On November 3, 2010, the Securities and Exchange Commission (“SEC”) proposed rules1 to implement the controversial whistleblower provisions of the Dodd-Frank financial reform legislation that Congress passed in July.2 Section 922 of the Dodd-Frank Act provides that the SEC “shall” pay between 10% and 30% of any recoveries exceeding $1 million to anyone who voluntarily provides original information to the SEC leading to the successful enforcement of violations of the securities laws.3 The recently announced proposed rules seek to define and implement the statutory terms of the whistleblower provisions, which apply to all securities laws enforced by the SEC, including the Securities Act, the Exchange Act, the Investment Advisers Act, the Investment Company Act, and the Foreign Corrupt Practices Act (“FCPA”). The SEC will accept comments from the public until December 174 and must finalize the rules by April 2011.5
Dodd-Frank Whistleblower Provisions
The Dodd-Frank whistleblower provisions caused an uproar when they were passed. The so-called “bounty provisions” create a financial incentive for corporate employees and others to report almost any conceivable violation of the securities laws to the SEC in the hopes of obtaining a multimillion-dollar award. Indeed, the SEC has estimated that the Dodd-Frank whistleblower provisions will encourage approximately 30,000 official tips, complaints, or referrals each year.6 Perhaps even more significantly, the bounty provisions seem to encourage whistleblowers, who otherwise might have reported their concerns through an internal corporate compliance mechanism, to report directly to the SEC with an expectation of receiving a substantial financial award, rather than use their own company’s process for reporting potential violations.
Accordingly, Dodd-Frank’s bounty provisions threaten to limit dramatically the practical ability of companies to encourage internal reporting of concerns by employees, conduct independent internal investigations, remediate any problems discovered, and, as appropriate, self-disclose their findings to the SEC. Instead, it now appears more likely that companies will only be notified of a potential problem after the SEC finds out about it. Incapable of competing with the prospect of an enormous bounty award, even those companies with robust internal compliance programs now seem destined to face substantially increased scrutiny and costs.
Many commentators also have expressed concern that the Dodd-Frank whistleblower provisions would permit, and perhaps even encourage, wrongdoers to capitalize on their own malfeasance.7 Under the statutory language of Dodd-Frank, culpable whistleblowers would appear to be ineligible for a bounty only if criminally convicted of a violation related to the violation underlying the award.8 So, absent further clarification, Dodd-Frank would permit a culpable whistleblower who avoided a criminal conviction for whatever reason — for example, by a foreign national remaining outside of U.S. jurisdiction or due to technical evidentiary difficulties in proving a criminal offense — to recover a multimillion-dollar bounty award for reporting on his own misconduct, even if ultimately found liable in a civil enforcement action by the SEC.
SEC Proposed Regulations
Some Support for Internal Corporate Compliance Mechanisms
The SEC addressed both of these concerns to some degree in its proposed rules. Constrained to a large extent by statutory language that does not reference the important role played by internal corporate compliance programs, the SEC’s proposed rules attempt to reduce some of the affirmative damage that the Dodd-Frank bounty provisions might cause for such programs. Nevertheless, the proposed rules, as a practical matter, may be insufficient to serve as a counterweight to the financial incentives created by the bounty awards and seem likely to undermine the corporate compliance programs that the SEC has spent years encouraging.
For example, Proposed Rule 21F-4(b)(7) makes clear that a whistleblower may still be deemed to have provided “original information” for purposes of the bounty provisions even if she initially reports her information or analysis through an internal corporate compliance mechanism, and that the date of submission to the SEC will be deemed to be the date of submission to the corporation (so the whistleblower would not lose her place in line for the bounty).9 But the Proposed Rules undermine the incentives for potential whistleblowers to report first to corporate compliance mechanisms. First, in order to be considered “original information” under Proposed Rule 21F-4(b)(7), the whistleblower must still refer the information or analysis to the SEC within 90 days of reporting that information to the company.10 Second, and of greater significance, the Proposed Rules do not require a corporate employee to report any information or analysis to their company’s compliance system, even if that compliance system is reliable and well-established.
