CPA Magazine Blogs
- Category: Columnnist Blog
- Created on Thursday, 29 December 2011 21:59
- Written by Amy Walsh, Esq.
The SEC in May issued its final rules implementing the new whistleblower program of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (PL 111-203), which became effective on August 12, 2011. Whistleblowers with information about violations of the securities laws can now potentially collect between 10% and 30% of the money recovered by the SEC in a successful enforcement action.
Under certain potentially broad circumstances, independent auditors can be eligible to become Dodd-Frank whistleblowers, based on information they learn about their clients during the audit engagement. In addition, employees of an accounting firm performing an audit for a public company can become whistleblowers against the accounting firm if that firm fails to comply with its obligations under the securities laws to report unlawful conduct occurring at the public company being audited. (For the text of the final rules and the SEC’s description of them, see tinyurl.com/3l8dx9w.)
Dodd-Frank provides that to be eligible for a whistleblower award: (1) an individual must be a “whistleblower” as that term is defined below; (2) the individual must “voluntarily” provide the SEC with “original information”; (3) the original information must lead to a successful enforcement action by the SEC; and (4) the successful enforcement action must result in monetary sanctions of more than $1 million arising out of the same core facts (section 21F of the Securities Exchange Act of 1934 (15 USC 78a et seq.), added by Dodd-Frank). The SEC rules further define the terms used in the Dodd-Frank statutory language.
First, a whistleblower is someone who, alone or jointly with others, provides information to the SEC relating to a possible violation of the federal securities laws that has occurred, is ongoing or is about to occur (Rule 21F-2(a)).
Information is provided voluntarily if the whistleblower makes his or her submission before a request, inquiry or demand regarding the same matter is directed to the whistleblower (or his or her representative) by the SEC, the Public Company Accounting Oversight Board (PCAOB) or any self-regulatory organization (SRO); Congress; any other federal authority; or a state attorney general or securities regulatory authority (Rule 21F-4(a)). Examples of SROs are given at Rule 21F-4(h). They include any national securities exchange, registered securities association or registered clearing agency; the Municipal Securities Rulemaking Board; and any other organization defined as an SRO under section 3(a)(26) of the Exchange Act (15 USC § 78c(a)(26)). In essence, the whistleblower must get to the government before the government gets to the whistleblower.
Information is original if it is derived from the whistleblower’s independent knowledge or independent analysis that is not already known to the SEC from any other source and is not exclusively derived from an allegation made in a judicial or administrative hearing; a governmental report, hearing, audit or investigation; or a report from the news media (Rule 21F-4(b)). In addition, original information includes only information that is initially submitted after July 21, 2010, the date Dodd-Frank was enacted.
The rules also cover how a whistleblower submission may be made and what kinds of information are required, criteria for setting the amount of a whistleblower award, confidentiality of submissions, anti-retaliation protections, appeal procedures and other aspects that are beyond the scope of this article. The nuts and bolts of the whistleblower submission process can be found on the SEC’s new webpage at www.sec.gov/whistleblower, which was launched simultaneous with the final rules becoming effective on August 12, 2011.
Exclusion of Independent Auditors of Public Companies
Except to the extent and under circumstances described below, the rules prohibit an award to an accountant who gains information during “an audit of financial statements required under the securities laws and for whom such submission would be contrary to the requirements of Section 10A of the Securities Exchange Act,” that is, an accountant who gains information about wrongdoing during the audit of a public company (Rule 21F-8(c)(4) (eligibility for award)).
Section 10A of the Securities Exchange Act provides that if an auditor of a public company becomes aware of information indicating that an illegal act has or may have occurred, the auditor must: (1) investigate the financial materiality of the illegal act and inform management and the company’s audit committee; (2) if the company fails to take appropriate remedial action, the auditor must report its conclusions to the company’s board of directors, which is then obligated to inform the SEC within one business day; and (3) if the board of directors fails to inform the SEC within the required period, the auditor must report its conclusions directly to the SEC (see 15 USC § 78j-1(b)). Accordingly, this rule prevents an auditor who is already obligated to report information to the SEC from personally profiting from reporting that same information as a whistleblower.
Rule 21F-8(c)(6)(i) further bars from being a whistleblower any second party who acquires the information from a person subject to the above rule, unless the information involves a violation by the auditor. In other words, if an auditor, as part of an SEC-required engagement, learns about wrongdoing by the client and tells someone else about it, that person generally can’t blow the whistle. But if the second person believes that the auditor was involved in the wrongdoing, then he or she can blow the whistle.
Rule 21F-8(c) also contains other categorical disqualifications, such as for members, officers or employees of the SEC, Department of Justice, PCAOB, foreign governments and certain other agencies and organizations. Law enforcement employees and officials also are ineligible.
Limited Eligibility for Auditors of Public Companies
However, for accountants and accounting firms, perhaps the most important aspect of the whistleblower rules is the fact that an employee of (or any person associated with) an independent auditor of a public company can make a whistleblower submission alleging that the auditor failed to assess, investigate or report wrongdoing in accordance with Section 10A, or that the auditor failed to follow other professional standards (SEC Release no. 34-64545, pages 140-141).
