Before The Whistle Blows: Understanding And Addressing The Expanding Scope Of Whistleblower Protections Under Sarbanes-Oxley And Dodd-Frank

by Cadwalader, Wickersham & Taft LLP
Contact

The Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley”) was enacted following the accounting scandals of the early 2000s involving Enron, WorldCom and other public companies.  Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) in 2010 following the global credit crisis that began a few years earlier.  Both statutes offer protections for employees who face retaliation for “blowing the whistle” on corporate misconduct, and Dodd-Frank also provides enhanced monetary incentives to the employees who do so.  Given the SEC’s recent and often-stated commitment to strict enforcement of the securities laws,1 coupled with the fact that the SEC has received over 6,000 whistleblower complaints in the past two years (and has made six awards since inception of its whistleblower reward program in 2011),2 whistleblowing activity now is a fact of corporate life that is likely to become even more prevalent as awareness spreads of the Dodd-Frank whistleblower reward program.

The task of formulating a plan for responding to whistleblower activity has been complicated by the fact that Sarbanes-Oxley and Dodd-Frank, complex in and of themselves, address similar conduct.  Not surprisingly, numerous questions have arisen regarding the proper interpretation of and interaction between various provisions of both Acts.  Receiving particular attention recently from courts and commentators are the Sarbanes-Oxley and Dodd-Frank provisions prohibiting retaliation against those who report (i.e., blow the whistle on) suspected misconduct (the “Anti-Retaliation Provisions”).  Taken together, these decisions significantly expand the universe of companies and types of conduct covered by the Anti-Retaliation Provisions, which in turn has significant implications for corporations and their in-house and outside legal and compliance advisors.  As discussed below:

  • Pursuant to an April 2014 Supreme Court decision, private company employees who report misconduct involving a public company client or vendor now clearly are subject to the Sarbanes-Oxley Anti-Retaliation Provision.  These private companies, which include professional service providers such as law and accounting firms, need to be prepared to address Sarbanes-Oxley whistleblowing activity by their employees.
  • A split has developed in the lower courts as to whether the Sarbanes-Oxley Anti-Retaliation Provision only applies to reports of fraud on shareholders, or covers a wider range of fraudulent activity.  Obviously, the prevalence of whistleblower complaints could significantly increase if this Anti-Retaliation Provision covers reports of more than just shareholder fraud.
  • Likewise, there is a split among federal courts as to whether the Dodd-Frank Anti-Retaliation Provision applies where a whistleblower reports internally, but not to the SEC or other government agency.  A rule requiring employees to report out in order to ensure anti-retaliation protection has significant implications for the effectiveness of any whistleblower protections a company puts in place.
  • The Anti-Retaliation Provisions rarely apply to conduct occurring abroad, although the issue remains unsettled.  Companies with employees in the U.S. and abroad need to consider how to deal with the possibility that employees may be treated differently for anti-retaliation purposes depending on where they are located, and whether company policy should permit that result.

In light of the foregoing, we suggest practical steps that companies and their advisors can consider in order to be prepared to effectively address whistleblowing activity.

BACKGROUND

Sarbanes-Oxley’s Anti-Retaliation Provision prohibits: (i) public companies (and their officers, employees, contractors, subcontractors and agents) (ii) from retaliating “against an employee . . . because of any lawful act done by the employee” to provide information or assistance, (iii) “which the employee reasonably believes constitutes a violation of [18 U.S.C. §] 1341, 1343, 1344 or 1348,3 any rule or regulation of the [SEC], or any provision of Federal law relating to fraud against shareholders,” (iv) when the information or assistance is provided to a federal regulatory or law enforcement agency, any member or committee of Congress or an employment supervisor.  See 18 U.S.C. § 1514A(a).  These protections were intended to combat “a culture, supported by law, that discourages employees from reporting fraudulent behavior.”  See The Corporate and Criminal Fraud Accountability Act of 2002, S. Rep. No. 107-146, at 4 (May 6, 2002).  In the event an employee pursues a claim for retaliation, Sarbanes-Oxley requires he or she do so within 180 days of the violation by filing a complaint with the Secretary of Labor.  Only if the Labor Secretary fails to issue a final decision within 180 days after commencement of the proceeding may the employee sue in federal court.  Typical civil damages are available to a prevailing employee.

