One of the many objectives of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act was to encourage whistleblowers to report securities violations—including violations of the Foreign Corrupt Practices Act (FCPA)—to the Securities and Exchange Commission (SEC). Among other things, Dodd-Frank created new remedies for whistleblowers who suffer retaliation by their employers, including allowing whistleblowers to sue their (former) employers on more favorable terms than existing anti-retaliation laws. But what if an employee doesn’t report a possible violation to the SEC, but only told her boss? If that “internal whistleblower” is subsequently terminated, can she avail herself of Dodd-Frank’s anti-retaliation provisions?  Because of the way the law was drafted, this turns out to be a difficult legal question, one on which courts across the U.S. have divided.

Nevertheless, there are strong practical reasons—above and beyond the basic reasons that could be advanced in any context—why Dodd-Frank should cover internal whistleblowers. Unless the courts resolve their division in favor of internal whistleblowers soon (most likely through a Supreme Court decision), Congress should step in and rewrite the law to remove any doubt that internal whistleblowers are protected.

The difficulty in interpreting Dodd-Frank’s anti-retaliation provision stems from its use of the term “whistleblower.” In the law’s general definitions section, Dodd-Frank defines a whistleblower narrowly as “any individual who provides . . . information relating to a violation of the securities laws to the [SEC]” (emphasis added). This seems to exclude those who report violations only internally. The Act’s anti-retaliation provision, on the other hand, prohibits an employer from retaliating against a whistleblower for engaging in a variety of legal activities, including making disclosures required or protected under the Sarbanes-Oxley Act. Protected disclosures under Sarbanes-Oxley include internal disclosures by employees to their supervisors. The question, then, is whether the narrow definition of “whistleblower” in the definitions section should limit the scope of the seemingly broad wording of the anti-retaliation provision. The Court of Appeals for the Fifth Circuit and several trial courts have said yes, meaning that internal whistleblowers are not protected under Dodd-Frank. The Court of Appeals for the Second Circuit and the majority of trial courts to consider the question have come out the other way, finding the Dodd-Frank unclear on this point, and holding that courts should defer to the SEC’s judgment that the statute allows internal whistleblowers to sue under the anti-retaliation provision. From a purely legal perspective, I think the Second Circuit’s opinion is probably the correct one: Dodd-Frank isn’t entirely clear on this issue, and therefore the well-established principle of U.S. law that courts should defer a responsible agency’s interpretation of an ambiguous provision ought to apply. Nevertheless, the Fifth Circuit’s arguments are compelling, and I don’t believe the legal answer is easy.

That said, from a policy perspective the answer is clear. Not only does allowing a company to fire someone for reporting illegal activity offend our sense of right and wrong, protecting internal reporting is also consistent with a general preference—shared by the government and by the companies themselves—to prefer internal reporting over external reporting. Internal reporting, which is more in sync with people’s natural sense of loyalty and inclination to work out problems internally, can allow companies to resolve unfounded claims in-house and mitigate the damage of legitimate claims before the government becomes involved, which in turn helps conserve limited enforcement resources. All this counsels in favor of a broader reading of Dodd-Frank. In addition, there are context-specific reasons to have strong internal whistleblowing protections in Dodd-Frank:

• First, certain categories of employees are required under Sarbanes-Oxley to report violations internally before they disclose them to the SEC. For example, auditors of a public company must inform management and (should management fail to take action) the board of directors of suspected illegal activity. Only if both management and the board fail to take appropriate action may the auditor report to the SEC. Auditors will be unable to receive Dodd-Frank’s protections, under the Fifth Circuit’s narrow interpretation, until that later report to the SEC. But nearly all retaliation is likely to take place long before an SEC report is ever made. This places auditors and others with similar internal reporting obligations (including lawyers) effectively outside of Dodd-Frank’s protections.
• Second, the Department of Justice actively encourages FCPA compliance programs that promote internal whistleblowing. One of the factors they consider when deciding whether to prosecute, and what penalties to pursue if they do, is whether a company has a strong compliance program. A central tenant of these programs is the inclusion of an internal, anonymous reporting mechanism and the devotion of substantial company resources to investigate reported claims. It seems unfair for the government to encourage internal reporting but for the laws to fail to protect the employees who do. Furthermore, the existence of robust internal reporting mechanisms will make it less likely that employees will report to the SEC – at least initially. Thus, even those without legal obligations are unlikely to engage in the type reporting that would entitle them to Dodd-Frank protection.
• Third, in the face of the reasons for internal reporting outlined above, there is little reason to believe that limited anti-retaliation protections will encourage external reporting. While I think there are strong reasons to prefer internal reporting, there might conceivably be cases where we prefer external reporting—for example, where we don’t trust the company to investigate thoroughly or we believe that it might try to bury evidence. In such cases, perhaps excluding internal whistleblowers from protections would be justified if it provides them with another reason, on top of monetary incentives, to report externally. But unfortunately for advocates of external reporting, a narrow reading of Dodd-Frank is unlikely to have this desired effect. For one, whistleblower protections are contained in an obscure provision of a complex law. Many potential whistleblowers won’t even know that the provision exists. Even if they do, making the decision to blow the whistle is a difficult one. Those who report internally under Sarbanes-Oxley are already afforded more limited anti-retaliation protections. The marginal difference of Dodd-Frank’s stronger anti-retaliation protections – a longer statute of limitations to bring a retaliation claim and increased compensation for successful claims – are unlikely to be decisive in all but a few instances. Excluding internal whistleblowers from protections won’t promote external reporting. It will just leave internal whistleblowers with inferior protection.

At the end of the day, there are two possible ways the division in the U.S. courts will be resolved: by a Supreme Court decision or by a congressional amendment of the law. The company that lost in the Second Circuit has already vowed to appeal the case to the Supreme Court. It’s possible the Court will take the case and resolve the case in favor of internal whistleblower protections. That said, the Court could always come out the other way. To ensure these internal whistleblowers have the robust protections they deserve, Congress should pass a law that clarifies Dodd-Frank’s coverage and extends its protections to internal whistleblowers.