The Securities and Exchange Commission adopted on May 25, 2011, final rules to implement the Section 21F of the Securities Exchange Act of 1934 entitled “Securities Whistleblower Incentives and Protection.” The new rules have significant implications for public companies and securities industry businesses.

First, under Section 21F of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), and the whistleblower rules adopted by the SEC, individuals who report evidence of securities law violations to the SEC and other agencies will be rewarded with potentially large cash bounties if the information leads to successful enforcement actions. As a result of the financial incentives, employees of public companies may be motivated to report suspected problems outside of a company’s internal compliance and reporting systems. Second, Section 21F and the new rules provide protections for whistleblowers as well as increased liability for companies based on allegations of impeding or retaliating against whistleblowers.  

This article outlines many of the key provisions of the SEC’s whistleblower rules and highlights several considerations for companies that may minimize the impact of these changes.

Bounty Payments

Prior to the passage of Dodd-Frank, the SEC had the ability to provide bounties to informants who provided information regarding insider trading violations under certain circumstances. Under the new Section 21F, the bounty provisions are significantly broader, encompassing any possible securities law violation, and the SEC is required to pay awards to whistleblowers who meet the established criteria. Further, the amount of a whistleblower recovery is significantly larger than that previously available – the award will be between ten and 30 percent of the total money sanctions, including penalties, disgorgement and interest, collected in enforcement actions where the sanctions exceed $1 million.

To qualify as a whistleblower and be eligible for the bounty payment, an individual (entities cannot qualify as whistleblowers) must: (1) voluntarily provide, (2) original information not previously know to the SEC, (3) that significantly contributes to a successful enforcement action (4) resulting in monetary sanctions totaling more than $1 million. The SEC’s rules clarify each of these requirements and exclude certain categories of individuals from claiming a whistleblower bounty. Specifically:

  1. To be considered voluntary, the whistleblower’s complaint must be made prior to the receipt of any request from the government including not only a request or subpoena from the SEC in an investigation or examination but also a request or demand in connection with an inspection, examination or investigation by a self-regulatory organization (“SRO”), the Public Company Accounting Oversight Board (“PCAOB”), any federal government authority, state securities regulator, or state Attorney General’s office. However, if the whistleblower reports information that is unrelated to the subject matter of the government’s request describing a different possible violation, the whistleblower can be eligible for a reward.
  2. The whistleblower’s information must be “original” and derived from independent knowledge or independent analysis. The SEC defines independent knowledge as factual information that is not derived from publicly available sources or from allegations made by someone else in a government report, judicial or administrative hearing or the news media but, rather, was obtained from a person’s own experiences, observations and communications. Information derived from publicly available sources may qualify, however, as independent analysis if the whistleblower adds evaluation, assessment and insight that causes the SEC staff to open an investigation or significantly contributes to a successful enforcement action.
  3. Both Dodd-Frank and the SEC rules exclude attorneys and auditors from qualifying for whistleblower awards. The SEC states that it will not generally consider information obtained through attorney-client privileged communications or through the performance of an engagement by an independent public accountant required by the securities laws. Further, certain individuals with responsibility for compliance, audit, supervisory, or governance responsibilities within a company are excluded if they learned the information in connection with the company’s processes for identifying, reporting and addressing non-compliance. Individuals who obtain information by any manner that violates state or federal criminal law are also excluded from claiming that they are entitled to a bounty.
  4. For determining whether a whistleblower’s information resulted in $1 million or more in monetary sanctions, the SEC’s rules make clear that the amount can be based on the aggregation of two or more actions, including both judicial and administrative proceedings, arising from the same set of operative facts. Additionally, the SEC will pay an award based on amounts collected in other related actions including those by the Attorney General of the United states, an appropriate SRO or a state attorney general in a criminal case.

Whistleblowers can include those who are participants in the misconduct unless they are convicted of a criminal violation in connection with that conduct. The SEC’s new rules do not give whistleblowers amnesty but the cooperation will be taken into account by the SEC in fashioning relief to be ordered. Additionally, the bounty to be paid to any “culpable whistleblower” will be based only upon the misconduct by and monetary sanctions imposed against others. The SEC noted that this has long been recognized as an effective way to bring about justice – “use a rogue to catch a rogue.”

Reporting through Internal Compliance Programs

The SEC’s final rules do not require that a whistleblower utilize the company’s available internal compliance and reporting program prior to submission of a complaint to the SEC. Dozens of comment letters to the SEC’s proposed rules last fall pointed out that any rule which did not require a whistleblower to follow a company’s internal compliance programs would undermine those programs and defeat the systems that companies established to comply with Sarbanes-Oxley since 2002. The SEC’s adopting release for the rules notes that the strong interest in receiving high quality information about misconduct quickly outweighs the interests of the impacted companies.

