Yesterday, the US Supreme Court decided Digital Realty Trust v. Somers, unanimously ruling that the anti-retaliation provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act do not extend to a person who has not reported a possible violation of the securities laws to the SEC.
The Court declined to defer to an SEC rule that extended the statutory protection against retaliation to individuals who only reported securities law violations to their employer and not the agency. The Court found the statutory language was clear that whistleblowers must report possible securities law violations to the SEC to gain anti-retaliation protection.
Following the decision, listed companies should revisit their whistleblower programs to ensure they give employees confidence that problems reported internally will be addressed without retaliation. If employees trust the integrity of a corporate whistleblower program, they are more likely to give the corporate process a chance before deciding that alleged violations should be reported to the SEC.
The statutory whistleblower framework
Federal securities laws contain two primary whistleblower laws added by the Sarbanes-Oxley Act of 2002 and Dodd-Frank. Both laws shield whistleblowers from retaliation, but they differ in important respects. The provision added by Sarbanes-Oxley affords whistleblower protections to all employees who report misconduct to the SEC, any other agency, Congress or an internal supervisor or compliance officer. The provision added by Dodd-Frank, in contrast, limits anti-retaliation protections to a narrower group by defining "whistleblower" to include only a person who provides "information relating to a violation of the securities laws to the Commission." After the enactment of Dodd-Frank, the SEC issued Exchange Act Rule 21-F, which expanded Dodd-Frank's definition of whistleblower to include, among others, an employee who submits a qualifying report to a company supervisor or compliance officer.
A whistleblower's ability to recover for retaliation under the two statutes also differs in material respects. Sarbanes-Oxley requires a whistleblower to file a complaint first with the Secretary of Labor within 180 days of the adverse employment action. Dodd-Frank permits a whistleblower alleging retaliation to sue a current or former employer directly in federal district court, with a statute of limitations that can extend to six years.
Both statutes provide eligible whistleblowers with remedies for retaliation, such as reinstatement and compensation for litigation costs, expert witness fees and reasonable attorneys' fees. Unlike Sarbanes-Oxley, Dodd-Frank offers double back pay with interest (and further incentivizes whistleblowers with 10-30 percent bounties on certain enforcement recoveries).
The Digital Realty Trust case and invalidation of the SEC's whistleblower definition
Digital Realty Trust, Inc. employed Paul Somers as a vice president from 2010 to 2014. Somers alleged that Digital Realty terminated him shortly after he reported to senior management suspected securities law violations by the company. Somers did not report the suspected violations to the SEC, although nothing impeded him from doing so. He sued the company under Dodd-Frank's whistleblower provisions. Both the trial and appellate courts, relying on SEC Rule 21F-2, allowed the claim to proceed, giving deference to the SEC rule's definition of whistleblower.
The Supreme Court reversed, invalidating Rule 21-F since it expanded the clear statutory definition of whistleblower under Dodd-Frank. The Court held that Dodd-Frank's narrower definition of whistleblower – one who reports to the SEC – controls. The Court noted that this SEC reporting requirement is consistent with Dodd-Frank's "core objective . . . to motivate people who know of securities law violations to tell the SEC." (emphasis supplied by the Court).
As a result of the Supreme Court’s decision, it is more likely that whistleblowers will report their concerns to the SEC to make certain they can avail themselves of the generous anti-retaliation provisions of Dodd-Frank.
Compliance action items
Companies cannot impede employees from reporting to the SEC (see SEC Exchange Act Rule 21F-17), but companies can, and should, encourage employees to report potential misconduct internally. In the wake of Digital Realty, corporate compliance teams should reevaluate their whistleblower programs to ensure that employees perceive those programs as protecting them if they report an issue.
First, ensure that your whistleblower hotline is functioning as it should. If it's not functioning, employees won't use it. Test the lines; test the response; review your docket to ensure compliance incidents are being investigated to completion and remediation is implemented in a timely fashion.
Second, ensure that your whistleblower program protects the anonymity of whistleblowers. Often, internal investigators press too hard for identifying details from whistleblowers who wish to remain anonymous and intentionally or unintentionally "out" them in the process. Once anonymity is lost, whistleblowers feel more vulnerable, and practically speaking are more vulnerable, to adverse employment actions elevating the risk that the employee will stop cooperating with the company's investigation and will start cooperating with the SEC instead.
Third, if not already covered by the company's code of ethics, tell employees that the company expects them to report misconduct to the compliance department, anonymous hotline, or other resource and reinforce this corporate ethos by promoting trust in the process. Promote a culture that emphasizes correcting issues without retaliation through senior-level communications to employees as well as compliance training.
If employees view the corporate whistleblowing program, its administrators and corporate management as having integrity, they will feel less incentivized to report to outsiders. Most employees would prefer to report problems internally and will do so if given a fair and meaningful opportunity.
Find out more about the implications of the Digital Realty case or the compliance action items discussed above by contacting any of the authors. Please also see our related blog post, "Who you gonna call? Recommended best practices for whistleblower hotlines."