In Digital Realty Trust Inc. v. Somers [PDF], the U.S. Supreme Court voted 9-0 to narrow the definition of "whistleblower" under the Dodd-Frank Act of 2010. In particular, the Court ruled that whistleblowers are only protected against retaliation from employers under Dodd-Frank if they report allegations of an employer's securities law violations to the Securities and Exchange Commission (SEC or Commission). Alternatively, whistleblowers who report alleged violations through an employer's internal compliance program without also reporting to the SEC, like Mr. Somers, cannot avail themselves of Dodd-Frank's protections against retaliation.
To date, commentary on the Court's decision has focused on (i) how it will reduce both the absolute number of whistleblowers (by removing the assurance of legal protections against retaliation ) and the percentage of whistleblowers protected against employer retaliation (because the vast majority of whistleblowers report wrongdoing internally before, if ever, reporting to the SEC ); (ii) how the Court refused to defer to the SEC's rulemaking authority pursuant to which it had defined "whistleblower" differently for persons seeking a monetary award under the Dodd-Frank whistleblower statute (which expressly requires reporting to the Commission) versus seeking protection from employer retaliation under the statute (which does not expressly require such reporting) ; and (iii) how the Court summarily declared the statute unambiguousness in a short, two-sentence paragraph.
While these implications of the Court's ruling in Digital Realty Trust deserve highlighting, this blog post explores two unexamined, though no less important, aspects of the Court's ruling. First, while the decision was a win for the employer-defendant in this particular case, it will negatively affect employers more generally and undercut companies' internal compliance programs. Second, the ruling unequivocally harms employee whistleblowers who are obligated by law to report legal violations of employers internally before reporting outside the organization. Chief among these employees are lawyers, duty-bound to report legal violations up the ladder before, if ever, reporting to outside authorities.
Harms Employers and Legal Compliance Programs
The SEC and the companies it regulates have long expressed support for robust internal compliance programs to which employees can report suspected securities law violations.
From the SEC's perspective, deputizing regulated companies to police internal misconduct and promote internal reporting makes eminent sense. Internal reporting, the government argued in Digital Realty Trust, "enables the private sector to screen out meritless claims, and thereby improves the quality of whistleblower tips later brought to the Commission"; it "gives business the opportunity to self-correct without the need for intrusive Commission investigations"; and it "promotes efficient use of both corporate and government resources." The SEC felt so strongly about the benefits of internal reporting that its regulations provided larger awards for whistleblowers who utilize internal compliance procedures, and smaller awards for whistleblowers who interfere with those procedures.
Companies, too, have a vested interest in employees reporting internally before reporting to the Commission. Internal reporting allows employers to (i) remedy improper conduct at an early stage, perhaps before it rises to the level of a violation; (ii) self-report actual violations to the SEC, which can result in leniency in subsequent enforcement actions; (iii) gather sufficient information of the alleged violation in the eventuality of an enforcement action; (iv) promote and reinforce a culture of compliance within organizations; and (v) highlight the significant value that whistleblowers can add to organizations.
As Congress crafted Dodd-Frank and as the SEC drafted regulations to effectuate Congressional intent, support for internal compliance regimes reached a fever pitch. In part, support among regulated entities reflected concern that Dodd-Frank's financial incentives to report wrongdoing would motivate employees to bypass internal reporting channels and go directly to the SEC. Whether motivated by fear of employees reporting out suspected securities-law violations without first alerting the company or a genuine desire to bolster the effectiveness of internal compliance programs, companies rallied around Dodd-Frank's protections against retaliation.
In fact, regulated entities and their representatives urged Congress and the SEC to reinforce internal reporting by providing explicit comfort to whistleblowers that the law would protect them from retaliation. "We recognize the valid concern that some employees will fear retaliation for blowing the whistle," the Association of Corporate Counsel told the SEC. "The solution to that problem is not, however, a scheme to undermine important and effective internal compliance and reporting systems; rather, employees who fear retaliation may rely on the anti-retaliation provision contemporaneously enacted by Congress."
Companies backed internal reporting to such an extent - and Dodd-Frank's complementary anti-retaliation protections - that they pressed Congress and the SEC to make internal reporting mandatory before an employee could report to the Commission. "An internal reporting requirement is unlikely to have a negative effect on the proposed rules," a prominent law firm wrote on behalf of its corporate clients, "as companies would be given a more immediate opportunity to cure or mitigate potential violations and the whistleblower would remain protected by the anti-retaliation provisions in the Dodd-Frank Act."
Ultimately, Congress and the SEC decided not to make internal reporting mandatory. But they included robust protections against retaliation in the Dodd-Frank whistleblower statute.
Or so they thought. The Court's ruling in Digital Realty Trust delivered a blow to internal reporting and internal compliance programs. Its decision that Dodd-Frank whistleblowers must report out allegations of securities-law violations to the SEC to be covered by the statute's anti-retaliation provisions will result in untold numbers of whistleblowers bypassing internal reporting systems and going straight to the Commission.
