleblower tips since Dodd-Frank was signed into law on July 21, 2010 shows that the Act’s whistleblower incentives are having their intended effect. These provisions also have created a business opportunity for plaintiffs’ securities class action and qui tam attorneys, who are aggressively targeting prospective Dodd-Frank whistleblowers with advertisements promising multi-million dollar awards.4 Now that the SEC has issued its final rules, completed its staffing of the Office of the Whistleblower, and confirmed that the Investor Protection Fund has been fully funded, we can expect to see heightened whistleblower activity and SEC investigations in the coming months. Companies cannot afford to take a “wait and see” attitude in response to these developments. Instead, they must proactively (a) strengthen their internal compliance and reporting systems and take other steps to incentivize employees to report possible securities violations internally, and (b) prepare for an increased need to conduct internal investigations and make voluntary reports to the SEC.