Chris Willis, Sheri Adler, and Mary Weeks discuss the recent uptick in SEC enforcement activity related to whistleblowers.
In this episode of The Consumer Finance Podcast, Chris Willis is joined by Partners Sheri Adler and Mary Weeks to discuss the recent uptick in SEC enforcement activity related to whistleblowers. They focus on the implications for financial institutions and other companies, particularly those targeted by the SEC for documents potentially restricting whistleblowers from reporting violations of securities laws.
Sheri and Mary provide insights into the legal framework of whistleblower protections and offer practical tips for companies to avoid potential pitfalls. They highlight the importance of drafting agreements that do not deter whistleblowing, ensuring internal consistency across all company documents, and considering the language in third-party agreements.
This episode also touches on the potential for similar enforcement actions from other regulators, such as the CFPB, underscoring the need for companies to take a broad, holistic approach to compliance.
The Consumer Finance Podcast: Navigating the SEC’s Whistleblower Enforcement Wave: A Guide for Financial Institutions
Host: Chris Willis
Guests: Sheri Adler and Mary Weeks
Date Aired: March 7, 2024
Chris Willis:
Welcome to The Consumer Finance Podcast. I'm Chris Willis, the co-leader of Troutman Pepper's Consumer Financial Services Regulatory Practice. I'm glad you've joined us today where we're going to be talking about a recent wave of SEC enforcement activity relating to whistleblowers, which I think will be very interesting to you because that wave of enforcement has been focused a lot on financial institutions.
Before we go into that topic, let me remind you to visit and subscribe to our blogs, TroutmanPepperFinancialServices.com and ConsumerFinancialServicesLawMonitor.com. Don't forget about our other great podcasts. We have the FCRA Focus all about credit reporting, Unauthorized Access, which is our privacy and data security podcast. We have The Crypto Exchange about everything crypto and Payments Pros, which is all about regulation of the payments industry. All of those are available on all popular podcast platforms.
Speaking of those platforms, if you like this podcast, let us know. Leave us a review on your podcast platform of choice and let us know how we're doing. If you like reading and listening to our thought leadership content here at Troutman, don't forget to check out our handy mobile app. It's available for both iOS and Android. Just look in your app store for Troutman Pepper and download the app. It'll give you access to all of our blogs, all of our alerts and advisories, as well as listening access to all of our podcasts all in one convenient place. It even has a great directory of our financial services lawyers and a handy calendar to tell you what conferences we'll be attending and speaking at. So please download and check it out.
Now, as I said, today we're going to be talking about this recent uptick in enforcement activity from the Securities and Exchange Commission against companies, including a lot of financial institutions, who in the SEC’s view had documents that were viewed as restricting whistleblowers from coming forward and reporting violations of the securities laws to the SEC. This affects financial institutions a lot. But we're also, I think, going to see some parallels to things that could happen with other regulators.
Before we get into that, let me introduce my two partners who are going to tell you all about this today. We have Sheri Adler who's a partner in our Employee Benefits and Executive Compensation group. She's a frequent guest on the podcast. So welcome back, Sheri. Thanks for being here today.
Sheri Adler:
Thanks so much for having me again, Chris.
Chris Willis:
Then for the first time on our podcast, we have Mary Weeks. Mary is a member of our business litigation department. But more importantly, for today's episode, she co-leads our team who does securities litigation matters for our clients here at Troutman Pepper. So she knows obviously quite a lot about what we're going to be talking about today. Mary, thanks a lot for joining us today.
Mary Weeks:
Thank you for having me, Chris.
Chris Willis:
I've sort of introduced the concept that we have a heightened amount of SEC enforcement activity, where the SEC seems to be alleging that companies put barriers or deterrents into place that would stop whistleblowers from coming forward. Can you give the audience sort of the legal framework and the background of what's going on here?
Mary Weeks:
Sure. Section 21F of the Dodd-Frank Act of 2010 provides protections and incentives for whistleblowers reporting possible violations of federal securities laws. There are significant financial incentives for whistleblowers that can be awarded. The rule says specifically that no one can take any action to impede a potential whistleblower from coming forward, including by restricting disclosures under a confidentiality agreement.
The SEC has pursued enforcement of these rule violations through more than 20 enforcement actions since 2015, with five of those alone being settled in 2023. Settlement has cost companies anywhere from several hundred thousand dollars to millions of dollars, depending on the nature of the violations. The bottom line is that companies are taking a close look at their arrangements to ensure they're compliant with the rule in an attempt to avoid falling in the SEC’s crosshairs on the issue.
