Dodd-Frank
and the New Enforcement
Environment
By Monica Palko and Jordan Eth
Earlier this year, the Securities and Exchange Commission
(SEC) held its annual SEC Speaks conference in Washington,
DC. Chairman Mary Schapiro, the commissioners, and the
heads of the various divisions summarized last year’s activities
and accomplishments, and announced this year’s priorities
and initiatives. Much of the discussion focused on the effect of
the reforms and programs mandated by the Dodd-Frank Wall
Street Reform and Consumer Protection Act (Dodd-Frank or
the Act), enacted in July 2010.1 While Director of the Division
of Enforcement Robert Khuzami noted that maintaining
Dodd-Frank’s regulatory accomplishments is a “significant
challenge” given the SEC’s stressed resources, the agency
remains committed to aggressively pursuing enforcement
matters and incorporating the authority and tools created by
Dodd-Frank. Among the many provisions in the Act with broad
implications for the SEC are those regarding the extraterritorial
application of US securities laws in enforcement actions, and
those creating new whistleblower incentives and protections
designed to encourage whistleblowers to report violations of
the securities laws to the SEC.
ACC Docket 113 June 2011
within the United States directly caused [purIn November 2010, the SEC released and
chasers’] losses.” The Court instead adopted
sought comment on proposed Regulation
a bright-line “transactional test” to determine
21F (the proposed rules), which implements
whether claims based on a foreign transacthe whistleblower provisions of Dodd-Frank.
Monica Palko is vice president,
tion could be litigated under the securities
The proposed rules attempt to balance three
corporate responsibility and
counsel for ITT Defense &
laws: “whether the purchase or sale is made
main policy considerations: (1) the potential
Information Solutions. She leads
the design, implementation, and
in the United States, or involves a security
for monetary incentives to undermine the
monitoring of the ethics and
listed on a domestic exchange.” The Court
effectiveness of companies’ existing complicompliance program. Prior to ITT,
as
in-house
counsel,
Palko
explained that “the focus of the Exchange Act
ance, legal, audit, and similar processes for
managed SEC investigations and
is not upon where the deception originated,
investigating and responding to possible vioshareholder litigation and, as an
attorney with the US Department
but upon purchases and sales of securities
lations of the securities laws; (2) the potential
of Justice, represented the federal
in the United States. Section 10(b) does not
for monetary incentives to invite submisgovernment in False Claims Act and
other government contracting
punish deceptive conduct, but only deceptive
sions from compliance personnel and other
matters. Palko can be contacted at
conduct ‘in connection with the purchase or
[email protected].
persons with professional obligations who
sale of any security registered on a national
play a critical role in achieving compliance
securities exchange or any security not so
with the securities laws; and (3) the desire
registered.’”
to maximize the submission of high-quality
In the wake of Morrison, the Court’s
tips and enhance the utility of information
Jordan Eth is a partner in
holding was read to limit the reach of the
reported to the SEC.2 The comment period
Morrison & Foerster LLP’s San
Francisco office. He is co-chair of
closed on Dec. 17, 2010, and final rules and
antifraud provisions of the securities laws
the firm’s Securities Litigation,
regulations implementing the whistleblower
not only in private damage actions, but also
Enforcement, and White-Collar
Defense Group. Eth is a nationally
program were originally due no later than
in enforcement actions brought by the SEC.
recognized litigator, representing
April 21, 2011. After this deadline passed,
Dodd-Frank, however, restores the extrapublic companies and their officers
and directors in securities class
the SEC announced that it expects to issue
territorial scope of the securities laws in conactions, SEC investigations,
derivative
suits,
merger
and
final rules before the end of July. The SEC
nection with antifraud enforcement actions
acquisition litigation, and internal
did not explain the reasons for the delay.
brought by the government. Section 929P of
investigations. He also regularly
publishes and speaks on securities
Commentators believe that the final rules
the Act, titled “Extraterritorial Jurisdiction
litigation topics. Eth can be
will closely follow the proposed rules. In the
of the Antifraud Provisions of the Federal
contacted at [email protected].
meantime, because the statutory provisions
Securities Acts,” amends the antifraud
became effective on July 22, 2010, the delay
provisions of the Securities Act of 1933, the
will not affect whistleblowers’ entitlement to
Exchange Act and the Investment Advisors
protection or bounties.
