Whistleblower Confidentiality: The Balance of Competing Interests Leaves Whistleblowers Exposed under SEC Proposed Dodd-Frank Act Regulations

Philip H. Hilder and

Paul L. Creech

On July 21, 2010 President Barack Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank), the most sweeping financial reform legislation in recent times.[1]  Buried in the over twenty-three hundred pages of the Act is a Securities and Exchange Commission (SEC) whistleblower incentive program. Whistleblowers will be eligible to receive bounties of between 10-30% of monies recovered as part of an enforcement action based on original information provided to the SEC.

Immediately following the signing of the landmark legislation the Act was decried as the "Employer's Adversary." [2] USA Today declared the coming of a new wave of millionaire whistleblowers.[3] Ignoring the risks that face whistleblowers and their personal courage in coming forward, USA Today labeled their motives as greed to fight greed.[4] The whistleblower protections were derided as "daunting."[5] Others complained the new program bypasses corporate compliance programs set up in response to the Enron debacle and Sarbanes-Oxley-thus would nullify earlier reforms.[6] Still others thought the Act should have used other devices to expose corporate fraud, and advocated allowing those with inside information of corporate fraud to insider-trade as means of bringing that information to the trading market.[7]

Currently, the SEC is considering whether to alter a set of proposed rules that would govern the whistleblower program. Keeping the identity of a whistleblower confidential is essential to any whistleblower program in order to protect against reprisals and to create a climate that will encourage future whistleblowers. The failure of the SEC or the compliance department of a corporation to keep the identity of a whistleblower confidential impacts the individual whose identity has been revealed, endangers that investigation, and negatively impacts the integrity and effectiveness of the whistleblower program as a whole.

The proposed SEC rules implementing Dodd-Frank expose whistleblowers to reprisals because the SEC has weighed the policy goal of encouraging internal compliance programs as a more worthy goal than whistleblower confidentiality.[8] Dodd-Frank grants up to a 30% bounty to whistleblowers that are (1) the original source of information concerning fraud, misconduct, or violations of the law, and (2) that information leads to a recovery by the government. To soften the blow to employer of sending a new wave of employees running to the government, the SEC has proposed rules that nudge potential whistleblowers to report within their corporate employer before reporting to the government.[9] Additionally, the SEC will continue to inform the entity of a report of a fraud, misconduct or violation after receiving a report from the whistleblower, so that the company can perform an internal investigation. These rules seem at odds with the Congressional intent of creating a robust whistleblower program that protects those who step forward to report wrongdoing and to create an incentive for others to step forward.

Of course, complete confidentiality is impossible if the information is to be acted upon. Currently is it is the policy of the SEC to alert a company of an issue exposed by a whistleblower so that they can conduct an internal investigation and self-report. This policy will continue under the proposed rules. An investigation may require that the whistleblower be available for further questioning, meaning that at least the investigating agency needs to be aware of the whistleblower's identity, understand the whistleblowers' role in the violation or misconduct, and know the whistleblower's access to the interworking of the entity so that it can be exploited.

One proposed rule would allow the SEC to consider whether the whistleblower used internal hotlines to report the fraud within the company before going to the SEC in setting the size of the whistleblower's bounty. If the whistleblower internally reported the fraud their reward could be higher than if they reported the misconduct directly to the SEC-and all at the government's discretion. In preparing the proposed Dodd-Frank rules, the SEC did everything short of follow the U.S. Chamber of Commerce's request to have the award contingent on the whistleblower internally reporting the violation prior to the reporting it to the SEC .[10]

The proposed SEC rules, ostensibly designed to increase high-quality tips while averting bogus tips, will likely chill legitimate whistleblowers concerned about the confidentiality of their identity. The SEC will not allow a whistleblower to anonymously tip for the purpose of deterring false submissions.[11] A whistleblower wishing to remain anonymous to the SEC, must be represented by an attorney, who must certify that they have verified the whistleblower's identity.[12] All whistleblowers (or certifying attorneys) must submit information under penalty of perjury.[13]

Maintaining the secrecy of the whistleblower's identity is important to the individual whistleblower that has come forward to report violations or misconduct because that secrecy protects that individual against reprisals from co-workers, employers, and supervisors. If the identity of the whistleblower is kept secret, then the employer would not know who to exact reprisals against. If confidentiality is taken far enough-that is, if even the fact that a whistleblower has provided information to the government is kept secret-the entity may not know that someone has blown the whistle, so they would not be looking for them.

The second reason to maintain whistleblower confidentiality is a general concern directed at all possible future whistleblowers. Protecting the identity of the individual whistleblowers will encourage future whistleblowers to come forward. Failure to keep identities confidential would have a chilling effect on future possible whistleblowers, instead of creating a climate where employees view SEC whistleblowing as an acceptable option to report fraud, misconduct, or a violation of the law. The greater number of layers of confidentiality that insolate a whistleblower, the more likely that persons with knowledge of violations will feel comfortable blowing the whistle, thus the more effective the program will be.

Encouraging whistleblowers to tell the company of its own misconduct was not addressed in Dodd-Frank. That policy goal would have been odd considering the context in which it was passed. The Dodd-Frank financial reform bill was created in the wake of major SEC detection and enforcement failures, such as the failure to detect and limit the success of the Ponzi schemes of Bernie Madoff and Allen Stanford.[14] It is unlikely that Congress intended to endanger the whistleblower program by compromising confidentiality at the same time it was creating a qui tam like bounty system to encourage reporting to the SEC.

