Whistleblowing and Compliance

Last August, we reported on two significant cease-and-desist orders issued by the SEC that, for the first time, found certain language in the confidentiality and release provisions of separation agreements to violate the SEC’s Rule 21F-17(a), which precludes anyone from impeding any individual (i.e., a whistleblower) from communicating directly with the agency.[1] Since then, the SEC has continued its aggressive oversight of separation and confidentiality agreements, with substantial repercussions for some employers. These orders, a select number of which we summarize here, have companies engaging in a serious review and rethinking of their confidentiality restrictions and other relevant provisions in their agreements and handbooks, and considering whether and what remedial steps to take proactively to cure any issues with the language in these key documents.

In Anheuser-Busch InBev SA/NV (Sept. 28, 2016), the company entered into a separation agreement in late 2012 with a specific employee after his termination and subsequent mediation of various alleged employment law claims. The separation agreement contained provisions (i) prohibiting the employee from disclosing confidential or proprietary company information, with no carve-out for reporting to government agencies; (ii) prohibiting the employee from disclosing the substance of the separation agreement; and (iii) imposing a $250,000 liquidated damages provision in the event that the employee breached the confidentiality provisions. After signing the agreement, the employee, who had been voluntarily communicating with SEC in connection with an ongoing investigation, ceased doing so.

The cease-and-desist order—which is a negotiated resolution of the matter once the SEC determines that a company has violated its rules or regulations—did not require the company to make any additional changes to its separation agreements because, in September 2015, the company had amended separation agreements to state:

I understand and acknowledge that notwithstanding any other provision of this Agreement, I am not prohibited or in any way restricted from reporting possible violations of law to a governmental agency of entity, and I am not required to inform the Company if I make such reports.

The order required the company to contact only certain former employees identified by the SEC to inform them that they were not prohibited from providing information to the SEC, rather than all employees who had signed separation agreements since the rule was implemented in August 2011, as has been required in other cases. In addition, unlike other cases, it appears that there was no separate monetary penalty against the company for violating Rule 21F-17(a).

In NeuStar, Inc. (Dec. 19, 2016), the company’s severance agreements included a non-disparagement clause with the following language:

Except as specifically authorized in writing by NeuStar or as may be required by law or legal process, I agree not to engage in any communication that disparages, denigrates, maligns or impugns NeuStar . . . including but not limited to communication with . . . regulators (including but not limited to the Securities and Exchange Commission . . .) [emphasis added].

Any breach of this clause by the employee resulted in the required forfeiture of all but $100 of the severance paid under the agreement. The SEC found that “at least one” former employee was impeded by this clause from communicating with the agency—although the SEC does not hesitate to find violations of Rule 21F-17(a) even where there is no evidence that anyone has actually been impeded.

To settle the matter, the company agreed to pay a civil penalty of $180,000 and to contact 246 former employees to inform them that the severance agreements they signed between August 12, 2011, and May 21, 2015, did not prevent them from communicating concerns about potential violations of law or regulation to the SEC. No remedial revisions to the company’s template severance agreement were required because the company had voluntarily, after commencement of the investigation, removed the reference to “regulators” from the non-disparagement clause and included a more common provision that stated, “In addition, nothing herein prohibits me from communicating, without notice to or approval by NeuStar, with any federal government agency about a potential violation of a federal law or regulation.”

Most recently, in HomeStreet, Inc. (Jan. 19, 2017), certain severance agreements used by the company had contained common waiver language used, in form and substance, by many employers:

This release shall not prohibit Employee from filing a charge with the Equal Employment Opportunity Commission or discussing any matter relevant to Employee’s employment with any government agency with jurisdiction over the Company but shall be considered a waiver of any damages or monetary recovery therefrom [emphasis added].

The SEC previously found that employees might interpret such waivers as applying to the agency’s whistleblower monetary incentive award program and, therefore, would unlawfully impede employees from coming forward to the SEC or reporting potential violations of the securities laws. The SEC reached the same conclusion in this case.

Prior to the investigation, however, the company had voluntarily revised its standard severance agreement to substitute the following:

Employee understands that nothing contained in this Agreement limits Employee’s ability to file a charge or complaint with any federal, state or local government agency or commission (“Government Agencies”). Employee further understands that this Agreement does not limit Employee’s ability to communicate with any Government Agencies or otherwise participate in any investigation or proceeding that may be commenced by any Government Agency including providing documents or other information without notice to the Company. This Agreement does not limit the Employee’s right to receive an award for information provided to any Government Agencies [emphasis added].

