On May 25, 2011, the Securities and Exchange Commission (the “SEC”) approved final rules implementing the whistleblower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”). Section 922 of the Dodd-Frank Act authorizes the SEC to pay awards to individuals who voluntarily provide original information to the SEC that leads to a successful enforcement action of a securities law violation. The final rules implement the SEC’s whistleblower program and prescribe the eligibility requirements for whistleblowers.
Eligibility for an Award
Under the final rules, a whistleblower is defined as a person who, alone or jointly with others, provides the SEC with information relating to a possible violation of federal securities laws (including any rules or regulation thereunder) that has occurred, is ongoing or is about to occur. To be eligible for an award, a whistleblower must satisfy the following criteria:
- Voluntarily Provide Information. The whistleblower must provide the information to the SEC before any request, inquiry or demand by the SEC, the Public Company Accounting Oversight Board, a self-regulatory organization, Congress, any other authority of the federal government or a state Attorney General or securities regulatory authority.
- Original Information. The information provided must (i) be derived from the whistleblower’s independent knowledge or independent analysis, (ii) not be known to the SEC by any other sources and (iii) must not be exclusively derived from certain public sources, such as government reports, judicial hearings or the news media. Original information generally does not include (i) information obtained by the whistleblower in connection with his or her legal, compliance, audit, supervisory or governance responsibilities if the information was obtained through the company’s internal compliance procedures, (ii) information obtained from attorney-client privileged communications or (iii) information gained from the performance of an engagement by an independent public accountant if that information relates to a violation of securities laws by the client or its directors, officers or employees.
- Successful Enforcement. The information provided by the whistleblower must lead to a successful enforcement by the SEC of a federal court or administrative action or certain related actions. A successful enforcement can arise if (i) the information results in the commencement, opening or reopening of an examination or investigation and the resulting successful action was based in whole or in part on the information or (ii) the conduct is already being investigated, but the information provided significantly contributes to a successful action.
- Monetary Sanctions Exceeding $1 Million. The SEC must obtain monetary sanctions from the successful enforcement of greater than $1 million. The $1 million threshold can be satisfied by aggregating awards from separate proceedings if those proceedings were based on the same nucleus of operative facts. A whistleblower’s award can range from 10% to 30% of the monetary sanctions, depending on a number of factors.
Protection from Retaliation
Under the final rules, a whistleblower is protected from retaliation if he or she has a “reasonable belief” that the information provided relates to a possible securities law violation that has occurred, is ongoing or is about to occur. An employee has a reasonable belief if he or she has “a genuine belief that the information demonstrates a possible violation, and that this belief is one that a similarly situated employee might reasonably possess.” Retaliation may be present where an employer discharges, demotes, suspends, threatens, harasses or discriminates against a whistleblower because he or she provides information to the SEC or otherwise assists any SEC investigation or enforcement action. Retaliation protection applies whether or not the whistleblower ultimately qualifies for an award. In addition, the SEC’s adopting release provides that employers cannot limit or require a waiver of an employee’s right to report possible securities law violations. Retaliation remedies include reinstatement, double back pay and attorneys’ fees in instances of proven retaliation.
No Automatic Disqualification for Misconduct
The final rules do not automatically disqualify a whistleblower who has engaged in fraud or misconduct from receiving an award, even if it is the same fraud or misconduct the whistleblower is reporting. The SEC will, however, consider the degree and nature of the misconduct in determining the award to the whistleblower.
Internal Compliance Procedures
A whistleblower is not required to first report information through the employer’s internal compliance procedures, but the final rules provide whistleblowers with increased awards if they first utilize internal compliance procedures. Under the final rules, whistleblowers have up to 120 days to report a securities law violation to the SEC after they report the violation to their employer. If a whistleblower reports the violation to the SEC within 120 days, he or she will be deemed to have reported the violation to the SEC on the date it was reported internally. If a whistleblower reports information through the employer’s internal compliance systems, and if the company subsequently self-reports to the SEC, the original whistleblower will be credited with the report and any resulting award.
The final rules highlight the importance of having an effective system to discover and timely respond to potential violations of federal securities laws. Companies should promptly review their internal compliance and reporting programs and internal investigations procedures. The availability and quality of these programs and procedures may significantly impact (i) whether a whistleblower brings information regarding a potential violation to the attention of the company or instead approaches the SEC and (ii) whether the SEC decides to initiate an investigation or allow the company to demonstrate that it has addressed the issue such that no SEC investigation or enforcement action is necessary.
In light of the final rules, companies should consider taking the following steps:
- create or strengthen internal initiatives to encourage and reward employees who internally report potential securities laws violations;
- ensure that their internal compliance and reporting mechanisms work as intended and that their compliance departments are equipped to handle a potential increase in tips and complaints;
- review their internal investigation procedures and ensure they have policies in place to promptly investigate complaints, address legitimate complaints and implement remedial action; and
- review their anti-retaliation policies to confirm that they are consistent with the final rules.