Chris Willis:
Okay. These cases are not retaliation against a specific whistleblower. They're all about these alleged sort of discouragement or deterrence to allegedly prevent or try to persuade employees allegedly not to report to the SEC. Is that right?
Mary Weeks:
Yes. It’s a good question, Chris. I mean, really, it can be both. In several of these agreements, there are instances where there's a willful violation that was found by the SEC. But there's many that were just documentary violations. It sort of correlates to the amount that they're paying in these civil monetary penalties we're seeing. The cease-and-desist order in some of them where it's strictly documentary violations, we've seen those be lower. Where it's some evidence of willful violations, it has been much higher.
Yet we're starting to see multi-million settlements, multi-million dollar cease-and-desist orders come out as recent as this week that are just documentary violations. Yet the civil penalty number is a multi-million dollar figure.
Chris Willis:
Okay, that's helpful. Sheri, let me turn to you. As Mary told us, the focus of the SEC here is on agreements that would allegedly restrict or deter an employee from acting as a whistleblower and reporting something to the SEC. Given what you have seen in these SEC enforcement actions, what are some drafting tips that a company needs to consider to avoid getting into the trouble that these others have gotten into?
Sheri Adler:
Yes. Chris, a lot of agreements have standard confidentiality provisions that restrict employees from disclosing a company's confidential information, which makes sense. The employer has an interest in protecting its confidential and proprietary information. But one of the big problems that the SEC identifies is when that is so broad that it doesn't allow the individual to come forward and report confidential information to the SEC when the individual suspects a possible violation of securities laws.
Our first tip is to make sure that in an agreement that has a non-disclosure of confidential information provision, there should also be a carve-out that states very clearly that the employee is not restricted from reporting possible violations of securities law to governmental agencies that are protected by whistleblower protection laws. Further than that, you also want to state in the carve-out that the employee doesn't need to seek approval from the company before reporting a whistleblower claim and also doesn't need to notify the company after the fact.
That's because the SEC’s view has been that including a notice requirement violates the rule because it could really have a chilling effect on employees who are seeking to come forward. Therefore, it's prohibited.
Chris Willis:
Mary, what are some other tips that you would share with our audience in this vein?
Mary Weeks:
Another thing to keep in mind is that you want to make sure that any carve-out doesn't simply permit the disclosure of confidential information pursuant to a formal legal process such as a subpoena or a court order. We've all seen similar language in agreements, but it must specifically allow voluntary reporting to the SEC. This is something that has been shown to be very important and the SEC is going to require going forward.
Sheri Adler:
On the top topic of making sure that the carve-out is broad enough, while companies obviously want to protect as much of their confidential information as possible, they need to really be careful about trying to limit the type of confidential information that can be disclosed by a whistleblower.
Our tip three is that in the absence of concerns about attorney-client privilege, confidential information should really just be generally viewed as fair game when it comes to an employee reporting possible securities law violation to the SEC, and the carve-out should be drafted broadly enough to account for this.
Chris Willis:
Sheri, it's my understanding that there was a recent SEC enforcement action or actions that took issue with some pretty common and relatively frequently used language that was associated with a release of claims. So could you tell the audience what happened there?
Sheri Adler:
Sure. It's quite common in a release of claims for there to be a provision where the employee represents that they haven't lodged any complaints or charges in the past against the company, and they represent that nothing is pending. The idea is that it's a clean break. They're releasing all claims. They're representing nothing is outstanding. In return, they're typically getting consideration, some sort of severance pay.
Here the SEC again viewed this as problematic because it essentially viewed it as a required notice after the fact to the SEC that you had lodged a whistleblower complaint. As we know, the SEC views that as chilling whistleblowing activity. So our tip four is you really want to look closely at the language in the release section that has that representation and make it clear that it doesn't apply to whistleblower claims and that the employee doesn't have to tell the employer anything about any whistleblower activity that the employee might have engaged in before signing the release.
Chris Willis:
We've discussed the fact that agreements need to sort of clearly give the employee the right to come forward with a claim to the SEC. But it seems like the SEC has even gone further than that and has said that the agreements need to specifically give employees the right to collect the whistleblower bounty or award from these programs. Is that right?
Sheri Adler:
That's right, Chris. If you've seen the numbers of some of these whistleblower awards, they can be quite large. The SEC really views the financial incentives associated with their whistleblower program as a key part of the program. It's really the reason why many whistleblowers may come forward in the first place to report a possible violation of securities law. So you cannot contract around that. You can't waive the monetary award according to the SEC.
This is actually quite surprising to a number of our colleagues who practice labor and employment law because in other areas of the law, for example, under EEOC guidance, it's pretty typical to have an employee waive their right to a monetary recovery for bringing an EEOC claim in a release, even though they can't legally limit the employee’s right to bring the claim. So this is different than other areas of the law and how releases and separation agreements might have been drafted in the past when it came to other agencies.