Thus, the cease-and-desist order did not require further revisions to the severance agreement because the foregoing language largely tracks revised language that the SEC had required in one of the previous orders issued last summer. Notwithstanding its proactive revisions to its agreements, the company still had to agree to a $500,000 civil penalty and to contact certain former employees who had signed the agreement to provide a link to the order and inform them that severance agreements did not prevent them from reporting information to the SEC or seeking and obtaining a whistleblower award from the SEC.

The NeuStar and HomeStreet orders serve to highlight that, even when a company has revised its agreements voluntarily to comply with Rule 21F-17(a), the SEC may still impose monetary penalties and potentially burdensome and undesirable obligations to contact former employees who have signed problematic separation agreements to inform them that, notwithstanding the money they were paid in conjunction with their separation agreements, they remain free to report any company wrongdoing—real or perceived—to the SEC.

What Employers Should Do Now

Companies wishing to avoid SEC scrutiny should do the following:

  • Review current separation and severance agreement templates to determine whether they are in compliance with Rule 21F-17, which would include a review of provisions such as, among others,
    • future monetary waivers,
    • non-disclosure of confidential information, and
    • non-disparagement clauses.
  • If necessary, work with legal counsel to determine appropriate revisions or “carve-outs” to bring those agreement templates into compliance.
  • Discuss with legal counsel whether to take affirmative steps to remedy past uses of confidentiality or waiver provisions that would be unlawful under the SEC orders.
  • Review other types of confidentiality and waiver agreements with employees, in whatever form they are used, to ensure that those agreements do not similarly violate Rule 21F-17.

A version of this article originally appeared in the Take 5 newsletter Five Employment Issues Under the New Administration That Financial Services Employers Should Monitor.”

____

[1] See the Epstein Becker Green Act Now Advisory titled “SEC Finds Certain Separation Agreement Provisions Unlawful Under Dodd-Frank Whistleblower Rule” (Aug. 18, 2016).

Twice in the past two weeks, the Securities and Exchange Commission (“SEC” or “Commission”) issued a cease-and-desist order settling proceedings against companies for using confidentiality and waiver of claims provisions in employee separation or severance agreements that violate an SEC rule promulgated after passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”). The rule in question is designed to encourage and allow whistleblowers to freely disclose information to the SEC without impediments and ensure that they are (and remain) entitled to collect monetary incentive awards if the Commission determines that they are eligible for such awards. In both cases, the companies were required, as part of the settlement of claims without admission of liability, to take affirmative remedial actions and pay fines of hundreds of thousands of dollars as the result of fairly typical language in their separation agreements. In addition, the SEC has signaled that not only will it take action in response to separation agreements that may limit an employee’s ability to communicate with the SEC, but also it will oppose attempts by employers to limit an employee’s right to receive whistleblower incentive awards.

To read more, click here for our Act Now Advisory

A featured story on Employment Law This Week is the new legislation proposed in Congress that aims to clarify whistleblower policies.

The Whistleblower Augmented Reward and Non-Retaliation Act would expand protections for those who blow the whistle on financial crimes. The bill would also resolve a circuit court split on the definition of “whistleblower,” expanding the scope of the term to specifically include employees who only report violations internally, without filing with the SEC or CFTC. The WARN Act aims to broaden monetary incentives for whistleblowers, and increase the scope of protected activities and prohibited retaliation. Whether or not this bill moves forward, we’re likely to see some movement soon on the circuit conflict it addresses, either by legislation or by the courts.

View the episode below or read more about this legislation in an earlier post on this blog.

Section 806 of SOX prohibits publicly traded companies, as well as their subsidiaries, contractors, subcontractors, and agents, from taking adverse personnel actions against employees for reporting activity that they reasonably believe constitutes mail fraud, wire fraud, bank fraud, securities fraud, or a violation of any Securities and Exchange Commission (“SEC”) rule or federal law relating to fraud against shareholders. In recognition of the legislative intent underlying SOX—to provide strong and broad-based protections for employees who report suspected securities violations and financial fraud—courts are increasingly applying lenient standards that favor employees in assessing the viability of a SOX retaliation claim in the face of a motion for pretrial dismissal. Fortunately for employers, however, recent decisions demonstrate that even in today’s whistleblower-friendly environment, courts will readily dismiss SOX retaliation claims that lack adequate evidentiary support.

For example, the U.S. Court of Appeals for the Second Circuit ruled in Nielson v. AECOM Tech Corp. that, in dismissing the plaintiff’s complaint, the district court incorrectly applied the “definitively and specifically” standard to find that the plaintiff had not engaged in activity protected by SOX. Under this originally well-accepted standard, an employee’s communications about a suspected violation are not protected unless they relate “definitively and specifically” to one of the categories of fraud or securities violations listed under Section 806 of SOX, and the employee must reasonably believe that each of the legally defined elements of a suspected violation occurred. Applying this standard, the district court held that the plaintiff’s complaints to his managers (that certain fire safety designs were not properly reviewed) were not protected.

