What Independent Auditors Need to Know about the Dodd-Frank Whistleblower Program

Register now

IMGCAP(1)]On May 25, 2011, the Securities and Exchange Commission issued its final rules implementing the new whistleblower program of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Whistleblowers with information about violations of the securities laws can now potentially collect between 10 and 30 percent of the money recovered by the SEC in a successful enforcement action.

Under certain potentially broad circumstances, independent auditors can be eligible to become Dodd-Frank whistleblowers, based on information that they learn about their clients during the audit engagement. In addition, employees of an accounting firm performing an audit for a public company can become whistleblowers against the accounting firm if that firm fails to comply with its obligations under the securities laws to report unlawful conduct occurring at the public company being audited.

Dodd-Frank provides that in order to be eligible for a whistleblower award, an individual must satisfy the following requirements; (1) the individual must be a “whistleblower” as that term is defined below; (2) the individual must “voluntarily” provide the SEC with “original information”; (3) the original information must lead to a successful enforcement action by the SEC; and (4) the successful enforcement action must result in monetary sanctions of more than $1 million arising out of the same core facts. The SEC rules define the terms used in the Dodd-Frank statutory language.

First, a “whistleblower” is someone who, alone or jointly with others, provides information to the SEC relating to a possible violation of the federal securities laws that has occurred, is ongoing, or is about to occur.

Information is provided “voluntarily” if the whistleblower makes his or her submission before a request, inquiry, or demand regarding the same matter is directed to the whistleblower (or his or her representative) by the SEC or by any other governmental entity. The other governmental entities include the Public Company Accounting Oversight Board, any self-regulatory organization, Congress, the federal government, or a state Attorney General or securities regulatory authority.

In essence, the whistleblower must get to the government before the government gets to the whistleblower.

Information is “original” if it is derived from the independent knowledge or independent analysis of the whistleblower that is not already known to the SEC from any other source, and is not exclusively derived from an allegation made in a hearing, a governmental report, an audit or investigation, or a report from the news media. In addition, original information includes only information that is submitted after July 21, 2010, which is the date that Dodd-Frank was enacted.

Broker-Dealer and Investment Advisor Audit Exclusions

Rule 21F-4(b)(4)(iii)(D) excludes from the definition of “independent knowledge and analysis” information that was: (1) learned by employees of, or anyone associated with, a public accounting firm; (2) in connection with an audit or other engagement required under the federal securities laws; and (3) if that information relates to a violation by the engagement client or the client’s directors, officers, or other employees.

According to the SEC, the exclusion described above only applies to engagements not covered by the rule relating to auditors of public companies, such as broker-dealers and investment advisors. Thus, subject to the exceptions listed below, an accountant performing an annual audit for a broker-dealer cannot run into the SEC as a whistleblower when the accountant’s information about the alleged securities law violation was gained during the course of the audit engagement.

Exception to Exclusion

An auditor of a broker-dealer or investment advisor can become a whistleblower if any one of the following circumstances applies: (1) there is a reasonable basis to believe that the disclosure of the information to the SEC is necessary to prevent the entity from engaging in conduct that is likely to cause substantial injury to the entity or investors; (2) there is a reasonable basis to believe that the entity is engaging in conduct that will impede an investigation of misconduct (for example, destroying documents, improperly influencing witnesses, or engaging in other improper conduct that may hinder the investigation); or (3) 120 days have elapsed from the time that the independent auditor provided information about a possible violation through the entity’s internal reporting system, or provided the information to the auditor’s supervisor.

Although these standards present the challenge of interpreting the terms “reasonable basis to believe” and “substantial injury,” certain circumstances will stand out as clearly falling within the exceptions. For example, if an auditor has reason to believe that his client is engaging in a Ponzi scheme, then that auditor should seriously contemplate becoming a Dodd-Frank whistleblower. Or, if an auditor becomes aware that an engagement client is destroying documents during an SEC examination, that accountant should similarly consider reporting that information as a whistleblower.

Exclusion of Independent Auditors of Public Companies

The rules also prohibit an award to an accountant who gains information during “an audit of financial statements required under the securities laws and for whom such submission would be contrary to the requirements of Section 10A of the Securities Exchange Act,” that is, an accountant who gains information about wrongdoing during the audit of a public company.

Section 10A of the Securities Exchange Act provides that if an auditor of a public company becomes aware of information indicating that an illegal act has or may have occurred, the auditor must investigate the financial materiality of the illegal act and inform management and the company’s audit committee. If the company fails to take appropriate remedial action, the auditor must report its conclusions to the company’s board of directors, which is then obligated to inform the SEC. If the board of directors fails to inform the SEC within the required time period, the auditor must report its conclusions directly to the SEC. Accordingly, this rule prevents an auditor who is already obligated to report information to the SEC from personally profiting from reporting that same information as a whistleblower.

Exception to Independent Auditor Exclusion

For accountants and accounting firms, perhaps the most important aspect of the whistleblower rules is the fact that an employee of (or any person associated with) an independent auditor of a public company can make a whistleblower submission alleging that the auditor failed to assess, investigate or report wrongdoing in accordance with Section 10A, or that the auditor failed to follow other professional standards.

Moreover, if the whistleblower makes such a 10A submission, the whistleblower will be able to obtain an award not only from a successful enforcement action against the auditing firm, but also from any successful enforcement action against the firm’s engagement client.

In allowing such claims, the goal of the SEC is to “help insure that wrongdoing by the [accounting] firm (or its employees) is reported in a timely fashion.” According to the SEC, this goal is paramount “because of the important gatekeeper role that auditors play in the securities markets.”

Although the final Dodd-Frank rules appear at first blush to exclude independent auditors from becoming whistleblowers, the exceptions may swallow the rules of exclusion. From the perspective of the individual accountant performing SEC-related auditing services, certain circumstances may warrant serious consideration of whether to become a Dodd-Frank whistleblower.

From the perspective of the accounting firms, it will become critical to enhance internal compliance functions in order to reduce the risk that an accountant-employee will decide to provide information directly to the SEC, rather than try to resolve the issue internally, using established compliance mechanisms. The SEC has now paved the way for auditors to become Dodd-Frank whistleblowers, but only time will tell how expansive a role auditor-whistleblowers will play in the SEC’s rekindled efforts to enforce the securities laws.

Amy Walsh is a partner at Kostelanetz & Fink LLP in New York. She was formerly Assistant United States Attorney in the Eastern District of New York for 11 years and served as chief of the Business & Securities Fraud Section. She is an expert in areas of the Dodd-Frank Act, as it relates to the whistleblower provision. She can be reached at awalsh@kflaw.com. Stephanie Atkinson, an associate at Kostelanetz & Fink LLP, assisted in the preparation of this article.

For reprint and licensing requests for this article, click here.