In a 3-2 vote split along party lines, the Securities and Exchange Commission has approved final rules to implement the whistleblower “bounty” provisions mandated by the Dodd-Frank Wall Street Reform and Consumer Protection Act. New Section 21F of the Securities Exchange Act of 1934 (added by the Dodd-Frank Act) directs the SEC to pay awards to whistleblowers who voluntarily provide the SEC with original information about securities law violations that lead to a successful administrative or judicial enforcement action resulting in monetary sanctions exceeding $1 million. New Exchange Act Rules 21F-1 through 21F-17 set forth extensive procedural and substantive requirements that whistleblowers must meet to be eligible for such awards and the criteria that the SEC will consider in determining the amount of an award, which will range from 10 to 30 percent of monetary sanctions collected.
In enacting these final rules, the SEC considered over 1,540 comment letters and attempted to address one of the key concerns expressed – that the rules will encourage whistleblowers to ignore in-house reporting procedures in an effort to be the first in line for the SEC payouts. While the SEC chose not to require that whistleblowers first report violations internally (because, among other things, the SEC felt that such a requirement may have the opposite effect of dissuading potential whistleblowers from reporting violations to the SEC), it did change the proposed rules to further address this concern, including:
- providing that a whistleblower can receive an award for reporting original information to an entity’s internal compliance program, if the entity reports information to the SEC that leads to a successful SEC action. In such a situation, the whistleblower would receive credit for all of the information provided by the entity, possibly leading to a larger award, for instance if the entity generated additional information in its internal investigation;
- extending from 90 days (as had been proposed) to 120 days the time for a whistleblower to report to the SEC after first reporting internally and still be able to “tack on” the earlier reporting date; and
- providing that a whistleblower’s voluntary participation in an entity’s internal compliance program could increase the award and that a whistleblower’s interference with internal compliance could decrease the award.
Further, the SEC reiterated in the adopting release that in appropriate cases (depending on factors including the nature of the alleged conduct, the level at which the conduct allegedly occurred, the entity’s culture relating to corporate governance and the entity’s internal compliance programs), the SEC Staff would upon receiving a whistleblower complaint give the entity an opportunity to investigate the matter and report back.
Under the final rules, whistleblowers would be eligible for awards only when they “voluntarily” provide the SEC with “original information” relating to a possible violation of the federal securities laws, rules or regulations that has occurred, is ongoing or is about to occur and that leads to the successful enforcement by the SEC of a federal court or administrative action in which the SEC obtains monetary sanctions totaling more than $1 million. Whistleblowers may also collect awards based on related actions brought by the U.S. Attorney General, appropriate regulatory authorities (including the Comptroller of the Currency, Federal Reserve, the FDIC and the Office of Thrift Supervision), self-regulatory organizations and state attorneys general in a criminal case so long as the SEC’s criteria for a whistleblower award are met, however, the SEC will not make an award if one has already been granted or denied for the same action by the Commodity Futures Trading Commission. Any individual is eligible to participate in the award program, except for individuals who, among other conditions:
- is or was at the time he or she acquired the information a member, officer or employee of the SEC, the Department of Justice, an appropriate regulatory authority, a self-regulatory organization, the Public Company Accounting Oversight Board or any law enforcement organization;
- is or was at the time he or she acquired the information a member, officer or employee of a foreign government, any political subdivision, department, agency or instrumentality of a foreign government or any other foreign financial regulatory authority as defined in the Exchange Act;
- was convicted of a criminal violation that is related to the action for which he or she otherwise could receive an award;
- obtained the information through an audit of an entity’s financial statements, and making a whistleblower submission would be contrary to Section 10A of the Exchange Act (which includes, among other things, certain reporting requirements in the context of audits performed by registered public accounting firms), unless the information is not excluded from the whistleblower’s use or the whistleblower is providing information about possible violations involving the person involved in the audit;
- is the spouse, parent, child or sibling of, or resides in the same household as, an SEC member or employee; or
- acquired the information from one of the foregoing persons with the intent to evade the foregoing restrictions.
“Original information” as defined in the final rules must, among other conditions, be derived from the whistleblower’s independent knowledge or independent analysis, not already known to the SEC or derived exclusively from a judicial or administrative hearing, in a governmental report, hearing, audit or investigation or from the news media (unless the whistleblower is the source of the information). Information that is based on a whistleblower’s independent analysis may be based on his or her evaluation of publicly available sources so long as the whistleblower reveals information that is not generally known or available to the public.
