Should Dodd-Frank Protect Internal Whistleblowers?, by Todd Shaw
I have adapted this post from a forthcoming law review article that will appear in the Administrative Law Review this September entitled When Text and Policy Conflict: Internal Whistleblowing Under the Shadow of Dodd-Frank. You can view the article here.
Background
After the economic meltdown following the 2008 financial crisis, Congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) to improve the accountability and transparency of the financial system. To that end, Section 21F of Dodd-Frank provides whistleblower with various incentives and protections. Section 21F incentivizes whistleblowers by allowing the Securities and Exchange Commission (SEC) to pay them a bounty for providing the SEC with information leading to monetary penalties while protecting them from employer retaliation.
While Congress’s goal in enacting Dodd-Frank’s whistleblower protections appears clear, less clear to some courts has been Dodd-Frank’s language regarding who is covered by those protections. Section 21F defines the term “whistleblower” to mean “any individual who provides . . . information relating to a violation of the securities laws to the Commission.” Let’s call this definitional provision subsection (a). But Section 21F’s antiretaliation provision includes a subsection—let’s call this subsection (h)(iii)—prohibiting employers from retailing against a whistleblower who makes internal disclosures required or protected under the Sarbanes-Oxley Act (SOX) or other laws. Section 307 of SOX requires attorneys, for example, to disclose securities violations to the chief legal counsel or chief executive officer of a company. And SOX and SEC rules require attorneys and auditors to make internal disclosures before reporting to the SEC. If subsection (a) applies to subsection (h)(iii), Dodd-Frank would not protect individuals who were fired after making internal disclosures of their employer’s securities violations, as SOX and the SEC sometimes require.
A circuit split developed over whether employees who report their employer’s securities violations internally, but not the SEC, may claim protection under subsection (h)(iii). In Asadi v. G.E. Energy (USA), L.L.C., the Fifth Circuit held that subsection (a) applies to subsection (h)(iii). Given the plain language of subsection (a), the Fifth Circuit reasoned, Dodd-Frank protects only “those individuals who provide ‘information relating to a violation of the securities laws’ to the SEC.” In Berman v. Neo@Ogilvy, however, the Second Circuit held that the tension between subsections (a) and (h)(iii) warranted Chevron deference to a prior SEC regulation interpreting subsection (a) as not applying to subsection (h)(iii). And most recently, the Ninth Circuit in Somers v. Digital Realty Trust, Inc. agreed that subsection (h)(iii) “extend[s] protections to all those who make disclosures of suspected violations, whether the disclosures are made internally or to the SEC.”
On June 26, 2017, the Supreme Court agreed to resolve these conflicting interpretations of Section 21F by granting a petition for a writ of certiorari in Digital Realty Trust, Inc. v. Somers. And on February 21, 2018, the Court resolved this split by holding that subsection (h)(iii)’s whistleblower protections are only available to employees who report their employer’s securities violations to the SEC.
The Supreme Court’s Decision in Digital Realty
In Digital Realty, the Supreme Court unanimously reversed the Ninth Circuit by holding that subsection (h)(iii)’s whistleblower protections extend only to employees who report their employer’s securities violations directly to the SEC. Unlike the Ninth Circuit, the Supreme Court began its analysis with the text of Section 21F, rather than its legislative history. Indeed, to the Court, its only “charge” in the case was “to determine the meaning of ‘whistleblower’” as it is used in subsection (h)(iii). Looking to subsection (a), the Court concluded that “the statute supplies an unequivocal answer: A ‘whistleblower’ is any individual who provides . . . information relating to a violation of the securities laws to the Commission.”
The Supreme Court Correctly Held That Dodd-Frank Does Not Protect Internal Whistleblowers
The Supreme Court was correct in holding that subsection (h)(iii)’s whistleblower protections do not apply to individuals who report their employer’s securities violations internally. This holding is consistent with the plain language of subsection (a), which defines as a “whistleblower” only those who report their employer’s securities violations directly to the SEC. It is axiomatic that when Congress provides a definition of a term in a statute, it intends for that definition to apply consistently throughout the statute. Indeed, as the Court has previously explained, because a statute’s definition section is Congress’s “own glossary,” there “would be little use in such a glossary if [courts] were free in despite of it to choose a meaning for [themselves].”
