Categories
Blog

Update on the SEC and Whistleblowers

We recently had some interesting news regarding whistleblowers and whistleblowing that I thought compliance professionals should be cognizant of going forward. These matters included a Securities and Exchange Commission (SEC) bounty award to two whistleblowers which detailed reasons for the award. Additionally, there have also been two enforcement actions brought by the SEC where companies had surreptitiously tried to prevent former employees from whistleblowing to the SEC through craft Non-Disclosure Agreement (NDA) language.

Whistleblower Bounty Awards

The SEC issued one Order announcing two anonymous whistleblower awards. As noted, the whistleblowers were anonymous as was the company whom they blew the whistle on. Claims Review Staff (“CRS”) had four claimants to evaluate for an award and settled on two of them, Claimants 1 & 2. Claimant 1 was awarded $13 million, and Claimant 2 was awarded $3.3 million. The Order listed six reasons why Claimant 1 was awarded the bulk of the whistleblower bounty.  (1) Claimant 1’s tip was the initial source of the investigation; (2) Claimant 1’s tip exposed abuses in (Redacted), that would have been difficult to detect without Claimant 1’s information; (3) Claimant 1 provided the SEC staff with extensive and ongoing assistance during the course of the investigation, including identifying witnesses, including (Redacted) and helping staff understand complex fact patterns and issues related to the matters under investigation; (4) the Commission used information Claimant 1 provided to devise an (Redacted) and finally, Claimant 1, “persistently alerted the Commission to the ongoing abusive practices for a number of years before the investigation was opened.”

Claimant 2 received their award based upon the following factors: (1) Claimant 2 was a valuable first-hand witness who also provided helpful information relevant to the practices, although several years after the SEC had received Claimant 1’s information; (2) Claimant 2 provided information and documents, participated in staff interviews, and provided clear explanations to the staff regarding the issues that Claimant 2 brought to the staff’s attention; (3) Claimant 2’s information gave the staff a more complete picture of how events from an earlier period impacted the Firm’s practices and provided information which the SEC staff was able to use in settlement discussions with the Firm’s counsel. However, and most significantly, and in contrast to Claimant 1, “Claimant 2 delayed reporting to the Commission for several years after becoming aware of the wrongdoing. Accordingly, we find that Claimant 2 unreasonably delayed reporting to the Commission and that Claimant 2’s award should be set at Redacted in light of all the facts and circumstances.”

Attempts to Impede SEC Reporting

Since at least the KBR, Inc.’s pretaliation enforcement action, the SEC has made clear that companies cannot impede, contractually through an NDA, the ability of a reporter to whistleblow to the SEC. A Law360 article, by Steven J. Pearlman, Pinchos Goldberg and Alexandra Oxyer, lawyers from Proskauer Rose LLP, detailed two recent SEC enforcement actions where companies were found to have wrongfully attempted to circumvent Rule 21F-17 under the Securities Exchange Act of 1934, which “prevents companies from, among other things, using confidentiality agreements to impede whistleblowing to the SEC.”

In the first matter, styled In the Matter of David Hansen, the SEC found that Hansen, an executive of NS8, Inc., had an employee who “raised concerns internally that NS8 was overstating its number of paying customers, including that the information used to formulate external communications to potential and existing investors allegedly was false. The employee also raised the concerns directly to the executive and later submitted a tip to the SEC. After making a report to the SEC, the employee told the executive that unless the company addressed the allegedly inflated customer data, he would reveal his allegations to the company’s customers, investors and any other interested parties.”

Hansen and the company Chief Executive Officer (CEO), “allegedly took steps to remove the employee’s access to the company’s information technology systems. The executive also allegedly used the company’s administrative account to access the employee’s company computer and obtain his passwords to his email and social media accounts. The company then discharged the employee. The SEC concluded that in restricting the employee’s access to the company’s IT systems and in monitoring his online activities, the executive substantially interfered with the employee’s ability to communicate with the SEC about his concerns in violation of Rule 21F-17.”

The second matter, In the Matter of The Brink’s Company, the SEC found that from at least April 2015 through April 2019, Brinks used an NDA that prohibited employees from disclosing confidential company information to any third party without the prior written approval of Brinks. This NDA threatened current and former employees with liquidated damages and legal fees if they failed to notify the company prior to disclosing any financial or business information to third parties. Most significantly, the NDA did not provide an exemption for potential SEC whistleblowers. Perhaps most damning for Brinks was that after the KBR enforcement action, Brinks modified its NDA by adding a $75,000 liquidated damages provision for violations of the agreement. While the reason(s) is not clear from the SEC Order, Brinks was assessed a $400,000 penalty for its blatant attempts to keep employees from reporting to the SEC.

