First Circuit Narrows Whistleblower Protections of Sarbanes-Oxley | Foley Hoag LLP – White Collar Law and Investigations


On July 13, 2022, the United States Court of Appeals for the First Circuit ruled that the whistleblower protections contained in Section 806 of the Sarbanes-Oxley Act (SOX) do not apply to employees who report potential violations of the Foreign Corrupt Practices Act (FCPA). The judgment in Baker vs. Smith & Wesson, Inc., 40 F.4th 43 (1st Cir. 2022) is the second recent decision restricting the law’s important whistleblower protections, following a recent award in the 9th Circuit. While these decisions are important and will likely generate further litigation as whistleblowers seek to avoid the impact, the practical effects for future whistleblower cases will likely be limited as there may be workarounds. Either way, we don’t expect any change in the need for companies to maintain strong compliance programs that incentivize employees to report internally.

SOX Whistleblower Protections

Whistleblower protections are at the heart of the SOX oversight reform package, encouraging and protecting individual reports of potentially fraudulent conduct. SOX contains a number of protections for whistleblowers. For example, Section 301 of the Act sets out requirements for internal procedures that employers must use to receive and handle complaints from whistleblowers regarding accounting or auditing matters. Section 1107 criminalizes any retaliatory action when a whistleblower has provided “truthful information” regarding the commission of a federal offense to a law enforcement officer.

The most commonly invoked whistleblower protections in SOX are those in Section 806, which protects whistleblowers who report certain types of fraudulent activity internally from retaliation by their employer. Section 806, codified as 18 USC § 1514A, grants whistleblowers, under certain conditions, a civil cause of action to recover compensatory and other damages resulting from retaliation. Section 806 provides these protections as long as the reported activity falls into one of three statutory categories: the report must (1) relate to a U.S. Securities & Exchange Commission (SEC) rule or regulation; (2) relate to a violation of the mail fraud, wire fraud, bank fraud, or securities fraud laws, or (3) relate to a provision of federal law relating to fraud against shareholders. These protections are intended to work hand-in-hand with other SOX provisions that require organizations to develop internal compliance procedures and incentivize leaders to ensure their company is acting within the bounds of the law. Whistleblowers are particularly important in detecting and first reporting FCPA violations, which often arise from the conduct of remote subsidiaries or affiliated entities or are carried out through schemes that attempt to avoid reports of abuse. business or accounting programs. Section 806 has been understood as an important safeguard to encourage this internal reporting.

First and Ninth Circuits: Reporting FCPA Violations Not Protected by SOX

Recently, an appeal of a grand jury decision in a civil action in the Northern District of California limited the Section 806 protections that apply to whistleblowers in the context of the FCPA. In Wadler vs. Bio-Rad Labs., Inc., 916 F.3d 1176 (9th Cir. 2019), Wadler, former general counsel for Bio-Rad, internally reported potential FCPA violations and was fired as a result. The jury returned an $11 million award to Wadler based on instructions that the FCPA was a “rule or regulation of the SEC” for purposes of whistleblower protections in Section 806. Bio -Rad has appealed the jury’s decision.

On appeal, the Ninth Circuit ruled that the jury instructions were incorrect because the relevant text of Section 806 unambiguously limited whistleblower protection to the “rules and bylaws” of the SEC, not to a statute like the FCPA. The Ninth Circuit did not address the issue of whether Section 806 protections could apply to a report of an FCPA violation if the report (1) identified a violation of the mail, wire, and fraud laws. , bank or securities or (2) involved a provision of federal law relating to fraud against shareholders. The Ninth Circuit also rejected Wadler’s policy argument that Section 806 whistleblower protections should be applied broadly based on SOX’s remedial goal of protecting employees, explaining that the language clear section 806 did not require consideration of these arguments. The Ninth Circuit ultimately upheld the verdict—and award of $11 million—in favor of Wadler on independent state law grounds. Still, the ruling called into question whether the whistleblower protections of Section 806 applied to reporting FCPA violations.

In Smith & Wesson, the First Circuit faced the same question as Wadler’s court: whether reports of potential FCPA violations are protected as potential violations of an “SEC rule or regulation.” The Court ruled not. Plaintiff Baker conceded that the FCPA is not one of the fraud laws listed in Section 806 – that is, fraud by mail, wire, bank or securities – and is not not a “stockholder fraud provision of the federal law”. He only argued that the FCPA is a “rule or regulation of the Securities and Exchange Commission.” The First Circuit accepted the decision of the Ninth Circuit in wader and argued that the FCPA is not such a rule or regulation of the SEC, and therefore the whistleblower protections of Section 806 do not apply. Like the Ninth Circuit, the First Circuit concluded that the plain language of Section 806 precludes any interpretation that would include the FCPA and, therefore, historical policy and legislative arguments need not be considered. As such, a whistleblower’s internal report of potential FCPA violations does not benefit from the protections of Section 806 of the Act.

Although it is the second appeals court to narrow the scope of Section 806, the First Circuit’s decision may have limited impact on long-term SOX whistleblower cases. First, other reform laws — including, but not limited to, Dodd-Frank — have resulted in additional protections and rewards for employees who report unlawful behavior that may capture whistleblowers that fall outside the scope. newly restricted SOX protections. . Additionally, the two cases described above shared an unusual feature in that the alleged FCPA violations were only characterized as violations of an “SEC rule or regulation.” With this avenue seemingly foreclosed, plaintiffs will likely be able to rephrase FCPA violations as too violations of mail, wire, bank or securities fraud, or will mark the failures of internal controls leading to the violations as “fraud against shareholders” – requiring only a minor reclassification of the allegations to allow them to enter the scope of the Act. With no indication that the DOJ and SEC will slow FCPA enforcement in the near term, companies should exercise caution in considering any changes to compliance programs in response to these rulings. As part of any assessment of a company’s compliance culture, the DOJ and SEC will continue to expect companies to encourage reporting and not retaliate. Effective internal reporting – which in turn depends on the availability of viable channels through which reports are made and people willing to make such reports – remains a fundamental part of any compliance program, as it is a essential prerequisite for a company to be able to investigate and correct potential violations and thereby avoid or mitigate potential penalties.

Previous The 5: Steelers to watch at Jacksonville Jaguars
Next Helping businesses calculate their savings - Retail World Magazine