Yet even if subsection (h)(iii) initially appears ambiguous, as the Second and Ninth Circuits reasoned, Section 21F’s legislative history resolves this ambiguity by confirming that subsection (h)(iii) does not protect internal whistleblowers. In passing Section 21F, Congress sought to create a “new, robust whistleblower program designed to motivate people who know of securities law violations to tell the SEC.” Moreover, Congress specifically declined to define “whistleblower” to include individuals who do not report securities violations to the SEC. An earlier version of subsection (h)(iii) did not, as it now does, use subsection (a)’s definition of “whistleblower.” Instead, that earlier version applied to “an employee, contractor, or agent.” As the Supreme Court has explained, “[f]ew principles of statutory construction are more compelling than the proposition that Congress does not intend sub silentio to enact statutory language that it has earlier discarded in favor of other language.”
Congress Should Nevertheless Amend Dodd-Frank to Protect Internal Whistleblowers
The Digital Realty Court was correct in refusing to consider policy arguments in interpreting subsection (h)(iii). Nevertheless, these policy arguments are sufficiently compelling to warrant Congressional intervention to amend subsection (a) to include employees who report their employer’s securities violations internally, but not to the SEC. I will first discuss three policy arguments justifying an amendment to subsection (a), and then propose such an amendment.
First, subsection (a)’s narrow definition of “whistleblower” leaves employees subject to SOX’s internal-reporting requirements unacceptably vulnerable to retaliation. Recall that under SOX and the SEC’s rules, certain classes of employees must report their employer’s securities violations internally before reporting such violations to the SEC. But under subsection (a)’s current definition of “whistleblower,” an employer may retaliate against such an employee before the employee has the opportunity to report the employer’s misconduct to the SEC. Such a definition is thus under-inclusive, because it fails, as one district court has noted, “to protect those who are most vulnerable to retaliation.”
In Digital Realty, the Supreme Court rejected the idea that a narrow definition of “whistleblower” would “jettison” protection for employees subject to SOX’s internal-reporting requirements. Instead, said the Court, protection would be available to these employees once they report their employer’s securities violations to the SEC. This is, of course, true. But it is a non-starter. The fact remains that even after the Court’s decision in Digital Realty, there are a number of reasons why employees may continue to only report their employer’s securities violations internally, and not to the SEC. As the SEC has recognized, a “sizable percentage” of employees are not incentivized by Dodd-Frank’s incentives program. Or, for better or worse, some employees may view an external disclosure as conflicting with their sense of company loyalty. Or, quite simply, some employees may not have the savvy to know that they are required to report their employer’s securities violations to the SEC to gain protection. In the face of these and other reasons, the Court’s confidence that a narrow definition of “whistleblower” will not reduce whistleblower protection strains credulity.
Second, subsection (a)’s narrow definition of “whistleblower” reduces an employee’s incentive to report their employer’s securities violations internally. As one author has put it, “[t]he incentives” with such a definition “are clear—reporting to the SEC is encouraged and internal reporting is discouraged.” While employees should doubtless be encouraged to report their securities violations to the SEC, they should also be encouraged to report such violations internally. But as currently enacted, subsection (a) threatens the viability of corporate compliance mechanisms altogether. Without having reported their employer’s securities violations to the SEC, one must wonder what incentive, if any, an employee has to report such misconduct internally.
Third, subsection (a)’s narrow definition of “whistleblower” is particularly harmful to companies. Companies almost always prefer to discover their securities violations on their own, and then report it to the SEC if necessary. Internal investigations are less costly and time consuming than SEC investigations. Internal investigations also reduce corporate embarrassment by allowing companies to position themselves in the best way possible before an investigation begins. Finally, internal investigations provide companies with the option of remedying any improper conduct before an external investigation begins. Without an option for internally investigating improper conduct, such conduct could continue until the SEC decides upon a course of action.
These and other arguments strongly support strongly support amending subsection (a)’s definition of “whistleblower” to include employees who only report their employer’s securities violations internally, and not to the SEC. The following amendment to subsection (a)’s definition of “whistleblower,” with modifications in bold type, achieves this objective:
The term “whistleblower” means any individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of the securities laws in a manner described in Section 21F(h)(1)(A) of the Exchange Act (15 U.S.C. 78u-6(h)(1)(A)).
My forthcoming law review article provides a thorough description of the benefits of this proposed amendment. Briefly, this amendment has the potential to, among other things, reduce the vulnerability of certain classes of employees to employer retaliation, incentivize employees to make internal disclosures of securities violations, and reduce the costs of investigations by channeling them internally. Most importantly, the proposed amendment would align Dodd-Frank with the doctrinal foundation of whistleblower programs in the United States, which is the idea that regulatory compliance requires robust external and internal whistleblower incentives and protections.
Todd Shaw is a J.D. Candidate at Northwestern University Pritzker School of Law