Supreme Court Expands SOX Whistleblower Protection

by Fisher Phillips

Yesterday, in a 6-3 vote, the U.S. Supreme Court issued a landmark decision greatly expanding the whistleblower protections of the Sarbanes-Oxley Act (SOX) to cover employees of private entities contracting with publicly traded companies. 

SOX was enacted in 2002, following the scandal and shareholder fraud that brought down Enron and WorldCom. Congress sought to prevent that type of fraud in the future, by including a provision that protects employees who report fraud or other violations of securities laws from retaliation by their employers.

Up until now, all federal courts interpreting SOX have found that its whistleblower protections applied only to employees of public companies. The Supreme Court’s decision now rejects that interpretation in favor of a more liberal reading of the statute, and more expansive application of the law. This ruling dramatically changes the landscape of SOX’s anti-retaliation protections, opening the door to numerous and potentially costly lawsuits from employees of private companies, who did not previously have a cause of action under SOX.  Lawson v. FMR, LLC.


Jackie Hosang Lawson and Jonathan Zang are former employees of FMR and its subsidiaries, private companies under contract with the Fidelity family of mutual funds to provide investment advice and management services. The Fidelity family of mutual funds are public companies registered with the Securities and Exchange Commission (SEC) and subject to its reporting requirements. As is the case with all mutual funds, the Fidelity mutual funds have no employees of their own but instead, are overseen by a Board of Trustees and receive investment advice from private fund-management companies like Lawson’s and Zang’s former employers. 

Ms. Lawson worked for FMR and its subsidiary Fidelity Brokerage Services, LLC, operating under the trade name “Fidelity Investments.” While employed by Fidelity Investments, Ms. Lawson reportedly raised several concerns to management including problems with cost-accounting methodologies and the alleged improper retention of $10 million in fees, only to be punished by her employer by, for example, being “warned” regarding her insubordination and passed over for a promotion, according to her complaint. 

Lawson filed several complaints with the Occupational Safety & Health Administration (OSHA) while still employed by Fidelity Investments, reporting her employer’s alleged retaliation in violation of SOX. Ultimately, she resigned her employment, arguing that she was constructively discharged due to her employer’s retaliatory conduct. Her consolidated complaints with OSHA were closed, and she thereafter filed a lawsuit in federal district court in Massachusetts, alleging that her former employer violated SOX’s whistleblower provisions.

Mr. Zang worked for FMR and its subsidiaries, Fidelity Management & Research Co. and FMR Co. He was terminated allegedly for raising concerns about inaccuracies contained in a draft revised registration statement for certain Fidelity funds. 

Zang first filed a complaint with OSHA alleging retaliatory discharge by the Fidelity Management Companies in violation of SOX. In reviewing Zang’s complaint, OSHA found that he was a “covered” employee under SOX’s whistleblower provision, but found that he had not engaged in conduct protected by that subsection, and therefore dismissed his complaint. Zang requested review by an Administrative Law Judge (ALJ) and in response, the Fidelity Management Companies successfully argued that, as an employee of a private company contracting with a public company subject to SOX, Zang was not a “covered” employee under the law. Zang appealed the ALJ decision, but ultimately abandoned that appeal and filed suit in the U.S. District Court for the District of Massachusetts in April 2008. 

In both cases, the former employers moved to dismiss the complaints, arguing that Lawson and Zang were not “employees” as defined in the law, asserting that the statutory language limited SOX’s whistleblower protections to direct employees of public companies.  In response, the former employees argued that the statute must be read more expansively and interpreted to cover the employees of “contractors, subcontractors, or agents of publicly held investment companies” in accordance with the plain language of the statute. In this case, the employees argued that their former employers were such “contractors, subcontractors, or agents” of the publicly-held Fidelity mutual funds. 

Because both cases involved a common defendant, FMR, LLC, and a common question of law, the trial court considered the cases together. Ultimately, the trial court agreed with the employees, finding that Lawson and Zang were covered by SOX’s whistleblower provision. The U.S. Circuit Court of Appeals for the 1st Circuit reversed after finding that both the plain language of the statute and Congressional intent did not support the broad interpretation applied by the trial court. 

The Supreme Court took the case, despite the lack of a split between the federal courts of appeal, apparently to resolve the conflict between the 1st Circuit and the DOL’s Administrative Review Board (ARB), as the ARB rejected the 1st Circuit’s ruling a few months after its decision was issued, reviving the whistleblower claim of an accountant of a private audit firm hired to provide services to a publicly-traded company.