The SEC will not consider the information to be derived from the whistleblower’s independent knowledge or analysis if he or she obtained the information:
- through a communication that was subject to the attorney-client privilege, unless disclosure of that information would otherwise be permitted by the SEC’s attorney conduct rules, applicable state attorney conduct rules or otherwise;
- in connection with a legal representation by the whistleblower or his or her employer or firm, including in-house attorneys, where the whistleblower seeks to use the information for his or her own benefit under these provisions, unless disclosure of that information is otherwise permitted by the SEC’s attorney conduct rules, applicable state attorney conduct rules or otherwise;
- because the whistleblower was:
- an officer (as defined to include a president, vice president, secretary, treasurer, principal financial officer and any person routinely performing corresponding functions), director, trustee or partner of an entity and another person informed the whistleblower of allegations of misconduct, or the whistleblower learned the information in connection with the entity’s processes for identifying, reporting and addressing possible violations of law;
- an employee whose principal duties involve compliance or internal audit responsibilities, or an employee or otherwise associated with a firm retained to perform compliance or internal audit functions for an entity;
- an employee of or otherwise associated with a firm retained to conduct an inquiry or investigation into possible violations of law; or
- an employee of or otherwise associated with a public accounting firm, if he or she obtained the information through the performance of an engagement required of an independent public accountant under the federal securities laws, and that information related to a violation by the engagement client or the client’s directors, officers or other employees;
unless, the whistleblower has a reasonable basis to believe that disclosure of the information to the SEC is necessary to prevent the entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors or that the relevant entity is engaging in conduct that will impede an investigation of the misconduct; or 120 days has passed since the whistleblower provided the information to the entity’s audit committee, chief legal officer, chief compliance officer (or their equivalents) or his or her supervisor, or since the whistleblower received the information, if he or she received it under circumstances indicating that the entity’s audit committee, chief legal officer, chief compliance officer (or their equivalents) or his or her supervisor was already aware of the information;
- by a means or in a manner that is determined by a U.S. court to violate federal or state criminal law or
- from any person described in the foregoing items, unless the information is not excluded from that person’s use or the whistleblower is providing the SEC with information about possible violations involving that person.
Under the final rules, disclosure of information to the SEC is generally considered “voluntary” only if submitted before the SEC, the PCAOB, any self regulatory organization, Congress, any other federal governmental authority, state attorney general or securities regulatory authority directs a related request, inquiry or demand to the whistleblower or a representative of the whistleblower. Requests directed solely to an employer would not automatically preclude an employee from receiving an award, but the adopting release notes that the employee would not face a “easy path to an award” and that the SEC would scrutinize all attendant circumstances carefully to determine whether the employee’s information meets all of the SEC’s criteria for an award. Further, disclosure of information will not be considered voluntary if the person was required to report the information to the SEC as a result of a pre-existing legal duty, a contractual duty that is owed to any of the foregoing governmental authorities or a duty that arises out of a judicial or administrative order.
The final rules also add factors that the SEC may use in determining the amount of an award. Factors that may increase an award include the significance of the information provided, any assistance provided by the whistleblower, the law enforcement interest related to the information provided and, as mentioned above, whether the whistleblower participated in an entity’s internal compliance systems (including whether the whistleblower reported the possible securities violation through internal procedures before or concurrently with reporting to the SEC and whether the whistleblower assisted any internal investigations concerning the reported securities violation). Factors that may decrease an award include whether the whistleblower was culpable in the securities violations, unreasonably delayed reporting violations or undermined the integrity of an entity’s internal compliance or reporting system.
The final rules further provide that no person may take any action to impede a whistleblower from communicating directly with SEC Staff about a potential securities law violation, including enforcing or threatening to enforce a confidentiality agreement, and include a number of antievasion and anti-fraud provisions. In addition, consistent with the SEC’s general policy and practice to treat all information obtained during its investigations as confidential and nonpublic, the final rules require that the SEC not disclose information that could reasonably be expected to reveal the identity of a whistleblower, except in certain specific circumstances. Whistleblowers may also submit information anonymously to the SEC so long as they are represented by an attorney and follow the procedures set forth in the rules. Whistleblower identities would, however, have to be revealed before the payment of an award.
The true effect of these whistleblower payouts remain to be seen. Regardless of whether this program increases the number of credible tips submitted to the SEC, we encourage companies to take this opportunity to review their compliance programs to ensure their effectiveness. Ineffective compliance programs will not protect companies from whistleblower claims and may serve as evidence of bad faith action on the part of the companies if facts evidence poor behavior. Foreign private issuers and companies with employees offshore will need to consider the implications of these rules in light of local requirements, particularly in the European Union, that place constraints on whistleblower procedures.
The final rules include a self-contained guide (complete with submission forms and in plain English) that details the eligibility, filing and other requirements that must be complied with to perfect a whistleblower claim. We note that whistleblower awards would be available for any information provided to the SEC after the July 21, 2010 enactment date of the Dodd-Frank Act, even with respect to information provided before the adoption of these proposed rules, so long as proper filings are made under the SEC’s final whistleblower rules within 120 days of their effectiveness, or by December 10, 2011. For a copy of the SEC rule release, see http://sec.gov/rules/final/2011/34-64545.pdf.