Like Sarbanes-Oxley, Dodd-Frank provides certain protections to whistleblowers, defined as any person who provides “information relating to a violation of the securities law to the [SEC].”  15 U.S.C. § 78u-6(a)(6).  It prohibits retaliation by employers (whether public or private) “because of any lawful act done by the whistleblower—(i) in providing information to the [SEC] in accordance with this section; (ii) in initiating, testifying in, or assisting in any investigation or judicial or administrative action of the [SEC] based upon or related to such information; or (iii) in making disclosures that are required or protected under [Sarbanes-Oxley], this chapter . . . and any other law, rule or regulation subject to the jurisdiction of the [SEC].”  15 U.S.C. § 78u-6(h).

Dodd-Frank also (unlike Sarbanes-Oxley) permits employees claiming retaliation to commence actions in federal court without first seeking administrative relief, provides more time to do so (six years from the violation or three years from discovery of the violation, so long as such claim based on discovery is not asserted more than ten years from the violation itself) and permits certain enhanced recoveries, including two times back pay with interest and attorney and expert fees.  Dodd-Frank also created a bounty program, backed by a $450 million investor protection fund, to incentivize corporate whistleblowing.  The relevant provision provides that in any action by the SEC resulting in monetary sanctions exceeding $1 million, the SEC “shall pay an award,” in an amount between 10-30% of the monetary sanctions collected, to whistleblowers who “voluntarily provided original information to the [SEC] that led to the successful enforcement” of the action.  15 U.S.C. § 78u-6(b). 

EVOLVING SCOPE ISSUES

A.  Sarbanes-Oxley’s Anti-Retaliation Provision Covers Employees Of Private Companies Working For A Public Company

There is no dispute that employees of public companies are protected by the statute’s Anti-Retaliation Provision.  Due to ambiguity in the statutory text, however, courts had been divided as to whether it applies to private company employees engaged by a public company.  Sarbanes-Oxley’s Anti-Retaliation Provision states that “[n]o [public] company . . . or any officer, employee, contractor, subcontractor, or agent of [that public] company . . . may [retaliate] against an employee.”  18 U.S.C. § 1514A.  Until recently, it was not clear whether “an employee” referred only to the employees of the public company, or if it also protected employees of the “officer[s], employee[s], contractor[s], subcontractor[s] or agent[s]” of that public company. 

The Supreme Court resolved this issue in Lawson v. FMR LLC, 134 S. Ct. 1158 (2014), finding that Sarbanes-Oxley’s Anti-Retaliation Provision “shelters employees of private contractors and subcontractors, just as it shelters employees of the public company served by the contractors and subcontractors.”  Id. at 1161.4  Lawson involved claims of retaliation by two former employees of private companies that managed and advised publicly-held mutual funds.  The Lawson defendants argued that private company employees were not covered by Sarbanes-Oxley because the phrase “an employee” should be interpreted as “an employee of a public company.”  Id. at 1164-65.  The Court rejected this argument, noting that “Congress installed whistleblower protection in the Sarbanes–Oxley Act as one means to ward off another Enron debacle,” a purpose served by an interpretation that protects employees of private companies that contract with public companies.  Id. at 1169.  The Court also observed that other Sarbanes-Oxley provisions confer on outside professionals certain responsibilities to report suspected fraud, and those professionals likewise should be covered by its Anti-Retaliation Provision.  Id.5

The expansion of Sarbanes-Oxley retaliation protection to private company employees working for public companies significantly expands the universe of protected persons.  Moreover, as discussed below, there are issues unique to private companies that find themselves in or must prepare for this situation, underscoring the need for such companies to put in place a plan to address whistleblowing activity.

B.  What Constitutes “Protected Activity” Under Sarbanes-Oxley’s Anti-Retaliation Provision Remains An Open Question

Lawson did not address questions regarding what qualifies as “protected” whistleblowing activity.6  There is no dispute based on the plain text of the statute that Sarbanes-Oxley’s Anti-Retaliation Provision covers whistleblower disclosure relating to “fraud against shareholders.” See 18 U.S.C. § 1514A(a)(1).  But, a split has developed in the lower courts regarding whether disclosure of mail, wire, bank or other fraud must relate to “fraud against shareholders” in order to constitute protected activity under the statute.  As with the issue decided in Lawson, this split of authority results from differing interpretations of the text of Sarbanes-Oxley’s Anti-Retaliation Provision, which provides protection against retaliation for disclosures relating to 18 U.S.C. §§ 1341 (frauds and swindles), 1343 (wire, radio or television fraud), 1344 (bank fraud), 1348 (securities and commodities fraud) “or any provision of Federal law relating to fraud against shareholders.”  18 U.S.C. § 1514A(a)(1), (2).

