Dispatches From the Whistleblower Front: Five Common Pitfalls For Companies to Avoid

Bloomberg Law®, an integrated legal research and business intelligence solution, combines trusted news and analysis with cutting-edge technology to provide legal professionals tools to be...

By William McLucas, Laura Wertheimer, and Arian June, Wilmer Cutler Pickering Hale and Dorr LLP

As the Securities and Exchange Commission's whistleblower program continues to build momentum, there is no question that companies are facing increasing numbers of reports of possible misconduct, both through internal reporting mechanisms and through whistleblower complaints and tips filed directly with the SEC. In response to these challenges, many companies strengthened their compliance programs, communicated on a regular basis to employees the importance of raising concerns internally, evaluated the effectiveness of existing training programs and internal reporting mechanisms, and created response teams and procedures to conduct initial assessments of internal reports and complaints, determine whether investigation would be appropriate, and conduct the investigation.1 While some maintained that the whistleblower bounties in Section 922 of Dodd-Frank Wall Street Reform and Consumer Protection Act created a financial incentive for employees with knowledge of possible wrongdoing to by-pass internal reporting mechanisms and report complaints directly to the SEC, experience suggests otherwise. Speaking at a recent conference, SEC Associate Director of Enforcement Stephen Cohen reported that “almost uniformly, the whistleblowers in my investigations have reported internally [and] in most instances repeatedly, and to multiple people. They were either not listened to, or were retaliated against” before they complained to the SEC.2

Mr. Cohen's observations suggest that organizations have successfully adapted their compliance programs and internal reporting mechanisms and persuaded employees to first report their concerns internally. However, they also suggest that the same organizations—despite their best efforts—may not have responded promptly when concerns were raised, may not have kept the reporting employee in the loop so that he or she perceived that no action was taken in response to the articulated concerns, or may not have taken appropriate steps to protect the reporting employee from retaliatory conduct. We discuss below five pitfalls for organizations to avoid when charting a course with a prospective or actual whistleblower.

Pitfall # 1: Chilling a Prospective Whistleblower

Dodd-Frank mandates that the rights and remedies available to whistleblowers and reporting employees may not be waived by “any agreement, policy form, or condition of employment.”3 That statutory directive is reinforced by SEC Rule 21F-17(a) which instructs that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”4 It appears that many employers have scrubbed provisions from employment (and separation/severance agreements) that purport to prohibit an employee from voluntarily communicating with the SEC. However, standard non-disparagement and confidentiality/non-disclosure provisions and certification requirements in such agreements can act to achieve the same result, albeit in a more nuanced manner.

While non-disparagement and confidentiality/non-disclosure provisions are standard fare in such agreements, these provisions could easily be misunderstood by a current or former employee as interfering with his or her ability to communicate with the SEC. For example, a non-disparagement provision could be read to bar completion of SEC Form TCR–the form used by the SEC for whistleblower complaints, tips, and referralsbecause the reporting individual must explain the basis for the belief that the employer violated the federal securities laws. There is similar potential for misunderstanding a standard confidentiality/non-disclosure provision which provides that no non-public, proprietary or otherwise confidential information of the company may be shared with any third party, except if the employee is compelled to do so and only after notice has been provided to the employer. This provision plainly protects an employer's proprietary and confidential information from voluntary disclosure to competitors, a wholly legitimate purpose. It may also act to “impede an individual from communicating directly with the Commission staff about a possible securities law violation,” which would be a violation of the SEC rules.

A few companies appear to have used standard confidentiality provisions in employment agreements as the basis for a provision in separation agreements in which the departing employee is asked to represent that he or she has “told the company about any confidential information the employee has given to outside parties.”5Faced with such a provision, a departing employee who has previously provided information to the SEC must either refuse to sign the agreement with the provision and take the risk that the employer will decline to pay severance or sign the agreement with the provision and take the risk that the former employer will bring suit if it learns subsequently of the voluntary communications with the SEC. In the False Claims Act setting, courts almost unanimously agree that the public policy interest in reporting fraud to the government allows employees to unilaterally provide confidential corporate information and documents to the government in violation of confidentiality provisions in their employment agreements.6 No court has yet addressed whether a confidentiality provision in an employment or severance agreement or a disclosure representation in a separation agreement runs afoul of the intent of Dodd-Frank or of SEC Rule 21F-17.7

Since the passage of the 2002 Sarbanes-Oxley Act, many public companies have adopted codes of conduct and related policies obligating employees to report any potential misconduct and compliance concerns of which they are aware to facilitate prompt review and, where appropriate, remediation. Typically, these companies also require employees at a designated level of management across the company to certify, on a regular basis, that they are not aware of any misconduct or have disclosed any misconduct of which they are aware. Some companies have extended that certification requirement into the process for exiting employees. In some instances, departing employees are asked during exit interviews whether they have disclosed to the company any misconduct of which they are aware. Other employers have inserted language mirroring prior written certifications into severance and separation agreements.

