Employment Partner & Co-chair of Orrick’s Whistleblowing Task Force Renee Phillips, and Cybersecurity & Data Privacy Associate Shea Leitch, recently authored an article in Corporate Counsel magazine titled “Cybersecurity Whistleblowing Is Murkier Than You May Think.”
The article covers the emerging issue of cybersecurity whistleblowing and discusses scenarios in which cybersecurity whistleblowers can step forward. In addition, the authors touch on best practices for companies when addressing internal complaints and how to mitigate potential scrutiny from regulatory agencies. To read the full article, please click here.
Two recent events may spur a rise in the number of high quality whistleblower tips filed with the SEC. First, on August 30, 2016, the SEC announced that it had awarded a $22.4 million bounty to a former Monsanto financial executive, whose report of alleged accounting fraud led to the company’s $80 million settlement with the SEC in February. This recent award brings the total amount paid out to whistleblowers by the SEC since the inception of the bounty program in 2011 up to $107 million, more than half of which has been paid out in 2016 alone. This most recent award follows a string of seven and eight-figure awards in 2016, most notably topping a $17 million bounty in June 2016, and is second in size only to a September 2014 award of $30 million. The $22.4 million award represents approximately 28% of Monsanto’s $80 million payment, just shy of the 30% award cap established for recoveries exceeding $1 million.
The Commodity Futures Trading Commission (“CFTC”) is proposing amendments to its Dodd-Frank whistleblower regulations to bring them more in line with the SEC’s whistleblower bounty program. This is perhaps not surprising given the relative success of the SEC’s program compared to the CFTC’s program to date (over $100 million in SEC bounties versus about $10 million in CFTC bounties). The proposed changes would include the following:
- Giving the CFTC the ability to bring anti-retaliation suits in its own name (previously it interpreted Dodd-Frank as only providing for private causes of action);
- Providing that “no person may take any action to impede an individual from communicating directly with the Commission’s staff about a possible violation of the Commodity Exchange Act, including by enforcing, or threatening to enforce, a confidentiality agreement….” This is much like the SEC’s Rule 21F-17, which that agency has used to aggressively prosecute cases against companies and collect significant fines; and
- Enhancing the ability of whistleblowers to recover bounties for “related” actions brought by agencies other than the CFTC.
In addition, the proposed regulations would extend the time frame for a whistleblower to report to the CFTC after reporting internally and still be award-eligible from 120 to 180 days. Comments will be accepted until September 29, 2016, and we will keep our readers posted on the rule-making in this area.
OSHA’s San Francisco region, which includes California, Nevada, and Arizona, launched a new pilot program on August 1, 2016 that would allow complainants, under certain circumstances, to ask OSHA to cease its investigation and issue findings for an ALJ to consider. The program is an effort to process cases more quickly in the region. To qualify for expedited treatment, the investigator must first interview the complainant, allow the respondent the opportunity to submit its position statement and meet with OSHA and present statements from witnesses if so desired, and allow the complainant an opportunity to respond to the respondent’s submission.
Today, the SEC announced that an Atlanta-based company, BlueLinx Holdings, is settling charges that its severance agreements contained provisions that it in its view might impede employees from communicating directly with the SEC about possible securities law violations. The company has agreed to pay a $265,000 sanction and to engage in other corrective actions as described below.
The specific provision at issue provided:
- Employee further acknowledges and agrees that nothing in this Agreement prevents Employee from filing a charge with…the Equal Employment Opportunity Commission, the National Labor Relations Board, the Occupational Safety and Health Administration, the Securities and Exchange Commission or any other administrative agency if applicable law requires that Employee be permitted to do so; however, Employee understands and agrees that Employee is waiving the right to any monetary recovery in connection with any such complaint or charge that Employee may file with an administrative agency. (Emphasis added.)
With respect to this bounty waiver, the Commission stated that “by requiring its departing employees to forgo any monetary recovery in connection with providing information to the Commission, BlueLinx removed the critically important financial incentives that are intended to encourage persons to communicate directly with the Commission staff about possible securities law violations.”
Last week, Germany’s Financial Supervisory Authority (BaFin) unveiled a centralized platform for receiving whistleblower complaints, including anonymous complaints, of alleged violations of supervisory provisions within the financial sector. The move appears to represent a shift in German ideology toward a more favorable view of anonymous reporting, which for many years was discouraged in Germany and more broadly in the EU due to the risk of “organized systems of denouncement.” Under the new program, whistleblowers may submit reports in writing (on paper or electronically), by phone (with or without recording the conversation), or verbally. BaFin’s press release announcing the program states that it will make the anonymity of whistleblowers a “top priority,” and that it will not pass on the identity of whistleblowers to third parties. The program is “aimed at person with a special knowledge of a company’s internal affairs – for example because they are employed there or have some other contractual relationship or relationship of trust with the company.”
BaFin was required to implement this new platform due to an amendment to the German Act on Financial Services Supervision. Notably, the Act only applies to the financial services sector, not including external accountants, tax consultants and attorneys. It provides that employees working in the financial services sector may not be held liable for reporting potential or actual breaches of law under either employment law or criminal law, unless the report was false or grossly negligent.
*This post was drafted with contribution from Ashley Gambone, law clerk.
Affirming a SOX victory for an employee, the Fourth Circuit in a 2-1 decision in Gunther v. Deltek upheld a Department of Labor award of four-years of front pay to a former financial analyst of a software firm and also affirmed an award of tuition reimbursement for a four-year, full time, college degree program. The Fourth Circuit’s Gunther decision discusses the standards for proving or disproving a causal connection in SOX cases, for meeting the after-acquired evidence standard to cut off damages, and for proving entitlement to front pay and other damages under SOX.
Recently in Verdrager v. Mintz, Levin, Cohn, Ferris, Glovsky & Popeo, P.C., No. SJC-11901, 2015 WL 10937776 (Mass. May 31, 2016), the Supreme Judicial Court of Massachusetts held, as a matter of first impression, that self-help discovery “may in certain circumstances constitute protected activity” under the state anti-retaliation statute, provided that, “the employee’s actions are reasonable in the totality of the circumstances.”
On Friday, May 20th, the SEC’s Office of the Whistleblower issued an order determining that it would award two whistleblowers $450,000 for voluntarily providing original information to the agency that led to a successful enforcement action. The two tipsters will split the award evenly. While the order does not provide any specific facts related to the action or the parties, the SEC’s press release describes it as a “corporate accounting investigation.”
Last Friday, the SEC announced a whistleblower award of more than $3.5 million to an employee whose tip advanced an SEC investigation into the whistleblower’s company. According to the Order, while the information the whistleblower provided did not cause the SEC to open a new line of inquiry, the information “significantly contributed” to the SEC’s ongoing investigation by focusing the Commission on a particular issue and providing the agency with additional settlement leverage during its negotiations with the company.