Mary Weeks:
Great. I'll pick up with our tip number six, sort of on the opposite spectrum of monetary awards or monetary penalties. So the SEC has pursued enforcement actions against companies who impose monetary penalties on an employee for breaching an overbroad confidentiality provision that would restrict protected whistleblower activity. This is what we view as a double whammy, if you will. A company first has a problematic confidentiality provision, as we discussed before. But then it also imposes financial penalties on an employee for breaching that overbroad confidentiality provision. Our suggestion is that you don't do either.
Chris Willis:
Okay. That makes sense. We know that we need to check our sort of non-disclosure of confidentiality provisions and any monetary waiver or penalty provisions that we have in an employment agreement or a release or something like that. So is that it? Are we good? Or are there other things that we need to worry about with respect to whistleblowers?
Mary Weeks:
Well, unfortunately, Chris, there's more. Companies need to take a broad, holistic, and consistent approach to their compliance with the rule. That brings us to our tip number seven to look beyond just the confidentiality provisions. For example, you have an overbroad non-disparagement or cooperation provision. Well, the SEC has charged certain companies for rule violations when the non-disparagement clauses were drafted so broadly that they actually impeded whistleblowers from communicating with the SEC.
It’s important for the employee to understand at bottom they have a right to contact regulators without breaching any clause, including a non-disparagement clause. One way to achieve this in the non-disparagement section of an agreement is to simply cross reference to the whistleblower carve-out that we discussed earlier.
Chris Willis:
Okay. Got that. What are some of the other pitfalls, Mary, that you’ve seen in the SEC’s sort of train of enforcement actions here?
Mary Weeks:
Really one of the things that stands out is a lack of internal consistency. It's not enough to have some compliant clauses in an agreement. The entire agreement has to be compliant. That means that, say, successful carve-out provision can't be contradicted by other provisions in that same contract. By way of example, it would be problematic if a separation agreement has the carve-out clause we've been discussing. But then it also contains other language elsewhere requiring former employees to notify the company of a request from an administrative agency in connection with a report or complaint.
Our tip number eight is to ensure internal consistency. It's not about revising one provision of your agreement, but it's about looking at the entire agreement and considering whether it has the chilling effect that the SEC has warned against.
Chris Willis:
Okay. So we can understand that within a particular document, we can't have one provision seemingly in tension with another. But what about situations where an employee may be subject to multiple documents, like an employment agreement and a code of conduct, and this, that, and the other? How does that come into play?
Mary Weeks:
Sure. You hit the nail on the head that that is our ninth tip, which is about not just consistency within an agreement but consistency across agreements that your organization may have. So it can be we could be dealing with a company that's very complex. It has various subsidiaries, numerous legal compliance departments, each with different responsibilities. One of the ways to ensure this consistency across the organization is to establish ongoing compliance programs and have oversight mechanisms to monitor and review agreements and internal policies for provisions that could run afoul of the rule.
Typical examples of documents, and you alluded to this that there are several, it's not just the broad range of confidentiality, consulting, employment agreements, or even separation and severance agreements. But it's also any release of claims that an employee might sign. It's the employee handbook, as you said. It's various company policies, whether that be the code of conduct or the insider trading policy, and finally even any corporate training programs or materials that are disseminated to your employees. We really are – it runs the gamut of the entire organizations documents and their communications with employees.
Sheri Adler:
Chris, one of the pitfalls we saw there was huge global organizations with parents and subsidiaries and various documents that applied at each level to the employee. You had some documents which were great and fine and legally vetted and completely compliant, but then you had embedded in other documents provisions which contradicted those. So you can see how this can get complex in really big organizations.
Chris Willis:
Yes, definitely. But at least we know that these concerns need to be the focus of individuals who are drafting employee-facing materials of the type that Mary just mentioned; agreements, codes of conducts, employee handbooks, policies, stuff like that. Is there any other part of the company that needs to be concerned about this?
Mary Weeks:
Yes. Actually, there is. The SEC's whistleblower protections broadly protect not just employees but anybody who seeks to report potential securities law violations to the SEC. So our final tip would be to consider the language in your third-party agreements. For example, the SEC has charged a company with violating the rule by prohibiting investors from communicating with the SEC in a stock purchase agreement.
In fact, just this week, we've seen a cease-and-desist order with the SEC, where specifically there were only documentary violations, and it related to a customer agreement. It wasn't that internal-facing kind of agreements that we've seen in other cases. So it does make – this was a multi-million dollar settlement. It really impresses upon us how important this is to the SEC and how broad ranging this is, that it isn't just your internal agreements. It can include agreements with those third parties.
