Section 806 of the Sarbanes-Oxley Act of 2002 (“SOX”) protects employees of public companies who “blow the whistle” by reporting conduct that they reasonably believe constitutes a violation of federal law relating to financial, securities or shareholder fraud. Section 922 of the DoddFrank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), which was enacted in 2010, requires the Securities and Exchange Commission (“SEC”) to establish a new whistleblower program that will pay awards to whistleblowers who provide the SEC with information about violations of securities laws that lead to a successful enforcement action resulting in monetary sanctions exceeding $1 million. Section 922 of the Dodd-Frank Act also provides protection to whistleblowers by prohibiting retaliation by employers against individuals who provide to the SEC information regarding potential securities violations. The anti-retaliation protections authorize civil causes of action to address adverse employment actions taken against a whistleblower employee because of that employee’s report to the SEC.

In May 2011, the SEC adopted final rules implementing the Dodd-Frank Act. Most notably, the final rules do not require a whistleblower to report violations through a company’s internal compliance program before providing award-eligible tips to the SEC. This update sets out a summary of the key provisions of the final rules. In addition, we address recent decisions concerning the Dodd-Frank Act and SOX. In the first decision to address the Dodd-Frank Act anti-retaliation provision, a federal district court in New York took a broad view of the category of individuals protected by the DoddFrank Act. With regard to SOX, recent decisions have addressed the requirement that a claimant have a “reasonable belief” that the reported conduct constitutes a violation of an enumerated law and SOX’s application to disclosures of fraud to the news media.

New Rules under Dodd-Frank Act

On May 25, 2011, the SEC adopted rules, which took effect on August 12, 2011, implementing the whistleblower provisions of the Dodd-Frank Act. The new rules provide that the SEC may pay an award to an eligible whistleblower when the whistleblower voluntarily provides original information to the SEC that leads to a successful enforcement action brought by the SEC resulting in monetary sanctions in excess of $1 million. Key provisions of the rules include:

• The new rules narrowly define a whistleblower as an individual who provides the SEC with information that relates to potential violations of federal securities law. Thus, information relating to violations of state or foreign securities laws will not result in an award. A company is not eligible to be a whistleblower.
• In order for information to be deemed voluntary, a whistleblower must submit the information to the SEC before the government or a securities regulatory authority requests such information from the whistleblower.
• The final rules define original information to mean information that is derived from the individual’s “independent knowledge” or “independent analysis” and not otherwise known to the SEC or derived from publicly available information.
• The new rules also protect from retaliation individuals who possess a reasonable belief that information they are providing relates to a possible securities law violation that has occurred, is ongoing, or is about to occur and who provide information relating to the possible violation. The final rules expressly provide that the SEC has the ability to enforce the anti-retaliation regulations.
• The final rules limit the eligibility of certain persons from being considered a whistleblower based on their relationship with or role played within a company. Excluded persons include individuals who have a preexisting legal or contractual duty to report information to the SEC; attorneys (including in-house counsel) who attempt to use information obtained from client engagements to make whistleblower claims for themselves; individuals who obtain the information in a manner that violates federal or state criminal law; and compliance or internal audit personnel.
• The SEC included certain provisions in the new rules intended to encourage continued use of internal compliance programs when appropriate. For example, the new rules provide that participation by a whistleblower in his or her company’s internal compliance program will be considered a factor that may result in a larger award, and interference with internal procedures may be a factor that can decrease an award. In addition, the rules provide that whistleblower information initially reported internally but subsequently reported to the SEC within 120 days will be deemed to have been reported to the SEC on the date of the initial internal report, thus preserving the initial date and “place in line” for a possible award from the SEC.

Early Decision under Dodd-Frank Act Permits Plaintiff to Proceed with Retaliation Claim

In the first decision to address the anti-retaliation provisions of the Dodd-Frank Act, Judge Leonard Sand of the Southern District of New York interpreted the anti-retaliation provisions of the Dodd-Frank Act broadly to cover not only whistleblowers who “provide information” to the SEC, but also individuals whose disclosures are “required or protected” under SOX, the Securities Exchange Act, 18 U.S.C. § 1513(e), or any other law, rule, or regulation subject to the SEC’s jurisdiction. Egan v. TradingScreen, Inc., 2011 WL 1672066 (S.D.N.Y. May 4, 2011).

Plaintiff, a former employee of a private company named TradingScreen, Inc., alleged that after he reported to his employer that the company’s CEO had been diverting corporate assets to another company, the company engaged outside counsel to conduct an internal investigation, which ultimately confirmed the plaintiff’s allegations. Before the independent Board members could force the CEO to resign, he gained control of the Board and fired the plaintiff. The Dodd-Frank Act defines a “whistleblower” as “any individual who provides, or two or more individuals acting jointly who provide, information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission.” 15 U.S.C. § 78u-6. Because plaintiff made his reports to Trading Screen, and not to the SEC, the defendants argued he was not afforded protection under the DoddFrank Act.

