by Miriam Baer
Next October, the Supreme Court will hear oral argument in Digital Realty Trust, Inc. v. Somers. The case asks the Court to resolve whether the Dodd-Frank Act’s anti-retaliation protections for “whistleblowers” apply to those individuals who first report information solely to the SEC, or instead to the broader group of individuals who report information internally or other enforcement agencies before seeking out the SEC. As noted in an earlier post on this blog, circuit courts are split on the issue, and whereas the SEC itself has embraced the broader definition, Dodd-Frank’s explicit definitional language offers some room for doubt.
When the case does reach the Supreme Court, litigants favoring the broader definition presumably will portray what has now become the standard depiction of the whistleblower’s dilemma: An employee knows her bosses are cooking the books. She would like nothing to do with this sort of activity but she fears she will lose her job and be iced out of her industry if she says anything. Continue reading
by Eric Young and Brandon Lauria
Confidentiality and employment agreements have not historically been a matter of concern for the nation’s leading securities regulator. However, since August, the SEC has settled eight enforcement actions involving allegations of improper conduct with respect to employment agreements as part of its efforts to encourage, protect and reward whistleblowers. If this enforcement blitz surrounding Rule 21F-17 continues, it could ultimately change the terms of confidentiality provisions at a far ranging list of employers from publicly traded companies to financial institutions to government contractors.
What is SEC Rule 21F-17? It is the 2011 regulation adopted by the SEC as part of the rules governing its Dodd-Frank Act authorized whistleblower program. It prohibits, with a few small exceptions, “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement ….” 17 C.F.R. 240.21F-17(a). In short, it bars efforts to impede whistleblowers from reporting misconduct to the SEC. Continue reading
by Dr. Olivia Dixon
Whistleblowing is considered to be an integral component of corporate governance by exposing and remedying corruption, fraud and other types of wrongdoing in both the public and private sector. Australian whistleblowing legislation emerged in the aftermath of the systemic government corruption inquiries of the late 1980’s, meaning that although whistleblower protection was squarely on the political agenda, legislative development was firmly fixed on the public sector. The Commonwealth, States and Territories have all enacted public sector whistleblower protection or public interest disclosure acts based on a structural approach, which prohibit retaliation against whistleblowers for reporting misconduct. While academic debate continues as to whether private sector legislation should ultimately be based on a structural, anti-retaliation, reward-based or blended model, political will to enact comprehensive private sector legislation has stagnated and current legal avenues that are available to targets of retaliation are inherently complex, fragmented and unpredictable. Continue reading
by Erika A. Kelton and John W. Tremblay
Who counts as a “whistleblower” when it comes to Dodd-Frank’s statutory protections against employment retaliation? In recent years, corporate defendants have argued that employees who complain internally about wrongdoing are not protected by Dodd-Frank’s whistleblower anti-retaliation provisions if they do not report wrongdoing to the Securities and Exchange Commission before they suffer retaliation. Continue reading
by Evan Bundschuh and Dallas Hammer
This post is the second part of a two-part post by the authors, entitled The Rise of Cybersecurity Whistleblowing.
Companies seeking to mitigate that risk of cybersecurity whistleblowing through insurance face a unique set of challenges. Cyber whistleblower claims fall in an area somewhere between cyber and D&O insurance, and poorly structured policies will yield little to no coverage. Organizations that have placed both policies nonetheless will likely assume that they have performed their due diligence and that coverage is in place for claims at time of loss. However, affording broad coverage for even standard whistleblower claims can be difficult. Continue reading
by Erika A. Kelton
2016 was a banner year for the Dodd-Frank Act’s most significant anti-fraud enforcement provisions: the whistleblower programs at the Securities and Exchange Commission and the Commodity Futures Trading Commission.
In the five years since these programs were established, whistleblowers have rapidly changed the global securities and commodities compliance landscape. The success of the Dodd-Frank whistleblower programs can be attributed largely to the significant actions the SEC and CFTC have taken that signal that whistleblowers will be rewarded and protected for their information and assistance.
As a result of the SEC whistleblower program, more than $874 million in financial remedies have been collected from companies in financial penalties and disgorgement since the program was established in 2011. Because the totals attributed to the whistleblower program are only reported after a whistleblower award has been made, the reported totals lag behind the amounts actually recovered. I believe that the actual amounts the SEC has recovered by virtue of whistleblower information exceed $1.5 billion.
