In Light of Digital Realty and the Largest Ever Dodd-Frank Whistleblower Award, Whistleblower Risks Are Up and Company Compliance Programs Are Under Pressure
By Gary Giampetruzzi, Jessica Montes & Jessica Baker
In the wake of the U.S. Supreme Court’s recent decision in Digital Realty, employees with knowledge of possible Federal securities law violations are now more incentivized to report such violations to the Securities Exchange Commission (“the SEC”) in lieu of, or before reporting to, their employers in order to take advantage of anti-retaliation protection under the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank” or the “Act”), which Digital Realty eliminated for purely internal whistleblowers. Further enhancing the incentive to report violations to the SEC is the agency’s recently announced $33 million Dodd-Frank whistleblower award, the largest Dodd-Frank whistleblower award to date. This necessarily places increased pressure on company compliance programs to encourage internal whistleblowing, and thus companies are strongly encouraged to ensure their monitoring, reporting, and investigation policies, procedures, and practices are in a position to sufficiently incentivize and encourage employees to report securities law violations internally.
Since the inception of the SEC’s Whistleblower Program, the Act’s whistleblower award provisions and implementing regulations have presented employees with a powerful incentive to report possible Federal securities law violations to the SEC (“external whistleblowing”): an award ranging from 10 to 30 percent in cases with sanctions over $1 million.
Until the Supreme Court’s recent decision in Digital Realty, the SEC’s Whistleblower Program also arguably created a counterbalancing incentive for employees with knowledge of possible Federal securities laws violations to, at the very least, report them to employers (“internal whistleblowing”). Pursuant to regulations promulgated by the SEC under Dodd-Frank in 2011,
However, in a unanimous February 21, 2018 decision in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), the U.S. Supreme Court (“USSC”) reversed the SEC’s anti-retaliation protection for internal whistleblowers by unanimously holding that the Act’s language clearly limits anti-retaliation protection to external whistleblowers. There, after a company terminated an employee who internally reported possible Federal securities law violations, he subsequently sued the company in federal court, alleging a violation of the Act’s anti-retaliation provision. The employee won in the lower courts, which afforded Chevron deference to the SEC’s interpretation. USSC still reversed because the employee did not alert the SEC of his suspicions before his termination and thus did not satisfy the Act’s unambiguous language. Notably, the majority opinion stressed that the Act’s purpose is to motivate external whistleblowing.
This decision should necessarily result in increased external whistleblowing amongst employees. Specifically, if prior to this decision an employee who felt compelled to report misconduct was not inclined to go to the SEC at all, the same employee must now seriously consider whether to report to the SEC before or at the same time as his employer in order to gain anti-retaliation protection. Further, employees who are willing to go to the SEC but only after an employer investigation has proven insufficient also must now undertake the same calculus.
Thus, employers should be ready for more employees to engage in external whistleblowing as a result of this decision. Indeed, speaking at Georgetown University Law Center’s Corporate Counsel Institute on March 15, 2018, the SEC’s Melissa Hodgman—an associate director in its Enforcement Division—shared that “the best guess out there is there’s going to be an increase in [Dodd-Frank whistleblower] reporting, some directly to us, some both internally and externally,” and that, consequently, the agency may add resources to the SEC’s whistleblower office.
To date, the SEC’s Whistleblower Program has been very successful at encouraging external whistleblowing, particularly amongst employees. Since the Whistleblower Program’s inception, the SEC has received over 22,000 whistleblower tips, and it received over 4,200 tips and 4,400 tips in FY 2016
Despite the powerful incentives to engage in external whistleblowing after Digital Realty, companies should know that their compliance programs can contribute in meaningful ways to whether employees decide to report possible misconduct internally or externally. For instance, some have recognized that internal whistleblowers resort to external whistleblowing only when the organizational climate cannot prevent the misconduct.
It would not be a stretch to argue that a strong compliance program that encourages and facilitates internal whistleblowing and imbues employee faith in internal reporting and investigation processes may also help a company avoid the imposition of independent monitors—an always burdensome and unwelcome penalty. At the Georgetown University Law Center’s Corporate Counsel Institute event referenced above, Sally Molloy, a senior prosecutor at the Department of Justice (“DOJ”), and Hodgman confirmed that the SEC and DOJ are less likely to impose a monitor on companies that affirmatively self-report misconduct. Specifically, Molloy shared:
It doesn’t make a lot of sense to me to impose a monitor where the company has affirmatively come to you and reported something … If a company is healthy enough, robust enough, the compliance program is such that you told the department before we knew about it, then that speaks volumes as to whether you need a monitor.
Of course, self-reporting is much more likely if employees are comfortable speaking up and have enough faith in internal compliance programs to refrain from external whistleblowing pending company investigations and remediation of the problematic conduct where needed.
With the promise of Dodd-Frank’s anti-retaliation protection seemingly gone for purely internal whistleblowers, and the resulting increased reliance on employer compliance programs to foster the same, companies subject to the Act should formally evaluate and strengthen their monitoring, reporting, and investigations systems so as to minimize external whistleblower risks. Companies can undertake a number of steps in this regard, including, but not limited to:
Obtain periodic assessments of your risk profile and compliance program effectiveness as it relates to monitoring, reporting, and investigations. Policies and procedures that look good on paper can all too quickly become stale in light of a company’s evolving risk profile and thereby cease to be reliable in practice. This can lead to less reporting, as employees are less likely to internally report possible compliance violations if they lack faith in the existing reporting process or fear retaliation. As such, employers should periodically and formally reevaluate risk profiles and assess compliance program effectiveness, with a specific focus on monitoring, reporting, and anti-retaliation, to ensure that the program is adequately tailored to the company’s risk profile and concerns are effectively addressed and remediated.
Periodically evaluate and retrain middle management on appropriate responses and approaches to reporting and retaliation. It has been shown that employees most frequently raise their concerns first with a supervisor and then with higher management.At the same time, it has also been noted that management can have a tendency to become tone-deaf to employee complaints and dismiss complaints deemed trivial or frivolous.Thus, without effective training of middle management on reporting and retaliation, a company’s first opportunity to manage internal whistleblowers may be simply lost. Against this backdrop, companies should periodically train and evaluate management on appropriate and effective reporting and anti-retaliation practices and strategies.
Ensure thorough and timely follow-up on all whistleblower complaints. In each SEC Annual Report to Congress on the Dodd-Frank Whistleblower program since 2014, 80% or more of whistleblower award recipients had first raised their concerns internally (or knew that supervisors and/or compliance personnel were aware of the issues) before coming to the SEC.Where whistleblowers perceive management as committed to serious and credible investigations of their complaints, they may feel less inclined to report externally. To help achieve that outcome, companies should ensure that they have refreshed investigative procedures in place around appropriate and timely whistleblower follow-up, requests for additional documentation, and investigation updates. The goal should be to both serve the investigative process and dispel any negative perception about the organization’s ability to adequately remediate potential misconduct. A thorough review of the investigations docket can also reveal any shortcomings that may exist.