Today, the Securities and Exchange Commission (SEC or Commission) voted to approve final rules to implement the SEC whistleblower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), enacted by Congress on July 21, 2010. The vote was split, with three Commissioners voting in favor of implementation and two voting against. According to the majority of the Commissioners, the final rules attempt to balance the tension between encouraging whistleblowers to come forward to the SEC while simultaneously discouraging them from bypassing internal company compliance programs. The dissenting Commissioners disagreed, taking the position that the failure to require mandatory internal reporting would have a detrimental effect on internal compliance and spur whistleblowers to bypass those internal mechanisms in favor of directly reporting to the SEC.

Whistleblowers Protected from Retaliation

A key component of the final rules is the definition of “whistleblower,” which reflects the SEC’s view that the antiretaliation protections of the Dodd-Frank Act do not depend on a finding of an actual violation of securities laws. The final rules provide that “[y]ou are a whistleblower if, alone or jointly with others, you provide the Commission . . . and the information relates to a possible violation of the federal securities laws (including any rules or regulations thereunder) that has occurred, is ongoing, or is about to occur” (emphasis added). This definition tracks the statutory definition, but adds the “possible violation” language, a standard that does not require an actual violation for the antiretaliation protections to apply. In its proposed rules, the SEC had included the phrase “potential violation”; it replaced that phrase with “possible violation” in the final rules.

However, the final rules also require that, to be afforded protection from retaliation, the whistleblower must possess a “reasonable belief” that the employer is violating the securities laws. The SEC has defined “reasonable belief” in three ways: (1) specific, credible, and timely information; (2) information related to a matter already under investigation by the SEC, but that makes a “significant contribution” to the investigation; or (3) information that was provided through the employer’s internal compliance mechanisms, which is subsequently reported to the SEC by the employer, and which satisfies the first or second prong of the definition. This standard is a significant change from the proposed rules (which included no such requirement), and the final rules echo and cite to specific comments and proposals that Morgan Lewis submitted to the Commission on December 17, 2010.