On appeal, the Second Circuit deferred to evolving interpretations of SOX articulated by the Department of Labor’s (“DOL’s”) Administrative Review Board during the Obama administration. The Second Circuit jettisoned the “definitively and specifically” test in favor of the more relaxed “reasonable belief” standard, under which the plaintiff has engaged in protected activity as long as (i) he has a subjective belief that the reported conduct violates a law covered by SOX and (ii) his belief is objectively reasonable for a person in his position. Nevertheless, the Second Circuit affirmed the dismissal because, although the plaintiff alleged that he reported what he believed constituted, inter alia, shareholder fraud, he did “not plausibly allege, on the basis of assertions beyond the trivial and conclusory, that it was objectively reasonable for him to believe that there was such a violation[.]” As a result of the Nielson decision, district courts sitting in the Second Circuit now apply the more relaxed “reasonable belief” standard in determining whether a plaintiff has engaged in protected activity under SOX.

The U.S. Court of Appeals for the Third Circuit released a decision in Wiest v. Tyco Elecs. Corp. on February 2, 2016, that affirmed the dismissal of a plaintiff’s claim that he was unlawfully terminated in violation of SOX for reporting suspected securities fraud pertaining to improper accounting practices. Notably, the Third Circuit had previously reversed the district court’s prior dismissal of the plaintiff’s claim because the district court erred and applied the “definitively and specifically” standard to find that the plaintiff had not engaged in protected activity. On remand, the district court, affirmed by the Third Circuit, dismissed the plaintiff’s SOX claim on summary judgment because, regardless of whether the plaintiff had engaged in protected activity, there was no evidence that it was a factor contributing to his termination. The Third Circuit discussed the leniency of the contributing factor test, which requires only that the plaintiff show that his protected activity affected in any way the decision to terminate. Nevertheless, the Third Circuit found that the plaintiff failed to meet even this low threshold and that the defendant established that it would have terminated the plaintiff in the absence of any protected behavior.

On January 4, 2016, the U.S. District Court for the Southern District of New York in Yang v. Navigators Group, Inc., dismissed a plaintiff’s claim that she was terminated for complaining to her superiors about improper risk control procedures that she believed constituted shareholder fraud and violated securities regulations. The court initially denied a motion to dismiss the claim on the pleadings, rejecting the defendant’s contentions that the allegations were insufficient to show that the plaintiff had engaged in protected activity or reasonably believed that the complained-of conduct was unlawful. In reviewing the evidence subsequently proffered at the summary judgment stage, however, the district court found that some of plaintiff’s communications to her superiors were not protected because they failed to indicate in any way that she believed a violation under Section 806 of SOX had occurred, and, in any event, that the plaintiff was clearly fired for poor performance and there was no evidence that the concerns she raised contributed to the decision to terminate her.

In sum, the number of SOX whistleblower retaliation claims is on the rise, and relaxed legal standards have made it more difficult for employers to obtain pretrial dismissal of these claims. Yet, as the above rulings indicate, employers are not left defenseless. Armed with a properly mounted legal defense, they are frequently prevailing against whistleblower retaliation allegations in the very same cases that are applying more lenient pleading standards.

A version of this article originally appeared in the Take 5 newsletter “Five Employment Law Compliance Topics of Interest to Financial Services Industry Employers.”

 

On February 25, 2016, Congressman Elijah E. Cummings (D-MD) and Senator Tammy Baldwin (D-WI) introduced the Whistleblower Augmented Reward and Nonretaliation Act of 2016 (or WARN Act of 2016) (pdf). The bill proposes expanded protections for individuals who blow the whistle on financial fraud and securities violations and, if enacted, could have significant implications for financial services employees and employers alike.  Specifically, the WARN Act of 2016 aims to strengthen the protections and incentives available to financial crimes whistleblowers by amending the Financial Institutions Anti-Fraud Enforcement Act (“FIAFEA”), Federal Deposit Insurance Act (“FDIA”), Securities and Exchange Act (“SEA”), Commodity Exchange Act (“CEA”), and Sarbanes-Oxley Act (“SOX”).

