Implications for Compliance Programs from the Digital Realty Ruling
The Supreme Court ruled recently on the Digital Realty v. Somers case, and the decision is significant from a compliance standpoint; potential informants are incentivized to report directly to the SEC rather than through internal channels. Peter Rasmussen of Bloomberg Law offers key tips for corporate counsel to minimize any risks resulting from disclosures by informants to the SEC.
In February 2018, the U.S. Supreme Court held in Digital Realty Trust, Inc. v. Somers that the Dodd-Frank Act anti-retaliation provisions only protect whistleblowers that report wrongdoing to the Securities and Exchange Commission. The statute defines a whistleblower as “any individual who provides … information relating to a violation of the securities laws to the Commission.” Observing that “[w]hen a statute includes an explicit definition, we must follow that definition,” the Court, in an opinion authored by Justice Ruth Bader Ginsburg, declined to give deference to an SEC rule that allowed informants to report internally for purposes of anti-retaliation protection.
From a compliance practice standpoint, Digital Realty Trust is a significant decision, as potential informants will have a greater incentive to report wrongdoing directly to the SEC rather than through internal channels. While it may not mark a sea change for corporate compliance and internal reporting programs, companies should review their whistleblower policies and procedures to make sure that that their programs are robust and responsive to the needs of potential informants to minimize any risks resulting from disclosures by informants to the SEC.
The Dodd-Frank Act created a bounty program for eligible whistleblowers, as well as anti-retaliation protections for informants, whether or not they qualified for bounty awards. The anti-retaliation measures differed significantly from protective provisions enacted a few years earlier in the Sarbanes-Oxley Act. That statute required injured employees to file an administrative claim with the Department of Labor and gave them only six months to do so. Under the Dodd-Frank Act, individuals who suffer retaliation for exposing misconduct may sue directly in federal court and have up to six years to do so. The 2010 legislation also allows for reinstatement, recovery of twice the amount of back pay lost and an award of costs and attorneys’ fees.
The rules adopted by the SEC to implement the statutory provisions recognized the role of corporate compliance and internal reporting programs. A whistleblower’s voluntary participation in an entity’s internal compliance and reporting systems could be a factor in increasing the amount of an award, and interference with internal compliance and reporting would be a factor that could decrease an award amount.
The rules also contain a provision under which a whistleblower may receive an award for reporting original information to the company’s internal compliance and reporting systems if the company reports information to the SEC. Under this provision, all the information provided by the company to the SEC is attributed to the whistleblower, which means that the whistleblower will get credit, and potentially a greater award, for any additional information generated by the entity in its investigation. The rule also specifically does not require SEC reporting for protection under the anti-retaliation provisions.
The Digital Realty Case
Paul Somers sued his employer, Digital Realty Trust, Inc., under the Dodd-Frank Act anti-retaliation provisions. According to Somers, the company dismissed him as a direct result of his reports to management about his supervisor’s violations of the securities laws. Somers made his reports to senior management and did not make any disclosures to the SEC. The district court found for Somers, and on appeal, the Ninth Circuit affirmed the district court holding. Somers’ internal reporting was sufficient, concluded the appellate panel, stating that the “DFA anti-retaliation provision unambiguously and expressly protects from retaliation all those who report to the SEC and who report internally.” This interpretation is interesting, because the Ninth Circuit reached the result based on its reading of the statutory language alone, rather than on a Chevron-based deference to the SEC’s rulemaking.
At the Supreme Court, in a decision in which all the justices supported the result (Justices Thomas and Sotomayor argued in dueling concurring opinions on the proper role of legislative history), three little words ruled the day — “to the Commission.” Justice Ginsburg wrote that Congress clearly and unambiguously spoke on the question of the proper definition of a whistleblower. In support of this view, she cited the Dodd-Frank provision that created the Consumer Financial Protection Bureau. The whistleblower protection provision in that title imposed no requirement that any information be conveyed to a government agency. According to Justice Ginsburg, quoting an earlier decision, “when Congress includes particular language in one section of a statute but omits it in another, this Court presumes that Congress intended a difference in meaning.”
Chevron’s deference to the SEC’s rules fared no better than the former employee’s statutory construction arguments, as Justice Ginsburg made short work of the proposition:
“Congress has directly spoken to the precise question at issue,” she asserted, “and accordingly, we do not accord deference to the contrary view advanced by the SEC in Rule 21F–2. The statute’s unambiguous whistleblower definition, in short, precludes the Commission from more expansively interpreting that term.”
Prospects for Compliance Practice
What does Digital Realty mean from a compliance standpoint? Given that whistleblowers have always had to report to the SEC to claim an award, it is doubtful that the case will prompt an overwhelming flood of new reports to the Commission. Companies must, however, be prepared for the reality that a discrete pool of individuals now have an incentive to report wrongdoing directly to the SEC rather than through internal compliance channels. That pool will likely be composed of potential informants who are represented by counsel. Employment lawyers may be expected to recommend to their clients that they report their information to the SEC while still employed in order to protect their rights. Employees who are wrongly terminated without having first reported to the SEC may still seek recovery under the Sarbanes-Oxley Act, but as noted above, that act has an impractically short 180-day limitations period.
Although Digital Realty prevailed in the litigation, it is difficult to imagine them as having won the case, as the reputational costs of retaliatory firings can be significant. In addition, from a company standpoint, if securities law violations have occurred, it is far better for the SEC to hear about them from the company than from a tipster, when credit for self-reporting and remediation can be available.
A key step companies should take is an obvious one: avoid problems at the outset. Initially, retaliatory actions are fraught with risks and must be avoided. These actions can run afoul of state and local law, as well as the federal securities laws, and must be avoided. Companies should also evaluate their internal control systems to make sure that the structures and procedures are sufficient to prevent and detect wrongdoing.
The next step is to craft a robust internal reporting mechanism featuring a tip line that employees and others will actually use. The reporting system should be accessible, anonymous, confidential and responsive. Companies should also conduct regular training programs to publicize the program, to familiarize employees with how to use the system, to explain how the program works and how tips are handled and to describe the kinds of conduct that should and should not be reported.
An unanswered question from Digital Realty is whether the burden of the decision will fall more heavily on companies or on potential informants. Employees and others can avoid their problems entirely, by contacting the SEC, and in any case, there are always other jobs to be had. The prospect of a surprise phone call from the Division of Enforcement resulting from an informant’s tip certainly would be an unsettling one, however, and one to be avoided. If your company thinks that the answer to a securities law problem is to fire the employee who reported the violation, it is asking the wrong questions.
 15 U.S.C. § 78u-6(a)(6).
 18 U.S.C. § 1514A(a)(1).
 17 C.F.R. § 240.21F-6.
 17 C.F.R. § 240.21F-4.
 Somers v. Digital Realty Trust Inc., 850 F.3d 1045 (2017).