The Securities and Exchange Commission’s final rules (the “Rules”) clarifying Dodd-Frank whistleblower rewards and protections take effect on August 12, 2011. The Rules govern the payment of rewards to eligible individuals who report violations of the federal securities laws which lead to a successful enforcement action by the SEC in which monetary sanctions of over $1 million are collected. The SEC promulgated the Rules pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”), which requires the SEC, in certain cases, to award to qualifying whistleblowers no less than 10%, and no greater than 30%, of the total monetary sanctions collected because of the whistleblower’s information. The Rules detail, among other things, how the SEC will evaluate an individual’s right to a reward and, if qualified, the amount to be awarded. Significant aspects of the Rules are summarized in brief below.
Notably, a whistleblower can submit information to the SEC anonymously through counsel, and a whistleblower’s identity is kept confidential. Moreover, a whistleblower need not have “clean hands” to receive an award. While the culpability or involvement of a whistleblower is a factor in determining the amount of an award, a culpable whistleblower, in the absence of a criminal conviction, is not per se precluded from receiving an award.
The Rules also clarify the anti-retaliation protections afforded whistleblowers under Dodd-Frank. Whistleblowers who do not qualify for a reward are still protected by the anti-retaliation provisions as long as the individual has a “reasonable belief that the information he is providing relates to a possible securities law violation … that has occurred, is ongoing, or is about to occur.”
Whistleblowers are not required to report their concerns internally to their employers before making a report to the SEC. The Rules do, however, include incentives intended to encourage whistleblowers to use their companies’ internal compliance and reporting systems. For example, one of the factors the SEC will consider in determining whether to increase the amount of the award, is whether the whistleblower participated in his or her company’s internal reporting system. Similarly, a factor in determining whether to decrease the amount of the whistleblower award is whether the whistleblower undermined the integrity of the company’s internal compliance and reporting system. In addition, a whistleblower remains eligible to receive an award for his or her original information, even if he or she first reports the possible violation to the company, and the company subsequently reports the information to the SEC or provides the SEC with the results of an internal investigation which was prompted by the whistleblower’s information.
The SEC states in the Rules that it is not seeking to undermine effective company processes for receiving reports on possible violations. In appropriate cases, it will contact the company after receiving a complaint, describe the nature of the allegations, and give the company an opportunity to investigate the matter and report back. Among other factors the SEC will consider in determining whether to give a company this opportunity are the company’s existing culture related to corporate governance, and the company’s internal compliance programs, including what role, if any, internal compliance had in bringing the information to management’s or the SEC’s attention.
In light of these factors alone, companies should evaluate their current internal reporting processes and policies to ensure that they effectively encourage employees to report their concerns about potential violations and misconduct through internal processes, to minimize the risk of being blindsided by an enforcement action. An effective internal reporting system will: be uncomplicated and non-threatening; include a process for reporting and receiving concerns about possible violations, including anonymous submissions; and ensure that all allegations of misconduct are taken seriously and addressed in a timely manner. Companies should routinely train their employees on how to report potential violations using the company’s internal reporting system, promote the use of their internal compliance programs, and train supervisors how to respond to reports of potential violations.