Act. It extends their reach to actions brought by the SEC or
Both the extraterritoriality and whistleblower provisions
Department of Justice (DOJ) that allege violations involvof Dodd-Frank present new challenges in an increasingly
ing “conduct within the United States that constitutes
globalized economy that features cross-border efforts to
significant steps in furtherance of the violation, even if the
regulate and monitor financial and securities markets. Comsecurities transaction occurs outside of the United States
panies should take the time to reexamine how they design
and involves only foreign investors,” or “conduct occurring
and implement compliance and ethics programs, respond to
outside the United States that has a foreseeable substantial
allegations of potential violations of the securities laws, and
effect within the United States.”
decide whether and when to disclose information to enforcePrivate damage actions remain foreclosed, at least for
ment authorities in light of these challenges.
now. Section 929Y of Dodd-Frank directs the SEC to solicit
public comment and conduct a study to determine the
The extraterritorial application of US securities laws
extent to which private rights of action under the securities
In June 2010, the Supreme Court held in Morrison v.
laws should be extended to cover transnational securities
National Australia Bank Ltd. that Section 10(b) of the Sefraud. The study must consider the scope of private actions,
curities Exchange Act of 1934 (the Exchange Act) and SEC
whether they should be limited to institutional investors,
Rule 10b-5 do not apply to transactions on foreign stock
the implications private actions would have on international
exchanges. Specifically, the Court rejected the fact-intensive
comity, and economic costs and benefits.
“conduct test” under which “foreign cubed” purchasers —
The comment period closed on Feb. 18, 2011; the report
foreign plaintiffs suing foreign issuers in connection with
must be submitted and recommendations must be made
securities traded on a foreign exchange — previously could
to Congress no later than Jan. 21, 2012. Many commentasue foreign issuers whose “acts (or culpable failures to act)
tors believe that the creation of private liability to combat
ACC Docket 114 June 2011
cross-border securities fraud is unnecessary given both the
authority of foreign regulators and the United States under
the new Dodd-Frank provisions. Whether Congress will
agree remains to be seen.
In the meantime, while plaintiffs’ attorneys cannot bring
private damage actions on behalf of foreign-cubed clients
directly, they might try to attain recovery for claims otherwise barred by Morrison by proceeding under the DoddFrank whistleblower provisions. As explained below, DoddFrank mandates a whistleblower bounty for anyone who
provides information to the SEC resulting in a successful
enforcement action, including actions that involve a foreign
issuer, a foreign exchange transaction or foreign investors.
The Dodd-Frank whistleblower provisions
Incentive provisions
Before Dodd-Frank, the SEC’s authority to pay bounties
to whistleblowers was limited to cases of insider trading.
Under Section 21A(e) of the Exchange Act, the SEC was
authorized to award up to 10 percent of the civil penalties
collected in insider trading cases to whistleblowers who
provided information contributing to successful prosecutions.3 Dodd-Frank amends the Exchange Act by adding
Section 21F: Securities Whistleblower Incentives and Protection.4 Section 21F repeals Section 21A(e) and requires
the SEC to pay a bounty to one or more whistleblowers
who voluntarily provide original information that results in
successful prosecution of a federal court or administrative
action, in which the SEC obtains monetary sanctions —
penalties, disgorgement and prejudgment interest — over $1
million. Successful whistleblowers must receive a bounty of
between 10 and 30 percent of the monetary sanctions.
The bounty will be based on amounts collected in SEC
and “related actions,” which include a judicial or administrative action brought by the US Department of Justice, a
state attorney general in a criminal case, a self-regulatory
organization or other government agency. To receive an
award based on the monetary sanctions collected from a
related action, whistleblowers must demonstrate that they
voluntarily and directly (or through the SEC) provided the
other enforcement officials the same original information
that led to the successful SEC action, and that the information led to the successful enforcement of the related action.
Some commentators call the whistleblower provisions
a “secret weapon” against fraud. Others are more skeptical, questioning whether a trend toward informant-based
enforcement is desirable, especially given the provisions’
potential to undermine companies’ compliance and ethics
programs, and to unintentionally encourage individuals
to violate professional obligations. The SEC estimates that
the Dodd-Frank whistleblower provisions will yield approximately 30,000 tips, complaints or referrals annually.
Who is a “whistleblower?”
Dodd-Frank broadly defines “whistleblower” to include
any individual, or two or more individuals acting jointly,
who provide(s) “original information” to the SEC regarding a violation of the securities laws. Whistleblowers may
submit information to the SEC anonymously if represented by counsel, but their identities must be disclosed
before receiving a bounty. A company’s officers, directors,
employees, shareholders, business competitors, agents, consultants, distributors, vendors, contractors, service providers or customers can all qualify as whistleblowers subject
to exclusions discussed below. The proposed rules clarify
that whistleblowers must be natural persons and that their
information need only relate to a “potential violation” of
the securities laws.5 As part of ensuring the reliability and
quality of tips, the proposed rules also require whistleblowers to submit a declaration to the SEC under penalty of
perjury to be eligible for an award, as well as comply with
other procedural requirements.6
The whistleblower provisions do not prohibit persons
who themselves violate the securities laws from collecting a
bounty (unless a culpable whistleblower has been criminally convicted of a violation related to the misconduct
underlying the award, as discussed below). In determining
whether the required $1 million threshold has been satisfied, however, the proposed rules prohibit the SEC from
considering monetary sanctions a culpable whistleblower is
ordered to pay, or that are ordered against any entity whose
liability is based on conduct a whistleblower directed,
planned or initiated.7
Who is not a “whistleblower?”
