Dual-Pronged Protections for Record-Keeping Whistleblowers

by | August 14, 2017 | Whistleblower Law

Because bribery cannot be conducted transparently without leaving a trail of breadcrumbs directly back to the wrongdoing, any scheme by a registered company to bribe foreign officials will almost certainly run afoul of the Foreign Corrupt Practices Act’s (“FCPA”) record-keeping provisions. However, the FCPA’s record-keeping provisions reach well beyond bribery. The FCPA delineates far-reaching rules on proper accounting and record-keeping that apply to a company’s domestic and foreign businesses and need not implicate any form of bribery at all despite the name of the regulating statute. In fact, a 2003 study by Jonathan M. Karpoff found that, of the SEC’s 604 FCPA enforcement actions since the law’s inception in 1977, only seven percent related to foreign bribery. Additionally, whistleblowers who report these types of FCPA violations are protected from retaliation by the Dodd-Frank Wall Street Reform and Consumer Protection Act’s (“Dodd-Frank”) whistleblower protection provisions and the Sarbanes Oxley Act of 2002.

The FCPA’s record-keeping provisions apply both to “issuers” of securities who have registered with the SEC under §78l(g) of the Securities and Exchange Act of 1934 (“the Exchange Act”) and to every issuer which is required to file reports pursuant to section 78o(d) of the Exchange Act. Because of the breadth of the Exchange Act’s definitions of the terms “issuer,”[1] “person,”[2] and “security,”[3] the FCPA’s record-keeping provisions essentially apply to all SEC-registered businesses and, under 15 U.S.C. §78m(b)(6), their majority-owned subsidiaries. The FCPA record-keeping provisions state that the issuer must:

  • Make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer;
  • Devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances that—
  • transactions are executed in accordance with management’s general or specific authorization;
  • transactions are recorded as necessary (I) to permit preparation of financial statements in conformity with generally accepted accounting principles or any other criteria applicable to such statements, and (II) to maintain accountability for assets;
  • access to assets is permitted only in accordance with management’s general or specific authorization; and
  • the recorded accountability for assets is compared with the existing assets at reasonable intervals and appropriate action is taken with respect to any differences.

15 U.S.C. § 78m(b)(2). The language above makes it clear that a company is not only liable under the FCPA for the unlawful transaction itself, but it is also liable for the manner in which it books that transaction for accounting purposes. In fact, the SEC often prosecutes companies for maintaining insufficient internal controls and accounting protocols, even when it is unclear whether improper payments have been made. The SEC’s 2012 case against Oracle is an example of a case primarily concerned with the company’s failure to maintain proper record keeping and accounting protocols. In this California securities fraud case, Oracle failed to maintain the proper internal controls to prevent its employees from creating “slush funds” from which they could pay bribes to local authorities. The lack of internal controls ultimately resulted in falsified invoices, and improperly booked funds that could have been used for bribery and embezzlement.

The FCPA record-keeping provisions instill these same record-keeping requirements generally on all corporations registered with the SEC, and as the provisions regulate registered issuers of securities, they implicate the whistleblower provisions of Dodd-Frank. Accordingly, a whistleblower wishing to report an SEC-registered corporation that failed to maintain proper record-keeping and accounting protocols, may be in line to receive between ten and thirty percent of the total monetary sanctions received from the wrong-doer. The whistleblower also would be protected from any retaliation stemming from his disclosure of the violations. Furthermore, the SEC, the Ninth Circuit Court of Appeals, and the Second Circuit Court of Appeals all believe that these anti-retaliation provisions apply even where a whistleblower has only reported the wrongdoing internally.[4] This places California and New York Dodd-Frank retaliation lawsuits on particularly solid ground. Violations of the Dodd-Frank anti-retaliation provisions result in reinstatement, and double damages plus attorney’s fees. Actions under the Dodd-Frank anti-retaliation provisions are permitted up to six years after the date of the retaliatory violation or three years after “the date when facts material to the right of action are known or reasonably should have been known by the employee alleging a violation of subparagraph (A).” 15 U.S.C. § 78u-6(h)(1)(B)(iii)(I).

The Sarbanes Oxley Act of 2002 also regulates record-keeping and accounting practices among registered issuers of securities and also provides separate protections for employees reporting violations. Particularly, Section 404 of Sarbanes Oxley (15 U.S.C. §7262) requires registered issuers to reaffirm management’s internal control responsibilities and include an assessment of the company’s internal controls on financial reporting in every annual report. Section 302 of Sarbanes Oxley (15. U.S.C. § 7241) also requires company officers to personally certify that they are responsible for the company’s periodic reports and that the information contained within the reports is accurate. Additionally, Sarbanes Oxley Section 806 (18 U.S.C. § 1514A) provides that registered issuers, or those required to file reports, may not retaliate against employees for reporting potential securities law violations to the Federal Government, Congress, or “a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct).” If the employee brings a successful retaliation claim, the employee is entitled to “all relief necessary to make [him/her] whole” including reinstatement, back pay with interest, and “compensation for any special damages sustained as a result of the discrimination, including litigation costs, expert witness fees, and reasonable attorney fees.”

Employees should remember that even though the unlawful financial transaction itself may appear on its face to be the more egregious violation, the US Government views violations of record keeping and accounting provisions as equally significant. This is particularly important given that many employees may be more likely to witness evidence of improper record-keeping than of the unlawful financial transaction itself. The US Government seeks to regulate both sides of this coin in order to ensure transparency between the public entity and the investor, and to maintain stability in home and foreign markets. The Government provides statutory protection and awards to whistleblowers, because it needs the assistance of whistleblowers to catch these problems before they have time to cause too much damage to the market and its investors.


[1] Under 15 U.S.C. §78(c)(a)(8), an “issuer” is “any person who issues or proposes to issue any security; except that with respect to certificates of deposit for securities, voting-trust certificates, or collateral-trust certificates, or with respect to certificates of interest or shares in an unincorporated investment trust not having a board of directors or of the fixed, restricted management, or unit type, the term ‘issuer’ means the person or persons performing the acts and assuming the duties of depositor or manager pursuant to the provisions of the trust or other agreement or instrument under which such securities are issued; and except that with respect to equipment-trust certificates or like securities, the term ‘issuer’ means the person by whom the equipment or property is, or is to be, used.”

[2] Under 15 U.S.C. §78(c)(a)(9), the term “person” refers to “a natural person, company, government, or political subdivision, agency, or instrumentality of a government.”

[3] Under 15 U.S.C. §78(c)(a)(10), the term “security” refers to “any note, stock, treasury stock, security future, security-based swap, bond, debenture, certificate of interest or participation in any profit-sharing agreement or in any oil, gas, or other mineral royalty or lease, any collateral-trust certificate, preorganization certificate or subscription, transferable share, investment contract, voting-trust certificate, certificate of deposit for a security, any put, call, straddle, option, or privilege on any security, certificate of deposit, or group or index of securities (including any interest therein or based on the value thereof), or any put, call, straddle, option, or privilege entered into on a national securities exchange relating to foreign currency, or in general, any instrument commonly known as a ‘security’; or any certificate of interest or participation in, temporary or interim certificate for, receipt for, or warrant or right to subscribe to or purchase, any of the foregoing; but shall not include currency or any note, draft, bill of exchange, or banker’s acceptance which has a maturity at the time of issuance of not exceeding nine months, exclusive of days of grace, or any renewal thereof the maturity of which is likewise limited.”

[4] Due to a Circuit split, the matter is now before the United States Supreme Court.