SDNY: Directors Not Liable For Whistleblower Claims Under SOX

On December 9, 2019, the U.S. District Court for the Southern District of New York ruled that, as a matter of law, directors cannot be held liable under the anti-retaliation provisions of the Sarbanes-Oxley Act.  Zornoza v. Terraform Global Inc., No. 18-cv-11617.


Plaintiff is the former President and CEO of the defendant companies which were owned and controlled by a third company (“Owner”) for the purpose of purchasing and operating its energy plants.  In 2015, Plaintiff allegedly became concerned that Owner was publicly overstating its liquidity.  Plaintiff alleged that he reported his alleged concerns to Owner’s CEO and CFO and certain board members.  Plaintiff alleged that, in response, he was removed from his position as president and CEO of the Companies, and replaced by an individual whom he claims diverted funds from the two companies to Owner in an attempt to mask its liquidity crisis.  Plaintiff filed suit against the CEO, CFO, the Companies and certain board members, alleging he was retaliated against in violation of Section 806 of SOX.


The directors moved to dismiss the claims against them pursuant to Rule 12(b)(6), arguing they cannot be liable as directors.  The court dismissed the claims against the directors, concluding that Section 806 of SOX (Section 1514A(a)) does not provide for director liability.  Section 1514A(a) states that: “[n]o company…or any officer, employee, contractor, subcontractor, or agent of such company” may retaliate against an employee for reporting suspected violations of the securities laws.  Given that Congress had explicitly provided for director liability in other provisions, such as Section 7244(a)(1) (making it unlawful for “any director or executive officer of an issuer” to transact in securities during blackout periods) and Section 7242(a) (making it unlawful for “any officer or director. . . to take any action to fraudulently influence. . . any independent public or certified accountant . . .”), the court found its omission from Section 1514A(a) to be particularly significant.  Finding the plain language of SOX to be clear and unambiguous, the court declined to examine Congress’s intent in passing it, ruling that the directors could not be liable in their capacity as directors.

The court noted that in Wadler v. Bio-Rad Labs., Inc. (N.D. Cal. 2015) (which we blogged about here), a California court came to the opposite conclusion because it determined that the usage in Section 1514A(a) of the word “agent” was sufficiently ambiguous to include “directors” as well.  However, this court disagreed, noting that SOX had used “agents” and “directors” in Section 78u-3(c)(3)(A)(i) to denote separate categories of persons, thus precluding a broad definition of “agent” that could include “directors.”  The court drew additional support from agency law, noting that an individual director has no power to act on the corporation’s behalf, but instead directly controls the corporation as a member of its board.


Though there is now a division in district court authority as to whether directors can be held liable under Section 806, this decision provides useful and compelling reasoning upon which employers can be expected to rely.

CFTC Releases FY 2019 Annual Report

The Commodity Futures Trading Commission (“CFTC”) recently released its statutorily mandated 2019 Annual Report covering the fiscal year ending on September 30, 2019.  The report, prepared by the CFTC’s Whistleblower Office (“WBO”), outlines the tips received and awards granted during the fiscal year, and describes the status of the WBO’s initiatives to educate consumers about its whistleblower program.

Under the program, whistleblowers who voluntarily provide original information about violations of the Commodity Exchange Act are eligible to receive between 10 and 30 percent of resulting sanctions that exceed $1 million.  Eligible sanctions can be collected via CFTC enforcement actions or related actions by other federal regulators.

Whistleblower Tips Received

In FY 2019, the WBO received 455 tips from whistleblowers—down from the 760 tips received in FY 2018 but comparable to the 465 tips received in FY 2017.  The WBO noted that the large number of tips last year may have been due to heightened consumer interest in virtual currencies and CFTC news alerts increasing awareness.  The number of tips has increased steadily year after year from the 58 tips received in FY 2012, the first year of the program.

Source: CFTC 2019 Annual Report

During FY 2019, the WBO also received 102 non-whistleblower tips and 35 referrals from the SEC, which it forwarded to the CFTC’s Division of Enforcement for evaluation and disposition.  These tips involved topics ranging from money laundering, false reporting and foreign bribery to insider trading and retaliation against employees.

Whistleblower Awards Granted

During FY 2019, the Commission granted five whistleblower awards and denied awards on 129 applications, primarily because the applications did not relate to a qualifying sanction obtained by the CFTC or other regulatory agency.

The five awards granted by the Commission ranged from approximately $1.5 million to around $7 million.  Since the start of the Whistleblower Program in FY 2012, the Commission has issued 14 whistleblower awards totaling approximately $100 million.  The five awards disbursed last year alone account for over $15 million.  Overall, the CTFC has recovered more than $800 million in sanctions resulting from whistleblower information.

