One thing worse than facing an investigation spawned by an employee whistleblower who reported first to the SEC is facing that investigation plus allegations that the company retaliated against the whistleblower.

As we explained in a recent client alert, "Dealing With the SEC’s Focus on Protecting Whistleblowers From Retaliation," under the Dodd-Frank Act employers may not discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against those deemed to be "whistleblowers" because of any lawful act of whistleblowing. The SEC can enforce this anti-retaliation provision by bringing cases in federal court against allegedly retaliating entities and individuals. Moreover, the SEC’s rules provide that no person may take any action to impede a whistleblower from communicating directly with the Commission about a possible securities law violation, including by enforcing or threatening to enforce a confidentiality agreement.1 The head of the SEC’s Office of the Whistleblower, Sean McKessy, has said that his office is looking hard for potential retaliation cases for the Commission to bring, and working with the SEC’s Enforcement staff to routinely collect information about personnel actions taken by companies under investigation against individuals who report information to the SEC.

More recently, The New York Times reported that some companies "require employees to attest annually that they never witnessed any fraud, a certification that could be used to discredit employees who later blew the whistle." The article also reported that a whistleblower-side lawyer "said that he had seen companies subtly insert language into severance agreements that looks innocuous, but that effectively stops the employee from going to the S.E.C. In a few cases, he said, companies have asked departing employees to sign a document certifying that they have told the company about any confidential information the employee has given to outside parties."2

How can companies deal with whistleblower risks while avoiding actions that could be reasonably interpreted by the SEC as attempting to obstruct the SEC’s whistleblower program, or as illegally retaliating against whistleblowers?

While any approach should be tailored to the risks specific to an organization, we suggest the following:

  • First and foremost, publicize your company’s internal mechanism for reporting suspected or actual misconduct confidentially and without fear of retaliation, encourage employees to use the mechanism, and explain the importance of the reporting policy and mechanism to the company’s compliance function.
  • Ask employees periodically and in exit interviews whether they have witnessed any fraud, and document the answers. Do not, however, suggest that answering in the negative is mandatory, and do not threaten or retaliate against an employee merely for failing to answer in the negative. Nor should a company implicitly or explicitly tell an employee that to receive something of value from the company — income, a bonus, a promotion, severance payments, etc. — the employee must certify that they have not witnessed any fraud.
  • Understand that implicitly or explicitly asking current or departing employees to certify that they have told the company about any confidential information they have given to US regulators may not be well received by the government.
  • Consider carefully all the implications of including in your code of conduct or any other corporate policy an explicit requirement that employees report internally before reporting to US regulators. Such a requirement is viewed with disfavor by regulators. A regulatory requirement to that effect was expressly rejected by the SEC when it adopted the whistleblower award rules. It is likely that the SEC would also frown upon an employer’s requirement that an employee report internally, immediately or within a defined period, any information the employee has shared with regulators.
  • Understand that actions which could be viewed as attempting to impede a whistleblower from communicating directly with the SEC about a possible securities law violation, including by enforcing or threatening to enforce a confidentiality agreement, could run afoul of SEC Rule 21F-17(a), or worse could be viewed as obstruction of justice.3
  • Avoid asking or requiring employees to waive or limit their whistleblower anti-retaliation rights.4