Moreover, if the whistleblower makes such a 10A submission, the whistleblower will be able to obtain an award not only from a successful enforcement action against the auditing firm, but also from any successful enforcement action against the firm’s engagement client (Release no. 34-64545, page 141).
In allowing such claims, the goal of the SEC is to “help insure that wrongdoing by the [accounting] firm (or its employees) is reported in a timely fashion” (Release no. 34-64545, page 141). According to the SEC, this goal is paramount “because of the important gatekeeper role that auditors play in the securities markets.”
Independent Auditors of Broker-Dealers and Investment Advisers
Another hurdle also prevents independent auditors in most circumstances from making a whistleblower submission directly to the SEC in most instances. Rule 21F-4(b)(4)(iii)(D) excludes from the definition of “independent knowledge and analysis” information that was: (1) learned by employees of, or anyone associated with, a public accounting firm; (2) in connection with an audit or other engagement required under the federal securities laws; and (3) if that information relates to a violation by the engagement client or the client’s directors, officers or other employees.
However, according to the SEC, this exclusion applies only to engagements required under federal securities laws where such engagements are not covered by the rule relating to auditors of public companies, such as audits of broker-dealers and investment advisers (Release no. 34-64545, pages 72-73; Rule 21F-4(b)(4)(iii)(D) also states it applies to engagements other than an audit subject to the rule pertaining to public company audits described above). Thus, subject to the exceptions listed below, an accountant performing an annual audit for a broker-dealer cannot run to the SEC as a whistleblower when the accountant’s information about the alleged securities law violation was gained during the course of the audit engagement.
Limited Eligibility for Auditors of Broker-Dealers or Investment Advisers
An auditor of a broker-dealer or investment adviser can become a whistleblower if any one of the following circumstances applies: (1) there is a reasonable basis to believe that the disclosure of the information to the SEC is necessary to prevent the entity from engaging in conduct that is likely to cause substantial injury to the entity or investors; (2) there is a reasonable basis to believe that the entity is engaging in conduct that will impede an investigation of misconduct (for example, destroying documents, improperly influencing witnesses or engaging in other improper conduct that may hinder the investigation); or (3) 120 days have elapsed from when the independent auditor provided information about a possible violation through the entity’s internal reporting system, or provided the information to the auditor’s supervisor (or 120 days have elapsed since the auditor received the information, if circumstances indicate officers of the entity or the auditor’s supervisor were already aware of it) (Rule 21F-4(b)(4)(v)).
Although these standards present the challenge of interpreting the terms “reasonable basis to believe” and “substantial injury,” certain circumstances will stand out as clearly falling within the exceptions. For example, an auditor who has reason to believe that his or her client is engaging in a Ponzi scheme should seriously contemplate becoming a Dodd-Frank whistleblower. Or, an auditor who becomes aware that an engagement client is destroying documents during an SEC examination should similarly consider reporting that information as a whistleblower.
Other Implications for CPAs
Although the final Dodd-Frank rules appear at first blush to exclude independent auditors from becoming whistleblowers, the exceptions may swallow the rules of exclusion. From the perspective of the individual accountant performing SEC-related auditing services, certain circumstances may warrant serious consideration of whether to become a Dodd-Frank whistleblower. CPAs should consult the AICPA Code of Professional Conduct and Bylaws, as well as rules and regulations of their state boards of accountancy, since such rules may prohibit certain disclosures of confidential client and employer information.
From the perspective of the accounting firms, it will become critical to enhance internal compliance functions in order to reduce the risk that an accountant-employee will decide to provide information directly to the SEC, rather than try to resolve the issue internally, using established compliance mechanisms. The SEC has now paved the way for auditors to become Dodd-Frank whistleblowers, but only time will tell how expansive a role auditor-whistleblowers will play in the SEC’s rekindled efforts to enforce the securities laws.
Circumstances within a Company That Can Silence the Whistle
In addition to independent auditors, other roles commonly engaged in by CPAs within companies may prohibit them in most instances from becoming Dodd-Frank whistleblowers. Just as knowledge of wrongdoing gained from an independent audit may not be considered independent knowledge and analysis and therefore not “original information” eligible for an award, so too the SEC will not consider information to be independent and original if obtained because the would-be whistleblower is an employee whose principal duties involve compliance or internal audit responsibilities within an entity that is the subject of the information, or is associated with a firm retained to perform those functions (Rule 21F-4(b)(4)(iii)(B)).
Another exclusion applies to officers, directors, trustees or partners of an entity who learn about a possible violation from another person or in connection with the entity’s processes for identifying, reporting and addressing potential violations (Rule 21F-4(b)(4)(iii)(A)). A person employed by or associated with a firm retained to inquire into or investigate a possible violation is not eligible. However, in all these instances, the same limited eligibility applies as described above for engagements of broker-dealers: a reasonable belief of necessity to prevent substantial injury to the entity or investors or to prevent impeding an investigation into misconduct.