by Wayne M. Carlin for the Harvard Law School Forum, December 12th, 2010.
The SEC recently released its proposed rules implementing the whistleblower program established under Section 922 of the Dodd-Frank Act. The proposed rules do not go far enough to avoid undermining corporate compliance systems. We summarize our key observations in this memo, and a more detailed discussion of the proposal and the issues it presents is attached.
To be eligible for a bounty, a whistleblower must supply “original information” which the SEC has not otherwise already obtained. This creates an incentive to race in to the SEC to stake the first claim, rather than report up through established corporate compliance channels. The rules would allow a whistleblower’s report to the SEC to relate back to the date of the same person’s earlier internal corporate report, as long as the whistleblower contacts the SEC within 90 days of reporting internally. While this provision would allow for internal reporting, it would do nothing to encourage it. We propose that internal reporting should be a prerequisite to an SEC whistleblower report, absent extraordinary circumstances, and that up to 120 days should be permitted for the internal review to proceed.
The proposed rules create an opening for second-guessing of internal reviews, by allowing for whistleblower bounties when such reviews are not completed in a “reasonable time” or are conducted in “bad faith.” Both of these concepts have the potential to be applied in an overly expansive manner, and the SEC needs to be vigilant to avoid that result. Finally, while the rules contemplate that the SEC’s staff will have a variety of communications with whistleblowers, there is a need for precise ground rules to govern those communications (and to protect against incursions upon the attorney-client privilege and possible Privacy Act and constitutional violations). (continue reading… )