Dodd-Frank statutorily prohibits certain individuals from receiving bounties as whistleblowers, including
individuals convicted of crimes related to the violation,
individuals who learned of the disclosed information by
performing audits of financial statements required by the
securities laws, certain federal regulatory and law enforcement employees, and individuals who knowingly provide
false, fictitious or fraudulent information. The proposed
rules further define who does not qualify as a whistleblower by excluding:
• persons who provide information after the company
has received any formal or informal request, inquiry,
or demand from the SEC (unless the company fails
to provide the documents or information to the
requesting authority within a “reasonable time”);
• persons who provide information obtained through
communications protected by the attorney-client
privilege, or information obtained in connection
with the legal representation of a client (whether
privileged or not);
ACC Docket 115 June 2011
• persons who provide information obtained in
connection with the performance of an engagement
required under the securities laws by an independent
public accountant;
• persons with legal, compliance, audit, supervisory
or governance responsibilities to whom information
about potential misconduct was communicated
with the reasonable expectation that they would
take appropriate steps to respond to the alleged
violation (unless the company does not disclose the
information to the SEC within a “reasonable time” or
proceeds in “bad faith,” discussed below);
• persons who obtained the provided information in a
manner that violates federal or state criminal law; and
• persons who provide information obtained from
those who would otherwise be excluded under any of
the above limitations.8
The proposed rules do not define what constitutes a “reasonable time” or “bad faith” in connection with the carve-outs
for compliance and other personnel uniquely positioned to
receive information that could qualify them for whistleblower
awards. The proposed rules instead explain that a reasonable
amount of time is a “flexible concept that will depend on all of
the facts and circumstances of the particular case.”9
The proposed rules provide examples of what constitutes “bad faith,” which includes hindering the preservation
of evidence, interfering with witnesses and conducting a
“sham investigation of allegations.”10 While the examples
suggest that the SEC will require conduct to be egregious
to constitute “bad faith,” without further guidance, whistleblowers may question the conduct and conclusions of
internal investigations, and companies’ decisions regarding
whether or not, and what, to report to the SEC.
What is “original information?”
Under Dodd-Frank, to qualify as “original,” information
must be (a) “derived from the independent knowledge or
analysis of a whistleblower;” (b) “not known to the [SEC]
from any other source, unless the whistleblower is the
original source of the information;” and (c) “not exclusively
derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or
investigation, or from the news media, unless the whistleblower is a source of the information.”
The proposed definition of “independent knowledge”
says whistleblowers do not need to have direct or firsthand knowledge of potential violations, but may obtain
independent knowledge from experiences, observations or
communications with third parties, such as coworkers.11
The SEC explains that this broader definition “best effectuates” the purposes of the whistleblower provisions.
“Independent analysis” includes circumstances where
whistleblowers review publicly available information and
“through their additional evaluation and analysis, provide
vital assistance to the [SEC] in understanding complex
schemes and identifying securities violations.” This broad
definition and the open-ended understanding of who can
qualify as a whistleblower allows academics and other experts unconnected to a company to report potential or apparent misconduct to the SEC in hopes of receiving an award.
Voluntary submission of information
Whistleblowers must voluntarily provide original information to the SEC. The submission of information is made
voluntarily under the proposed rules as long as whistleblowers are under no legal obligation to provide information.12 Information is no longer considered voluntary once
the SEC, Congress, the Public Company Accounting Oversight Board, any self-regulatory organization, or any other
federal, state or local authority makes a request, inquiry or
demand on an individual or a company. This clarification
creates an incentive for whistleblowers to report potential
misconduct to the SEC before such a request is issued.