Some courts have construed each of the statutes listed in Sarbanes-Oxley’s Anti-Retaliation Provision independently, and do not require that information relating to a violation of each of these statutes also “relat[e] to fraud against shareholders” in order for protections to apply.  To these courts, it is necessary to show that the information relates to fraud against shareholders only where the statute violated is not specifically listed in Sarbanes-Oxley’s Anti-Retaliation Provision.  These courts reason that requiring each Sarbanes-Oxley retaliation claim to relate to the reporting of shareholder fraud renders the enumeration of the other fraud statutes “wholly superfluous.”  See, e.g., Lockheed Martin Corp. v. Admin. Rev. Bd., U.S. Dep’t of Labor, 717 F.3d 1121, 1130-31 (10th Cir. 2013) (“a claimant who reports violations of 18 U.S.C. §§ 1341, 1343, 1344, or 1348 need not also establish such violations relate to fraud against shareholders to be protected from retaliation under the Act”); Reyna v. ConAgra Foods, Inc., 506 F. Supp. 2d 1363, 1382 (M.D. Ga. 2007) (“The Court rejects Defendants’ interpretation that the last phrase of the provision, ‘relating to fraud against shareholders,’ modifies each of the preceding phrases in the provision”); Collins v. Beazer Homes USA, Inc., 334 F. Supp. 2d 1365, 1376 (N.D. Ga. 2004) (same principle).7

Other courts have reached the opposite conclusion, finding that “[t]o be protected under Sarbanes-Oxley, an employee’s disclosures must be related to illegal activity that, at its core, involves shareholder fraud.”  Livingston v. Wyeth Inc., No. 1:03CV00919, 2006 WL 2129794, at *10 (M.D.N.C. July 28, 2006), aff’d, 520 F.3d 344 (4th Cir. 2008); see also Bishop v. PCS Admin. (USA), Inc., No. 05 C 5683, 2006 WL 1460032, at *9 (N.D. Ill. May 23, 2006) (“The phrase ‘relating to fraud against shareholders’ in this provision must be read as modifying each item in the series”); Fraser v. Fiduciary Trust Co. Int’l, 417 F. Supp. 2d 310, 322 (S.D.N.Y. 2006).  The courts so holding have based their decisions on an interpretation of the statutory language and analysis of the statute’s purpose.  For instance, Livingston dismissed the plaintiffs’ claims, in part, because “there [was] nothing in the record . . . indicating that [the defendant] made false or misleading statements . . . in any documents provided to its shareholders.”  2006 WL 2129794, at *10.  Livingston’s holding that a Sarbanes-Oxley retaliation claim must include allegations of fraud against shareholders was based on its interpretation of “the plain language of [its Anti-Retaliation Provision] and its legislative history,” and its finding that “Sarbanes-Oxley was enacted to address corporate fraud on shareholders.”  Id. at *9 (emphasis added).8

Given that Sarbanes-Oxley was enacted in response to public company accounting scandals and by and large addresses public company issues, a conclusion that protected whistleblower activity may involve acts having nothing to do with shareholders significantly enlarges the universe of activity covered by its Anti-Retaliation Provision.  When considered together with Lawson’s expansion of protection to private companies doing business with public companies, the need for corporations and their advisors to have a plan to address whistleblowing activity is apparent.

C.  Courts Are Divided Over Whether Dodd-Frank’s Whistleblower Protections Apply Where An Employee Reports Internally And Not To The SEC

An employee seeking to disclose alleged wrongdoing generally has two options: reporting externally (to a governmental authority such as the SEC), or reporting internally within the organization.  Unlike Sarbanes-Oxley, under which a whistleblower is afforded the same protection whether he reports internally or externally,9 coverage under Dodd-Frank’s Anti-Retaliation Provision for internal disclosures is not settled.  Dodd-Frank’s anti-retaliation protections apply to three categories of whistleblowers: those who (i) provide information to the SEC; (ii) assist in an SEC investigation; or (iii) make “disclosures that are required or protected” under Sarbanes-Oxley, the securities laws, and other SEC regulations.  15 U.S.C. § 78u-6(h)(1)(A).  While the first two prongs are clear (an employee is protected if he reports to or otherwise assists the SEC), courts are split as to whether the third prong protects whistleblowers from retaliation after they have reported internally. 

