Supreme Court Unanimously Holds that Whistleblowers Must First Report to the SEC Before Being Afforded Dodd-Frank Anti-Retaliation Protections

In a 9-0 opinion issued on Wednesday, February 21, in Digital Realty Trust v. Somers (2018), the Supreme Court resolved a circuit split by holding that Dodd-Frank’s anti-retaliation provision does not apply to an individual, like Somers, who reported a violation of the securities law internally at his company but did not report the violation to the SEC.

As we have previously written, this case came to the Supreme Court from the Ninth Circuit, affirming the District Court’s holding that Section 78u-6(h), Dodd-Frank’s anti-retaliation provision, did not necessitate reporting a potential violation to the SEC before gaining “whistleblower” status. Somers v. Digital Realty Trust Inc., 850 F.3d 1045 (9th Cir. 2016). The Fifth Circuit had previously come to the opposite holding. Asadi v. G.E. Energy (USA), L.L.C., 720 F.3d 620 (5th Cir. 2013). The Supreme Court decided this circuit split and reversed the Ninth Circuit’s holding—taking a narrow view of the “whistleblower” definition and statutory construction.

Dodd-Frank defines a “whistleblower” as “any individual who provides . . . information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission.” 15 U.S.C. § 78u-6(a)(6) (emphasis added). Somers and the Solicitor General argued that the “whistleblower” definition applies only to Dodd-Frank’s monetary reward program for whistleblowers and does not apply to its anti-retaliation provision. Further, the SEC itself advanced this view in its Rules. See 17 C.F.R. § 240.21F-2. The rule, as well as interpretative guidance released in 2015, explained that there were two definitions of “whistleblower”: one for the reward program, which required reporting to the SEC, and one only for the anti-retaliation provision, as long as the information is provided “in a manner described in Section 21F(h)(1)(A) of the Exchange Act,” which includes internal reporting. See id.; SEC Rel. No. 34-75592. The Rule further qualified that “[t]he anti-retaliation protections apply whether or not you satisfy the requirements, procedures and conditions to qualify for an award.” 17 C.F.R. § 240.21F-2(b)(1)(iii).

The Supreme Court, however, found this argument to be at odds with the “plain” language of the statute and the purpose of this portion of Dodd-Frank—to encourage individuals to report violations to the SEC. The Supreme Court reasoned that the SEC Rule should not be accorded deference because “Congress has directly spoken” on this issue in its unambiguous language in Dodd-Frank, and concluded that the language in Dodd-Frank was explicit in its exclusive inclusion of only those individuals who report securities complaints to the SEC.

While the Supreme Court’s decision limits the scope of potential “whistleblowers” who could seek the protection of the Dodd-Frank anti-retaliation provision, the decision may have another, less positive, collateral consequence. When the SEC promulgated the whistleblower rules, it received dozens of comments suggesting that the SEC require employees to report internally before reporting potential violations to the SEC. The SEC rejected that approach, but attempted to encourage internal reporting by including as a factor in deciding the amount of an award whether the whistleblower first reported the potential violation internally. In light of the Supreme Court’s decision, it is more likely that employees will forego reporting any potential violations internally and instead go straight to the SEC so as to not only qualify for an award, but also to seek the protection of the anti-retaliation provision.

SEC Announces Enforcement Division Cyber Specialty Unit

On September 25, 2017, the Securities and Exchange Commission announced the creation of an Enforcement Division “Cyber Unit” that will focus on cyber-related violative conduct. The timing of this is much more than coincidental; indeed it’s obvious. Just last week, SEC Chairman Jay Clayton disclosed: 1) a 2016 intrusion of the SEC’s EDGAR system due to a software vulnerability in the test filing component of the system, resulting in access to nonpublic information; and 2) the creation of a senior-level cybersecurity working group. Since the disclosure of the EDGAR breach, the financial press has reported that SEC Enforcement, the Secret Service, and the FBI have been investigating, and that Chairman Clayton asked the SEC’s Office of Inspector General to investigate. On September 26, 2017, Chairman Clayton appears before the Senate Committee on Banking, Housing, and Urban Affairs where he will provide testimony and likely be subject to intense questioning.