Amount of award
Under Dodd-Frank, the bounty amount is determined
at the discretion of the SEC subject to the 10- and 30-percent outer limits. As guidance, the statute provides that the
SEC “shall take into consideration” the significance of the
information to the success of the enforcement action; the
degree of assistance provided by the whistleblower; and the
programmatic interest in deterring violations of the securities laws.13
The proposed rules further add that the SEC may take
into consideration the potential for the award to otherwise
enhance the SEC’s ability to enforce the securities laws,
protect investors and promote the submission of similarly
high quality tips.14 Permissible additional considerations,
among others, described in the proposed rules include:
• the character of the enforcement action, including
whether its subject matter is an SEC priority,
whether the misconduct involves regulated entities or
fiduciaries, the type and severity of the misconduct,
the age and duration of the misconduct, the number
of violations, and the isolated, repetitive or ongoing
nature of the violations;
• the timeliness, degree, reliability and effectiveness of
the whistleblower’s assistance;
• whether the whistleblower encouraged or authorized
others who might otherwise not have participated in
the investigation or related action to assist the SEC;
• the degree to which the whistleblower took steps to
prevent the misconduct from occurring or continuing;
ACC Docket 116 June 2011
• the efforts made by the whistleblower to remediate
the harm caused by the misconduct; and
• whether the whistleblower reported the potential
violation through effective internal whistleblower,
legal or compliance procedures before reporting the
violation to the SEC.
The proposed rules make clear that the last consideration does not require a whistleblower to report potential
violations internally to be eligible for a bounty, and that
whistleblowers will not be penalized for bringing information directly to the SEC and bypassing internal mechanisms. The SEC will, however, “consider higher percentage awards for whistleblowers who first report violations
through their compliance programs.”
Protection provisions
In addition to the incentive provisions, Dodd-Frank
significantly enhances whistleblower protections. Under the
Act, employers are prohibited from discharging, demoting,
suspending, threatening, harassing or otherwise discriminating against whistleblowers who provide information to
enforcement authorities.15 The Act creates a new private right
of action for employees who experience retaliation as a result
of “any lawful act done by the whistleblower (i) in providing
information to the [SEC] in accordance with [the incentive
provisions]; (ii) in initiating, testifying in, or assisting in any
investigation or judicial or administrative action of the [SEC]
based upon or related to such information; or (iii) in making disclosures that are required or protected” under the
Sarbanes-Oxley Act, the Exchange Act, and “any other law,
rule, or regulation subject to the jurisdiction of the [SEC].”16
The proposed rules clarify that the availability of the
protections does not depend on an ultimate adjudication,
finding or conclusion that the misconduct identified by
the whistleblower constitutes a violation of the securities
laws.17 The protections apply whether or not a whistleblower satisfies all the procedures and conditions necessary for
him to receive a bounty under the incentive provisions.
Expanded remedies and statute of limitations
Dodd-Frank provides greater remedies than previously
available. Under the Act, for the first time, employees can
bypass administrative remedies and bring their claim in
federal court from the outset.18 In addition to reinstatement
without loss of seniority and litigation costs (including
expert witness fees and reasonable attorneys’ fees), employees can now recover double their lost wages with interest,
instead of just lost wages.
Employees also have six years from the date of the violation to bring suit, or three years from the date when they
knew or should reasonably have known of facts material to
their right of action. No action, however, may be brought
more than 10 years after the date of the violation.
Amendments to Sarbanes-Oxley’s anti-retaliation provisions
Dodd-Frank also contains provisions amending and
strengthening existing Sarbanes-Oxley anti-retaliation
protections.19 The Dodd-Frank provisions broaden the
scope of coverage, extend the statute of limitations,
exempt employee claims from arbitration and clarify
that claims removed to federal court can be tried before a jury. The Act amends Section 806 of SarbanesOxley to broaden the scope of coverage by clarifying
that Section 806’s whistleblower provisions apply to
employees of subsidiaries of publicly-traded parent
companies “whose financial information is included
in the consolidated financial statements of [parent
companies].” 20 This amendment closes a loophole that,
in the past, permitted parent companies that employed
most of their workforce through non-publicly traded
subsidiaries to avoid Sarbanes-Oxley liability. In addition to employees of subsidiaries, Dodd-Frank further
expands the reach of Sarbanes-Oxley to include protection for employees of nationally recognized statistical
ratings organizations. 21
Instead of a 90-day statute of limitations, employees
now have 180 days to initiate a Sarbanes-Oxley action and
also may elect to try their cases in federal court before a
jury.22 Finally, Dodd-Frank reverses judicial precedent and
amends Section 806 by declaring void any “agreement,
policy form, or condition of employment, including by a
predispute arbitration agreement” that waives an employee’s rights and remedies against retaliation in connection
with a whistleblowing event.
