On June 22, 2011, the Securities and Exchange Commission (SEC) adopted final rules and amendments to implement the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act). As part of the final rules, the SEC also implemented rules designed to incentivize employees to report original information about a violation of the federal securities laws by rewarding them with between 10 and 30 percent of any judgment or combination of related judgments exceeding $1 million. This new regime, which offers potentially huge awards for reporting alleged violations of the securities laws to the SEC without a requirement of first resorting to existing corporate compliance programs, threatens to undermine the role and effectiveness of corporate compliance procedures companies put in place after Sarbanes-Oxley (SOX).

A decision from a March 2009 SOX whistleblower case establishes that SOX whistleblower protection extends to the employees of non-public, wholly owned subsidiaries of publicly traded companies and can, in certain cases, apply to employees who work abroad. See Walters v. Deutsche Bank, et al., 2008-SOX-70 (ALJ Mar. 23, 2009).

To what extent these changes may affect, or even undermine, corporate compliance programs is yet to be seen. But companies are advised to consider taking the following steps to better position themselves when the new whistleblower rules go into effect:

  • Focus on ways to encourage internal reporting. Companies should ensure that effective reporting systems are in place and should emphasize with employees that those who submit information will be protected from retaliation. To make internal reporting easier, consider creating or renovating toll-free hotlines, anonymous e-mail systems or other means of reporting that make the process easy and secure. The fewer the hurdles, the more likely tipsters are to report internally.
  • Pay close attention to the feedback provided under internal reporting systems to employees who have made complaints, both in terms of timeliness and responsiveness. The higher the satisfaction level with the results of an internal report, the less likely an employee is to seek assistance from the SEC or a plaintiff's lawyer.
  • Emphasize a culture of compliance and set the tone from the top.
  • Educate employees on the importance of internal reporting. Employees at all levels should be reminded of the importance of, and resources available for, internal reporting of securities laws violations. Possibilities might include periodic newsletters, presentations and attention paid to the benefits that have resulted from internal reporting.
  • Consider surveying employees on perceptions of effectiveness and usability of internal reporting systems.
  • Review and enhance internal investigation capabilities. An efficient and proven ability to respond to, and investigate, alleged violations will promote a culture in which employees believe their concerns will be addressed. And the added incentives for whistleblowers will increase the number of reports, putting extra pressure on internal compliance programs to respond quickly to employee complaints. Streamlined procedures will be vital.
  • Review form release agreements, exit interview forms and arbitration agreements for employees to ensure compliance with the limitations on confidentiality provisions and effective approaches to the restrictions on waiver and arbitration for Dodd-Frank whistleblower claims.
  • Be sure whistleblower protections in existing documents, such as the company's code of conduct, are written in a sufficiently broad manner to cover the new protections.
  • Determine whether any additional internal control over financial reporting or disclosure controls procedures should be in place that could identify potential issues for correction before they give rise to a whistleblower report, internal or otherwise.