Returning to the SEC’s Cyber Unit, while not specifically described as such, it appears to be created in the mold of the other Enforcement Division Specialty Units. This new unit’s mandate includes targeting cyber-related violative conduct, such as: market manipulation schemes involving false information spread through electronic and social media; hacking to obtain material nonpublic information; misuse of distributed ledger technology; misconduct perpetrated via the dark web; intrusions into retail brokerage accounts; and cyber-related threats to trading platforms and other critical market infrastructure. Consistent with this being a new specialty unit, the “Chief” is a former Co-Chief of the SEC’s Market Abuse Specialty Unit. Thus, registrants can expect the Cyber Unit to evolve much as the SEC’s other specialty units have previously. Specifically, this unit will likely: develop and expand SEC internal cyber knowledge; seek to hire external cyber experts; and dedicate its efforts and resources to this specialty area. Consistent with the evolutions of the other specialty units, the Cyber Unit will likely pursue cases that the Enforcement Division generally and historically might not have pursued, such as non-fraud violations considered more technical in nature.

While it’s ironic that the SEC announced the Cyber Unit on the heels of its recent breach, issuers and registrants should take this opportunity to self-assess and implement plans to avoid the SEC’s Cyber Unit in the future. Among various strategies, actively monitoring and assessing the SEC’s cybersecurity guidance and, in particular, the Office of Compliance Inspections and Examinations Risk Alerts, and documenting this work will support arguments of reasonable and diligent efforts. For further and more detailed guidance, look to FINRA’s February 2015 Report on Cybersecurity Practices. While FINRA’s oversight is limited to its member broker-dealer firms, this 46-page report provides plain-language guidance that any company or firm may want to consider reviewing and implementing as appropriate.

D.C. Circuit Split on Constitutionality of SEC’s Administrative Judges

We previously blogged about the D.C. Circuit’s decision in Raymond J. Lucia Cos v. SEC, which rejected the petitioner’s constitutional challenges to the SEC’s use of administrative law judges that are not appointed by the President. Yesterday, the D.C. Circuit issued a two sentence per curiam order denying an en banc review by an equally divided court.

We noted that the panel’s original opinion was the first appellate ruling of its kind. Although the panel’s decision remains in effect because the full court did not rehear the case, the strength of that ruling is now severely undermined. As we previously reported, the Tenth Circuit has already disagreed with the D.C. Circuit’s panel and held that the SEC’s administrative law judges are subject to the Constitution’s Appointments Clause. Yesterday’s order likely sets the stage for a Supreme Court challenge.

SEC Names Co-Directors of Enforcement

Last week, the Securities and Exchange Commission (SEC) announced that Acting Enforcement Director Stephanie Avakian and former federal prosecutor Steven Peikin had been named Co-Directors of the Division of Enforcement. In making the announcement, SEC Chairman Jay Clayton advised:

There is no place for bad actors in our capital markets, particularly those that prey on investors and undermine confidence in our economy. Stephanie and Steve will aggressively police our capital markets and enforce our nation’s securities laws as Co-Directors of the Division of Enforcement. They have each demonstrated market knowledge, impeccable character, and commitment to public service, and I am confident their combined talents and experience will enable them to effectively lead the Division going forward.

Prior to being named Acting Director in December 2016, Ms. Avakian served as Enforcement’s Deputy Director since June 2014. Mr. Peikin joins the SEC for the first time from private practice. Prior to that, from 1996 to 2004, Mr. Peikin served as an Assistant U.S. Attorney in the Southern District of New York. He was Chief of the Office’s Securities and Commodities Fraud Task Force, where he supervised some of the nation’s highest profile prosecutions of accounting fraud, insider trading, market manipulation, and abuses in the foreign exchange market. As a prosecutor, Mr. Peikin also personally investigated and prosecuted a wide variety of securities, commodities, and other investment fraud schemes, as well as other crimes.

As Chairman Clayton continues to appoint the Division leadership at the SEC and establish his own agenda for the Commission as its new Chairman, these Co-Director appointments bear a strong resemblance to those of his predecessors, Chair Mary Jo White and Chair Mary Schapiro. First, in 2009, Chair Schapiro appointed a former federal prosecutor for the first time to lead the SEC’s Division of Enforcement. Second, in 2013, Chair White appointed another former federal prosecutor, Andrew Ceresney. In furtherance of the striking similarities, Chair White appointed Mr. Ceresney as a Co-Director with the then Acting Director. Mr. Ceresney eventually took over the Directorship on his own. Thus, while many forecasted that the new Commission may perhaps be friendlier to the industry, with these Co-Director appointments Chairman Clayton looks to be following the lead of his recent predecessors rather than breaking from them. Lastly, if the precedent of the only prior Co-Directorship is any indication, then at some point in the foreseeable future Mr. Peikin will be occupying the Director’s chair on his own, as Mr. Ceresney ultimately did.