From the government's perspective, less internal reporting will reduce voluntary compliance and require more enforcement actions. It will also result in over-reporting of alleged violations to the SEC, including a surge in meritless claims that were previously screened out by internal compliance systems. In turn, over-reporting to the SEC will squander precious government resources.
Companies regulated by the SEC are harmed even more directly by the Court's ruling. Indeed, the decision will render companies' internal compliance programs ineffective, undermine the demonstrative benefits of self-policing, increase the number of resource-intensive and intrusive government investigations, and expose employers to rising costs and liability due to undetected securities-law violations.
Harms Employees Duty-Bound to Report Internally
Employees report misconduct through their employers' internal compliance programs for various reasons. Many employees act out of loyalty and want to give their employer an opportunity to vigorously investigate, root out, and remedy the perceived legal violation. Some of these employees are either unaware of or unmotivated by potential financial rewards for reporting legal violations outside their organization. Other employees are required to report internally under their company's code of conduct. And still others are duty-bound to report internally by law and professional ethics.
In the context of U.S. securities law, this last category of employees--those obligated to report legal violations up the corporate ladder--is expansive. Lawyers representing public companies, for example, must report up evidence of a material violation of federal or state securities law or a material breach of fiduciary duty ; registered public accounting firms and their employees must report illegal acts discovered during audits to the audited public company's management ; a mutual fund's chief compliance officer must report material compliance matters to fund's board ; a broker-dealer's auditor must report material inadequacies to the broker-dealer's chief financial officer ; and investment advisers must adopt code of ethics requiring supervised persons to report violations to the chief compliance officer.
The Court's ruling in Digital Realty Trust harms all of these professionals. Specifically, it prohibits them from invoking the anti-retaliation provisions contained in Dodd-Frank in the event they are retaliated against for reporting legal violations internally but before they have a chance to report the violations to the SEC.
For lawyers, the harm is conspicuous and significant. Under the Sarbanes-Oxley Act of 2002 [PDF], lawyers are not just obligated to report certain legal violations up the corporate ladder. They are also required, in the event they receive an inadequate and untimely response from higher-ups, to report to the company's audit committee, an independent committee of the board of directors, or the board itself. Such exhaustive internal reporting takes time. Indeed, plenty of time to be fired for reporting--and continuing to report - the perceived illegal conduct. Worse, studies indicate that retaliation against whistleblowers occurs quickly, typically immediately after whistleblowers report internally.
Meanwhile, lawyers must wait for their clients to respond. And wait. And sometimes wait some more. Even then, their options are limited. Under Sarbanes-Oxley, lawyers can report out evidence of an employer's legal violation only after exhausting all reporting up obligations and, furthermore, only in the event the lawyer reasonably believes necessary to prevent or rectify substantial injury to the employer or investors. Moreover, ethics rules for lawyers in a majority of states provide similar procedures and requirements before a lawyer can disclose a client's legal violation.
In addition, the ethics rules in a minority of jurisdictions further restrict lawyers' reporting out options. In fact, some jurisdictions prohibit lawyers from reporting out financial crimes or non-criminal frauds, leaving lawyers the sole option of withdrawing from the representation. And while there is a good argument (indeed, from the perspective of this commentator, a winning argument) that the rules for attorneys promulgated under Sarbanes-Oxley preempt state ethics rules, that still-unsettled question might offer inadequate assurance for lawyers wishing to blow the whistle on a client's illegal acts by reporting to the SEC.
In the end, the decision in Digital Realty Trust harms lawyers for fulfilling their legal and ethical obligations. By removing statutory remedial protections against retaliation for reporting legal violations internally, it exposes lawyers to retaliatory acts without legal recourse. It thereby undermines Congress's mandate in Sarbanes-Oxley that lawyers report up "evidence of a material violation of securities law or breach of fiduciary duty or similar violation." And it undermines the Dodd-Frank whistleblower statute, which, by way of SEC rulemaking authority, explicitly incorporates Congress's mandate that lawyers report up certain legal violations.
Dennis J. Ventry, Jr., is a Professor of Law at the UC Davis School of Law. His research and academic specialties include tax policy, tax practice, tax filing and administration, legal and professional ethics, whistleblower law, family taxation, and U.S. economic and legal history. Professor Ventry also serves as the chairman for the Internal Revenue Service Advisory Council (IRSAC).
Suggested citation:Dennis J. Ventry, Jr., Digital Realty Trust, Inc. v. Somers: Bad News for Employers, Lawyers and Internal Compliance, JURIST — Academic Commentary, Mar. 22, 2018, http://jurist.org/forum/2018/02/dennis-j-ventry-jr-digital-realty-trust-bad-news.php
This article was prepared for publication by Sean Merritt, an Assistant Editor for JURIST Commentary. Please direct any questions or comments to him at email@example.com