The only federal appellate court to consider this issue is the Fifth Circuit, in Asadi v. G.E. Energy (USA), LLC, 720 F.3d 620 (5th Cir. 2013).  In Asadi, the plaintiff, a GE Energy executive stationed in Jordan reported a potential violation of the Foreign Corrupt Practices Act to his supervisor and the GE Energy ombudsman.  Id. at 621.  Shortly thereafter, the plaintiff received a “surprisingly negative” performance review and was pressured to step down from his position.  Id.  When he did not comply, he was fired.  Id.  In response to the plaintiff’s whistleblower-retaliation claim, GE Energy argued that the plaintiff did “not qualify as a ‘whistleblower’ under [Dodd-Frank’s] whistleblower-protection provision” because he made his report internally, rather than to the SEC.  Id. at 621, 623.  The Fifth Circuit accepted this reasoning, finding that an employee who reports alleged misconduct internally is not a protected whistleblower under Dodd-Frank.  According to the court, “[u]nder Dodd-Frank’s plain language and structure, there is only one category of whistleblowers: individuals who provide information relating to a securities law violation to the SEC.”  Id. at 625.

Several district courts have followed this reasoning.  See, e.g., Banko v. Apple Inc., No. CV 13-02977 RS, 2013 WL 7394596, at *6 (N.D. Cal. Sept. 27, 2013) (“Because plaintiff did not file a complaint to the SEC, he is not a ‘whistleblower’ under the Dodd-Frank Act”); Wagner v. Bank of Am. Corp., No. 12-cv-00381-RBJ, 2013 WL 3786643, at *4 (D. Colo. July 19, 2013) (plaintiff who was fired after complaining to her supervisors was “not a ‘whistleblower’ as defined” by Dodd-Frank because she “did not provide any information to the [SEC]”). 

Despite these decisions, it appears that the majority of district courts to address this issue have determined that internal reporting, like external reporting, is protected activity.  These courts have reasoned that, to achieve Dodd-Frank’s aims, its Anti-Retaliation Provision should be construed broadly.  See, e.g., Khazin v. TD Ameritrade Holding Corp., No. 13-4149, 2014 WL 940703, at *6 (D.N.J. Mar. 11, 2014) (“internal reporting of potential violations is sufficient to qualify as a whistleblower under the Dodd-Frank Act’s anti-retaliation provision”); Azim v. Tortoise Cap. Advisors, No. 13-2267, 2014 WL 707235, at *3 (D. Kan. Feb. 24, 2014) (finding complaints to a human resources department to warrant whistleblower protection under Dodd-Frank); Rosenblum v. Thomson Reuters (Mkts.) LLC, No. 13 Civ. 2219, 2013 WL 5780775, at *5 (S.D.N.Y. Oct. 25, 2013) (Dodd-Frank “does not require a report to the SEC to obtain whistleblower protection”) Genberg v. Porter, 935 F. Supp. 2d 1094, 1106-07 (D. Colo. 2013) (“I find that [plaintiff] qualifies as a whistleblower under [Dodd-Frank]” even though “he disclosed alleged securities violations to . . . upper level management”).    

Notably, the internal/external reporting issue is currently before the Second Circuit in Liu v. Siemens AG (No. 13-4385).  In Liu, a compliance officer for Siemens China repeatedly raised concerns to his supervisors regarding potential FCPA violations.  After he was terminated, he brought suit under Dodd-Frank’s anti-retaliation provision.  While the district court devoted considerable time to whether the plaintiff was a proper “whistleblower” under Dodd-Frank because he only reported internally (see Liu v. Siemens AG, No. 13 Civ. 317, 2013 WL 5692504, at *5-7 (S.D.N.Y. Oct. 21, 2013)), it ultimately dismissed the plaintiff’s claim on another ground: that Dodd-Frank’s “anti-retaliation provision does not apply overseas.”  Id. at *4.  The plaintiff’s appellate briefing and that of various amici, however, contain argument concerning the internal/external reporting issue.  In particular, the SEC has submitted an amicus brief advocating that the Dodd-Frank Anti-Retaliation Provision should apply broadly whether the employee has reported to the SEC or internally.10  Liu is scheduled for argument on June 16, 2014, with a decision likely to be issued later in the year.

Because Sarbanes-Oxley’s Anti-Retaliation Provision already applies to retaliation following internal reporting, companies confront potential liability and enforcement action regardless of how this issue is resolved.  Nonetheless, the potential remedies for retaliation under Dodd-Frank are more extensive than under Sarbanes-Oxley, and far greater incentives to report exist under Dodd-Frank’s bounty program.  As a result, the resolution of this issue could have important implications for the frequency with which companies will confront the issue. 