Compliance and Legal Officer Guidelines to Prevent Non-Line Supervisory Liability

Chicago partner Jim Lundy and associate Carrie DeLange, members of Drinker Biddle’s SEC & Regulatory Enforcement Team, authored “Compliance and Legal Officer Guidelines to Prevent Non-Line Supervisory Liability” for the National Society of Compliance Professionals’ (NSCP) professional journal, Currents, March 2017 edition.

The article provides guidance and recommendations to compliance officers and in-house attorneys with investment management and broker-dealer firms regarding the legal background and recommended practices to avoid supervisory liability with respect to the violative conduct of business personnel. Specifically, the article examines the applicable statutes and rules, the controversial “Gutfreund Standard,” and the SEC’s more recent guidance from a Division of Trading and Markets “FAQ” and speeches. Jim and Carrie build on this information to provide recommendations for investment management and broker-dealer compliance and in-house personnel to manage satisfying their compliance obligations while dealing with the potentially problematic conduct of business personnel.

Read “Compliance and Legal Officer Guidelines to Prevent Non-Line Supervisory Liability.”

Ninth Circuit: You Don’t Need to Report Securities Violations to the SEC to Be Protected by the Dodd-Frank Anti-Retaliation Provision

On March 8, 2017, a divided panel of the United States Court of Appeals for the Ninth Circuit held that the anti-retaliation provision of the Dodd-Frank Act protects individuals who make purely internal disclosures of alleged securities violations. The decision, Somers v. Digital Realty Trust, Inc., No. 15-17352 (9th Cir. March 8, 2017), aligns the Ninth Circuit with the Second Circuit, which reached the same result in Berman v. Neo@ogilvy, LLC, 801 F.3d 145 (2d Cir. 2015). These opinions stand in stark contrast to the position of the Fifth Circuit, which concluded in Asadi v. G.E. Energy (USA), L.L.C., 720 F.3d 620 (5th Cir. 2013), that in order to enjoy the protection of the anti-retaliation provision an individual must report the alleged securities violation to the SEC. While the Ninth Circuit’s decision is the latest entry in this evolving circuit split, it is unlikely to be the last—the Third Circuit is considering this very issue.

The Dodd-Frank Act defines a “whistleblower” as “any individual who provides, or 2 or more individuals acting jointly who provide, information relating to a violation of the securities laws to the Commission, in a matter established by rule or regulation, by the Commission.” 15 U.S.C. § 78u-6(a)(6).

As even the Ninth Circuit acknowledged, the definition above describes only those who report information to the SEC. But the Ninth Circuit did not regard this as determinative of the issue. Instead, the court analyzed both the purpose of the Dodd-Frank Act and the scope of the activities specifically covered by the anti-retaliation provision to reach its ultimate conclusion. In particular, the anti-retaliation provision protects those who engage in lawful activities “in making disclosures that are required or protected under the Sarbanes-Oxley Act of 2002 . . . and any other law, rule, or regulation subject to the jurisdiction of the Commission.” 15 U.S.C. § 78u-6(h)(1)(A)(iii). The Ninth Circuit, like the Second Circuit, noted that Sarbanes-Oxley requires both accountants and lawyers to report internally before they report to the SEC. Thus, using the “whistleblower” definition from Section 78u-6(a)(6) for purposes of the anti-retaliation provision would provide almost no protection to such lawyers and accountants—they would be forced to report internally first, and could legally be subject to retaliation in the period between their mandatory internal reporting and the time they made the report to the SEC. The Ninth Circuit concluded that such an approach “would make little practical sense and undercut congressional intent.”

The Ninth Circuit also agreed with the Second Circuit that the SEC regulation promulgated to implement anti-retaliation provision is entitled to deference. That regulation, Exchange Act Rule 21F-2, 17 C.F.R. § 240.21F-2, makes clear that the anti-retaliation provision protects anyone who engages in activities protected by 15 U.S.C. § 78u-6(h)(1)(A), including those who make internal disclosures under Sarbanes-Oxley.

Continuing its trend in Court of Appeals cases on this issue, the SEC appeared and argued as amicus in favor of expansive coverage of the anti-retaliation provision.

The SEC Heightens Its Interest in Robo-Advisers

Over the last two weeks, the SEC has put robo-advisers on notice that they are on the staff’s radar. First, on February 23, 2017, the SEC’s Division of Investment Management, along with the SEC’s Office of Compliance, Inspections, and Examinations, issued a Guidance Update for robo-advisers. The term “robo-adviser” refers to registered automated investment advisers that provide investment advice that uses computer algorithms. Robo-advisers generally collect information about a client’s financial goals, income, assets, investment horizon, and risk tolerance by way of an online or electronic questionnaire. With limited human interaction, robo-advisers use this information to create and manage investment portfolios for clients. Robo-advisers are often more economical than traditional investment advisers. Robo-advisers, which began as an appeal to millennials, are now widely becoming popular with all age groups and types of investors.

