SEC reveals proposed Dodd-Frank whistleblower rules



FW moderates a discussion between Philip Robben at Kelley Drye & Warren LLP, Lucinda McConathy at Richards, Kibbe & Orbe LLP and Holly J. Gregory at Weil, Gotshal & Manges LLP, about the proposed Dodd-Frank whistleblower rules, as set out by the US Securities and Exchange Commission (SEC).

FW: Can you provide a brief overview of the proposed SEC rules on whistleblowing, and the reasons behind them?

Gregory: The Dodd-Frank Act expanded the SEC’s authority to reward persons who provide original information that leads to successful SEC enforcement and certain related actions. The expanded bounty program is designed to encourage persons with knowledge of violations to come forward and report to the SEC. The SEC recently proposed implementing rules that would reward whistleblowers for information about a violation of the federal securities laws that leads to an enforcement action in which the SEC obtains monetary sanctions totalling more than $1m. The proposed rules were issued on 3 November 2010 and the period for public comment ended on 17 December 2010. To qualify for payment under the proposed rules an individual must provide on a voluntary basis original information to the SEC, or the Department of Justice, that leads to a successful enforcement action. Information is considered to be provided voluntarily if it is provided before it is asked for by the government, a self-regulatory organisation or the Public Company Accounting Oversight Board. Information is original if it is, first, based on the whistleblower’s independent knowledge or independent analysis and, second, not already known to the SEC. Third, the information must not be derived exclusively from certain public sources. Information has led to successful enforcement if it either results in a new examination or investigation being opened and significantly contributes to the success of a resulting enforcement action or is essential to the success of an action involving conduct that was already under investigation, and would not have otherwise been obtained.

McConathy: Dodd-Frank creates a golden carrot, and the SEC’s proposed whistleblower rules create a race to the agency to get it. The statute directs the SEC to pay a potentially huge bounty to any person who voluntarily provides useful original information to the SEC that the SEC did not already have. Under the proposed rules, a whistleblower has to submit the information about a potential violation to the SEC before the SEC learns it from another source and before the SEC or another regulator asks for it. Time is critical, and there is no requirement that a whistleblower first go through whatever internal corporate reporting channels might exist. In its proposing release, the SEC said its goal is to increase the number of tips it receives and the quality of the information and assistance whistleblowers provide. It also hopes that the potential for whistleblower claims by itself will act as a deterrent to wrongdoing.  

Robben: The SEC rules implement the whistleblower program recently enacted by the Dodd-Frank Wall Street Reform and Consumer Protection Act. Under the rules, a person, such as an employee, with information about violations of the securities laws can submit confidential tips to the SEC. If those tips lead to an enforcement action where a fine of at least $1m is obtained, the person is entitled to an award of between 10 and 30 percent of the monetary sanction collected. Whistleblowers are protected from retaliatory discharge, and are able to bring claims for retaliatory discharge under the law if they believe that their employment has suffered because of a report to the SEC. Congress’ stated motivation for enacting Dodd-Frank, and creating a whistleblower program, were the recent financial scandals that have been in the press, the Madoff scandal in particular.

FW: How do the new proposals compare to previous whistleblower provisions?

McConathy: The whistleblower provisions of the Sarbanes-Oxley Act offer no incentive to come forward and protect only employees of public companies from retaliation. Furthermore, the protections against retaliation only apply if the whistleblower reasonably believed that the misconduct in issue constituted a financial, securities or shareholder fraud in violation of federal law. This requirement places would-be whistleblowers at some risk. Also, as initially enacted, any retaliation claim had to be brought to the Department of Labor within 90 days of the retaliatory act, a relatively short period of time. In contrast, the Dodd-Frank whistleblower provisions offer a bounty and provide protection from retaliation to any person who provides information or assistance to the SEC in a manner established by SEC rules. There is no requirement that the whistleblower have a reasonable belief that a violation is involved. The SEC’s proposed rules make clear that a whistleblower is entitled to protection from retaliation regardless of whether there is any ultimate determination of a violation and regardless of whether the whistleblower satisfies all the requirements for a bounty.

