Court clarifies corporate whistleblower laws

Anti-retaliation provisions protecting corporate whistleblowers can be found in various sections of the federal law. The statutes are not entirely consistent, and the failure to comply strictly with the applicable rules can foreclose access to the remedies and protections the law provides. The U.S. Supreme Court recently provided some clarity in Digital Ready v. Somers, which has significant ramifications for public companies and their subsidiaries, and those who do business with them. The Sarbanes-Oxley Act of 2002 (SOX) was passed in the wake of Enron and other corporate scandals. It provides a civil remedy for any whistleblower who suffers retaliation based on reporting misconduct to a supervisor or person within the company with investigative authority (e.g., internal audit, the audit committee), as well as to regulators or law enforcement. Employers face liability under SOX if the employee's protected activity was a substantial factor in the employer's decision to discharge or take other unfavorable action against the employee. A whistleblower claiming retaliation is required to make a complaint to OSHA within 180 days after an alleged violation of SOX or the date when the employee became aware of the violation. After the administrative process is completed, or if the process is not completed within 180 days of the filing of the complaint, the employee can bring suit in federal court. Eight years later, the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) was passed in the wake of the collapse of the financial markets. In addition to creating a bounty program for whistleblowers, Dodd-Frank enhanced whistleblower protections. The law clarified the application of anti-retaliation protection of both statutes to publicly traded companies and their subsidiaries reporting results on a consolidated basis and confirmed the availability of jury trials. While Dodd-Frank overlaps with SOX, the former provides more beneficial anti-retaliation protections. Unlike SOX, Dodd-Frank allows an employee to go directly to the courts, and to do so at any time until six years from the date of retaliation or three years from the date the employee became aware of it, but not longer than 10 years-in contrast to the SOX requirement that the employee file an administrative claim within 180 days. Employees who successfully pursue claims of retaliation under Dodd-Frank are entitled to recover two times their back pay. Plainly, there are significant benefits to claiming status as a whistleblower under Dodd-Frank, as opposed to SOX. Until Feb. 21, there was some doubt about who could claim the broader and more generous anti-retaliation protections of Dodd-Frank. The federal courts could not agree whether employees who make only an internal report of suspected wrongdoing, or who claim retaliation based on that internal report, were covered by Dodd-Frank. On the one hand, Dodd-Frank defines a whistleblower to be one who "[p]rovide(s) information . . . to the (Securities and Exchange) Commission." While on the other, the Dodd-Frank anti-retaliation provisions cover any whistleblower who suffers retaliation after making a disclosure under SOX (as well as other statutes), which would include internal complaints. The SEC attempted to reconcile this apparent inconsistency in its own regulations, providing protection for whistleblowers if they suffer retaliation for any whistleblowing conduct described in that statute, which would include the internal complaints envisioned in SOX. The stakes were high for employees pursuing retaliation claims under Dodd-Frank: If they had not reported to the SEC, SOX protections would likely no longer be available, given the short timeframe to make an administrative claim. On Feb. 21, the Supreme Court unanimously ruled that Dodd-Frank only protects whistleblowers who, as the statutory definition provides, report their concerns directly to the SEC. Ironically, while business groups had advocated for the result reached by the Supreme Court, the SEC warned that this outcome will harm businesses, undermining the important role of internal compliance programs. In general, businesses prefer to encourage employees to report suspected misconduct internally. An internal report allows companies to get ahead of problems, to investigate and evaluate whether to self-report or at least be prepared before the regulators come calling. Dodd-Frank created a much-heralded whistleblower program at the SEC that offers the tantalizing potential of an award of between 10 and 30 percent of sanctions recovered (subject to a minimum recovery of $1,000,000) for those who provide information to the agency. That program is a strong incentive for even the most loyal employees to bypass internal reporting and run to the authorities, enhanced even more by the SEC's widespread dissemination of news of numerous multimillion dollar awards to whistleblowers. Yet, as the SEC noted in its most recent annual report to Congress last November, nearly 83 percent of those who collected a financial bounty from the SEC reported they had also raised their concerns internally, either to a supervisor or compliance personnel, or through internal reporting mechanisms, before heading to the SEC. The Supreme Court's recent decision may further encourage employees to ignore internal hotlines and reporting systems, and proceed directly to the SEC with any suspicions of wrongdoing. To offset the call of the money and motivate employees to report concerns internally first, companies have to invest in a strong, visible and effective compliance culture. All employees need to be encouraged to report concerns and to be continually reminded how and where to voice concerns. Employees who raise compliance issues want to be acknowledged and recognized for their initiative (assuming they do not request anonymity). Many whistleblowers who both report internally and to the SEC believe that their internal complaints were ignored or minimized. Supervisors must be trained to recognize compliance issues, to treat concerns seriously, to be aware of internal processes and resources, and to avoid any conduct that might be construed as retaliation. Taking action now to strengthen internal compliance culture and mechanisms can mitigate the risk of an unanticipated knock on the door from the government. ----- Jeremy Wolk is a partner in Nixon Peabody LLP's Business & Finance department. He developed this article with assistance from Carolyn Nussbaum, a partner in the firm's Commercial Litigation group, and a member of the Securities and Governance Litigation and Class Action teams. Published: Mon, Apr 02, 2018