While the Brinks matter seems straight-forward, the Order did note that Brinks was made aware of the KBR Order, so the company was on actual knowledge of what the legal requirements were and still disobeyed them. However, the Hansen matter does seem a bit less clear. The Proskauer lawyers noted, the Order “could be read to reflect an exceedingly broad view of the protections afforded to SEC whistleblowers under Rule 21F-17 — protecting employees who have threatened to broadcast company information to third parties other than the SEC, such as customers or investors, or even the media. This could jeopardize the privacy of sensitive data and other confidential information and trade secrets, which could present a range of significant risks to companies.” They also noted a vigorous dissent from Commissioner Heather Pierce.

The whistleblower awards remind all compliance professionals the power of internal reporting and the cost when internal reporters are not listened to and take their concerns the SEC. The enforcement actions involving Hansen and Brinks demonstrate the SEC takes concerns of company actions to, in any way, stop employees from bringing information to the SEC very seriously and will vigorously enforce the protections afforded to whistleblowers.

Categories
Life with GDPR

The KBR Document Production Decision

In this episode Jonathan Armstrong and Tom Fox are back to discuss issues relating to data privacy, data protection and GDPR. Today, we take a look at the recent UK Supreme Court decision in the KBR document production case. KBR succeeded in its UK Supreme Court battle with the Serious Fraud Office (SFO). The case is interesting both in connection with the seizure of documents in SFO investigations and the sometimes criticized Section 2 notice procedure, which the UK Supreme Court held was unlawful in this case.

Highlights Include:

·      What was this case about?

·      Why was it so important?

·      What is a Section 2 Notice?

·      What about extra-territoriality?

·      What was the Court’s decision based on?

·      Lessons for the compliance professional.

·      Wither the SFO?

Resources

Check out the Cordery Compliance Client alert on the KBR decision here.

Check out the Cordery Compliance, client alert on this topic, click here. For more information on Cordery Compliance, go their website here. Also check out the GDPR Navigator, one of the top resources for GDPR Compliance by clicking here.

Categories
Everything Compliance

Everything Compliance-Episode 75, the GOAT and Pandemic Edition


Welcome to the only roundtable podcast in compliance. Today, we have a quartet of Jonathan Armstrong, Jonathan Marks, Matt Kelly and Jay Rosen for a deep dive into plethora of topics generally related to the GOAT in football and the Coronavirus pandemic. We end with a veritable mélange of rants and shouts outs.

  1. Jonathan Armstrong joins us from London to review the UK Supreme Court decision in the KBR Section 2 document request case. He shouts out to the UK Judiciary for its perseverance during the Coronavirus health crisis and a special shout out to Texas lawyer Tiddles the Cat.

 

  1. Matt Kelly considers the recent CDC guidance on vaccine and the return to work movement by asking how it all will impact compliance. Matt shouts out to GOP Representative Adam Kissinger for his calling out the hypocritical behavior in failing to punish Donald Trump for leading an insurrection against America.

 

  1. Jonathan Marks looks at the Fraud Pentagon in the context of fraud risks in the era of the Coronavirus pandemic. Marks shouts to former National Holdings CCO Kay Johnson for her victory over her former employer who fired her when she investigated the company CEO for securities law violations.

 

  1. Jay Rosen pens a love sonnet to the GOAT and his former QB Tom Brady and looks at Tompa Bay’s accomplishment from the compliance perspective. Rosen shouts out to Twitter and FB for banning the former President from their platforms.

 

  1. Tom Fox rants about former KPMG UK chairman Bill Michael who was forced to resign after telling KPMG employees to ‘stop whining’ about working during the Coronavirus pandemic. For good measure Michael said there was no such thing as ‘unconscious bias’ against minorities. 

The members of the Everything Compliance are:

  • Jay Rosen– Jay is Vice President, Business Development Corporate Monitoring at Affiliated Monitors. Rosen can be reached at JRosen@affiliatedmonitors.com
  • Mike Volkov – One of the top FCPA commentators and practitioners around and the Chief Executive Officer of The Volkov Law Group, LLC. Volkov can be reached at mvolkov@volkovlawgroup.com
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague, who is an experienced data privacy/data protection lawyer with Cordery in London. Armstrong can be reached at armstrong@corderycompliance.com
  • Jonathan Marks is Partner, Firm Practice Leader – Global Forensic, Compliance & Integrity Services at Baker Tilly. Marks can be reached at marks@bakertilly.com

The host and producer (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the Compliance Podcast Network.