Most Read: Contributor United States, July 2020
To print this article, all you need is to be registered or login on

The recent payment of $50 million to a pair of whistleblowers should serve as a wake-up call to companies that the SEC's Whistleblower Program is alive and well. Cadwalader attorneys provide five key compliance steps to help companies respond to whistleblowers and minimize their associated risks.

No magic policy or state-of-the-art compliance system will fully prevent federal enforcement actions, but companies can take measures to help minimize risk and promote a healthy relationship among companies, whistleblowers, and Securities and Exchange Commission regulators.

Securities law violations can be costly for companies in numerous ways, but in recent years they also have been particularly lucrative for whistleblowers. The SEC Whistleblower Program, launched at the start of the decade, created potential financial windfalls for employees who report potential securities violations to SEC regulators that lead to successful enforcement actions.

The increasing use of the SEC's Whistleblower Program raises a host of questions about how companies should respond to whistleblowers and minimize their associated risks.

The stakes reached new heights this year, when the SEC announced a groundbreaking $50 million payment to a pair of whistleblowers who provided the SEC with information that helped secure a 2015 settlement from JPMorgan Chase & Co. Under the terms of the agreement, JPMorgan paid regulators $300 million to resolve allegations that the bank failed to disclose conflicts of interest in its wealth management divisions.

SEC enforcement actions against large financial institutions are nothing new, but payments of this magnitude directly from regulators to witnesses is a new chapter in securities law enforcement.

Federal Statutes and Whistleblower Protections

The federal government administers whistleblower protections under two statutes: the Sarbanes-Oxley Act of 2002 and the Dodd-Frank Act of 2010. Congress passed both laws in the wake of intense political pressure following market tumults—Sarbanes-Oxley after the Enron and WorldCom scandals, and Dodd-Frank after the financial crisis. This article focuses on the newer Dodd-Frank regime, but our principles are broadly transferable to whistleblower situations governed by either statute.

Both statutes contain provisions protecting whistleblowers from retaliation. Whereas Sarbanes-Oxley bars retaliation against internal whistleblowers (that is, employees who report misconduct to superiors within the company), Dodd-Frank protects whistleblowers who provide information to the SEC.

The U.S. Supreme Court formally recognized the SEC reporting requirement in Digital Realty Trust Inc. v. Somers, a unanimous 2018 opinion finding that Dodd-Frank whistleblower provisions extend only to employees who provide information to the SEC. The decision invalidated an SEC rule encompassing internal whistleblowers within the statute's anti-retaliation protections and resolved a circuit split on the issue.

Dodd-Frank and New SEC Incentives for Whistleblowers

Under Dodd-Frank, the SEC offered financial incentives to whistleblowers who provide information about possible violations of federal securities laws. Eligible whistleblowers can qualify for an award of between 10% and 30% of the monetary sanctions collected by the SEC if their original information leads to a successful enforcement action and penalties are more than $1 million.

Additionally, the SEC implemented Regulation 21F to enhance protections against retaliation for whistleblowers who report new information about possible securities violations to the SEC. The law bolstered enforcement of these provisions by creating a private cause of action, allowing whistleblowers to litigate retaliation claims in federal court.

As of June, the SEC has awarded $384 million to 64 individuals since the start of the program, including $168 million in fiscal year 2018. Such unprecedented financial incentives encourage whistleblowers to provide the SEC with information, often bypassing internal reporting mechanisms.

Moreover, courts continue to protect whistleblowers against retaliation, including in a case in February 2019 where the Ninth Circuit upheld a jury verdict awarding $8 million in compensatory and punitive damages to a company's former general counsel who claimed he was fired for reporting compliance violations.

Companies therefore need to understand how to minimize risk and promote best practices to insulate themselves against potential liability.

1. Don't Retaliate or Cut Off Contact With the Whistleblower

First and foremost, companies should never retaliate against whistleblowers for raising concerns to the company or to regulators. That rule is not limited to firing a whistleblower, but also includes qualitative changes in the whistleblower's employment, such as decreased responsibilities, exclusion from meetings or transfer to a new office or department. Retaliation is not only a problem for culture and ethics, but it can also be a costly mistake triggering litigation.