Confidentiality of submissions
Under the proposed rules, the SEC will not reveal
the whistleblower’s identity, or disclose other information reasonably expected to reveal his identity, except
under limited circumstances — for example, when
disclosure is required to a defendant or respondent in
an SEC-initiated federal court or administrative action. The SEC may also share information with other
domestic and foreign regulatory and law enforcement
agencies “when [it] determines that [disclosure] is necessary to accomplish the purposes of the Exchange Act
and to protect investors.” 23 In these circumstances, domestic agencies are required to maintain the information as confidential, and foreign agencies must provide
the SEC with appropriate assurances of confidentiality.
Communications with whistleblowers
The proposed rules prohibit any person from taking any
ACC Docket 117 June 2011
The 90-day grace period,
for example, lessens a
whistleblower’s need to
race to the SEC, but fails
to provide any meaningful
incentive for using an internal
reporting mechanism.
action that “impedes” a whistleblower from communicating directly with the SEC about a potential violation of the
securities laws.24 This prohibition includes enforcing, or
threatening to enforce, a confidentiality agreement against
a whistleblower, unless the confidentiality agreement deals
with information excluded because it was obtained through
communications protected by the attorney-client privilege,
or in connection with legal representation. To ensure unobstructed communication between the SEC and the whistleblower, the proposed rules authorize SEC staff to communicate directly with the whistleblower, without first seeking
the consent of company counsel. This is the case even for
communications with high-ranking officers and directors.
“Amnesty” and culpable individuals
The proposed rules do not grant “amnesty” to whistleblowers who provide information to the SEC.25 Whistleblowers who participate in misconduct are not immune
from prosecution or enforcement actions. They may, however, receive credit under existing SEC cooperation policies
and even receive an award (if not criminally convicted).
Essentials for in-house counsel
The SEC has already drawn on its reaffirmed extraterritorial enforcement power and started implementing the
whistleblower provisions of Dodd-Frank. For example, the
SEC’s first report to Congress established a fund of $450
million to pay bounties, and named Sean McKessy head of
the new Whistleblower Office in the Division of Enforcement earlier this year. Recent whistleblower payouts under
similar legislation, including a $96 million bounty awarded
to a former pharmaceutical company employee under the
False Claims Act, have reinforced concerns about the potential impact of the Dodd-Frank whistleblower provisions.
At the SEC Speaks conference, the head of the Office
of Market Intelligence, Thomas Sporkin, noted that the
SEC has had an “onslaught” of tips and complaints since
Dodd-Frank’s enactment, and an increase in high-value
complaints. Cheryl Scarboro, chief of the Foreign Corrupt Practices Act (FCPA) Unit, noted that the number of
tips related to FCPA violations has increased greatly as a
result of the whistleblower provisions. As expected, the
SEC’s broad extraterritorial reach has resulted in increased
whistleblower activity outside the United States.
The proposed rules attempt to balance competing policy
goals of encouraging whistleblowers to provide information
about potential violations of the securities laws to the SEC,
without undermining the effectiveness of companies’ internal compliance and ethics programs. They do not, however,
require whistleblowers to report suspected or potential violations internally to be eligible as a whistleblower, or provide
any meaningful disincentive for employees to bypass internal
reporting procedures. Instead, the proposed rules attempt to
accommodate companies’ interests by providing the following:
• A whistleblower’s report to the SEC relates back to
the date he reports a potential violation internally, as
long as the whistleblower contacts the SEC within 90
days of the internal report;
• Whistleblowers who report the potential violation
internally before providing information to the SEC
receive larger awards;
• Employees with legal or contractual obligations to
report information, such as compliance personnel,
are generally not eligible for bounties, as discussed
above; and
• The SEC may “contact the company, describe
the nature of the allegations [reported by a
whistleblower], and give the company an opportunity
to investigate the matter, [] report back,” and receive
cooperation credit.
These and other provisions, however, are not likely to
discourage a whistleblower from going directly to the SEC
and bypassing a company’s internal compliance and ethics
program. The 90-day grace period, for example, lessens a
whistleblower’s need to race to the SEC, but fails to provide
any meaningful incentive for using an internal reporting
mechanism. Similarly, a generalized hope that the SEC may
increase the award for whistleblowers who initially report
internally is uncertain at best and far less likely to affect
behavior than a concrete requirement for prior reporting.
If adopted in their current form, the whistleblower provisions and implementing regulations may weaken companies’
compliance programs. In responding to Dodd-Frank and the
proposed rules, companies operating both domestically and
internationally should consider each of the following areas.
Updating internal compliance and ethics programs
The whistleblower provisions and the potential to collect
ACC Docket 118 June 2011
October 2–4, 2011 | JW Marriott Hotel | Washington, DC
Don’t miss the premier event of the year for directors, by directors—
the NACD Board Leadership Conference 2011 being held from
October 2–4, 2011, at the JW Marriott Hotel in Washington, DC.
