With the rise of the cybersecurity whistleblower, there is a growing trend of whistleblower-initiated regulatory investigations. In this Law360 article, Orrick attorneys Renee Phillips, Aravind Swaminathan, and Shea Leitch examine the DOJ’s investigation, prompted by a cybersecurity whistleblower, into whether Tiversa Holding Corp. provided false information to the Federal Trade Commission about data breaches at companies that declined to purchase its data protection services. The article discusses what companies can do to protect themselves against this growing risk.
The Department of Labor’s Administrative Review Board (“ARB”) recently upheld an order finding a semiconductor company had constructively discharged a manager who complained the company’s bonus plan violated state wage and hour laws, and in doing so, broadly interpreted the protections offered under the Sarbanes-Oxley Act (“SOX” or “Act”).
Relevant firms in the UK have until March 7, 2016 to appoint a “whistleblowers’ champion,” who then has until September 7, 2016 to oversee their firm’s readiness for the new whistleblowing regime.
The new whistleblowing regime: why make the change?
Since the 2013 Parliamentary Commission on Banking Standards recommendations were published in the UK, the Financial Conduct Authority (“FCA”) has been examining ways to ensure that individuals working in financial services feel able and encouraged to speak up when they have concerns to avoid the same financial scandals of the past.
On October 23, 2015, in a suit filed by Bio-Rad’s former general counsel Sanford Wadler, the United States District Court for the Northern District of California issued a decision granting in part and denying in part Defendants’ motion to dismiss in Wadler v. Bio-Rad Labs, Inc. (No. 15-CV-02356-JCS, 2015 WL 6438670 (N.D. Cal. Oct. 23, 2015), holding, among other things, that corporate directors may be held personally liable for retaliating against a whistleblower under both the Sarbanes-Oxley Act of 2002 (SOX) and the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank).
The ability to preserve privilege for highly sensitive internal investigations conducted at the direction of attorneys is alive and well. In a closely watched decision on the scope of the attorney-client privilege as applied to internal investigations, the D.C. Circuit granted defense contractor Kellogg Brown & Root’s (“KBR”) petition for a writ of mandamus and vacated a district court’s order that privileged documents from an internal investigation must be produced.
On May 28, 2015, the Sixth Circuit in Rhinehimer v. U.S. Bancorp Investments, Inc. affirmed a $250,000 jury verdict in favor of a former financial advisor for U.S. Bancorp Investments (“USBII”) who alleged that he had been terminated in violation of the Sarbanes-Oxley Act (“SOX”) whistleblower provisions. In doing so, the Sixth Circuit rejected the “definitively and specifically” standard for proving protected activity under SOX and abrogated its prior SOX decision in Riddle v. First Tennessee Bank Nat’l Assoc., 497 F. App’x 588 (6th Cir. 2012) to the extent it relied upon the standard.
On June 16, 2014, the SEC issued its first-ever charge of whistleblower retaliation under section 922 of the Dodd-Frank Act, charging a hedge fund advisor and its owner with “engaging in prohibited principal transactions and then retaliating against the employee who reported the trading activity to the SEC.”
Playboy Enterprises is suing its former defense counsel Sheppard Mullin after being hit with a $6 million jury verdict in a SOX whistleblower case, the highest jury award in a SOX case to date. In Zulfer v. Playboy Enterprises, Inc., Playboy’s former Controller Catherine Zulfer claimed her employment was terminated in part because she objected to an improper instruction by Playboy’s CFO to accrue $1 million in discretionary bonuses for executives when those bonuses had not been approved by Playboy’s Board. A jury agreed and found that Playboy unlawfully retaliated against Zulfer by firing her for her protected reports under SOX and also terminated her employment in violation of public policy under California law. The jury awarded $6 million in unspecified damages with no allocation between the SOX claim and the California wrongful termination claim.
On June 16, 2014, the SEC issued its first-ever charge of whistleblower retaliation under section 922 of the Dodd-Frank Act, charging a hedge fund advisor and its owner with “engaging in prohibited principal transactions and then retaliating against the employee who reported the trading activity to the SEC.” Read More
On Monday, May 19, 2014, the U.S. Commodity Futures Trading Commission (“CFTC”) issued its first award to a whistleblower under its Dodd-Frank bounty program.
The Commission will pay $240,000 to an unidentified whistleblower who “voluntarily provided original information that caused the Commission to launch an investigation that led to an enforcement action” in which the judgment and sanctions exceeded $1 million. The heavily redacted award determination on the CFTC’s website does not reveal the name of the implicated company, the nature of the wrongdoing involved, the percentage of bounty the whistleblower received (which is required to be between 10 and 30 percent pursuant to the statute), or the factors considered in determining the percentage of the bounty.
Prior to this first grant of an award to a whistleblower under the CFTC’s Dodd-Frank bounty program, there were 25 denials of award claims. The reasons for the denials primarily fell into one or more of several categories:
- the individuals provided information before the passage of Dodd-Frank;
- they did not file a form TCR as required by the regulations;
- they did not provide information “voluntarily” but rather in response to a Commission request; and/or
- the information did not cause the Commission to open or expand an investigation or significantly contribute to a success of a Commission matter.
Time will tell whether this first award will have any effect on the number of whistleblowers who report to the CFTC or the quality of information the Commission receives.