D.  Sarbanes-Oxley and Dodd-Frank: No Extraterritorial Application

As noted above, one of the issues before the Second Circuit in Liu is whether Dodd-Frank’s Anti-Retaliation Provision applies extraterritorially.  Courts analyzing issues of extraterritoriality will look to Congress’ intent.  See SEC v. Berger, 322 F.3d 187, 192 (2d Cir. 2003) (court “‘confronted with transactions that on any view are predominantly foreign . . . must seek to determine whether Congress would have wished the precious resources of United States courts and law enforcement agencies to be devoted to them rather than to leave the problem to foreign countries’”) (citation omitted).  Unless there is the “‘affirmative intention of the Congress clearly expressed’ to give a statute extraterritorial effect, ‘[the court] must presume it is primarily concerned with domestic concerns.’”  Morrison v. Nat’l Aus. Bank Ltd., 130 S. Ct. 2869, 2777 (2010) (citation omitted).  Thus, when a statute’s text gives no indication of an extraterritorial application, “it has none.”  Id. at 2778.  This rule reflects the presumption that that “‘United States law governs domestically but does not rule the world.’”  Kiobel v. Royal Dutch Petrol. Co., 133 S. Ct. 1659, 1664 (2013).

Both Sarbanes-Oxley’s and Dodd-Franks’s Anti-Retaliation Provisions are silent as to extraterritorial application, and, thus, courts generally have found that whistleblower activity that occurs outside the United States is not protected by these provisions.  See, e.g., Carnero v. Boston Sci. Corp., 433 F.3d 1, 18 (1st Cir. 2006) (“We hold that [Sarbanes-Oxley’s Anti-Retaliation Provision] does not reflect the necessary clear expression of congressional intent to extend its reach beyond our nation’s borders”); Liu, 2013 WL 5692504, at *4 (“There is simply no indication that Congress intended [Dodd-Frank’s] Anti-Retaliation Provision to apply extraterritorially, [and therefore, it] does not apply overseas”).

In Carnero, for instance, the plaintiff was a citizen of Argentina who resided in Brazil.  See 433 F.3d at 2.  He was employed by an Argentinian subsidiary of Boston Scientific Corporation (“BSC”), a Massachusetts-based company, and was allegedly terminated in retaliation for reporting to supervisors at BSC that its subsidiaries were engaged in accounting misconduct.  Id.  The plaintiff brought suit under Sarbanes-Oxley’s Anti-Retaliation Provision, claiming that, although he worked for a foreign subsidiary, “he had an over-arching employment relationship with the United States parent, BSC, resulting from the extensive and continuous control BSC’s own Massachusetts employees allegedly exercised over his work and duties in Latin America.”  Id. at 3.  Noting, however, that Sarbanes-Oxley’s Anti-Retaliation Provision was “tailored . . . to purely domestic application”  (id. at 18), the court rejected the plaintiff’s argument because, among other things, he was “directly employed and paid” by an Argentinian company and “the alleged fraudulent conduct . . . was instituted in Latin America.”  Id. at 3.11  

As noted above, the district court in Liu came to the same conclusion regarding a Dodd-Frank anti-retaliation suit.  Like Carnero, the conduct in Liu was entirely foreign—it was a “case brought by a Taiwanese resident against a German corporation for acts concerning its Chinese subsidiary relating to alleged corruption in China and North Korea.”  2013 WL 5692504 at *4.  The Liu plaintiff argued that an SEC regulation (17 C.F.R. § 240.21F-8(c)(2)) includes foreign employees within the definition of “whistleblower.”  Id. at *3.  The court, however, held that “[t]he issue is not whether persons located abroad can be ‘whistleblowers’ and thus eligible for whistleblower awards, but whether the Anti-Retaliation Provision’s protections extend to overseas whistleblowers.”  Id.  Finding that Dodd-Frank’s Anti-Retaliation Provision did not apply extraterritorially, the court dismissed the Liu plaintiff’s claims.

PRACTICAL CONSIDERATIONS

There is lingering uncertainty over basic issues surrounding the scope of persons protected under the Sarbanes-Oxley and Dodd-Frank Anti-Retaliation Provisions, what constitutes protected whistleblowing activity under Sarbanes-Oxley, and the interplay between the two statutes.  This situation obviously presents challenges for private companies in deciding whether they need to structure compliance programs to address whistleblowing activity.  And, private companies that do so, as well as public companies, confront numerous issues in constructing such a program. 