It is the knowledge exchange event for directors committed to
boardroom excellence.
❚ Join more than 750 directors from around the world, representing companies
such as Aetna, Dow Chemical, Pinnacle Entertainment, Winn-Dixie, ACE, 3M,
The Boeing Company, Sara Lee Corporation, and many more.
❚ Address emerging issues, share new ideas with leading governance experts—
active board directors—to meet real boardroom challenges.
❚ Choose from many sessions, committee specific forums, keynotes, panels and
networking activities designed to help you increase your board efficiency and
effectiveness.
❚ Network and hear from key governance experts and the best in the boardroom like:
❙
The Honorable Leo E. Strine, Jr.—Vice Chancellor, Court of Chancery of Delaware
❙
Ambassador Charlene Barshefsky—Director, American Express, Estée Lauder,
Intel, and Starwood Hotels & Resorts
❙
Myrtle Potter—Director, Medco Health Solutions, 3G Biotech, Everyday Health
❙
The Honorable Vic Fazio—Director, Northrop Grumman, Ice Energy
and Peyton Street
❙
Kathi P. Seifert—Director, Supervalu, Eli Lilly, Revlon, Appleton Papers and Lexmark
Register now—
Conference always
sells out.
Early Bird rate
ends July 31
SCHEDULE-AT-A-GLANCE
Sunday, October 2
❚ Board Committee Forums
❚ Private Tours to U.S. Capitol
and National Archives
❚ Opening Reception
Monday, October 3
❚ Conference Plenary
& Breakout Sessions
❚ Twilight Tour of the Monuments
Tuesday, October 4
❚ Conference Plenary
& Breakout Sessions
❚ Private Tours to U.S. Capitol
and National Archives
See full program details online:
NACDonline.org/conference
Register online today at NACDonline.org/conference or call the registrar at 202-572-2088.
In evaluating anti-retaliation
policies, companies must
be careful not to discourage
employees from turning to
enforcement authorities, as
such action could be used
by employees as evidence
of retaliatory intent.
a substantial cash bounty incentivize employees to bypass
corporate compliance systems and ethics programs despite
provisions in the proposed rules designed to encourage their
use. They also incentivize employees to ignore potential issues until they ripen into real problems or violations of the
securities laws. Companies should review and update their
internal compliance and ethics programs to ensure that their
programs allow them to identify, investigate, and handle
potential misconduct quickly and effectively.
Competing directly with the whistleblower provisions,
and finding ways to learn information first and incentivize
employees to report up (instead of out) will be challenging.
To encourage employees to voice concerns internally, companies should continue to cultivate a compliance culture that
emphasizes, values and rewards ethical behavior, integrity
and accountability. Companies should make clear that adherence to the securities laws is a consistent and core value,
and that internally raised concerns will be taken seriously.
Often, whistleblowers go outside the company only after
they conclude that their company has not listened to them.
General areas companies can consider when evaluating the
effectiveness of their compliance and ethics programs include:
• ensuring that company personnel are regularly
educated and trained on the requirements of
securities laws, and how to comply with them to
prevent uninformed individuals from making false
or misguided reports;
• ensuring that management is trained to recognize,
report and respond to complaints;
• ensuring that well-qualified, experienced, professional
and conscientious compliance personnel are put in
charge of responding to complaints;
• ensuring that programs are reviewed and updated
periodically to account for changes in the law and the
company’s business;
• ensuring that confidentiality policies and procedures
are in place that protect the reporting person and
investigative process;
• ensuring that appropriate disciplinary procedures
are in place that address conduct that violates
securities laws, and the failure to take reasonable
steps to prevent and detect misconduct by others;
• verifying that compliance audits and risk assessments
are regularly performed to detect potential risks or
offenses before they turn into violations and before
discovery outside the company is likely;
• verifying that internal reporting mechanisms, such
as anonymous hotlines, are clearly established, and
ensuring that reported information and tips are
quickly and appropriately escalated;
• assessing which subsidiaries or affiliates are covered
by Sarbanes-Oxley, and strengthening internal
reporting procedures to encourage employees to raise
concerns internally; and
• ensuring that employee-conduct manuals
encourage employees to report potential
misconduct, and that employees are regularly
trained on reporting procedures.
In reviewing their compliance and ethics programs,
companies can also consider the amendments to the US
Sentencing Guidelines (the Guidelines), which took effect
in November 2010. The Guidelines provide a reduction
in culpability score for companies that have in place an
“effective” compliance and ethics program at the time of
a violation.26 The Guidelines are used as a starting point
when calculating fines and settlement figures. Under the
amendments, sentencing credit is available to companies
that meet the criteria for having “effective compliance and
ethics programs,” which include:
• Direct reporting obligations. Persons with operational
responsibility for the corporation’s compliance and ethics program must have “direct reporting obligations” to
the governing authority, i.e., the board of directors or
audit committee. A reporting obligation to the GC or
another officer would not meet this requirement.