The Guidance Update focused on in three unique areas of the investment relationship: (1) the substance and presentation of disclosures to clients about the robo-adviser and the investment advisory services it offers; (2) the obligation to obtain information from clients to support the robo-adviser’s duty to provide suitable advise; and (3) the adoption and implementation of effective compliance programs reasonable designed to address particular concerns relevant to providing automated advice.

This Guidance Update specifically encourages robo-advisers to keep clients well-informed with respect to their use of algorithms to manage client funds. Robo-advisers must be diligent in their disclosures to clients of the risks and limitations inherent in the use of algorithms to manage investments. For example, an algorithm may not address prolonged changes in market conditions and investors need to know that. The Guidance Update also reminds robo-advisers that because of the limited human interaction with the client, issues, like disclosures, would most likely be done online. As such, communications, including written disclosures, should be effective, not hidden or indecipherable. Finally, the Guidance Update highlighted that for robo-advisers, compliance with the Advisory Act of 1940 may require more written documentation than regular investment advisers must provide. For example, robo-advisers should consider documenting the development, testing, and backtesting of the algorithms, the process by which they collect client information, and the appropriate oversight of any third party that develops or owns the algorithm or software utilized by the robo-adviser.

In addition to the Guidance provided to robo-advisers, the SEC Office of Investor Education and Advocacy also issued an Investor Bulletin on the subject of robo-advisers to alert potential clients to specific areas when dealing with a robo-adviser would be different from a more traditional adviser. Such areas include (1) the minimized level of personal interaction a client would receive, e.g., do you ever speak to a human?; (2) the standard information a robo-adviser uses to formulate recommendations, e.g., are the robo-advisers asking all the pertinent questions in their questionnaires?; (3) the robo-adviser’s approach to investing, e.g., are the robo-advisers using pre-determined portfolios or can you customize your investments?; and (4) the fees and charges involved, e.g., could you be charged penalties or fees if you want to withdraw your investment?  Investors should consider using robo-advisers because of the economic advantages but must be aware of the differences inherent in this new 21st century version of the investment advisor.

The SEC requires robo-advisers to be registered and makes them subject to the same substantive and fiduciary obligations as traditional investment advisers. In addition to the Alert and the Guidance Update, the SEC staff also addressed robo-advisers at SEC Speaks on February 24, 2017. At the Office of Compliance Inspections and Examinations (“OCIE”) panel, the office’s senior leadership put the audience and industry on notice of OCIE’s “Electronic Investment Advice Initiative.” Specifically, OCIE advised that it will be dedicating staff and resources to prioritize examining robo-advisers for this SEC fiscal year. Due to OCIE applying a risk-based approach to its examination program, they will likely focus on robo-advisers with large platforms or business models that OCIE believes pose potential risks to investors. For robo-advisers to prepare, we recommend that firms review the February 23, 2017 Guidance Update and the Office of Investor Education and Advocacy Investor Bulletin described above to proactively plan to be in compliance with this guidance. This way, firms examined as part of the Electronic Investment Advice Initiative, can attempt to avoid significant deficiencies or enforcement referrals from OCIE’s increased scrutiny of robo-advisers.

SEC Speaks 2017 – OCIE Had Something To Say

Last week, the Securities and Exchange Commission (SEC) Acting Chairman, senior leadership across Divisions and Offices, and former SEC Commissioners spoke at the “SEC Speaks” Conference 2017. Senior leadership from the SEC’s Office of Compliance Inspections and Examinations (OCIE) used its panel and workshop to provide guidance on the reshaping of its examination programs that it began in 2016. Below we outline the revamped OCIE.

OCIE’s Reorganization & Reallocation of Resources

The OCIE panel included OCIE’s Acting Director and its Deputy Director. The commentators for the panel were former SEC Chairman Hon. Harvey L. Pitt and former SEC Commissioners Hon. Paul S. Atkins and Hon. Daniel M. Gallagher. At the beginning of the presentation, OCIE’s Acting Director reminded the audience that OCIE’s mission is to protect investors, ensure market integrity, and support responsible capital formation through risk-focused strategies that: 1) improve compliance; 2) prevent fraud; 3) monitor risk; and 4) inform policy. The panel explained that OCIE monitors and assesses its various programs to align with OCIE’s mission and strategies. The panel described that OCIE had developed and implemented a plan to revise its programs to better align with the evolving nature of the various registrants subject to its oversight.