The court noted that, in addition to protecting lawful acts done by the whistleblower to provide information or testimony to the SEC, the Act also protects whistleblower disclosures that are required or protected under (1) SOX; (2) the Securities Exchange Act; (3) 18 U.S.C. § 1513(e); and (4) any other law, rule, or regulation within the jurisdiction of the SEC. 15 U.S.C. § 78u-6(h)(1)(A)(iii). The court determined that this presented a contradiction in the statute, as a literal reading of the definition of “whistleblower” requiring reporting to the SEC would effectively invalidate the protection of whistleblower disclosures that do not require reporting to the SEC. The court thus broadly interpreted the anti-retaliationprovision to conclude that plaintiff “adequately alleged that he acted jointly with the Latham & Watkins attorneys, in an effort to provide information to the SEC regarding [the CEO’s] alleged misconduct.” Because the plaintiff had not adequately alleged that Latham & Watkins actually reported the CEO’s alleged misconduct to the SEC, the court permitted the plaintiff to amend his complaint to include such factual allegations.

Protected Activity under SOX

Section 806 of SOX prohibits retaliation against an employee who reports any conduct the employee “reasonably believes constitutes a violation” of (1) federal criminal law provisions prohibiting mail, wire or bank fraud; (2) any rule or regulation of the Securities and Exchange Commission; or (3) any provision of federal law relating to fraud against shareholders. 18 U.S.C. § 1514A(a)(1). To qualify as having engaged in “protected activity” under SOX, a whistleblower must establish by a preponderance of the evidence that he or she had a reasonable belief that the acts complained of violated the laws specified in SOX.

Several recent decisions exemplify the tendency of the Arbitration Review Board (“ARB”) of the Department of Labor (“DOL”) to interpret liberally the requirement that the complainant engage in protected activity. For example, in Funke v. Federal Express Corp., DOL ARB No. 09-004 (July 8, 2011), the ARB reversed the dismissal of a Federal Express employee’s SOX claim based on her claim that she was suspended for alerting colleagues, her manager and local law enforcement that a third party was using Federal Express for mail fraud. The ARB held that the language of SOX contains no express requirement that the reported misconduct actually be committed by complainant’s employer; rather Section 1514A of SOX “protects an employee who provides information ‘regarding any conduct which the employee reasonably believes constitutes a violation.’”

And, in Sylvester v. Parexel Int’l LLC, DOL ARB No. 07-123 (May 25, 2011), the ARB reversed the dismissal of claims filed by two individuals who alleged a pharmaceutical research company fired them for reporting fraud. The ARB held that complainants only have to express a “reasonable belief” of a violation of law to engage in SOX-protected activity – the protected activity does not have to describe an actual violation of the law. The ARB also rejected the “definitive and specific” evidentiary standard announced in the ARB’s 2006 decision in Platone v. FLYI Inc., DOL ARB No. 04-154 (2006), which had held that protected conduct had to definitively and specifically describe a violation of one or more of the laws listed in SOX. Thus, SOX protection is available as long as the employee provides information that he or she reasonably believes relates to a violation of one of the laws identified in Section 806 of SOX. See also Inman v. Fannie Mae, DOL ARB No. 08-060 (June 28, 2011) (rejecting the requirement that an employee’s disclosure relate “definitively and specifically” to one or more of the laws listed in Section 806 of the Act).

The ARB upheld a SOX damages award in Brown v. Lockheed Martin Corp., DOL ARB No. 10-050 (Feb. 28, 2011), a case involving a complaint by an employee of Lockheed Martin Corp. that a vice president with the company misused employer funds and fraudulently charged expenses to the U.S. government to purchase various items and pay for trips for her paramours. The ARB found that the complainant engaged in SOX-protected activity because she reasonably believed that her colleague committed wire and/or mail fraud by misusing company funds for sexual liaisons that would be billed to the government.

Disclosure of Evidence of Fraud to the News Media Is Not Protected under SOX

Recently, the Ninth Circuit Court of Appeals decided that the whistleblower provisions of SOX do not protect employees who leak information to the news media. Tides v. The Boeing Co., 644 F.3d 809 (9th Cir. May 3, 2011), petition for cert. filed, No. 11-309 (Sep. 7, 2011). SOX prohibits retaliation by public companies against employees who disclose evidence of fraud to (1) federal or law enforcement agencies, (2) members of Congress, or (3) supervisors. The plaintiffs, ex-employees of Boeing Co., said they repeatedly complained about what they saw as auditing deficiencies and pressure from management to rate Boeing’s internal controls favorably. They eventually spoke with a reporter from the Seattle Post-Intelligencer, which ran a report about Boeing’s computer systems security. Several months later, the employees were fired for violating a company policy prohibiting employees from releasing information to the media without approval from the company’s communications department. The court specifically rejected their SOX retaliation claim, holding that if Congress wanted to cover media leaks, it could have referenced the press specifically in the law.

Advice to Employers

The possibility of large rewards may cause putative whistleblowers to forgo reporting mechanisms provided by internal compliance programs and instead disclose possible violations of law directly to the SEC. Nonetheless, companies should review their compliance programs, ensure that their employees are sufficiently informed about internal reporting programs and educate employees regarding the importance of timely reporting. Promoting a corporate culture that emphasizes a commitment to legal compliance and ethical conduct should mitigate against the risk that employees will favor reporting to the SEC over utilizing the firm’s internal compliance program.