The SEC's Office of the Whistleblower has repeatedly stated that it is aware of such practices and is “looking hard” at whether to use its enforcement authority to challenge non-disparagement and confidentiality/nondisclosure provisions and certifications required from departing employees as violations of SEC Rule 21F-17.8 Nothing in Dodd Frank prohibits the use of such types of certifications. However, employers would be well-advised to proceed with care in drafting such provisions and certifications to ensure that they do not expressly or impliedly interfere with the employees' right to report to the SEC without prior internal reporting or that condition separation or severance payments upon a certification that they are not aware of any misconduct or have internally reported all such misconduct of which they are aware.9 Employers might consider including a provision in employment and separation/severance agreements stating that nothing in the agreement would be construed to impair an employee's rights to communicate with, or participate in an investigation by, a federal government agency or law enforcement entity. That type of provision acknowledges the employee's rights with respect to external reporting and should reduce the employer's risk that any provision could be misconstrued by the SEC or a court to discourage, appear to discourage, or impede external reporting.

Pitfall # 2: Insistence on Broad, Unqualified Releases and Waivers

Dodd-Frank mandates that the rights and remedies available to whistleblowers and reporting employees may not be waived by “any agreement, policy form, or condition of employment.”10 That statutory directive is reinforced by SEC Rule 21F-17(a).

Releases contained in most employee separation and severance agreements typically recite that the employee releases any legal claims or complaints that he or she has filed or may file against the company in exchange for whatever benefits are being provided. It would not be surprising if an entrepreneurial employee offered to resign and refrain from filing an SEC whistleblower tip or complaint in exchange for a monetary settlement from the employer and a release, in contravention of SEC Rule 21F-17. In light of Dodd Frank's mandate and the SEC rules, employers should recognize that the SEC is unlikely to look favorably on releases intended to prevent a current or former employee from filing a whistleblower complaint with the SEC and that such releases may not be effective or enforceable.

Another open question is whether a general release of claims can be effective in releasing an unfiled retaliation claim, in light of the Dodd Frank mandate that rights and remedies available to whistleblowers and reporting employees may not be waived by agreement. Where an employer determines that its best interests would be served by entering into a separation agreement with an employee and paying severance, it should recognize the risk that such an agreement may not be found by a court to bar a subsequently filed retaliation claim.11

In both instances, employers may want to consider adding the qualifier that all state and federal claims are waived to the maximum extent permitted by law. That qualifier should signal to the SEC that the employer has no interest in impairing or impeding an individual from speaking with the SEC or in seeking a waiver of rights available to the individual under Dodd-Frank.

Since the passage of Dodd Frank, employers have begun to add waiver provisions into separation and severance agreements in which the departing employee agrees to waive any right to any proceeds, bounties or awards in connection with any claims filed by or on behalf of the government under any laws. One of the rights available to qualified whistleblowers under Dodd Frank is the right to a monetary award which, pursuant to another provision of the statute, cannot be waived by any agreement. A variation on this practice is an assignment provision in separation and severance agreements in which the departing employee agrees to assign any awards, proceeds or relief in connection with any claims filed by or on behalf of the government to the government. Congress enacted the whistleblower bounty program in Dodd Frank to incentivize individuals to report possible violations of the securities laws to the SEC. While the law in this area is far from settled, companies should be mindful of the significant risk that such provisions will be found to be unenforceable and heightened risk of SEC scrutiny, in an enforcement proceeding, of such provisions.

Pitfall # 3: Protracted Internal Investigations

Survey data consistently shows that an overwhelming number of employees with concerns about possible violations of law first raise those concerns within the entity.12 A 2012 study by the Ethics Resources Center found that “[o]nly one in six reporters (18 percent) ever chooses to report externally. Of those who do go outside their company at some point, 84 percent do so only after trying to report internally first.”13 Mr. Cohen's recent observations suggest that the same pattern holds true for SEC whistleblowers.

The SEC's whistleblower rules sought to encourage employees to report compliance concerns internally by providing reporting employees with a 120-day “grace period” in which to file the same information with the SEC.14 Where such individuals wait more than 120 days to file a whistleblower complaint, they will not be eligible for a whistleblower award.15 While the SEC's rules do not require an entity to complete an internal investigation of an internally reported compliance violation within the 120 day “grace period,”16 they create substantial pressure on organizations to respond promptly to every internal report (wherever made) of a compliance concern or possible misconduct. Time is of the essence in this setting: an entity should have clear procedures in place to enable it to identify every internal report, assess that report to determine whether further review is warranted, commence an investigation, as appropriate, into the merits of a credible report, and update the reporting employee on the on-going efforts.