The CFTC does not provide identifying information regarding award recipients and the related enforcement actions, but did briefly summarize the five awards announced in FY 2019:

  • On March 4, 2019, the CFTC announced an award of $2 million for information resulting in a CFTC action and an action by a different regulatory agency. Notably, the whistleblower was not an insider but provided information based on an independent analysis of market data.  For more information, please see our previous post, here.
  • On May 6, 2019, the CFTC announced an award of $1.5 million for information leading to a CFTC investigation and substantial assistance as it proceeded. The CFTC noted that while it does not require whistleblowers to first report violations internally, doing so is one of the “positive factors” in determining the award determination.
  • On June 24, 2019, the CFTC announced an award of $2.5 million for significant information leading to an investigation and assistance to a whistleblower who provided “documents, statements, and analyses.” The CFTC noted that while substantial, the award was reduced due to an “unreasonable delay in reporting the violations.”
  • On July 1, 2019, the CFTC announced an award of $2 million to two whistleblowers for information leading to an investigation. The whistleblowers “play[ed] an integral role in [the] investigations” by providing multiple interviews and numerous documents, as well as by making a report to another organization, which shared its findings with the CFTC.
  • On Sept. 27, 2019, the CFTC announced an award of $7 million for information leading to an investigation. The CFTC noted that while some of the whistleblower’s information proved to be inaccurate, the relevant information still led to a successful enforcement action.

Outreach Efforts

The WBO continues to prioritize outreach efforts to educate industry stakeholders about the whistleblower program.  Its efforts include presentations and attendance at seminars, conferences, and other professional gatherings.

The WBO’s website,, was launched in January 2016.  It offers information about the whistleblower program, answers to frequently asked questions, and allows online submissions of whistleblower tips about potential violations of the CEA and award applications.  The website received nearly 250,000 page views during FY 2019.

In addition, the CFTC’s Office of Customer Education and Outreach is responsible for educating the public about identifying and reporting fraud related to new technologies, such as machine learning, cloud technologies, and virtual currency.

NLRB Permits Confidentiality Restrictions During Internal Investigations

As reported in Proskauer’s Labor Relations Update blog, the NLRB issued an important opinion on December 17, 2019 relating to employer rules requiring confidentiality from employees during workplace investigations.  Apogee Retail LLC d/b/a Unique Thrift Store, 368 NLRB No. 144 (2019).

The Board held, in a reversal of the Obama-era Board, that employers may require strict confidentiality for the duration of workplace investigations into illegal or unethical behavior.

At first blush, a requirement of strict confidentiality during internal investigations would appear to run afoul of SEC Rule 21F-17, which prohibits any person from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”  However, the Board clarified that “nothing in an employer’s investigative confidentiality rules may interfere with an employee’s right to file a charge or complaint with a State or Federal agency … either before an investigation begins, while it is in progress, or after it has been completed.”  The opinion also noted that it might be preferable for employers to clearly state that any confidentiality restriction does not apply to communications with governmental agencies.

As we previously reported (see here, here, and here), the SEC has brought multiple enforcement actions to enforce Rule 21F-17, although there have been no such enforcement actions in the employment setting since January 2017.  Notwithstanding the Board’s determination that strict confidentiality can be required during investigations, employers should ensure that their internal investigation protocols include language making clear that such a rule is not absolute and that employees are always permitted to report concerns to the SEC.

ARB: “Hinting” at Filing a Whistleblower Complaint is Not Protected Activity

On October 31, 2019, the ARB held that an employee who merely “hints” that he or she intends to file a whistleblower complaint has not engaged in protected activity sufficient to invoke the whistleblower protection provision in SOX.  Hoptman v. Health Net of California, ARB Case No. 2017-0052, (Oct. 31, 2019).


Complainant was a claims representative for the Company, a health maintenance organization.  Complainant alleged that he discovered systemic overpayments to the Company by plan members and began working with a plan member to purportedly expose his employer’s actions.  Complainant allegedly texted the plan member and asked her to fill out a HIPAA form so that he could access her personal information, explaining that he could not afford to continue with his investigation against the Company and that he would share money with her if she would help him with his case.  Following Complainant’s suggestion, the plan member filed a complaint with California’s Department of Managed Health Care (DMHC) regarding her alleged overpayments.