The issue before the Supreme Court was whether an employee of a privately-held contractor or subcontractor of a public company is protected from retaliation under the whistleblower-protection provision of the Sarbanes-Oxley Act. 


The Court held that, in view of the plain language of the statutory text, as well as the context within which Congress enacted SOX, the law could reasonably be interpreted to extend its protections to cover the employees of contractors to publicly-held companies, like Lawson and Zang, in addition to direct employees of those publicly-held companies. 

In so holding, the Court explained that the whistleblower provision prohibits retaliation against “an employee,” not just by the public company, but also by “contractors,” “subcontractors,” and “agents” of a public company. Thus, the law, as relevant to the circumstances surrounding Lawson and Zang, provides that “no . . . contractor . . . may discharge . . . an employee [for whistleblowing].” The ordinary meaning of “an employee” in this provision then, is the contractor’s own employee.

The Court rejected FMR’s invitation to read the limiting language, “of a public company,” into the text of the statute where it plainly did not exist, or to rely on the statute headings, explaining that headings cannot take the place of the detailed text found in SOX. The Court also found that its reading of the statute would avoid insulating the entire mutual fund industry from SOX’s whistleblower protections, something that it believed Congress could not have intended. 

In addition, the Court found support for its interpretation of the statute in SOX’s purpose and legislative history: Congress enacted these whistleblower protections to prevent another Enron scandal. Contractors and subcontractors of Enron were instrumental in its fraud and cover-up, and when employees of those contractors and subcontractors attempted to speak up, they were retaliated against by their employers. Congress recognized these facts when drafting SOX. Therefore, the Court concluded that the contractor and subcontractor language was intentionally included to cover those very circumstances and provide protection to employees of subcontractors and contractors of a public company, who are in a position to uncover and report shareholder fraud.   

Moreover, the Court noted that Congress relied on and tracked the protections afforded to whistleblowers reporting violations of “air carrier safety” as set forth in the Wendell H. Ford Aviation Investment and Reform Act for the 21st Century (“AIR 21”). AIR 21 was enacted two years before SOX and has since been interpreted to protect contractor employees. Thus, the Court found that Congress’ intent to closely track AIR 21’s protections and use of parallel statutory text in SOX required a consistent reading of  the term “an employee” in both Acts.  

In holding for Lawson and Zang, the Court declined to delineate the boundaries of SOX, finding it unnecessary at this juncture to specifically limit SOX’s anti-retaliation protections to employees of a contractor or subcontractor reporting fraud at the public company. The FMR entities argued that because SOX’s whistleblower provision encompasses mail, wire and bank fraud, and because the Court’s interpretation of “an employee” did not exclude personal employees of people who work for public companies from being protected under SOX, the floodgates would be open for retaliation lawsuits stemming from household workers and others who arguably fit under the definition, and whose “whistleblowing” activity is unrelated to any fraud occurring at the public company. 

The dissenting opinion provided an example of this risk: a nanny to a CEO of a public company is fired after she reports that the CEO’s son is engaged in Internet fraud; under this Court’s interpretation of SOX, the nanny could bring a whistleblower claim. 

While recognizing that this was a theoretical possibility, the Court found that this concern was nothing more than hypothetical, as there were no real world examples to date of individuals bringing SOX whistleblower claims based on anything other than shareholder fraud. In fact, in this case, the Court explained that Lawson and Zang were clearly reporting shareholder fraud, so it need not determine the specific bounds of the anti-retaliation provision today. 

The Court expressed doubt that its ruling would result in a wave of claims from personal employees stemming from fraud that did not occur at the public company. In any event, if the Court proved to be wrong about opening these floodgates, it asserted that Congress was free to amend SOX accordingly.


The Court’s decision has widespread implications for the financial-services industry, its employees, and the corporate structures of SOX-regulated entities. The Lawson decision now opens up private employers to new civil liability via their contracts with public companies.

Employers who do business with public companies need to familiarize themselves with the regulations governing public companies, including when those regulations have been violated, as well as their rights and potential liabilities pursuant to the whistleblower protections of SOX. 

In addition, if FMR’s and the dissenting justices’ concerns materialize, potential liability could extend even farther for both public and private entities, (that is, if the anti-retaliation provision is interpreted to protect personal employees or whistleblowers reporting fraud other than shareholder fraud).   

As always, continue to proceed with caution before taking action against an employee who reports suspected fraud or wrongdoing. The Court’s ruling makes it more important now than ever to carefully evaluate employment decisions and potential legal exposure once an employee raises fraud concerns.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fisher Phillips | Attorney Advertising

Written by:

Fisher Phillips

Fisher Phillips on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.