Last year, the SEC surpassed the $130 million mark in total awards paid to whistleblowers. The SEC also set a new bar for whistleblower protection, demonstrating that it will go after companies that retaliate against whistleblowers or have severance or confidentiality agreements that aim to discourage employees from reporting wrongdoing to government enforcement agencies.
The CFTC, meanwhile, paid out in 2016 its largest ever award — $10 million — to a single whistleblower.
With that momentum, 2017 is shaping up to be another transformative year for these programs. Here’s what to expect: Continue reading
by Dallas Hammer and Evan Bundschuh
Your company’s security controls are lacking, and a high level employee in IT is naturally worried – he’s addressed his concerns a number of times. Employees are regularly transmitting unencrypted information, sharing passwords and using non-compliant cloud services to share data and sensitive client side IP. This doesn’t seem overly alarming, we’ve all made similar mistakes, so the comments fall on deaf ears and operations continue. A few months later however the employee becomes increasingly vocal so senior management decides to let him go. Problem solved. Or…the problem might just be beginning.
Companies that ignore (and retaliate against) employees who address cybersecurity vulnerabilities can face significantly increased liability resulting from a new breed of whistleblower claims – cyber whistleblowing. With cyber regulatory oversight increasing at a rapid rate, these claims are poised to increase as well. While no federal laws specifically protect cybersecurity whistleblowers, existing anti-retaliation provisions are often broad enough to cover employees who raise information security concerns. Most notably, federal statutes prohibiting retaliation against corporate whistleblowers and employees who report misconduct in connection with federal funds, as well as state wrongful discharge actions, may apply to cybersecurity whistleblowers. Continue reading
by Chair Mary Jo White
Good morning and thank you, Dean [Trevor] Morrison for that very kind introduction. It is a pleasure to be here today and I want to thank the NYU Program on Corporate Compliance and Enforcement and the NYU Pollack Center for Law and Business for co-sponsoring this program. These programs provide important forums for sophisticated dialogue on critical white collar enforcement issues, which have an increased prominence post-financial crisis. I am honored to join your list of distinguished speakers.
Consistent with the core missions of these programs, I will talk to you today primarily about the SEC’s enforcement program, but also more broadly, about how best to punish and deter white-collar wrongdoing.As you know, the SEC is the primary regulator and enforcer of the federal securities laws. How we go about our job is thus critical to the protection of investors and the integrity of our capital markets. After nearly four years as Chair of the SEC, following almost nine years as U.S. Attorney for the Southern District of New York, where the criminal prosecution of white collar wrongdoing was – and still is – a major priority, this seemed like the right time to speak here about this important topic. And, as you might guess, after spending much of my career in law enforcement, I have strong views about the importance of strong enforcement in the white collar space and what it takes to achieve that. Continue reading
by Douglas K. Yatter, Yvette D. Valdez, and J. Ashley Weeks
Financial services firms and market participants face an ever-evolving landscape of regulatory programs designed to encourage and enable whistleblowers to report potential misconduct. On August 30, 2016, the US Commodity Futures Trading Commission (CFTC) published proposed amendments to its whistleblower program. Drawing from the agency’s experience in administering its program over the past five years, as well as strides the US Securities and Exchange Commission (SEC) has made in administering its analogous program, the CFTC’s proposal aims to enhance the whistleblower review process and adopt new enforcement authority for whistleblower retaliation. Continue reading
by John F. Savarese, Jeannemarie O’Brien, Wayne M. Carlin, and David B. Anders
In the space of one week, the SEC brought two enforcement actions that reiterate its focus on protecting the rights of whistleblowers. In each case, companies attempted to remove the financial incentives for departing employees to submit whistleblower reports to the SEC. The result instead was a pair of administrative orders (on a neither admit nor deny basis) finding that each company violated SEC Rule 21F-17, which prohibits any person from taking any action to impede a whistleblower from communicating with the SEC about possible securities law violations. In the Matter of BlueLinx Holdings Inc. (August 10, 2016); In the Matter of Health Net, Inc. (August 16, 2016). For earlier developments in this area, see our memo, “The SEC Opens a New Front in Whistleblower Protection” (April 2, 2015).
Both recent cases involved severance agreements entered into with individuals in connection with the termination of their employment relationship, as a condition to the receipt of severance payments and benefits. Continue reading