Under the FIAFEA and FDIA, for example, individuals who report banking fraud can receive awards based on the amount of money recovered as a result of the information they provide. Currently, however, there are monetary caps on these incentive awards. The WARN Act of 2016 would eliminate those caps and permit FIAFEA and FDIA whistleblowers to receive 10 to 30 percent of the total amounts recovered—essentially amending these statutes to include whistleblower “bounty” programs mirroring those under the SEA and CEA created by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”).

The WARN Act of 2016 would expand the scope of employee activities protected by the FDIA’s existing anti-whistleblower retaliation provision. It would also add a whistleblower anti-retaliation provision to the FIAFEA entitling covered employees who suffer adverse personnel action for assisting with the prosecution of certain violations (e.g., mail fraud, wire fraud, or bank fraud) to recover full reinstatement, double back pay damages with interest, and litigation costs and attorneys’ fees in a civil lawsuit. The revised FIAFEA would further require the Attorney General to issue regulations compelling covered employers to educate, train, and notify employees, including by posting information on their website homepages, about employee rights and remedies under the statute.

The Act also bolsters the whistleblower anti-retaliation provisions created by the Dodd-Frank amendments to the SEA, CEA, and SOX. For example, the SEA and CEA define the term “whistleblower” to include only those who report suspected violations externally to the SEC or CFTC. Employers have relied on this to argue that the anti-retaliation protections of these statutes do not apply to employees who only report violations internally, and there is currently a circuit court split on the issue. The WARN Act of 2016 would resolve the dispute by eliminating the narrow definitions of “whistleblower” under these statutes, apparently establishing once and for all that employees who only report alleged violations internally, but not to the SEC or CFTC, are covered.

In addition, the proposed legislation would expand the scope of activities protected, and adverse personnel actions prohibited, by the SEA, CEA, and SOX anti-whistleblower retaliation provisions; amend the remedies available under the SEA and CEA  anti- retaliation provisions to include compensatory damages and punitive damages of up to $250,000, and those available under the SOX anti-retaliation provision to include double back pay and punitive damages of up to $250,000; and broaden the prohibitions against waiver of any whistleblower rights or remedies under the SEA and CEA (including waivers often contained in standard confidentiality and settlement agreements).

The bill has been referred to the House Committee on Financial Services and the Senate Committee on Banking, Housing, and Urban Affairs for review, and whether it will garner any meaningful support remains to be seen. If it passes, employers will need to provide proper training on the revised regulations, ensure they have comprehensive programs in place for internal reporting and investigation of alleged financial and securities violations and employee retaliation claims, and revisit their confidentiality agreements, settlement agreements, and similar documents to ensure compliance with the Act’s enhanced prohibitions against the waiver of whistleblower rights.

One of the featured stories on Employment Law This Week – Epstein Becker Green’s new video program – is the SEC reminder that their bounty program applies to external whistleblowers.

The U.S. Securities and Exchange Commission has awarded $700,000 to a whistleblower who was not employed by the company he exposed. The external whistleblower discovered the issue when he ran a detailed analysis on the company. The agency explained that analysis from “industry experts” is as valuable as insider information. The whistleblower program began after the Dodd-Frank Act was passed and has now yielded $55 million in awards. This latest award raises new questions, including how the SEC will define “industry experts.”

See below to view the episode or read more about this important decision in an earlier post on this blog.

As we mentioned before the holiday, I was recently interviewed on our firm’s new video program, Employment Law This Week.  The show has now released “bonus footage” from that episode – see below.

I elaborate on my recent post with Jason Kaufman, “2nd Circuit Expands Dodd-Frank Anti-Retaliation Protection to Cover Internal Whistleblowing.”

Employment Law This Week – Epstein Becker Green’s new video program – features an interview with attorney John Fullerton, a founding contributor to this blog.

Mr. Fullerton discusses the lack of clarity on what constitutes a whistleblower. Marketing firm Neo@Ogilvy has decided not to appeal to the U.S. Supreme Court in a case that would have tested the definition of a whistleblower under the Dodd-Frank Act. At issue is whether an employee can be eligible for anti-retaliation protection under the Dodd-Frank Act even if he or she does not provide information of corporate wrongdoing directly to the SEC. The U.S. Court of Appeals for the Fifth Circuit says “no,” but the Second Circuit disagrees.

Click below to view the episode and also see our earlier post “2nd Circuit Expands Dodd-Frank Anti-Retaliation Protection to Cover Internal Whistleblowing.”

On September 10, 2015, the Second Circuit Court of Appeals ruled in Berman v. Neo@Ogilvy LLC that an employee who reports an alleged securities violation only to his or her employer, and not to the SEC, is nevertheless covered by the anti-retaliation protections afforded by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”).