Whistleblowers are resources to be heard, not contagions to be quarantined. Positive contact with the whistleblower can support them while alerting the company to potential risks. Through this communication, companies can learn whether anyone in the company has discouraged the whistleblower or threatened retaliation and take appropriate remedial action.

Conversely, company employees should not ask whistleblowers whether they have reported to the SEC or other outside regulators.

2. Encourage Internal Reporting

Corporations need to know more about their internal affairs than the SEC. Regulators expect that companies will support and facilitate whistleblowers, and companies can demonstrate good faith compliance efforts by encouraging employees to report potential bad acts. Companies need to establish hotlines and processes for reporting tips anonymously. Regardless of the specific reporting mechanism, any internal reporting system should maintain the whistleblower's confidentiality to protect against potential retaliation.

3. Get Ahead of the Investigation

A company should not be a passive spectator to an SEC whistleblower investigation. They must collaborate with counsel to gather all facts relevant to the whistleblower's allegations, and consider proactively disclosing information to the SEC. Even if the government already has the relevant information, a forthcoming approach to regulators could foster a more cooperative relationship and pay dividends in any final settlement or enforcement action.

4. Keep a Paper Record

Every conversation, process, and response to whistleblowers should be credibly documented and preserved. Entities sophisticated enough to file SEC reports are sophisticated enough to avoid relying on verbal accounts and faulty memories to determine how the company responded to whistleblowers.

Instead of relying on informal conversations, companies should record notes of all conversations with a whistleblower, and consider having a human resources representative present for the discussion. Similarly, they should use memoranda or emails to document all steps the company takes in response to a whistleblower's allegations. In the event of agency enforcement action or litigation, these records can prove critical.

5. Remember: The Task is Never Over

Companies cannot afford to forget these best compliance practices when they do not face an imminent whistleblower allegation. Compliance policies and procedures, including rules for addressing whistleblowers, warrant regular review and evaluation.

An independent third party can offer a valuable outside perspective in periodic audits of company policy, ideally every few years.

Companies also should collaborate with counsel to monitor developments in the law, which can change significantly, as the Supreme Court demonstrated in last year's Digital Realtydecision.

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Originally Publish by

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Kyle DeYoung
Cadwalader, Wickersham & Taft LLP
Lex Urban
Cadwalader, Wickersham & Taft LLP
William Simpson
Cadwalader, Wickersham & Taft LLP
POPULAR ARTICLES ON: Corporate/Commercial Law from United States
Running An Effective Board Of Directors
L2 Counsel
Companies usually run informally at the pre-seed and seed-stage, without formal meetings of the board of directors.
9 Considerations For An Effective Board Meeting
L2 Counsel
As your company grows and has completed its first venture capital fundraising round, it is customary to include one or more outside investors on your board of directors.
Convertible Notes And SAFEs — The Least You Should Know!
L2 Counsel
As most startups know, there can be substantial challenges when it comes to raising cash. There are also choices to be made when it comes to a seed investment and much to...
Does A Startup Company Need A Lawyer? (Video)
L2 Counsel
Influential founders start out strong, quickly making things happen, which means it's quite common to ignore some legal components when first beginning a brand-new business.
DOJ And FTC Release Final Version Of Vertical Merger Guidelines
Jones Day
The U.S. Department of Justice ("DOJ") and a divided Federal Trade Commission ("FTC") released the final version of their Vertical Merger Guidelines, the first...
U.S. Government Warns Companies Of Legal Risk For Paying Ransom To Cybercriminals
Wilson Elser Moskowitz Edelman & Dicker LLP
The unprecedented rise of ransomware attacks has placed enormous strain on businesses and organizations that are already reeling from the devastating financial impact of the global COVID-19 pandemic.
FREE News Alerts
Sign Up for our free News Alerts - All the latest articles on your chosen topics condensed into a free bi-weekly email.
Upcoming Events
Mondaq Social Media