Robben: The most significant difference between the Dodd-Frank whistleblower program and prior whistleblower laws is that the new program gives the whistleblower an enforceable right to receive an award. The proposed rules attempt to create a uniform set of standards under which awards will issue. The whistleblower is also entitled to have the SEC’s decisions under the program reviewed by an appellate court within certain limits. Prior whistleblower programs, such as the SEC’s ‘Bounty Program’ for insider trading, didn’t provide the whistleblower with an affirmative right to an award or set uniform standards. Also, many pre-existing whistleblower laws attempt to incentivise whistleblowers to report wrongdoing by giving them protection but didn’t provide for a monetary reward. While the US False Claims Act provides for awards of between 10 and 30 percent, that law is limited to alleged conduct that harmed the government specifically, and it is much more demanding of a whistleblower in that it requires them to initiate, and often litigate a lawsuit on behalf of the government and obtain a judgment. Under the Dodd-Frank program all the whistleblower must do is provide useful information.

Gregory: The SEC’s bounty program was previously limited to insider trading cases, with the award amount capped at 10 percent of the collected penalties. The Dodd-Frank Act (Section 922) expanded both the scope of actions for which bounty payments could be made and the amount of the bounty payable. A broad range of SEC violations are now eligible, including FCPA violations, and whistleblowers are now entitled to receive up to 30 percent of the total fines collected.

FW: What challenges do you foresee in relation to procedural issues, such as eligibility criteria, providing information to the SEC, calculating awards, etc?

Robben: It is very likely that the whistleblower bar is going to be intimately involved in the submission of information under the program. The SEC’s commentary on the proposed rules envisions as much, declaring that such legal work would be ‘practice’ before the SEC. However, the draft rules do not put in place any rules governing such practice or place any responsibility on attorneys to scrutinise tips before they submit them. This is unlike US court practice, where lawyers must verify that the claims they file have some basis in fact and law. Given the aggressiveness of the whistleblower bar, and the potential for large awards, the lack of a similar rule applicable to the Dodd-Frank program could lead to the submission of baseless reports of wrongdoing that could have been avoided. Also, eligibility may become a point of friction between putative whistleblowers and the government. Although some of the eligibility criteria are fairly straightforward, some are not. Determining the portion of a fine attributable to the conduct of a single person is probably going to be problematic in practice. Other examples like this exist in the proposed rules.

Gregory: The bounty program as proposed has raised concerns that employees may go directly to the SEC with compliance concerns, rather than reporting to the company and allowing the company’s internal whistleblowing procedures which are integral to its internal compliance function to work. The proposed rules do include provisions to discourage employees from bypassing their own company’s internal compliance programs. For example, the proposed rules would treat an employee as a whistleblower under the SEC program as of the date that employee reports the information internally – as long as the employee provides the same information to the SEC within 90 days. The rules also permit the SEC to consider higher percentage awards for whistleblowers who first report their information through effective company compliance programs. Whether these provisions go far enough to address the risk of the internal corporate compliance function being bypassed is the subject of debate.

McConathy: Dodd-Frank provides that a whistleblower can appeal any SEC decision on whether to grant a bounty and to whom. This could subject the SEC to litigation by disappointed bounty hunters calling into question its decisions and could be resource-draining and distracting. But the agency is granted discretion in these determinations, and a court is unlikely to find an abuse of discretion if the agency has established reasonable procedures and bases for its determinations. The SEC faces a number of thorny issues in establishing the procedures and bases for bounty awards. The SEC’s proposal not to require that whistleblowers first report up through established internal channels is the most controversial. The SEC’s proposal to permit culpable whistleblowers to recover some bounty in certain circumstances is also controversial. It is important that the statute gives the SEC discretion, because the degree to which a whistleblower has contributed to a successful result may be difficult to evaluate, and it may be even more difficult to create a consistent system of evaluation that applies to different circumstances and different types of securities law violations.

FW: What provisions will be put in place to avoid rewarding wrongdoers? In your opinion, will this be sufficient?

Robben: As presently drafted, the whistleblower program rules do not exclude wrongdoers from recovering under the program unless they are actually convicted of a crime arising out of the circumstances to which their tip relates. Rather, the proposed rules provide that in calculating the $1m threshold that triggers an award, the liability on account of conduct that the whistleblower “directed, planned, or initiated” will be excluded. Under the current language, a whistleblower that actually participated in the misconduct, but did not direct, plan, or initiate it, will see no set-off on account of their participation. Also, there is no prohibition in the rules against a whistleblower learning of questionable behaviour at an early stage, sitting idly by while it grows into a violation of the law, and only then making a report to the SEC when the prospect of a large fine is greatest. In my view the rules are inadequate. Whistleblowers should not obtain rewards for turning in others unless they have clean hands and have not tried to game the system. Thus, I would modify the rules to provide that any participation in the underlying misconduct, or failure to try to stop bad conduct at an earlier opportunity, excludes a person from recovery under the program.