Later, during a meeting with a Company manager on an unrelated matter, Complainant mentioned that he had a complaint “in the works” and that the Company would get “in a lot of trouble,” though he conceded that he did not mention any fraudulent activity nor that he was considering filing a complaint with the SEC.  Shortly thereafter, the plan member informed DMHC about her communications with Complainant and DMHC shared this information with the Company.  The Company then terminated Complainant’s employment.

Complainant filed a SOX complaint with OSHA and after OSHA dismissed his complaint for lack of protected activity, an ALJ granted Respondent’s motion for summary judgment on the same basis.  He then appealed to the ARB.


The ARB affirmed, finding that Complainant did not engage in protected activity under SOX.  Complainant argued that in his communications with the plan member he had revealed that he was “about to file” a complaint, and his later conversation with a senior manager “hinted” at this assertion.  However, the ARB ruled that because the communications with the plan member were “deliberately concealed” from the Company, and Complainant stated only that he was planning on filing a complaint, he had not engaged in protected activity under SOX.


This decision demonstrates that the current ARB may take a more limited approach to determining the scope of what constitutes protected activity under SOX.

SEC Releases FY 2019 Whistleblower Program Annual Report

On November 15, 2019, the SEC published its annual report to Congress covering the agency’s whistleblower program.

The report, which covers the period of October 1, 2018 through September 30, 2019, was prepared by the SEC’s Office of the Whistleblower (“OWB”) to summarize its whistleblower bounty program, report on recent statistical trends, and revisit key amendments to the SEC’s Dodd-Frank regulations that were first introduced in June 2018.

Whistleblower Bounty Program

The statistics provided in the SEC’s report suggest that the whistleblower program slightly contracted in FY 2019, compared to the previous year.  OWB received a total of 5,212 whistleblower tips in FY 2019, 70 fewer than were received in the record-setting FY 2018.  This total still represents an approximately 74% increase in tips received since the SEC started tracking statistics for the whistleblower bounty initiative in 2012.

The SEC reports that in FY 2019 approximately $60 million was distributed to 8 individuals whose initial tips and subsequent cooperation aided in the execution of successful enforcement actions.  The SEC’s March 2019 $50 million award to two whistleblowers included a $37 million bounty to one of the individuals – the SEC’s third largest single award since the program’s inception.

For FY 2019, the SEC reports that the most common activities reported by whistleblowers related to corporate disclosures and financials (21%), offering fraud (13%) and manipulation (10%).

Proposed Rule Amendments

The SEC proposed amendments to its regulations to cope with the volume of tips it receives on an annual basis.  Specifically, these amendments (the full text of which can be found here) seek to bar whistleblowers who repeatedly make frivolous claims and afford OWB additional discretion in making bounty determinations.  Moving into FY 2020, the SEC will continue to consider the public comments received on these proposed amendments, which were originally introduced in June 2018.  The SEC expects to adopt these proposed rules sometime in the coming year.

SEC Files Suit Against Company For Allegedly Impeding Investors From Blowing the Whistle

On November 4, 2019, the SEC announced that it had filed an amended complaint against online auction portal Collectors Café and CEO Mykalai Kontilai, alleging Kontilai tried to prevent investors from communicating with the SEC in violation of Rule 21F-17.  The SEC previously charged Collectors Café and Kontilai with fraudulently raising $23 million by making false statements to investors and instead misappropriating more than $6.1 million.

In the amended complaint, the SEC alleged that Collectors Café and Kontilai twice made attempts to stifle investors when those investors raised questions or concerns about the company’s conduct.  In particular, the amended complaint alleged that when an investor questioned Kontilai in 2015, Kontilai arranged for the investors’ shares to be repurchased in an agreement that required a promise that the investor would not contact government or administrative agencies for purposes of starting an investigation into the company.  The amended complaint further alleged that in 2017, two investors accused Kontilai of making material misrepresentations and omissions and brought a lawsuit to secure a return on their investment.  According to the complaint allegations, Collectors Café, Kontilai, and the two investors later entered into a settlement agreement that included an agreement not to communicate with any regulatory agencies, specifically identifying the SEC.  The SEC further alleged that once the investors spoke with the SEC, Collectors Café and Kontilai filed a lawsuit against them for violating the restriction in the settlement agreement.

Rule 21F-17, which was adopted by the SEC after the passage of the Dodd-Frank Act, prohibits company actions that impede individuals from reporting a possible securities law violation to the SEC.  Unlike the rule in Dodd-Frank prohibiting whistleblower retaliation, this protection is not restricted to the employer-employee context, although it has been enforced against employers in the past.  The rule first became effective in 2011 and the SEC brought its first action under the rule in 2015 (we reported on that action here).  There has not been much activity around this rule in the last few years; a handful of enforcement actions were brought in 2016 and one was brought in early 2017.