Berman, a former finance director of Neo@Ogilvy, claimed that his employer and its corporate parent, WPP Group USA, Inc., violated the whistleblower protections of Dodd-Frank by wrongfully terminating him for raising concerns internally about business practices that allegedly constituted accounting fraud.  The companies moved to dismiss the claim, arguing that Berman was not a whistleblower subject to protection under Dodd-Frank because he did not report the alleged violations to the SEC.  The District Court agreed.

In a 2-1 decision, the Second Circuit reversed the District Court’s decision on appeal.  The Court found that the provisions of Dodd-Frank are ambiguous as to whether an employee who reports an alleged violation internally, but not to the SEC, qualifies as a whistleblower.  On the one hand, Section 21F(a)(6) of Dodd-Frank limits the definition of “whistleblower” to include only those individuals who provide information relating to an alleged securities violation to the SEC.  Yet, on the other hand, Section 21F(h)(1)(A) of Dodd-Frank’s retaliation protection provision prohibits retaliation against individuals who make disclosures that are, inter alia, required or protected under the Sarbanes-Oxley Act of 2002 (“SOX”), and SOX protects employees who make internal complaints of suspected securities laws violations without reporting them to outside agencies.

Finding that these were conflicting statutory provisions, the Court deferred to the SEC’s interpretation of the statute, under which an individual is a “whistleblower” if he or she provides information pursuant to Section 21F(h)(1)(A) of Dodd-Frank, which, as explained above, prohibits retaliation against employees for making internal complaints that would be protected by SOX.  Accordingly, the Court held that under SEC Rule 21F-2, “Berman is entitled to pursue Dodd-Frank remedies for alleged retaliation after his report of wrongdoing to his employer, despite not having reported to the Commission before his termination.”

Judge Dennis Jacobs, dissenting, opined that Dodd-Frank is “unambiguous”:  Section 21F(a)(6) is controlling because it defines who is a “whistleblower” under the relevant section of the statute and expressly provides that only those who report to the SEC can qualify.   Judge Jacobs pointed out that Dodd-Frank Section 21F(h)(1)(A), which the majority found creates ambiguity by incorporating protections provided by SOX, does not expand the statutory definition of whistleblower under Dodd-Frank, but instead identifies which acts done by whistleblowers are protected by Dodd-Frank.  In other words, according to Judge Jacobs, Section 21F(h)(1)(A) does not apply to protect a person unless he or she qualifies as a “whistleblower,” as the term is defined by Section 21F(a)(6).  Judge Jacobs criticized the majority for disregarding the plain text of Dodd-Frank’s definition of whistleblower and creating an ambiguity in the statute that does not exist solely to expand the reach of the anti-retaliation provisions of Dodd-Frank.

Notably, the Second Circuit’s decision creates a split in authority with the Fifth Circuit Court of Appeals, which came down the opposite way when faced with the same issue in 2013.  As a result, this issue is almost surely headed to the Supreme Court for resolution. Further, in holding that Dodd-Frank provides a private right of action for those who report violations only internally, the Second Circuit’s decision may lead to significantly more whistleblower retaliation claims in the future because, in comparison to the SOX whistleblower protections, Dodd-Frank offers a much longer statute of limitations, double back pay damages, and no administrative exhaustion requirement.

On August 4, 2015, the SEC issued an “Interpretation of the SEC’s Whistleblower Rules Under Section 21F of the Securities Exchange Act of 1934.” (pdf).  Unsurprisingly, and consistent with the position that it has been taking in amicus briefs on the issue, the SEC states that a whistleblower need not report suspected wrongdoing to the Commission in order to be protected by the anti-retaliation provisions of Dodd-Frank.  Rather, internal whistleblowing that is protected under the Sarbanes-Oxley Act is protected activity sufficient to state a claim under Dodd-Frank, according to the SEC.  We recently posted a video discussion of this very topic (here), noting that there is currently a sharp split of judicial authority on this critical question, and that the issue may well be headed to the Supreme Court for resolution.  The Fifth Circuit held in Asadi v. G.E. Energy (USA), LLC, 720 F.3d 620 (5th Cir. 2013), that a Dodd-Frank whistleblower must report wrongdoing to the Commission to be protected by that statute; a decision from the Second Circuit on the issue is pending in Berman v. Neo@Ogilvy LLC, 14-4626 (2d Cir.).  Ultimately, of course, it is the job of the courts to determine what Congress intended in the Dodd-Frank Act, but if the issue does indeed reach the Supreme Court – and in every federal district and appellate court case until that time – those favoring a broad interpretation of the definition of a “whistleblower” under the Dodd-Frank anti-retaliation provision will surely be citing the SEC’s new interpretation of its regulations.