McConathy: On its face, it seems unfair to reward someone who engaged in wrongdoing. But the SEC apparently wants to encourage people on the periphery of a violation to help identify and prosecute those most responsible. Disgruntled fraudsters who feel cheated by their partners in crime are likely to have useful information and more likely to provide it if they have some prospect of a bounty. I think the SEC should build into its rules some greater discretion when dealing with culpable whistleblowers. Once the million dollar threshold is met, the statute mandates at least a 10 percent bounty if the whistleblower’s information is sufficiently helpful. In the case of a culpable whistleblower who has inside information regarding the wrongdoing, the information is likely to be helpful, and thus it may be more likely that a culpable whistleblower would be entitled to at least a 10 percent bounty. But, depending on the circumstances and the nature of the whistleblower’s own misconduct, it could seem very wrong to pay that person a large bounty.

FW: What risks do the new rules pose to companies’ internal compliance programs?

Gregory: The new rules may encourage a whistleblower to bypass the company’s own whistleblower and internal reporting procedures and go directly to the SEC, undermining the ability of the company to learn of wrongdoing and investigate and self-report in appropriate situations. This could lead to higher fines on the company under the Federal Sentencing Guidelines should a violation of law be found, since courts are directed to consider the effectiveness of a company’s compliance systems in determining the penalty to impose.

McConathy: The proposed rules recognise that many companies have internal compliance programs for reporting, investigating, and remediating misconduct and the rules attempt to preserve their relevance.  But a whistleblower is still in a race to get the information to the SEC before someone else does. A whistleblower may be credited with the date he or she makes an internal report for purposes of bounty priority, but only if the whistleblower submits the information to the SEC within 90 days of the internal report. This short deadline may force the company to perform an internal investigation on an accelerated basis if the company hopes to resolve the issue without SEC involvement or to report to the SEC itself in order to obtain credit for cooperation. The company’s response to the whistleblower will be scrutinised too for any indication of retaliation or an attempt to conceal or destroy evidence. On top of this, if the company fails to disclose the information to the SEC in a reasonable time – whatever that is in the particular circumstances – or acts in bad faith, other persons who would otherwise be ineligible for a bounty, such as compliance personnel, could become whistleblowers by providing information to the SEC. All of this will exert enormous pressure on corporate compliance programs.

Robben: Robust compliance programs are maintained by most if not all publicly traded companies. Such programs have internal disclosure mechanisms employees can use to report suspected misconduct to the company. These programs can not only head off larger problems, often allowing the company to find problems at an early stage, they also promote regulatory efficiency since companies often find and self-report without regulators having to expend significant resources to perform an investigation or take enforcement action. Where tips are baseless or don’t indicate wrongdoing, they can be dismissed without any regulatory burden. Under the rules as presently proposed, however, the incentives that employees have to report internally may be overwhelmed by the prospect of a monetary award under the Dodd-Frank program. Although the proposed rules contain language that the SEC hopes will be an incentive to report internally in the first instance, there is no requirement that the employee report their observations or tips to the internal program first. Without a requirement that tips be internal first, the many benefits of corporate compliance programs may well be lost.

FW: Is there scope for complications to arise from potential retaliatory claims by disgruntled employees?

McConathy: There is no question that the huge potential pay-off and stronger protections against retaliation regardless of whether the whistleblower’s information proves useful to the SEC could stimulate an outpouring of complaints that may or may not have a sound basis. Of course that depends to some degree on how the SEC administers the program and the number and size of the bounties it eventually begins to award. The proposed rules build a lot of discretion into these determinations, which will be made on a highly individualised, facts-and-circumstances basis. If people see the SEC awarding numerous substantial bounties, the stream of hopeful whistleblowers could grow much larger. Once a company becomes aware that a current employee has submitted a whistleblower claim relating to an alleged violation of the securities laws either to the company or the SEC, the company has two major tasks. One task is to pursue the investigation and evaluation of the claim expeditiously in order to determine whether, when and how to go to the SEC and what should be done to remediate any problem that may be uncovered. The other is to proceed carefully in dealing with that employee to avoid a retaliation claim. If there are performance issues relating to that individual, sound management of the situation will be particularly difficult. In the case of large organisations, it may be feasible to keep a whistleblower’s identity confidential and to pursue investigation and evaluation of the complaint without the knowledge or assistance of persons in the whistleblower’s regular reporting and supervisory chain of command. If employment decisions and actions are made by people not privy to the whistleblower’s status as a whistleblower, it may be easier to demonstrate that no retaliation occurred.

