We recently had some interesting news regarding whistleblowers and whistleblowing that I thought compliance professionals should be cognizant of going forward. These matters included a Securities and Exchange Commission (SEC) bounty award to two whistleblowers which detailed reasons for the award. Additionally, there have also been two enforcement actions brought by the SEC where companies had surreptitiously tried to prevent former employees from whistleblowing to the SEC through craft Non-Disclosure Agreement (NDA) language.

Whistleblower Bounty Awards

The SEC issued one Order announcing two anonymous whistleblower awards. As noted, the whistleblowers were anonymous as was the company whom they blew the whistle on. Claims Review Staff (“CRS”) had four claimants to evaluate for an award and settled on two of them, Claimants 1 & 2. Claimant 1 was awarded $13 million, and Claimant 2 was awarded $3.3 million. The Order listed six reasons why Claimant 1 was awarded the bulk of the whistleblower bounty.  (1) Claimant 1’s tip was the initial source of the investigation; (2) Claimant 1’s tip exposed abuses in (Redacted), that would have been difficult to detect without Claimant 1’s information; (3) Claimant 1 provided the SEC staff with extensive and ongoing assistance during the course of the investigation, including identifying witnesses, including (Redacted) and helping staff understand complex fact patterns and issues related to the matters under investigation; (4) the Commission used information Claimant 1 provided to devise an (Redacted) and finally, Claimant 1, “persistently alerted the Commission to the ongoing abusive practices for a number of years before the investigation was opened.”

Claimant 2 received their award based upon the following factors: (1) Claimant 2 was a valuable first-hand witness who also provided helpful information relevant to the practices, although several years after the SEC had received Claimant 1’s information; (2) Claimant 2 provided information and documents, participated in staff interviews, and provided clear explanations to the staff regarding the issues that Claimant 2 brought to the staff’s attention; (3) Claimant 2’s information gave the staff a more complete picture of how events from an earlier period impacted the Firm’s practices and provided information which the SEC staff was able to use in settlement discussions with the Firm’s counsel. However, and most significantly, and in contrast to Claimant 1, “Claimant 2 delayed reporting to the Commission for several years after becoming aware of the wrongdoing. Accordingly, we find that Claimant 2 unreasonably delayed reporting to the Commission and that Claimant 2’s award should be set at Redacted in light of all the facts and circumstances.”

Attempts to Impede SEC Reporting

Since at least the KBR, Inc.’s pretaliation enforcement action, the SEC has made clear that companies cannot impede, contractually through an NDA, the ability of a reporter to whistleblow to the SEC. A Law360 article, by Steven J. Pearlman, Pinchos Goldberg and Alexandra Oxyer, lawyers from Proskauer Rose LLP, detailed two recent SEC enforcement actions where companies were found to have wrongfully attempted to circumvent Rule 21F-17 under the Securities Exchange Act of 1934, which “prevents companies from, among other things, using confidentiality agreements to impede whistleblowing to the SEC.”

In the first matter, styled In the Matter of David Hansen, the SEC found that Hansen, an executive of NS8, Inc., had an employee who “raised concerns internally that NS8 was overstating its number of paying customers, including that the information used to formulate external communications to potential and existing investors allegedly was false. The employee also raised the concerns directly to the executive and later submitted a tip to the SEC. After making a report to the SEC, the employee told the executive that unless the company addressed the allegedly inflated customer data, he would reveal his allegations to the company’s customers, investors and any other interested parties.”

Hansen and the company Chief Executive Officer (CEO), “allegedly took steps to remove the employee’s access to the company’s information technology systems. The executive also allegedly used the company’s administrative account to access the employee’s company computer and obtain his passwords to his email and social media accounts. The company then discharged the employee. The SEC concluded that in restricting the employee’s access to the company’s IT systems and in monitoring his online activities, the executive substantially interfered with the employee’s ability to communicate with the SEC about his concerns in violation of Rule 21F-17.”

The second matter, In the Matter of The Brink’s Company, the SEC found that from at least April 2015 through April 2019, Brinks used an NDA that prohibited employees from disclosing confidential company information to any third party without the prior written approval of Brinks. This NDA threatened current and former employees with liquidated damages and legal fees if they failed to notify the company prior to disclosing any financial or business information to third parties. Most significantly, the NDA did not provide an exemption for potential SEC whistleblowers. Perhaps most damning for Brinks was that after the KBR enforcement action, Brinks modified its NDA by adding a $75,000 liquidated damages provision for violations of the agreement. While the reason(s) is not clear from the SEC Order, Brinks was assessed a $400,000 penalty for its blatant attempts to keep employees from reporting to the SEC.

While the Brinks matter seems straight-forward, the Order did note that Brinks was made aware of the KBR Order, so the company was on actual knowledge of what the legal requirements were and still disobeyed them. However, the Hansen matter does seem a bit less clear. The Proskauer lawyers noted, the Order “could be read to reflect an exceedingly broad view of the protections afforded to SEC whistleblowers under Rule 21F-17 — protecting employees who have threatened to broadcast company information to third parties other than the SEC, such as customers or investors, or even the media. This could jeopardize the privacy of sensitive data and other confidential information and trade secrets, which could present a range of significant risks to companies.” They also noted a vigorous dissent from Commissioner Heather Pierce.

The whistleblower awards remind all compliance professionals the power of internal reporting and the cost when internal reporters are not listened to and take their concerns the SEC. The enforcement actions involving Hansen and Brinks demonstrate the SEC takes concerns of company actions to, in any way, stop employees from bringing information to the SEC very seriously and will vigorously enforce the protections afforded to whistleblowers.