The recent payment of $50 million to a pair of whistleblowers should serve as a wake-up call to companies that the SEC's Whistleblower Program is alive and well. Cadwalader attorneys provide five key compliance steps to help companies respond to whistleblowers and minimize their associated risks.
No magic policy or state-of-the-art compliance system will fully prevent federal enforcement actions, but companies can take measures to help minimize risk and promote a healthy relationship among companies, whistleblowers, and Securities and Exchange Commission regulators.
Securities law violations can be costly for companies in numerous ways, but in recent years they also have been particularly lucrative for whistleblowers. The SEC Whistleblower Program, launched at the start of the decade, created potential financial windfalls for employees who report potential securities violations to SEC regulators that lead to successful enforcement actions.
The increasing use of the SEC's Whistleblower Program raises a host of questions about how companies should respond to whistleblowers and minimize their associated risks.
The stakes reached new heights this year, when the SEC announced a groundbreaking $50 million payment to a pair of whistleblowers who provided the SEC with information that helped secure a 2015 settlement from JPMorgan Chase & Co. Under the terms of the agreement, JPMorgan paid regulators $300 million to resolve allegations that the bank failed to disclose conflicts of interest in its wealth management divisions.
SEC enforcement actions against large financial institutions are
nothing new, but payments of this magnitude directly from
regulators to witnesses is a new chapter in securities law
Federal Statutes and Whistleblower Protections
The federal government administers whistleblower protections under two statutes: the Sarbanes-Oxley Act of 2002 and the Dodd-Frank Act of 2010. Congress passed both laws in the wake of intense political pressure following market tumults—Sarbanes-Oxley after the Enron and WorldCom scandals, and Dodd-Frank after the financial crisis. This article focuses on the newer Dodd-Frank regime, but our principles are broadly transferable to whistleblower situations governed by either statute.
Both statutes contain provisions protecting whistleblowers from retaliation. Whereas Sarbanes-Oxley bars retaliation against internal whistleblowers (that is, employees who report misconduct to superiors within the company), Dodd-Frank protects whistleblowers who provide information to the SEC.
The U.S. Supreme Court formally recognized the SEC reporting
requirement in Digital Realty Trust Inc. v. Somers, a
unanimous 2018 opinion finding that Dodd-Frank whistleblower
provisions extend only to employees who provide information to the
SEC. The decision invalidated an SEC rule encompassing internal
whistleblowers within the statute's anti-retaliation
protections and resolved a circuit split on the issue.
Dodd-Frank and New SEC Incentives for Whistleblowers
Under Dodd-Frank, the SEC offered financial incentives to whistleblowers who provide information about possible violations of federal securities laws. Eligible whistleblowers can qualify for an award of between 10% and 30% of the monetary sanctions collected by the SEC if their original information leads to a successful enforcement action and penalties are more than $1 million.
Additionally, the SEC implemented Regulation 21F to enhance protections against retaliation for whistleblowers who report new information about possible securities violations to the SEC. The law bolstered enforcement of these provisions by creating a private cause of action, allowing whistleblowers to litigate retaliation claims in federal court.
As of June, the SEC has awarded $384 million to 64 individuals
since the start of the program, including $168 million in fiscal
year 2018. Such unprecedented financial incentives encourage
whistleblowers to provide the SEC with information, often bypassing
internal reporting mechanisms.
Moreover, courts continue to protect whistleblowers against retaliation, including in a case in February 2019 where the Ninth Circuit upheld a jury verdict awarding $8 million in compensatory and punitive damages to a company's former general counsel who claimed he was fired for reporting compliance violations.
Companies therefore need to understand how to minimize risk and promote best practices to insulate themselves against potential liability.
1. Don't Retaliate or Cut Off Contact With the Whistleblower
First and foremost, companies should never retaliate against whistleblowers for raising concerns to the company or to regulators. That rule is not limited to firing a whistleblower, but also includes qualitative changes in the whistleblower's employment, such as decreased responsibilities, exclusion from meetings or transfer to a new office or department. Retaliation is not only a problem for culture and ethics, but it can also be a costly mistake triggering litigation.
Whistleblowers are resources to be heard, not contagions to be quarantined. Positive contact with the whistleblower can support them while alerting the company to potential risks. Through this communication, companies can learn whether anyone in the company has discouraged the whistleblower or threatened retaliation and take appropriate remedial action.
Conversely, company employees should not ask whistleblowers whether they have reported to the SEC or other outside regulators.
2. Encourage Internal Reporting
Corporations need to know more about their internal affairs than the SEC. Regulators expect that companies will support and facilitate whistleblowers, and companies can demonstrate good faith compliance efforts by encouraging employees to report potential bad acts. Companies need to establish hotlines and processes for reporting tips anonymously. Regardless of the specific reporting mechanism, any internal reporting system should maintain the whistleblower's confidentiality to protect against potential retaliation.
3. Get Ahead of the Investigation
A company should not be a passive spectator to an SEC whistleblower investigation. They must collaborate with counsel to gather all facts relevant to the whistleblower's allegations, and consider proactively disclosing information to the SEC. Even if the government already has the relevant information, a forthcoming approach to regulators could foster a more cooperative relationship and pay dividends in any final settlement or enforcement action.
4. Keep a Paper Record
Every conversation, process, and response to whistleblowers should be credibly documented and preserved. Entities sophisticated enough to file SEC reports are sophisticated enough to avoid relying on verbal accounts and faulty memories to determine how the company responded to whistleblowers.
Instead of relying on informal conversations, companies should record notes of all conversations with a whistleblower, and consider having a human resources representative present for the discussion. Similarly, they should use memoranda or emails to document all steps the company takes in response to a whistleblower's allegations. In the event of agency enforcement action or litigation, these records can prove critical.
5. Remember: The Task is Never Over
Companies cannot afford to forget these best compliance practices when they do not face an imminent whistleblower allegation. Compliance policies and procedures, including rules for addressing whistleblowers, warrant regular review and evaluation.
An independent third party can offer a valuable outside perspective in periodic audits of company policy, ideally every few years.
Companies also should collaborate with counsel to monitor developments in the law, which can change significantly, as the Supreme Court demonstrated in last year's Digital Realtydecision.
This column does not necessarily reflect the opinion of The
Bureau of National Affairs, Inc. or its owners.
Originally Publish by bloomberglaw.com
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.