Private companies should consider the following:

  • Assessing whether there is a potential for whistleblower activity involving public company clients or vendors, and liability for retaliating against the employee. 
  • If there is meaningful public company business, creating a compliance structure to address whistleblower complaints, as described below.
  • Addressing in contracts with public company clients various issues that may arise from whistleblower activity concerning the public company, including indemnification for costs incurred in the investigation of or lawsuits related to the reported wrongdoing.

Public companies and private companies that conclude that there is a possibility of responsibility for dealing with whistleblowing activity should consider:

  • Creating a compliance structure that permits the company to demonstrate to the SEC or other government agencies that the company is supportive of employee reporting of suspected wrongdoing.
    • Publicizing to employees on a periodic basis, including by making available on a company intranet or in a policy manual, a method for reporting suspected wrongdoing.
    • Instituting procedures for handling whistleblower complaints, including:
      • Identifying and publicizing within the company an appropriate person or committee to receive reports of suspected wrongdoing;
      • Formalizing the process for investigating the issue, including assessing the reliability and seriousness of the allegation to determine whether an investigation is necessary and the scope of the investigation, and, where appropriate, retaining outside legal and other advisors to lead the investigation;12
      • Where sufficiently serious, requiring that the matter promptly be brought to the attention of, as appropriate, senior management and/or the board of directors or a board committee.
      • Taking care when drafting policies or employment agreements touching on whistleblower issues that they will not be construed as impeding the employee’s ability to report problems to the SEC or other government agencies.  Sean McKessy, the SEC’s Chief of the Office of the Whistleblower, in remarks recently delivered at the Georgetown University Law Center Corporate Counsel Institute, strongly cautioned against drafting contracts that incentivize whistleblowers not to report alleged wrongdoing to the SEC (or that otherwise attempt to evade SEC programs and compliance), noting that the Commission has the power to preclude lawyers who draft such materials from practicing before it.13  Accordingly:
        • Do not have a policy that reports of suspected wrongdoing must be reported internally before being reported externally. 
        • Do not ask employees to waive Sarbanes-Oxley or Dodd-Frank anti-retaliation protections.  Not only would this suggest an attempt to avoid the whistleblowing regime, but Sarbanes-Oxley, for instance, prohibits such an attempted waiver.  See 18 U.S.C. § 1514A(e) (“The rights and remedies provided for in this section may not be waived by any agreement, policy form, or condition of employment, including by a predispute arbitration agreement”). 
        • Do not condition an employee’s right to indemnification in litigation or other employment-related benefits on following company policies that limit the employee’s ability to report wrongdoing to the SEC.
        • While in-house legal professionals are covered by the Anti-Retaliation Provisions,14 they should be aware of possible tensions between reporting out to the SEC under Sarbanes-Oxley or Dodd-Frank and any obligation to maintain client confidences under applicable attorney ethical rules.
          • Under Sarbanes-Oxley, an attorney who concludes that a company has failed to respond appropriately to reported misconduct may report directly to the SEC, provided the attorney reasonably believes it necessary to: (i) “prevent the issuer from committing a material violation that is likely to cause substantial injury to the . . . issuer or investors”; (ii) “prevent the issuer . . .from committing perjury”; or (iii) “rectify the consequences of a material violation by the issuer that has caused, or may cause, substantial injury to the . . . issuer or investors.”  17 C.F.R. § 205.3(d).
          • However, New York’s Rules of Professional Conduct, for instance, provide that a “lawyer shall not knowingly reveal confidential information . . . or use such information to the disadvantage of a client.”  See N.Y. R. of Prof’l Conduct 1.6(a).  While there are exceptions, the circumstances under which an attorney may report out under Sarbanes-Oxley by disclosing client confidences are different than under certain state ethics rules. 
          • Thus, in-house counsel, and compliance professionals who are lawyers, need to exercise caution when considering reporting suspected activity directly to the SEC without client consent in light of any potentially applicable ethical rules.

1   See, e.g., Mary Jo White, Chair, SEC, All-Encompassing Enforcement: The Robust Use of Civil and Criminal Actions to Police the Markets (Mar. 31, 2014), http://www.sec.gov/News/Speech/Detail/Speech/1370541342996; Mary Jo White, Chair, SEC, Perspectives on Strengthening Enforcement (Mar. 24, 2014), http://www.sec.gov/News/Speech/Detail/Speech/1370541253621.