Robben: Under the proposed rules, tips submitted to the SEC program are required to be verified as true under penalty of perjury, so there is that protection against completely false information. But, there is still the potential for tips that, while true in a technical sense, don’t point to wrongdoing at all and are only asserted to get back at the company or a co-worker over a collateral dispute. In my opinion, the best way to deal with retaliatory claims of this sort is to require that whistleblowers use the internal company reporting mechanism first. That way, the company can investigate the tip in the first instance and, if baseless, dismiss the allegation. As presently drafted, the rules could result in the SEC’s investigatory power being brought into play every time an unhappy employee makes an allegation as part of a labour or other job dispute, which would obviously be incredibly wasteful of the government’s resources if nothing else.

Gregory: Under any system of whistleblowing, whether internal or external, there is some potential for false claims to be made. It is unlikely that the bounty program changes this dynamic in any significant way since the bounty would only be paid in circumstances where the SEC determined there was in fact wrongdoing.  

FW: What preparations should companies make in light of the new rule proposals?

Gregory: Companies should follow the rule-making activity by the SEC in this area carefully, and should review their internal reporting and compliance systems and the education they provide to employees in light of these developments. Companies should consider emphasising to employees the duties that they owe to the company and the importance of internal reporting to the ability of the company to maintain an appropriate compliance environment.

Robben: If the rules are implemented unchanged, companies will be in competition with the Dodd-Frank program for tips. As such, companies should make a top-to-bottom review of their program to make sure it is as attractive to employees as possible. A company will want to make sure that the reporting mechanism is known to employees. The company’s commitment to keeping reports confidential should be well advertised within the company. Also, although some whistleblowers act out of spite, many are strongly motivated by a sense that they can make a difference. Committed whistleblowers of this sort want to know that they’ve been heard and that the information they submit is being acted on. If they see real action by the company, they are less likely to go outside the company to make reports. Finally, internal communications, like employee newsletters, should be used to highlight the company’s commitment to rooting out misconduct.

McConathy: A company must cultivate a corporate culture of compliance, trust, accountability, and open and frequent communications up-down-and-across throughout the entity. The company’s officers and directors must strive to imbue employees at every level with the importance of compliance and personal ethics and integrity. They must ensure that ‘making the numbers’ is never mistakenly viewed as overriding other concerns. And they must make sure that everyone understands that no one at the company is either too powerful or too unimportant to be held accountable.


Philip Robben is a partner at Kelley Drye & Warren LLP. He focuses his practice on international and domestic commercial litigation and arbitration, including fraud and whistleblower claims, and has represented clients in industries such as pharmaceuticals, banking and finance, construction, industrial manufacturing and consumer products. Mr Robben can be contacted at +1 (212) 808 7726 or by email:

Lucinda McConathy is a partner at Richards Kibbe & Orbe LLP. She joined the firm in 1998, after having served for 10 years as a senior appellate lawyer for the SEC. While at the SEC, Ms McConathy was responsible for supervising attorneys in the appellate litigation group in the SEC’s Office of General Counsel, and for developing and advocating the Commission’s positions on a broad range of securities law, accounting, arbitration and administrative law issues. Her practice focuses on securities litigation, regulatory investigations and counselling. Ms McConathy can be contacted on +1 (202) 261 2992 or by email:

Holly J. Gregory is a partner at Weil, Gotshal & Manges LLP. She counsels companies and boards of directors on the full range of governance issues, including fiduciary duties, risk oversight, conflicts of interest, audit committee investigations, board audits and self-evaluation processes, proxy contests, and compliance with legislative, regulatory and listing rule requirements. In addition to her legal practice and policy efforts, she has helped organise governance-related programs for the SEC, OECD and World Bank, among others. Ms Gregory can be contacted on +1 (212) 310 8038 or by email:

© Financier Worldwide



Philip Robben

Kelley Drye & Warren LLP


Lucinda McConathy

Richards, Kibbe & Orbe LLP


Holly J. Gregory

Weil, Gotshal & Manges LLP

©2001-2019 Financier Worldwide Ltd. All rights reserved.