The Securities and Exchange Commission ("SEC") has recently adopted rules implementing the whistleblower provisions of the Dodd-Frank Act. The new rules direct the SEC to pay awards to whistleblowers who voluntarily provide original information leading to the recovery of monetary sanctions exceeding $1 million.
The most contentious part of the rules is their likely impact on internal compliance programs. The business community has expressed concern that the rules will undercut the reporting requirements of corporate compliance programs. Notwithstanding this concern, the SEC has decided against requiring whistleblowers to report internally. Instead, it has determined whistleblowers are in the best position to know which reporting avenue to pursue.
As a result of the newly established bounty program, companies should be prepared for a flood of complaints. Below is a summary of key concepts under the new rules.
Defining a Whistleblower
The rules define a whistleblower as a person who provides to the SEC information relating to a possible violation of the securities laws that has occurred, is ongoing or is about to occur. A whistleblower must be an individual; companies are not eligible.
To be considered for an award, the rules require a whistleblower to do the following:
(a) Act voluntarily
(b) Provide original information
(c) Provide sufficient information leading to a successful enforcement action
(d) Facilitate a recovery totaling more than $1 million
Whistleblower Protection from Retaliation
Under the rules, it is unlawful for anyone to interfere with a whistleblower's efforts to communicate with the SEC, including threatening to enforce a confidentiality agreement. In addition, the rules do not require an actual violation or the successful receipt of an award for the anti-retaliation protections of the Dodd-Frank Act to apply. In an attempt to deter both bad-faith and frivolous reports, the SEC has imposed a "reasonable belief" standard that requires an employee to hold a subjectively genuine belief that the information demonstrates a possible violation and that this belief is one a similarly situated employee might reasonably possess.
No Internal Reporting Required
The new rules present challenges to established internal compliance programs because they do not require whistleblowers to first report internally before turning to the SEC. However, the SEC has attempted to incentivize utilization of internal compliance programs in three ways:
Companies need to recognize that compliance risks are not caused by whistleblowers. Instead, they are generated by weak compliance programs that fail to identify, assess and control risks before violations are discovered by whistleblowers or regulators. Therefore, companies must make compliance risk assessments an integral part of compliance programs.
Further, an essential part of an effective compliance program is a process that encourages employees to report possible compliance violations without fear of retaliation. In fact, companies should find creative ways to reward employees who come forward with a good-faith belief that compliance violations are occurring. In the end, the quality of internal programs will impact a whistleblower's decision to report to the company as opposed to the SEC first.
For more information about how to appropriately respond to the whistleblower rules, please contact our director, Compliance Risk Services, Jim Bowers, at (860) 275 0339 or email@example.com, or any of the individuals listed above.
Dan Wenner authored an article, "Inside the 1st Muni Bond Criminal Case," published by Law360.
Jed Davis will be a featured panelist in a CLE program titled, "Implementing the New DFS Cybersecurity Regulation," (click on title to register), sponsored by the Data Law Initiative at Cardozo Law School.
Clifford Nichols wrote an article, "When Addressing Cybersecurity and Data Breach, Don't Forget eDiscovery," for New Jersey Law Journal. The article is about how companies should consider eDiscovery and litigation response issues when making policy or infrastructure changes to address cybersecurity and data breach risks.
On March 16, Eliza Fromberg and Bob Appleton will lead presentations in a webinar held by The National Society of Compliance Professionals. The presentation called, "FinCEN’s Proposed AML Rule: Implications for Investment Advisers to Private Funds," will address some thorny and cutting edge issues raised by the proposed rule that would require SEC-registered investment advisers to establish AML programs, report suspicious activity to FinCEN, and comply with certain other provisions applicable to financial institutions under the Bank Secrecy Act.
Dan Wenner and Kenton Atta-Krah wrote an article, "A Cautionary Tale About 'Other Acts' And Insider Trading," for Law360. The article analyzes the significance of United States v. DeCinces, in which the Ninth Circuit addressed two interlocutory appeals from DeCinces' securities fraud and insider trading prosecution and reversed the district court's order granting a motion in limine to exclude evidence against DeCinces. The government's application of Rule 404(b) in this case could have serious implications for other defendants in insider trading prosecutions.
Adam Grant was quoted in an article, "Content Requirements in Angola Cost Halliburton More Than $29 Million in SEC Disgorgement and Penalties," published in The Anti-Corruption Report.
Jed Davis was quoted in an article, "5 Ways To Keep Cybersecurity Woes From Derailing A Deal," published in Law360.
Danielle M. Corcione was quoted in an article, "Former Asst. US Attorney Joins Day Pitney's NJ Office," published in Law360.
On January 5, Day Pitney hosted a speech by Robert L. Capers, the U.S. Attorney for the Eastern District of New York, to the White Collar Crime Committee of the American Bar Association's Business Law Section (WCCC) at the firm's New York City office.
Eliza Fromberg was quoted in an article, "Equity Crowdfunding Tops $10M Since SEC Rules Took Effect," in Law360.