2   SEC Annual Report to Congress on the Dodd-Frank Whistleblower Program (2013), at 1, 14, http://www.sec.gov/whistleblower/reportspubs/annual-reports/annual-report-2013.pdf.  Although beyond the scope of this article, Dodd-Frank also amended the Commodity Exchange Act (the “CEA”) and created a Commodity and Futures Trading Commission (“CFTC”) whistleblower bounty program.  See 7 U.S.C. § 26(b).  While the CFTC in 2013 received only a fraction of the whistleblower complaints received by the SEC (i.e., 138), and has yet to make a whistleblower award, it has set aside a $300 million fund for this program and is expected to attract whistleblowers with increased frequency after it makes its first award.  See CFTC Annual Report on the Whistleblower Program and Customer Education Initiatives (2013), at 2, http://www.cftc.gov/ucm/groups/public/@whistleblowernotices/documents/file/wb_fy2013reporttocongress.pdf; Erika Kelton, CFTC Will Flex DoddFrank Muscle In 2014, Forbes.com, Feb. 19, 2014, http://www.forbes.com/sites/erikakelton/2014/02/19/cftc-enforcement-efforts-will-get-a-boost-in-2014/.  As a result, companies regulated by the CFTC will likely face increased exposure to whistleblowers who report information relating to violations of the CEA.

3  These sections make unlawful mail and wire fraud as well as “frauds and swindles,” bank fraud and securities and commodities fraud. 

4  For more on Lawson, please see Jason M. Halper, et al., Supreme Court Holds That Sarbanes-Oxley Whistleblower Provision Applies To Employees Of Investment Advisers And Other Private Companies (Mar. 18, 2014), http://www.cadwalader.com/resources/clients-friends-memos/supreme-court-holds-that-sarbanes-oxley-whistleblower-provision-applies-to-employees-of-investment-advisers.

5   While Dodd-Frank’s Anti-Retaliation Provision clearly applies to employees of private companies, the reach of Dodd-Frank and Sarbanes-Oxley are not co-extensive.  For instance, Dodd-Frank protects a person who provides information relating to violations of the federal securities laws, but Sarbanes-Oxley is worded more broadly to cover those who blow the whistle regarding other alleged fraud (e.g., mail fraud, bank fraud, wire fraud and shareholder fraud).  Additionally, while it is still unclear whether a whistleblower is protected under Dodd-Frank if he or she reports violations to a superior (as opposed to the SEC), Sarbanes-Oxley unambiguously provides protection for internal reporting (see infra n.10).  Thus, there are occasions when it will make sense for a whistleblower claiming retaliation to make a claim under Sarbanes-Oxley’s Anti-Retaliation Provision rather than under Dodd-Frank’s Anti-Retaliation Provision, and vice versa. 

6   In order to establish the elements of a prima facie claim for violation of Sarbanes-Oxley’s Anti-Retaliation Provision, a claimant must first show that he “engaged in protected activity.”  Harp v. Charter Commc’ns, Inc., 558 F.3d 722, 723 (7th Cir. 2009) (collecting cases).

7   For example, in Lockheed, a former employer who accused a supervisor of committing mail and wire fraud in connection with the company’s Pen Pal program with the U.S. Army was terminated and subsequently brought a retaliation suit.  Lockheed Martin argued that because the complaint did not “relate to shareholder fraud” it was not covered by Sarbanes-Oxley’s Anti-Retaliation Provision.  See 717 F.3d at 1130-31.  The Seventh Circuit rejected Lockheed Martin’s argument, finding that “the proper interpretation of [Sarbanes-Oxley’s Anti-Retaliation Provision] . . . holds a claimant who reports violations of [federal statutes related to frauds and swindles, wire fraud, bank fraud, or securities/commodities fraud] need not also establish such violations relate to fraud against shareholders.”  Id. at 1031.