This action appears to represent the SEC’s first public attempt to enforce Rule 21F-17 during the Trump administration.

ARB: SOX Whistleblower Provision Does Not Apply Extraterritorially

In a pair of recently issued decisions, the Department of Labor’s Administrative Review Board (ARB) held that Sarbanes Oxley’s anti-retaliation provision does not apply extraterritorially.  Hu v. PTC, Inc., ARB Case No. 2017-0068 (Sept. 18, 2019); Perez v. Citigroup, Inc., ARB Case No. 2017-0031 (Sept. 30, 2019).

Hu Decision

In Hu, the complainant worked entirely in China for a foreign subsidiary of a U.S. company.  He claimed that his employment was terminated in violation of SOX after he reported alleged misconduct relating to the U.S. parent company’s financial statements.  The sole issue before the ARB was whether SOX’s anti-retaliation provision (Section 806) covered the complainant’s claim of retaliatory discharge in China.  The ARB held that it did not, following the two-step framework for analyzing extraterritoriality set forth by the Supreme Court in Morrison v. National Australia Bank, Ltd., 561 U.S. 247 (2010).

At the first step of the Morrison analysis—assessing whether the statute at issue extends beyond the U.S.—the ARB held that Section 806 is not extraterritorial, observing that there is no indication that Congress intended for it to apply extraterritorially.

At the second step of the Morrison analysis—evaluating the primary focus of the statute and where the activity comprising that focus occurred—the ARB held that Section 806’s primary focus is on retaliatory employment actions.  The ARB reasoned that Section 806’s focus on the terms and conditions of employment is distinct from the overarching purpose of SOX as a whole (to protect markets) and, therefore, the location of the employee’s principal workplace is the key factor to consider when deciding whether the employee is seeking to invoke Section 806 extraterritorially.  The ARB rejected the complainant’s argument that his Section 806 claim was domestic because his reports allegedly affected the U.S. securities market and because the termination decision may have been made in the U.S.  Ultimately, the Board affirmed the dismissal of the whistleblower claim because the complainant’s principal place of work was in China.

Perez Decision

In Perez, the complainant worked solely in Mexico for a subsidiary of a U.S. corporation.  He alleged that he was retaliated against for reporting concerns about activity in a U.S.-based account.  Relying heavily on its decision in Hu, the ARB again held that Section 806 did not apply extraterritorially and affirmed the ALJ’s dismissal of the whistleblower claim because the complainant exclusively worked in Mexico, and not the U.S.


Prior to the Hu and Perez decisions, the ARB in Blanchard v. Exelis Systems Corp./Vectrus Systems Corp., ARB Case No. 15-031 (August 29, 2017) (which we previously blogged about here) signaled in dicta that Section 806 could potentially apply extraterritorially.  The Hu and Perez decisions seemingly close that door and harmonize the Board’s position with numerous court decisions (see here and here) rejecting the extraterritorial application of SOX’s anti-retaliation provision.

U.S. Senate Introduces Bill to Extend Dodd-Frank Whistleblower Protections

On September 25, 2019, a bipartisan group of U.S. Senators introduced the Whistleblower Programs Improvement Act (the “Act”), which would extend anti-retaliation protections under the Dodd-Frank Act to internal complaints.  The Act mirrors a bill introduced in the House of Representatives earlier this year in direct response to the U.S. Supreme Court’s holding in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), in which the Court unanimously held that Dodd-Frank’s anti-retaliation provision only applied to individuals who provide information regarding a violation of securities law to the SEC (we reported on the House bill here).

The SEC reported that in 2018, the vast majority of employees or former employees who received awards pursuant to whistleblower protections initially raised their concerns internally with their employer.  Under the Supreme Court’s current definition of a whistleblower, employees are not protected from retaliation under Dodd-Frank unless they provide information to the SEC.  The Act would expand the anti-retaliation protections to include employees who report concerns about violations of securities laws internally to their employers before or instead of reporting to the SEC.  The Act also aims to improve how quickly successful whistleblowers could receive a monetary award.  If passed, the Act would require the SEC to decide within one year whether the whistleblower will receive a monetary award.

We will continue to monitor this legislation and keep our readers posted.

Second Circuit Holds Dodd-Frank Whistleblower Retaliation Claims are Arbitrable

On September 19, 2019, the Second Circuit affirmed a New York District Court’s order compelling arbitration of a whistleblower retaliation claim under the Dodd-Frank Act.  Daly v. Citigroup Inc., et al., No. 18-665.