The Investment Adviser / Investment Company Program

This past year, OCIE re-allocated 100 broker-dealer staff examiners to the Investment Adviser / Investment Company (IA/IC) Program, which increased the total number of OCIE staff in the IA/IC Program to over 600. OCIE’s Deputy Director reminded the audience that the investment management industry lacks a self-regulatory organization and that the number of investment advisers registered with the SEC continues to grow. For example, since January 1, 2017, approximately 200 additional investment advisers have registered with the SEC. Thus, the SEC and OCIE determined that a re-allocation of staff was necessary to manage the SEC’s responsibility as the sole inspection and examination authority for this industry. One of the goals of this reallocation appears to be to address the number of examinations per examiner, if feasible, from last year’s high of 4.91 per examiner. Following up on a proposal to the Commission last fall under Chair Mary Jo White, Commissioner Gallagher encouragingly questioned whether OCIE needs to consider the use of non-SEC, third-party examination firms. Although OCIE senior leadership did not seem enthused about this possibility, they replied that they would be willing to work with whatever ideas and initiatives the new Commission may have to assist with OCIE’s resource constraints, in particular with the continuing expansion of the investment advisory industry.

The Broker-Dealer, FINRA and Securities Industry Oversight, and National Broker-Dealer Exchange Group Programs

For the above three programs, OCIE has restructured its examination oversight of the brokerage industry and for certain other registrants. First and foremost, OCIE’s Broker-Dealer (BD) Program – as the industry has known it for the past few decades – no longer exists. Second, in addition to the reallocation of 100 examiners from the BD Program to the IA/IC Program, OCIE senior leadership outlined the creation and responsibilities of two new programs: the FINRA and Securities Industry Oversight (FSIO) Program; and the National Broker-Dealer Exchange Group (BDX) Program. While the BDX Program will maintain some broker-dealer examination staff, as explained below, this will be a significantly reduced number of examiners who will be focused on targeted examinations in coordination with FSIO’s oversight responsibilities.

FSIO is a national program with staff in the SEC’s home office and across various regional offices. OCIE created FSIO for several reasons, including avoiding the duplication of efforts and resources that sometimes occurred with FINRA. FSIO’s primary responsibility is the enhanced oversight of FINRA. FSIO also will oversee the Municipal Securities Rulemaking Board (for purposes of this blog, we focus on FINRA). While FSIO will maintain oversight responsibility, OCIE senior leadership emphasized that the plan is to work collaboratively with FINRA, as appropriate. FSIO’s Program will oversee FINRA in two ways; with programmatic and oversight examinations. The former will focus on FINRA’s programs and operations to provide guidance and recommended improvements, while the latter will involve specific FINRA examinations of member firms that FSIO will sample, examine, and provide feedback to FINRA.

The BDX Program has a broader mandate, including responsibility for: exchanges; transfer agents; the clearing and settlement program; (only) municipal advisors; the Securities Investor Protection Corporation; and the Public Company Accounting Oversight Board. BDX is also a national program with staff in the SEC’s home office and regional offices. As mentioned, the BDX Program also includes a limited number of broker-dealer examination staff to conduct targeted examinations and coordinate with FSIO regarding FINRA oversight examinations.

Conclusion / Takeaways

OCIE’s reallocation of staff resources to the IA/IC Program, dissolution of the BD Program, and creation of the FSIO and BDX programs reflect an SEC Office that is attempting to keep pace with the increasing and evolving registrant populations for which it is responsible by restructuring programs and targeting its limited resources. These efforts will likely have unintended (or intended) consequences for the investment management and broker-dealer industries. First, OCIE appears to be making its oversight of the investment management industry its main focus. This is the continuation of a multi-year effort, as this industry presents the greatest risk to OCIE and its understaffed IA/IC Program. That said, with a staff increase of 100 and the continuing emphasis on this program, the number of significant deficiencies and enforcement referrals generated by the IA/IC Program will correspondingly increase, as the quantity and frequency of examinations increases. With respect to OCIE’s BD, FSIO, and BDX Programs, with FINRA’s evolution and increased resources to examine the broker-dealer industry, it is not too surprising that the SEC, via OCIE, ceded responsibility to FINRA and dissolved the BD Program. A collateral result for the broker-dealer industry, however, will likely be an empowered FINRA that may seek to increase the assertiveness of its examination and enforcement programs. In conclusion, while the IA/IC Program and FINRA appear poised to enjoy increased authority, OCIE’s efforts are laudable in reorganizing itself to better allocate its limited resources to manage its responsibilities over its evolving registrant population.