All potential whistleblowers should be included in the safety net of confidentiality.[15] It is important to protect the identity of whistleblowers, even if their claims of misconduct do not pan out, in order to prevent a chilling effect and to encourage whistleblowers to come forward. The current proposed rules accomplish this by defining whistleblower without reference to the validly of their report-avoiding a troublesome bad faith evaluation or waiting until the end of investigation before confidentiality would attach.

Even when a whistleblower's identity is kept secret, the facts surrounding the reported violation or misconduct can alert the entity as to the identity of the whistleblower. This is even more true in circumstances where (1) the whistleblower has previously brought their concerns about the violation or misconduct forward to superiors or though a concerted effort to 'climb the corporate latter,' or (2) where the whistleblower is in a unique position to know the incriminating information (corporate compliance officers and counsel are exempted from being a whistleblower under this program because the SEC views them as having a pre-existing duty to report misconduct or violations of the law and they will likely become aware of the problem through actual whistleblowers).

One strategy that might preserve whistleblower confidentiality would be to keep all information provided by whistleblower confidential within the agency until the same information is obtained through official channels in the course of the investigation in order to keep from revealing information to the employer that will single out the employee whistleblower or direct the employer to the source of the information through circumstance.

Opponents of strong confidentiality protections worry about employees acting out of bad faith, submitting allegations they know not to be misconduct or that they know are unfounded. Having to stand behind your accusations adds credibility to the report of misconduct and prevents anonymous sniping-an accusation can carry with it huge adverse consequences for the entity and individuals involved, so they should be protected and be able to face their accuser. There is evidence in case law that courts are concerned that potential whistleblowers are simply bad employees seeking to shield themselves from their own misconduct or incompetence that would see them fired but-for the protections from reprisals that accompany whistleblower claims (even non-meritorious claims).[16]

On balance, the SEC has pushed back against the spirit of the new whistleblower protection program. The SEC has decided to harmonize the program with the pre-financial crisis policies that the landmark Dodd-Frank legislation was designed to fundamentally alter by (1) continuing to alert companies of a report of misconduct and (2) by incentivizing whistleblowers to report the misconduct to the entity prior to reporting to the SEC, thus exposing the whistleblower to reprisals through a breakdown of confidentiality.

Still, Dodd-Frank creates the first ever true protection for whistleblowers in the form of remuneration. The incentive created for persons with knowledge of corporate misconduct or fraud to blow the whistle should concern companies whose compliance programs are purely paper and ensure that reports of misconduct or violations-from whatever the source-are quickly and independently investigated and results self-reported to the appropriate government agency.

Philip H. Hilder is a former federal prosecutor and founder of Hilder & Associates, P.C., located in Houston, Texas. Mr. Hilder focuses on white-collar criminal defense matters. He is co-founder of the ABA National Institute on Securities Fraud. He had been the Attorney-in-Charge of the Organized Crime Strike Force, Houston Field Office, and was an assistant U.S. Attorney for the Southern District of Texas. Hilder & Associates, P.C., 819 Lovett Blvd., Houston, TX 77006-3905; (713) 655-9111; www.hilderlaw.com.

Paul L. Creech is a s student at South Texas College of Law where he is a member of the South Texas Law Review. Mr. Creech is a former United States Marine.

[1] Dodd-Frank Wall Street Reform and Consumer Protection Act, 12 U.S.C. §5301 (2010).

[2] Steven Pearlmen, New Whistleblower Law an Employer's Adversary, Jul. 28, 2010, Forbes.com, http://www.forbes.com/2010/07/28/whistleblower-dodd-frank-personal-finance-sarbanes-oxley.html.

[3] Eamon Javers, New Wave of Whistleblowers could be Millionaires, Jul. 27, 2010, USA Today.com, http://www.usatoday.com/money/companies/management/2010-07-27-cnbc-whistle-blowers_N.htm

[4] Id.

[5] Pearlmen, supra, note 2.

[6] Larry E. Ribstein, Let the Whistleblowers Trade, Jul. 28, 2010, Forbes.com, http://www.forbes.com/2010/07/28/whistleblower-insider-trading-fraud-opinions-columnists-larry-ribstein.html

[7] Id.

[8] Jessica Holzer & Ashby Jones, SEC Proposes Rules for Bounties, Wall St. J., Nov. 4, 2010.

[9] Id.

[10] Id.

[11] Proposed Rules for Implementing the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934, Exchange Act Release No. 34-63237, 17 Fed. Reg 240, 249., page 6.

[12] Id.

[13] Id.

[14] Id.

[15] Reid v. Merit Sys. Prot. Bd., 508 F.3d 674, 677-678 (Fed. Cir. 2007) ("...requiring a violation of law, rule, or regulation to occur before the employee could make a protected disclosure would force the employee either to act without protection or risk being partly responsible for the violation...it was Congress's intent to discourage disclosures in order to protect taxpayers from illegality, waste, and abuse... The government is far better served by having the opportunity to prevent illegal, wasteful, and abusive conduct than by notice that it may act to reduce the adverse consequences from such conduct that has already occurred.").

[16] See, Lachance v. White, 174 F.3d 1378, 1381 (Fed. Cir. 1999) ("The WPA is not a weapon in arguments over policy or a shield for insubordinate conduct. [Employers] have every right to expect loyal, professional service from subordinates...").