• Discovery of offense. The compliance and ethics
program must detect the offense before discovery
outside the corporation is reasonably likely.
• Reporting of offense. The organization must promptly
report the offense to the appropriate federal authorities.
• Involvement of compliance personnel. No person
with operational responsibility for the compliance
and ethics program participated in, condoned or was
willfully ignorant of the offense.
ACC Docket 120 June 2011
ACC Extras on… Whistleblower Provisions
ACC Docket
Sample Form
• Stay Afloat During the Tidal Wave of FCPA Cases
(Jan. 2011). Learn more about whistleblower
provisions and their implications for your client.
www.acc.com/docket/wave-fcpa_jan11
• The Government Investigator is Knocking: Now
What? (May 2009). Includes sample forms and
checklists for counsel preparing for visits by federal
or state regulatory law enforcement agencies.
www.acc.com/forms/gov/invest_may09
InfoPAKsSM
• Management and Defense of Employee Whistleblower
Claims (Sept. 2009). This InfoPAK provides information on
the management and defense of employee whistleblower
claims. www.acc.com/infopaks/whistle-claims_sep09
• The Government Investigator Is Knocking: Now
What? (Sept. 2010). This InfoPAK provides a practical
guide to on-site visits by government investigators.
www.acc.com/infopaks/knocking_sep10
Education
Quick References
ACC has more material on this subject on our website. Visit www.acc.com, where you can browse our resources
by practice area or search by keyword.
• Top Ten Tips for Conducting Effective Internal Investigations
(Nov. 2010). www.acc.com/topten/internal-inves_nov10
• Top Ten Considerations for Whistleblowing Schemes in
Europe (Sept. 2010). Tips for EU counsel on establishing
a whistleblowing scheme that satisfies SOX and ensures
compliance. www.acc.com/topten/whistle-euro_sep10
• Top Ten Tips for FCPA Compliance (March 2010). Tips on
developing a responsive FCPA compliance policy and
verification plan. www.acc.com/topten/fcpa_mar10
The commentary to the amendments provides additional
guidance regarding how a company can establish an effective compliance and ethics program. “Direct reporting authority,” for example, is the autonomy and authority granted
to the person in charge of the compliance program to “communicate personally” with the board or its audit committee
where there is suspected criminal conduct. In addition, the
person in charge of the compliance program must report to
the board at least annually regarding the implementation
and effectiveness of the compliance program. Companies
should thus ensure that their written policies provide for
direct reporting to the board to maximize their chances of
qualifying for the sentencing credit based on a finding that
their compliance and ethics program is “effective.”
Anti-retaliation policies
In addition to finding ways to minimize violations and
events that create whistleblowing opportunities in the first
place, companies should take steps to minimize the risk of
whistleblower retaliation claims. While the whistleblower
• For an update on Dodd-Frank/SEC implications from various
perspectives, join us at ACC’s Annual Meeting, October 23-26
in Denver. For example, attend session 506 — Whistle While
You Work 3.0: New Tunes for Whistle Blower Protections
and Employment Retaliation Claims. For a list of all of the
sessions reviewing Dodd-Frank and/or the SEC at the Annual
Meeting, search the program schedule at http://am.acc.com.
The new GLD button lets you click to copy, print or email
a checklist from certain ACC online resources.
incentive provisions will likely cause an increase in the
number of whistleblower claims, the protection provisions
will also likely cause an increase in the costs and risks
associated with defending against retaliation claims. In
light of the enhanced protections and remedies provided to
whistleblowers in Dodd-Frank, companies should review
the effectiveness of personnel and anti-retaliation policies.
Anti-retaliation policies should ensure that measures are in
place to prevent actual or perceived mistreatment of known
whistleblowers. Disciplinary and evaluation procedures should
require that the reasons for taking specific employment actions
are clearly and adequately documented. In evaluating anti-retaliation policies, companies must be careful not to discourage
employees from turning to enforcement authorities, as such
action could be used by employees as evidence of retaliatory
intent. In addition, companies should review their documentretention policies to retain personnel files and other records
that could be used to defend against a potential retaliation
claim for at least 10 years, the maximum statute of limitations
period under the newly created private right of action.