In other words, a corporate employee is still eligible to receive a multimillion-dollar bounty of not less than 10% of any recovery by the SEC in excess of $1 million, even if that employee completely bypasses the corporate compliance systems that so many companies have assembled in the wake of the Sarbanes-Oxley Act. Although the SEC has suggested, albeit only in commentary and not in the Proposed Rules themselves, that in deciding whether to grant a bounty in excess of the statutory minimum of 10% the Commission would consider the extent to which the whistleblower reported any potential violations through an effective internal corporate compliance program, the practical impact of this encouragement is questionable. Many potential whistleblowers will be interested primarily in getting into the SEC as quickly as possible, so as to improve their perceived chances of a potentially very large bounty, rather than making a calculated judgment to report first to an internal corporate hotline in the hope of getting an even greater, although ill-defined, percentage of any recovery. Moreover, a whistleblower is eligible for an award even if he or she deliberately violates policies requiring them to notify the company about potential violations. These subjects are likely to be the subject of intense commentary on the Proposed Rules.
Likewise, the SEC has proposed that members of a company’s compliance department, as well as lawyers, auditors, and other compliance professionals, should be ineligible for a whistleblower award if the information they provide to the SEC was provided to them as part of their legal, audit, or compliance function.11 However, the SEC expressly provides that the Proposed Rules would permit a corporate employee to qualify for a whistleblower award even if the sole basis for his proffered information or analysis is derived from conclusions he has drawn from the types of questions he was asked during an interview by counsel in connection with such an internal investigation.12 Consequently, a company could learn about a potential issue, conduct an appropriate investigation, and in doing so cause its employees to race to the SEC to be first in line. Moreover, internal legal, compliance, and audit personnel themselves would be eligible for a whistleblower award if the company does not report the information to the SEC in a reasonable time, or if the company proceeds in bad faith (for example by hindering the preservation of evidence or failing to conduct a timely and effective investigation). These broad exceptions may undercut the effectiveness of the SEC’s attempt to encourage companies to have an effective internal process for reviewing potential violations.
Nevertheless, the SEC has indicated that it still expects companies to conduct their own internal investigations. Indeed, the SEC has noted quite clearly that, as appropriate, it will notify a company when it receives a whistleblower complaint, describe the nature of the allegations, and give the company an opportunity to investigate the matter and report back.13 Given the 30,000 whistleblower complaints a year that the SEC anticipates, the SEC would not seem to have much of a choice. What remains unclear, however, and what may prove to be the single most significant question on most companies’ minds, is the extent to which a company that responds appropriately to an SEC-referred complaint will receive cooperation credit for having done so.14
Limitations on Culpable Whistleblowers
The SEC also has signaled that it does not want to allow culpable whistleblowers to profit from their misdeeds. Thus, the SEC has proposed that a whistleblower’s percentage bounty should not be calculated by including any monetary sanctions that the whistleblower is ordered to pay or that is collected from an entity whose liability is “based substantially on conduct that the whistleblower directed, planned, or initiated.”15 Likewise, the whistleblower’s own culpable conduct would not be included when determining if the SEC’s total recovery meets the $1 million threshold for an award.16 Further, the SEC has asked for comment on whether the term “whistleblower” should be defined to be an individual who provides information about potential violations of securities laws “by another person.”17 In the absence of any express statutory language designed to limit recovery by any culpable individuals other than those who are formally convicted of crimes related to the underlying conduct, however, these efforts to curb recovery by culpable whistleblowers may encounter substantial resistance from lawyers representing whistleblowers.
To deter frivolous or abusive whistleblower tips, the SEC proposes that in order for a tip to be eligible for a bounty award, it must be submitted under penalty of perjury. Also, anonymous whistleblowers may only submit tips if they are represented by counsel, who must certify that they have verified the identity of the whistleblower.
The Dodd-Frank whistleblower provisions may profoundly change the landscape of corporate compliance and securities enforcement. At the outset, the SEC has attempted to address some of the most pressing concerns presented by the statute. Its professed efforts to support internal corporate reporting systems and prevent whistleblowers from profiting from their own misconduct, however, may be limited in light of the enormous financial incentives that the Dodd-Frank Act provides and that companies simply cannot match.
Please direct questions to any of the listed lawyers or to any other Bingham lawyer with whom you ordinarily work on related matters.
Amy Kroll, Partner, Broker-Dealer Group
David Boch, Partner, Broker-Dealer Group
Roger P. Joseph, Practice Group Leader, Investment Management; Co-chair, Financial Services Area
Jeffrey Q. Smith, Practice Group Leader, Financial Institutions Litigation
Tim Burke, Practice Group Leader, Broker-Dealer Group; Co-chair, Financial Services Area