The new rules allow a whistleblower to raise their concerns internally through a company’s compliance program and preserve their rights under the SEC’s whistleblower program. The rules provide that a whistleblower who first reports to an entity’s internal compliance, whistleblower, or legal program (or to another federal agency, Congress, an SRO or the PCAOB) will have 120 days to report to the SEC and be eligible for a “lookback” to qualify for the whistleblower bounty. The whistleblower will be deemed, for purposes of claiming the bounty, to have reported as of the date of the original disclosure to the other agency or the company.

Moreover, the SEC sought to respond to concerns that compliance programs could be undermined by providing two incentives to a whistleblower who reports internally. First, a whistleblower’s use of internal reporting systems is a positive factor to be considered in determining the amount of any award within the flexible 10 to 30 percent range available to the Commission. On the other hand, the SEC will consider any interference with an internal compliance or reporting program to be a negative factor which would reduce the amount of any whistleblower award. Second, if a whistleblower reports information through his company’s compliance system before or at the same time as the whistleblower provides the information to the SEC, and the company provides the SEC with the information or the results of any internal investigation initiated in response to the whistleblower, that whistleblower is credited with all of the information provided by the employer for determining whether the information leads to a successful enforcement action.

The SEC’s adopting release for the whistleblower rules states that, in appropriate cases, consistent with the public interest and obligations to preserve the confidentiality of a whistleblower, the SEC staff will, upon receiving a whistleblower complaint, contact a company, describe the nature of the allegations, and give the company an opportunity to investigate the matter and report back.

Protection from Retaliation

A whistleblower who provides the SEC with information is protected from retaliation. All that is required for such protection is that the whistleblower have a “reasonable belief” that the information relates to a possible violation of the securities laws that has occurred, is ongoing, or is about to occur. The anti-retaliation protections apply whether or not the whistleblower satisfies the conditions for an award and whether or not the SEC brings a successful enforcement action.

In the adopting release for the whistleblower rules, the SEC points out that under Section 29(a) of the Exchange Act, a company cannot ask an employee to waive their anti-retaliation rights. An individual who alleges retaliation can bring an action directly in federal district court and is entitled to relief including reinstatement at the same level of seniority, two times the back pay owed, with interest, and compensation for litigation costs including attorneys’ fees.  

Company Liability for Impeding Whistleblowing

The SEC’s rules prohibit any person from taking action to impede an individual from communicating with the SEC about a possible securities law violation. The SEC specifically identifies actions that may impede whistleblowing to include enforcing or threatening to enforce a confidentiality agreement. Under the rules, the prohibitions against impeding whistleblower communications or taking retaliatory action against a whistleblower may be enforced by the SEC in a judicial action or administrative proceeding.

The SEC has enacted a rule allowing the SEC staff to communicate directly with whistleblowers who are officers, directors, or employees of an entity that is represented by counsel where the individual has initiated communication with the SEC related to a possible violation. Thus, a company’s counsel will not be informed of, or be permitted to participate in, SEC contacts with whistleblowers regardless or their position with the company. Indeed, this provision creates a concern that a whistleblower may provide information that is covered by protections such as the attorney-client privilege or work-product doctrine.

Next Steps and Managing Whistleblower Risks

According to remarks by SEC Chairman Mary Schapiro, since the passage of Dodd-Frank, the SEC has seen an increase in the number and quality of complaints under the whistleblower program. The passage of final rules by the SEC may further increase complaints and will certainly provide challenges to companies and their internal compliance programs. In response, companies should consider education and training on internal reporting and the whistleblower rules. Among steps to be considered are:

  • Training, particularly of supervisors and management officials, regarding actions that may be perceived as impeding or retaliating against whistleblowers;
  • Revisiting confidentiality agreements, including severance agreements, to prevent any company action that impedes whistleblowing;
  • Test and, if weaknesses are found, strengthen internal compliance and reporting systems;
  • Prepare for and outline likely responsive actions to whistleblower complaints and SEC calls in which expedited responses, often within 120 days, are required;
  • Education and training on the company’s commitment to internal compliance, the available reporting procedures for misconduct; and
  • Education and training regarding the benefits of internal reporting, not just to the company’s ability to improve, but also to individual whistleblowers who may get an increased award from the incentives established.

The SEC rules become effective in August 2011.