Plaintiff worked in the Private Bank Division of the bank.  She allegedly complained to bank attorneys and human resources employees that her supervisor repeatedly demanded that she disclose material non-public information so that he could pass that information along to his favored clients.  Plaintiff’s employment was subsequently terminated.

Following her termination, Plaintiff filed a complaint in the Southern District of New York alleging, inter alia, several whistleblower retaliation claims, including claims under SOX and Dodd-Frank.  The bank then filed a motion to compel arbitration and to dismiss Plaintiff’s claims.  The bank argued that with the exception of her SOX claim, her claims were all subject to an employment agreement Plaintiff had signed containing an arbitration provision.  The bank further contended that Plaintiff’s SOX claim should be dismissed because she had failed to exhaust her administrative remedies.  The district court granted the bank’s motion in its entirety and Plaintiff appealed to the Second Circuit.


The Second Circuit affirmed the district court’s ruling.  It noted that while district courts in the Second Circuit had diverged on whether Dodd-Frank whistleblower retaliation claims are arbitrable, it would join the Third Circuit, the only federal circuit to have previously ruled on this issue, in holding that such claims are arbitrable.  See Khazin v. TD Ameritrade Holding Corp., 773 F.3d 488, 495 (3d Cir. 2014) (our post on that ruling is here).  The court first explained that in contrast to the SOX whistleblower retaliation provision, which contains an express anti-arbitration provision, nothing in Dodd-Frank’s text suggests that claims arising under that statute are non-arbitrable, which is a strong indication of Congress’s intent not to preclude Dodd-Frank whistleblower claims from arbitration.  The court also found it notable that the language of the SOX anti-arbitration provision restricted its applicability to disputes “arising under this section” (i.e., SOX).  The Dodd-Frank whistleblower retaliation provision, by contrast, is not located in the same section, or even the same title, of the federal code as SOX.  Finally, the court explained that even if the SOX anti-arbitration provision was ambiguous, it still could not infer that Congress intended to extend its application to Dodd-Frank because “[d]espite some surface similarities, the whistleblower retaliation  provisions of [SOX] and Dodd-Frank diverge significantly in their prohibited conduct, statute of limitations, and remedies.”  It concluded that “Plaintiff’s SOX whistleblower claim cannot save her otherwise arbitrable claims from their fate.”


This is a valuable win for employers facing Dodd-Frank whistleblower retaliation claims because the only federal appellate courts to address the issue have now both concluded that mandatory arbitration clauses are enforceable with respect to whistleblower retaliation claims arising under the Dodd-Frank Act.

SDNY Grants Motion to Dismiss SOX Retaliation Claim

On September 18, 2019, the U.S. District Court for the Southern District of New York granted a defendant-employer’s motion to dismiss a SOX whistleblower retaliation claim, finding that the plaintiff failed to adequately plead protected activity.  Tonra v. Kadmon Holdings, Inc., No. 18-cv-9028.


The defendant-employer is a publicly traded biopharmaceutical company that develops and produces several drugs.  Around August 2011, Plaintiff was hired as the company’s Vice President of Preclinical Pharmacology.  About six years after his hiring, Plaintiff met with Defendant’s upper management to present preliminary animal testing results for a new drug that was designed to treat a rare kidney disease.  Plaintiff’s study allegedly showed that the drug had proven ineffective and potentially harmful.  Two months later, Plaintiff received the final test results for the drug, which allegedly confirmed the effects Plaintiff had forecasted.  Plaintiff allegedly proceeded to inform company representatives present at a regulatory compliance meeting that Defendant was required to report the negative test results to the U.S. Food and Drug Administration within the coming months.  Defendant terminated Plaintiff’s employment one day later.  Plaintiff filed suit in federal court claiming, inter alia, that he was retaliated against in violation of SOX for having drawn attention to Defendant’s alleged reporting obligations.


Defendant moved to dismiss the SOX claim pursuant to Federal Rule of Civil Procedure 12(b)(6), arguing that the complaint failed to adequately plead protected activity.  The court granted the motion, finding the complaint did not plausibly allege facts that would support a reasonable belief that Defendant was at risk of violating any of the enumerated securities laws.  In particular, the court noted that Plaintiff’s allegations did not demonstrate a subjectively and objectively reasonable belief that the information at issue would be material to investors.  According to the court, for information to be “material,” it must “significantly alter the ‘total mix’ of information made available” to potential stockholders.  Additionally, the fact that Plaintiff recommended that the disclosures be made within multiple months after the information was first conveyed to management showed Plaintiff did not believe a securities violation to be imminent.


This decision favors defendant employers in cases where a plaintiff does not show that the complained-of violation would be material.