Yesterday, the SEC published for comment proposed SEC Rule 21F implementing the securities whistleblower provisions of the Dodd-Frank Wall Street Reform Act.* While the proposed Rule contains some laudable features, it would in some ways undermine whistleblower incentives that Congress intended to deliver through Dodd-Frank. Examples? Read on.
Let’s take the bad news first. Incredibly, the SEC actually plans to effectively blow the whistle on some whistleblowers (as it has apparently done in the past) to the very companies suspected of wrongdoing, before the SEC itself does anything to investigate. I’m not making this up:
We expect that in appropriate cases, consistent with the public interest and our obligation to preserve the confidentiality of a whistleblower, our staff will, upon receiving a whistleblower complaint, contact a company, describe the nature of the allegations, and give the company an opportunity to investigate the matter and report back… This has been the approach of the Enforcement staff in the past, and the Commission expects that it will continue in the future.
Seriously? It is hard to imagine how in the majority of cases this approach will not result in the whistleblower’s immediate outing. The threat of such an outing will have a chilling effect on many who might otherwise bring information to the SEC.
Second, in direct opposition to the language of Dodd-Frank, the proposed Rule unnecessarily excludes from “original information” qualifying for a reward any information obtained through violation of state criminal law. Bernie Madoff would be delighted. Why? Because many states — including New York — criminalize mere unauthorized access to a primary source of evidence of securities fraud: the fraudster’s computer.
New York’s Penal Code Section 156.30 makes it a class E felony to “duplicate in any manner any computer data or computer program and thereby intentionally and wrongfully deprive or appropriate from an owner thereof an economic value or benefit in excess of two thousand five hundred dollars.” Some other states — like Georgia — have even more draconian computer privacy statutes.
Imagine that ten years ago, one of Bernie’s employees had a strong suspicion that Bernie was running a Ponzi. (We should be so lucky!) As Harry Markopolos’ February 2009 testimony before the House of Representatives suggests, getting the SEC to investigate a Bernie-like Ponzi requires very specific evidence of the kind typically available only on Bernie’s computer to which only Bernie himself has authorized access. To get a copy of such evidence, under the proposed Rule, Bernie’s employee would run the risk of a NY felony conviction without the Dodd-Frank financial incentives that Congress intended. No rational employee would attempt it and — in the absence of a brilliant outsider like Harry Markopolos — Bernie would continue his Ponzi untouched.
While the SEC’s proposed exclusion of such information goes beyond the express language of Dodd-Frank, the Commission is undeterred, offering this rationalization:
While Congress clearly intended through Section 21F to provide greater incentives for whistleblowers to come forward with information about wrongdoing, we think it is questionable that Congress intended to encourage whistleblower assistance to a law enforcement authority where the assistance itself is undertaken in violation of federal or state criminal law.
Isn’t it even more questionable that Congress intended to turn a blind eye to such information without saying so against the backdrop of Enron, Worldcom, HealthSouth, Bernie Madoff, AIG, Societe-Generale and countless other recent securities debacles that could have been prevented had someone had the incentive to come forward?
On the flip side, some features of the proposed Rule would make things significantly easier for SEC than False Claims Act or IRS whistleblowers. Two examples are highlighted below in relation to confidentiality agreements and SEC investigators’ communications with employees, directors and officers of whistleblower subjects:
§ 240.21F-16 Staff Communications with Whistleblowers.
(a) No person may take any action to impede a whistleblower from communicating directly with the Commission staff about a potential securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by § 240.21F-4(b)(4)(i) & (ii) of this chapter related to the legal representation of a client) with respect to such communications.
(b) If you are a whistleblower who is a director, officer, member, agent, or employee of an entity that has counsel, and you have initiated communication with the Commission relating to a potential securities law violation, the staff is authorized to communicate directly with you regarding the subject of your communication without seeking the consent of the entity’s counsel.
In the FCA arena, confidentiality agreements have been a perennial roadblock to whistleblowers. Likewise, the IRS and DOJ find themselves hamstrung by efforts to comply with the patchwork of state ethics rules governing the communications with represented parties. These features are big steps in the right direction. The SEC deserves credit for including them in the proposed Rule. Here’s hoping that the DOJ and IRS take note.
# # #
*The Dodd-Frank whistleblower provisions are now found in Section 21F of the Securities Exchange Act of 1934 otherwise known as 15 U.S.C.S. § 78u-6. For the uninitiated, securities law jargon can be confusing. The two primary securities acts administered by the SEC are the Securities Act of 1933 (sometimes called the “Securities Act” or “1933 Act”) and the Securities Exchange Act of 1934 (often called the Exchange Act or “1934 Act”). The ’33 Act was passed, not surprisingly, in 1933 to regulate so-called “primary market” transactions in which securities appear for the first time on the market. The ’34 Act was passed in 1934 to regulate the “secondary market,” in which securities already issued change hands between buyers and sellers.