We do not mean to suggest that prompt and through investigation of credible allegations and remediation by an entity will guarantee that the reporting employee will not file a whistleblower complaint with the SEC within 120 days. That said, an entity that does not act promptly conveys the message to the reporting employee that the internal report of a possible violation has not been taken seriously and increases the likelihood that the reporting employee will become a SEC whistleblower because he or she will reach the conclusion that internal reporting has been futile (and also increases the potential to expand the pool of SEC whistleblowers if the reporting employee shares his displeasure with others).

Pitfall # 4: Discrediting or Icing Out the Reporting Employee

In its 2012 study, the Ethics Resources Center found that where an internal report “is not addressed, many employees will make the extra effort to report again. And, again, the majority of second reports are made within the company, often to someone that the employee already knows.”17 “[A]cross almost all demographic groups, only about one in 20 individuals would be motivated by a monetary reward” to report to the government.18 A far stronger motivator for external reporting was the perception that the employer “didn't do anything” about the internal report.19 In his recent remarks, Mr. Cohen acknowledged that the whistleblower bounties could incent employees to file whistleblower complaints but observed that “the most common thread” in the whistleblower complaints that his office reviewed “almost to a T, is that the [reporting employees] believed they tried to tell management about the problem and have it corrected, and were not listened to.”20

In the words of former Director of Enforcement Robert Khuzami, “whistleblowers often can be a mixed bag” and “in terms of character can be a mixed lot.”21 It is not uncommon for supervisors and managers to dismiss a whistleblower as a chronic complainer and worse, to attack his or her motives, credibility, or professional competence rather than to acknowledge the need to review the merits of the allegations. Discrediting the reporting employee or ignoring an internal report from an employee deemed “difficult” can be perilous for an employer, notwithstanding its views of the employee's character and/or agenda, because it leads the reporting employee (and other employees) to conclude that internal reporting is futile and unsafe and that the only recourse is external reporting.

Even where employers have established fair processes that are used to investigate every internal report of possible misconduct, many employers are loathe to keep the reporting employee “in the loop,” often because they fear that the employee is a self-serving malcontent who has the potential to use any information to harm the organization. That decision can be transformative: the reporting employee perceives that he or she is being victimized by a powerful employer and, unaware of the pending internal investigation, concludes that he or she can only be vindicated by bringing the report to the attention of outside authorities (and perhaps, the media). Of course, there is no “one size fits all” answer here and employers will need to gauge whether the benefits of sharing information with a reporting employee are outweighed by the risks that the reporting employee could share such information with others, including the media, in an effort to attract publicity for the allegations.

Pitfall # 5: Lack of Appreciation of the Scope and Breath of Anti-Retaliation Protections

Section 806 of Sarbanes-Oxley (“SOX”) and Section 922 of Dodd-Frank provide protections from retaliation or discrimination for reporting employees, even when a report is found to lack merit.22 A reporting employee can vindicate those rights in a private cause of action and federal court and administrative decisions have construed these protections in broad terms to cover a wide range of employer activity. In addition, the SEC has asserted enforcement authority for violations by employers who retaliate against reporting employees.23 Retaliation claims, whether filed under Section 806 of SOX or Section 922 of Dodd Frank, should be viewed as compliance failures and can pose substantial risks for employers, including significant defense costs and time, additional insurance costs, adverse employee and public perceptions, and increased regulatory attention.


The Dodd-Frank whistleblower program and the protections provided to reporting employees and whistleblowers creates a number of challenges for companies. Understanding these common pitfalls may assist employers in taking steps to navigate these risks.

William McLucas, chair of WilmerHale's Securities Department, is a partner resident in the firm's Washington, DC, office. Laura Wertheimer is a partner resident in WilmerHale's Washington, DC office and a member of its Securities Department. Arian June is a counsel resident in WilmerHale's Washington, DC, office and a member of the Securities Department. Mr. McLucas may be reached at (202) 663-6622 orwilliam.mclucas@wilmerhale.com. Ms. Wertheimer may be reached at (202) 663-6450 orlaura.wertheimer@wilmerhale.com. Ms. June may be reached at (202) 663-6213 orarian.june@wilmerhale.com.

©2014 The Bureau of National Affairs, Inc. All rights reserved. Bloomberg Law Reports ® is a registered trademark and service mark of The Bureau of National Affairs, Inc.


This document and any discussions set forth herein are for informational purposes only, and should not be construed as legal advice, which has to be addressed to particular facts and circumstances involved in any given situation. Review or use of the document and any discussions does not create an attorney-client relationship with the author or publisher. To the extent that this document may contain suggested provisions, they will require modification to suit a particular transaction, jurisdiction or situation. Please consult with an attorney with the appropriate level of experience if you have any questions. Any tax information contained in the document or discussions is not intended to be used, and cannot be used, for purposes of avoiding penalties imposed under the United States Internal Revenue Code. Any opinions expressed are those of the author. The Bureau of National Affairs, Inc. and its affiliated entities do not take responsibility for the content in this document or discussions and do not make any representation or warranty as to their completeness or accuracy.

Request Bloomberg Law®