The U.S. Supreme Court's Digital Realty decision presents good and bad news to public companies and other entities regulated by the U.S. Securities and Exchange Commission (SEC). The so-called “good” news is that the decision limits their liability for alleged retaliatory acts by ruling that Dodd-Frank does not provide a private right of action to employees who only report potential misconduct internally to the company. Yet, by taking away this protection, the court effectively directs employees to bypass their company's compliance programs and instead report the alleged misconduct directly to the SEC (or at the very least, simultaneously report the potential misconduct to the SEC and the company). Therein lies the apparent “bad” news.

Companies now must face the very real prospect that the SEC, and other regulators and prosecutors vis-à-vis the SEC, will learn of alleged misconduct, institute an investigation and contact witnesses without the company's knowledge. This dynamic can deny the board and senior management the opportunity to investigate internally, get ahead of the potential misconduct and receive potentially valuable cooperation credit from the government. Given the competing incentives offered by the SEC's Cooperation and Whistleblower programs, the Digital Realty decision has significant implications for how boards and senior management should structure their compliance programs, investigate reports of potential misconduct, and ultimately determine whether and when to report their misconduct to the government.

|

Promoting Good Governance

Prior to the Digital Realty decision, the SEC's Whistleblower Program—which to date has awarded more than $262 million to 53 whistleblowers—already provided significant inducement for employees to report potential misconduct to the SEC, either directly or within 120 days of an internal report. But the Supreme Court's decision tips the scales heavily in favor of external reporting by holding that Dodd-Frank's express language only provides anti-retaliation protection to those employees who report directly to the SEC. As a result, whistleblowers will now think twice before reporting internally, because they could reasonably believe that doing so could jeopardize their current employment status and may even undermine their ability to collect an award.

Because internal reporting is a core element of a robust compliance program, boards and senior management should address this potential concern to build up trust with their employees. Specifically, employees should understand that, if they participate in the company's compliance program, they will not be retaliated against. This is a fundamental corporate culture issue that cannot be overstated. Companies should stress that regulatory and legal compliance is a part of doing business and not an obstacle to it. And employees should be made to understand and appreciate their critical role in supporting corporate governance. Companies can also alleviate this concern by clarifying that employees who report internally are still protected against retaliation by other federal and state laws. For example, employees are still protected by Sarbanes-Oxley, which allows employees to file administrative complaints with the secretary of Labor within 180 days of the alleged retaliation. Nevertheless, the main message that boards and senior management should emphasize to employees is that they will not retaliate for internal reporting. Boards and senior management can convey and further support this message by making sure their company's code of conduct, bylaws, and other policies and procedures address this issue appropriately.

Boards and senior management should also make it as easy as possible for employees to report potential misconduct to the company by providing multiple channels to alert the compliance department, directly or indirectly, through an immediate supervisor or an anonymous hotline. These reporting lines should be clearly outlined in the company's policies and procedures and re-examined periodically by management to make sure they are functioning properly. While companies should encourage internal reporting, boards and senior management should make sure that the policies and procedures in no way stifle an employee's ability to report misconduct to the SEC, which could trigger a stand-alone enforcement action even if no employee was prevented or otherwise discouraged from reporting. In this sense, employment agreements, including non-disclosure and severance agreements, should be reviewed to confirm they do not contain any outright prohibitions against reporting potential misconduct to the SEC or penalties for doing so, including forfeiture of whistleblower awards for bypassing the compliance program.

|

Addressing Bad Conduct

Given the Digital Realty decision, investigating internal reports quickly and efficiently is now more important than ever, because companies should assume that any internal report is being made simultaneously to the SEC. Companies should investigate all reports to identify which reports present real issues as opposed to frivolous ones. The use of outside counsel, while potentially more costly, signals to both the reporting employee and the government that the investigation is being structured in a way that maintains objectivity and impartiality. To the extent a company uncovers misconduct, that misconduct should be fully remediated to ensure that any aggrieved parties are made whole and no additional harm will be caused.

|

Self-Reporting to the SEC

The company should also consider whether self-reporting the issue, including the scope of misconduct and remediation steps (e.g., terminating employees responsible for the misconduct, revising material disclosures, enhancing compliance policies and procedures) makes sense. As evidenced by recent settlements with the SEC and Department of Justice (DOJ), these steps can yield substantial cooperation credit in the form of reduced sanctions, nonprosecution or deferred prosecution agreements, and even declinations, depending on the facts and circumstances. And the SEC and DOJ have also indicated that they may deal more harshly with those companies that choose not to self-report identified misconduct. Of course, any decision to self-report must be made with an assessment of the potential collateral consequences in follow-on civil litigations.

|

Exercising Prudent Conduct

The use of whistleblower awards and the provision of anti-retaliation protections have led to a radical rethinking of how boards and senior management respond prudently to allegations of misconduct. After Digital Realty, the question is no longer if the SEC will find out, but rather, does it already know.

John J. Carney is a partner with BakerHostetler and serves as co-leader of the firm's national white collar, investigations and securities enforcement team. Mr. Carney is a former securities fraud chief, assistant United States attorney, and U.S. Securities and Exchange Commission senior counsel. Jonathan A. Forman is counsel on the firm's white collar, investigations and securities enforcement team. The views expressed in this article are those of the authors and not necessarily those of BakerHostetler or its clients.