November 2010

The Dodd-Frank Act, which was signed by President Obama on July 21, 2010, includes (in Section 922) a whistleblower program sponsored by the Securities and Exchange Commission (SEC). This law (i) makes significant changes in the existing whistleblower provisions of the Sarbanes-Oxley Act of 2002, and (ii) authorizes the SEC to pay between 10 and 30 percent of a recovery over $1 million to anyone who brings forward original information of fraud. Monetary sanctions under $1 million do not qualify under the SEC bounty program.

Because of the changes described in this article, employers should review their whistleblower reporting systems adopted under the Sarbanes-Oxley Act of 2002 (SOX). Procedures that might have worked acceptably under OSHA/DOL enforcement are no longer a good idea under SEC enforcement and the bounty program that the SEC will administer. While most registrants do not experience serious financial reporting complaints, just one such complaint that could have been addressed without an SEC investigation will certainly warrant changes to any laxness in a registrant’s existing program. We offer specifics at the end of this article.

SEC is Proceeding with their Whistleblower Program

Under the Dodd-Frank Act, the SEC’s rules must be finalized by April 2011. The SEC is diligently proceeding to get this program implemented. Specifically:

  1. In October 2010, the SEC recently announced initial funding of its whistleblower reward program with $450 million, and
  2. On November 3, 2010, the SEC unanimously approved its draft of proposed rules for public comment.

The SEC’s “fact sheet” for its implementation rules nicely summarizes the requirements for obtaining a whistleblower bounty, as follows:

“To be considered for an award, a whistleblower must …
Voluntarily provide the SEC …


In general, a whistleblower is deemed to have provided information voluntarily if the whistleblower has provided information before the government, a self-regulatory organization or the Public Company Accounting Oversight Board asks for it.

  … with original information …

Original information must be based upon the whistleblower’s independent knowledge or independent analysis, not already known to the Commission and not derived exclusively from certain public sources.

  … that leads to the successful enforcement by the SEC of a federal court or administrative action …

A whistleblower’s information can be deemed to have led to successful enforcement in two circumstances: (1) if the information results in a new examination or investigation being opened and significantly contributes to the success of a resulting enforcement action, or (2) if the conduct was already under investigation when the information was submitted, but the information is essential to the success of the action and would not have otherwise been obtained. …”

Significant Changes to Existing Whistleblower Laws

Existing whistleblower laws under the Sarbanes-Oxley Act of 2002 (SOX) remain generally intact, but are amended. Like most whistleblower protection laws already on the books, new Section 21F of the Securities Exchange Act prohibits employers from retaliating in any way against an employee for providing information to the SEC, or assisting in an investigation or judicial or administrative action relating to the information provided.

The Dodd-Frank Act amends SOX’s whistleblower provisions as follows:

  1. Importantly, the Department of Labor (DOL) was given responsibility for addressing employee complaints under SOX. Previously, employees were required to exhaust their administrative remedies under OSHA and the DOL. But, the DOL largely gutted enforcement of SOX’s whistleblower provisions, and the vast majority of claimants settled or walked-away from their claims. For examples of the DOL’s tortured enforcement, see DOL Continues to Ignore and Rewrite Sox’s Whistleblower Law. Under Dodd-Frank, whistleblower claimants can now bypass OSHA/DOL entirely and file their claim in U.S. District Court.
  2. Claimants now have a longer period (180 days vs. the previous 90 days) in which to file an administrative action with OSHA. The time limitation starts on the date on which the violation occurs, or on the date that the employee became aware of the violation. Previously, time started on the date on which the violation occurred, regardless of when the employee became aware of it.
  3. On civil actions, claimants have longer to bring a lawsuit. Employees now have (i) up to six years after the violation complained of by