8   Justice Sotomayor, writing the dissent in Lawson, agreed with this perspective: “[N]othing in the text, context or purpose of the Sarbanes-Oxley Act” suggests that Congress wanted to “create [the] kind of sweeping regime that subjects [defendants] to litigation over fraud reports that have no connection to, or impact on, the interests of public company shareholders.”  134 S. Ct. at 1178.  While the Lawson majority did not (because it did not need to) reach the question of whether a Sarbanes-Oxley retaliation claim could proceed without an allegation of fraud on shareholders, the dissent cautioned that the “stunning” breadth of the Lawson decision could extend the reach of such a claim far beyond whistleblower disclosures relating to shareholder fraud.  See id. (“As interpreted today, the Sarbanes–Oxley Act authorizes a babysitter to bring a federal case against his employer—a parent who happens to work at (a public company)—if the parent stops employing the babysitter after [the babysitter] expresses concern that the parent’s teenage son may have participated in an Internet purchase fraud”). 

9  See, e.g., Leshinsky v. Telvent GIT, S.A., 942 F. Supp. 2d 432, 449 (S.D.N.Y. 2013) (a “report by an employee to his supervisor is protected under [Sarbanes-Oxley]”); Rogus v. Bayer Corp., No. 3:02CV1778, 2004 WL 1920989, at *6 n.6. (D. Conn. Aug. 25, 2004) (“The Court notes that the Sarbanes-Oxley statute does protect internal whistle-blowers”).

10 SEC Rule 21F-2 defines “whistleblower” for purposes of the Dodd-Frank Anti-Retaliation Provision as anyone who “possess[es] a reasonable belief that the information you are providing relates to a possible securities law violation . . . [and] provide[s] information in a manner described in [15 U.S.C. § 78u-6(h)(1)(A)].”  17 C.F.R. § 240.21F-2(b); see SEC Securities Whistleblower Incentives and Protections, SEC Rel. No. 34-64545, 76 Fed. Reg. 34,300, 34304 (June 13, 2011).  Because one of the ways to provide information under Section 6(h) is pursuant to Sarbanes-Oxley, which in turn covers retaliation for internal reporting, Rule 21F-2 thereby seeks to extend the Anti-Retaliation Provision of Dodd-Frank to internal public company reporting.  The decisions limiting the Dodd-Frank Anti-Retaliation Provision to external reporting, however, have observed that the SEC may not by regulation extend a statute’s reach.  See, e.g., Asadi, 720 F.3d at 629-30. 

11  The mere fact that a whistleblower is located overseas, however, will not necessarily preclude a retaliation claim.  In O’Mahony v. Accenture Ltd., 537 F. Supp. 2d 506 (S.D.N.Y. 2008), for instance, an employee of an American subsidiary of a Bermudan company, working in France, brought a claim under Sarbanes-Oxley’s Anti-Retaliation Provision for alleged retaliation concerning “a fraudulent scheme to evade the payment of social security contributions that were due in France.”  Id. at 508.  Citing Carnero, the defendant moved to dismiss.  The court, however, distinguished Carnero in three ways.  First, it noted that, while the Carnero plaintiff “was employed and compensated exclusively by Latin American” companies, the plaintiff in the instant case was “employed and compensated by a United States subsidiary of a foreign corporation.”  Id. at 511.  Second, unlike Carnero, “the conduct related to the alleged fraud involv[ing] employees of Defendants located in the United States.”  Id.  Finally, the court observed that, while “in Carnero, the plaintiff brought an action against the United States parent for the alleged misconduct abroad by its Latin American subsidiary,” the plaintiff in the case before the court had brought “an action against the foreign parent and its United States subsidiary for the alleged conduct [that occurred] in the United States.”  Id.  Thus, the court in O’Mahony concluded that “the pertinent material acts as alleged, i.e., the commission of the alleged fraud and the decision . . . to retaliate . . . occurred primarily in the United States.”  Id. at 513-14.

12  For more information on conducting an internal investigation in response to a credible and sufficiently serious report of wrongdoing, see Gregory A. Markel & Jason M. Halper, Internal Investigations, 1 Bus. & Com. Litig. in Fed. Cts., ch. 5 (3d ed. 2011).

13  The SEC created the Office of the Whistleblower and adopted Regulations 21F-1 through 21F-17 to implement the whistleblower regime.  Rule 21F-17 prohibits “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.”  17 C.F.R. § 240.21F-17(a).

14  See Van Asdale v. Int’l Game Tech., 577 F.3d 989, 996 (9th Cir. 2009) (“Nothing in [Sarbanes-Oxley’s Anti-Retaliation Provision] indicates that in-house attorneys are not also protected from retaliation under this section”).

**Yan Grinblat, a litigation associate, assisted with the preparation of this memo.

 

Written by:

Cadwalader, Wickersham & Taft LLP
Contact
more
less

Cadwalader, Wickersham & Taft LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.