ACC Docket 121 June 2011
Responding to potential misconduct
In light of the whistleblower provisions, and faster and
more streamlined processes at the SEC, companies will need
to respond to potential misconduct much more frequently and
quickly. No company will want to “lose the race” to get on
top of the facts. For that reason, companies should consider
having procedures (and counsel) in place and ready to respond
promptly to discoveries of potential misconduct that could
create liability. A fast and effective response will boost a company’s credibility and possibly translate into more lenient treatment if enforcement authorities eventually become involved.
Self-reporting violations, cooperating with enforcement
authorities and public disclosure
In the past, companies faced a delicate and complex
assessment when deciding whether and when to self-report
potential misconduct to enforcement authorities. On the
one hand, making a voluntary disclosure increases the possibility of mitigating civil and criminal penalties, or avoiding prosecution altogether.
On the other hand, self-reporting requires consideration of
risks. It could bring undue enforcement attention to a minor
matter. It could also prompt the filing of shareholder lawsuits.
The whistleblower incentives change this calculation. Now,
it is more likely that individuals — who may not even be company employees — will take action that triggers a government
investigation. Companies may self-report earlier and more
often to maximize the chance of receiving cooperation credit.
Ancillary effects
The potential for more investigations, enforcement
actions and retaliation claims will have additional effects.
First, in dealing with increased legal exposure, companies
will need to be prepared to address public and investor
relations issues that these actions and related disclosures
will cause.
Second, plaintiffs’ lawyers may draw on the fact of
an SEC investigation, or a whistleblower claim, to bring
derivative or securities class action lawsuits. In doing so,
plaintiffs’ lawyers may attempt to use the Freedom of Information Act to obtain documents related to SEC investigations, or information disclosed in whistleblower lawsuits,
as a means to bolster their complaints.
Have a comment on this article? Visit ACC’s blog
at www.inhouseaccess.com/articles/acc-docket.
Notes
1 Dodd-Frank Wall Street Reform and Consumer Protection Act,
Pub. L. No. 111-203, 124 Stat. 1376 (July 21, 2010).
2 Securities Exchange Act Release No. 34-63237, at 4-5 (Nov. 3,
2010).
3 15 U.S.C. § 78u-1(e).
4 Pub. L. No. 111-203, § 922(a).
5 Release No. 34-63237, Proposed Rule 21F-2.
6 Release No. 34-63237, Proposed Rule 21F-9.
7 Release No. 34-63237, Proposed Rule 21F-15.
8 Release No. 34-63237, Proposed Rule 21F-4.
9 Release No. 34-63237, at 26.
10 Id.
11 Release No. 34-63237, Proposed Rule 21F-4.
12 Id.
13 Pub. L. No. 111-203, § 922(a) (emphasis added).
14 Release No. 34-63237, Proposed Rule 21F-6.
15 Pub. L. No. 111-203, § 922(a).
16 Pub. L. No. 111-203, § 922(a). Dodd-Frank also creates a private
right of action for employees in the financial services industry,
who experience retaliation in connection with their disclosure
of information regarding fraudulent or unlawful conduct related
to the offering or provision of a consumer financial product or
service. Pub. L. No. 111-203, § 1057.
17 Release No. 34-63237, Proposed Rule 21F-2.
18 Pub. L. No. 111-203, § 922(a).
19 In addition to amending the Sarbanes-Oxley Act, DoddFrank amends the Commodity Exchange Act, 7 U.S.C. § 1
et seq., to create an incentive program and whistleblower
provisions similar to those now provided under Section 21F
of the Exchange Act, including a new private right of action.
Pub. L. No. 111-203, § 748. Dodd-Frank also amends the
anti-retaliation provisions of the False Claims Act, 31 U.S.C. §
3730(h), by expanding coverage of protected conduct to include
associational discrimination and by clarifying the statute of
limitations for actions brought under the False Claims Act. Pub.
L. No. 111-203 § 1079A.
20 Pub. L. No. 111-203 § 929A.
21 Pub. L. No. 111-203, § 922(b).
22 Pub. L. No. 111-203, § 922(c).
23 Release No. 34-63237, Proposed Rule F-7.
24 Release No. 34-63237, Proposed Rule F-16.
25 Release No. 34-63237, Proposed Rule F-14.
26 U.S. Sent’g Comm’n, Amendments to the Sentencing Guidelines
§§ 8B2.1, 8C2.5 (Nov. 1, 2010).
Insurance
The likely increase in enforcement actions, investigations
and private securities litigation also raises questions about
the adequacy of companies’ insurance coverage. In light of
the Dodd-Frank whistleblower provisions, companies should
consider whether their policies cover internal, administrative
and regulatory investigations, both informal and formal, and
whether existing policy limits are adequate.∑
ACC Docket 122 June 2011