Chris Willis:
Okay. Thanks for sharing all the tips that you've shared throughout the podcast. By the way, Sheri, does an individual whistleblower actually have to have been impeded from reporting in order for the SEC to charge the company with a violation relating to these documents?
Sheri Adler:
No. Chris, I think that's surprising to a lot of companies because in many of the actions, the SEC actually made it clear that it had absolutely no evidence that any individual was actually impeded from whistleblowing activity. But nonetheless, the overly restrictive language in the documentation was considered to be a serious violation of the rule.
Chris Willis:
Okay, got it. Just so we understand the coverage of these rules relating to sort of deterring whistleblowers, did these apply only to publicly traded companies or also private companies, too, like privately held banks?
Mary Weeks:
Chris, it applies to both private and public companies. The SEC has made clear in one of these recent enforcement actions against a privately held company that it expects compliance from both public and private companies. It'll ensure enforcement actions against, and it will pursue enforcement actions against non-compliant public and private companies.
Chris Willis:
Okay. So there's a lot of scope to this. Sheri, Mary, thank you very much for being the podcast today. This is a very sobering set of tips for financial institutions from the SEC. But let me just offer a comment to our listeners as well. One of the things, of course, that we know about regulators is when one of them has a good idea, the others are very quick to jump on board. We also know that the CFPB, which is a regulator we talk about on this podcast all the time, is always soliciting whistleblowers and always encouraging whistleblowers to come forward and report violations of consumer protection laws.
Now, the Dodd-Frank Whistleblower provision that applies under Title 10 doesn't have the kind of financial incentives that the SEC one does, but it does have retaliation protections for whistleblowers. Given the fact that the CFPB is constantly asking for whistleblowers to come over, ask yourself this question. Do you think that the CFPB would find a UDAP violation, for example, if a consumer financial services company had agreements that restricted or penalized companies if they reported a violation of consumer protection laws to the CFPB?
I don't think we have to be very imaginative to see that that would be a very distinct possibility. So what I want to say to the listeners is all of the tips that Mary and Sheri gave you over the course of this that gave rise to, that come out from the learnings of these SEC enforcement actions, I think, are equally applicable to the CFPB risk here. There's no reason to believe that the CFPB would feel any differently about contract provisions or codes of conduct or policies or whatever that they viewed as impeding or discouraging whistleblowers from coming over.
Just to give you a further example of that, remember when the CFPB recently finalized the 1071 rule about small business data collection. They invented a requirement that wasn't in the statute that prohibited financial institutions who make small business loans from discouraging consumers or customers from providing the 1071 information. So the CFPB has already shown that it's willing to outlaw discouragement, even if a statute doesn't say it. I think the examples from the SEC could easily lead it to do sort of similar activity in connection with Consumer Financial Protection laws.
I think the topic of today's podcast is relevant not just with the SEC but also the other regulators that we commonly deal with. I want to thank Mary and Sheri for being on today's podcast and, of course, thank the audience for tuning in to today's episode as well. Don't forget to visit and subscribe to our blogs, troutmanpepperfinancialservices.com and consumerfinancialserviceslawmonitor.com.
If you're particularly interested in hearing more about the subject matter of this podcast, Mary and Sheri have actually written a more in-depth article about it. Mary, where can somebody go to find the more in-depth article that you've written?
Mary Weeks:
Thank you for having us, Chris. With respect to where you can find that link, we'll have it on the resources page of where listeners had access to this podcast. Then it's also available on the Troutman Pepper website.
Chris Willis:
Okay, great. Speaking of the Troutman Pepper website, don't forget to visit us there at Troutman.com and add yourself to our consumer financial services email list. So you get copies of the alerts that we send out, as well as invitations to our industry-only webinars. Finally, don't forget about our handy mobile app. It's available for both iOS and Android. Just look in your app store for Troutman Pepper, and you'll find it. Of course, stay tuned for a great new episode of this podcast every Thursday afternoon. Thank you all for listening.
Copyright, Troutman Pepper Hamilton Sanders LLP. These recorded materials are designed for educational purposes only. This podcast is not legal advice and does not create an attorney-client relationship. The views and opinions expressed in this podcast are solely those of the individual participants. Troutman Pepper does not make any representations or warranties, express or implied, regarding the contents of this podcast. Information on previous case results does not guarantee a similar future result. Users of this podcast may save and use the podcast only for personal or other non-commercial, educational purposes. No other use, including, without limitation, reproduction, retransmission or editing of this podcast may be made without the prior written permission of Troutman Pepper. If you have any questions, please contact us at troutman.com.