Employment Partner & Co-chair of Orrick’s Whistleblowing Task Force Renee Phillips, and Cybersecurity & Data Privacy Associate Shea Leitch, recently authored an article in Corporate Counsel magazine titled “Cybersecurity Whistleblowing Is Murkier Than You May Think.”
The article covers the emerging issue of cybersecurity whistleblowing and discusses scenarios in which cybersecurity whistleblowers can step forward. In addition, the authors touch on best practices for companies when addressing internal complaints and how to mitigate potential scrutiny from regulatory agencies. To read the full article, please click here.
Two recent events may spur a rise in the number of high quality whistleblower tips filed with the SEC. First, on August 30, 2016, the SEC announced that it had awarded a $22.4 million bounty to a former Monsanto financial executive, whose report of alleged accounting fraud led to the company’s $80 million settlement with the SEC in February. This recent award brings the total amount paid out to whistleblowers by the SEC since the inception of the bounty program in 2011 up to $107 million, more than half of which has been paid out in 2016 alone. This most recent award follows a string of seven and eight-figure awards in 2016, most notably topping a $17 million bounty in June 2016, and is second in size only to a September 2014 award of $30 million. The $22.4 million award represents approximately 28% of Monsanto’s $80 million payment, just shy of the 30% award cap established for recoveries exceeding $1 million.
The Commodity Futures Trading Commission (“CFTC”) is proposing amendments to its Dodd-Frank whistleblower regulations to bring them more in line with the SEC’s whistleblower bounty program. This is perhaps not surprising given the relative success of the SEC’s program compared to the CFTC’s program to date (over $100 million in SEC bounties versus about $10 million in CFTC bounties). The proposed changes would include the following:
- Giving the CFTC the ability to bring anti-retaliation suits in its own name (previously it interpreted Dodd-Frank as only providing for private causes of action);
- Providing that “no person may take any action to impede an individual from communicating directly with the Commission’s staff about a possible violation of the Commodity Exchange Act, including by enforcing, or threatening to enforce, a confidentiality agreement….” This is much like the SEC’s Rule 21F-17, which that agency has used to aggressively prosecute cases against companies and collect significant fines; and
- Enhancing the ability of whistleblowers to recover bounties for “related” actions brought by agencies other than the CFTC.
In addition, the proposed regulations would extend the time frame for a whistleblower to report to the CFTC after reporting internally and still be award-eligible from 120 to 180 days. Comments will be accepted until September 29, 2016, and we will keep our readers posted on the rule-making in this area.
Today, the SEC announced that an Atlanta-based company, BlueLinx Holdings, is settling charges that its severance agreements contained provisions that it in its view might impede employees from communicating directly with the SEC about possible securities law violations. The company has agreed to pay a $265,000 sanction and to engage in other corrective actions as described below.
The specific provision at issue provided:
- Employee further acknowledges and agrees that nothing in this Agreement prevents Employee from filing a charge with…the Equal Employment Opportunity Commission, the National Labor Relations Board, the Occupational Safety and Health Administration, the Securities and Exchange Commission or any other administrative agency if applicable law requires that Employee be permitted to do so; however, Employee understands and agrees that Employee is waiving the right to any monetary recovery in connection with any such complaint or charge that Employee may file with an administrative agency. (Emphasis added.)
With respect to this bounty waiver, the Commission stated that “by requiring its departing employees to forgo any monetary recovery in connection with providing information to the Commission, BlueLinx removed the critically important financial incentives that are intended to encourage persons to communicate directly with the Commission staff about possible securities law violations.”
On Friday, May 20th, the SEC’s Office of the Whistleblower issued an order determining that it would award two whistleblowers $450,000 for voluntarily providing original information to the agency that led to a successful enforcement action. The two tipsters will split the award evenly. While the order does not provide any specific facts related to the action or the parties, the SEC’s press release describes it as a “corporate accounting investigation.”
Last Friday, the SEC announced a whistleblower award of more than $3.5 million to an employee whose tip advanced an SEC investigation into the whistleblower’s company. According to the Order, while the information the whistleblower provided did not cause the SEC to open a new line of inquiry, the information “significantly contributed” to the SEC’s ongoing investigation by focusing the Commission on a particular issue and providing the agency with additional settlement leverage during its negotiations with the company.
On March 8, 2016, the Securities and Exchange Commission (SEC) issued an order awarding a trio of whistleblowers a bounty of almost $2 million.
The SEC released its Fiscal Year 2015 Annual Report (the “Report”) to Congress on the Dodd-Frank Whistleblower Program on November 16, 2015. The Report analyzes the tips received over the last twelve months by the SEC’s Office of the Whistleblower (“OWB”), provides additional information about the whistleblower awards to date, and discusses the OWB’s efforts to combat retaliation against whistleblowers.
On September 9, 2015, Sean McKessy, Chief of the SEC’s Office of the Whistleblower (OWB) spoke at Thomson Reuters’ 4th Annual Corporate Whistleblower Program in New York. With the standard disclaimer that his comments and opinions were his own and not the official comments of the agency, McKessy spoke candidly about the SEC whistleblower program’s progress, challenges, and priorities as it enters FY2016.
On July 17, 2015, the SEC announced a whistleblower award of over $3 million to a company insider who provided information that “helped the SEC crack a complex fraud.” This payout represents the third highest award under the SEC’s whistleblower program to date. The SEC has made two of the three highest payments to clients of the same law firm – Phillips & Cohen LLP. (The SEC paid roughly $14 million to a whistleblower in October 2013, and nearly $30 million to a foreign whistleblower represented by Phillips & Cohen in September 2014.). This latest multi-million dollar payout suggests that the SEC’s whistleblower program is in full swing, and that legal representation of whistleblowers may be on the rise.