SEC Charges Broker-Dealer For Whistleblower Violations in its Compliance Manual and Annual Training Materials

On June 23, 2021, the US Securities and Exchange Commission (SEC or Commission) announced settled charges against broker-dealer Guggenheim Securities, LLC (Guggenheim) for violations of the whistleblower protection rule that prohibits actions impeding communications with the Commission, Rule 21F-17(a) of the Securities Exchange Act of 1934 (Exchange Act) (15 U.S.C. 78u-6). The Commission censured the firm and imposed a civil penalty of $208,912. According to the SEC’s order, Guggenheim’s compliance manual included language prohibiting employees from initiating contact with any regulator without prior approval from Guggenheim’s legal or compliance department, and the firm included similar language in its annual compliance training materials. The SEC found that this language could impede whistleblower reporting, and thus undermined the purpose of the whistleblower regulations, which are intended to encourage individuals to report possible securities laws violations to the Commission.

This is the fourteenth enforcement action brought by the SEC for impeding or potentially impeding reporting by whistleblowers since 2015, and it is the first instance that the SEC has initiated proceedings against a company for violations of Rule 21F-17 based on language in a compliance manual. This action should serve as an important notice to all companies that the SEC’s Division of Enforcement does not consider this rule to be limited to severance agreements and confidentiality provisions, a prior industry focus, but also covers provisions in compliance and supervisory materials as well as training documents. Accordingly, companies subject to SEC regulation should ensure that all of their written policies and procedures are in full compliance with the whistleblower regulations.

This Advisory discusses the background of the applicable SEC whistleblower provisions, summarizes the Commission’s recent action against Guggenheim, and identifies some key takeaways for companies to consider.

Background

The Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) amended the Exchange Act by, among other things, adopting Section 21F. 15 U.S.C. § 78u-6. Section 21F, entitled “Securities Whistleblower Incentives and Protection,” directs the Commission to make monetary awards to eligible individuals who voluntarily provide original information that leads to successful SEC enforcement actions resulting in monetary sanctions over $1 million, and successful related actions. As detailed in our Advisory that surveyed recent enforcement activity resulting in unprecedented SEC whistleblower awards, the Division of Enforcement is likely also actively policing compliance with the whistleblower “protection” components of the rules.

In addition to providing monetary awards to certain whistleblowers, Dodd-Frank and the Commission’s implementing rules create confidentiality protections for whistleblower submissions, prohibit employers from retaliating against whistleblowers for providing information to the SEC, and, as relevant in the Guggenheim case, prohibit companies and individuals from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . .” 17 C.F.R. §§ 240.21F-17(a).

Rule 21F-17 went into effect in August 2011. The first case alleging violations of Rule 21F-17 was then brought in April 2015, when the SEC settled charges for language in a company’s form confidentiality agreements used for interviews during internal investigations that prohibited disclosing the particulars or subject matter discussed during the interview without the prior authorization of the company’s law department. Several additional enforcement actions followed—largely related to language in companies’ severance agreements—and, in October 2016, the Office of Compliance Inspections and Examinations (now named the Division of Examinations) issued a risk alert, specifically identifying compliance manuals, codes of ethics, employment agreements, and severance agreements as documents of specific focus during examinations of registered investment advisers and broker-dealers. The risk alert noted that the SEC staff would focus on provisions that “(a) purport to limit the types of information that an employee may convey to the Commission or other authorities; and (b) require departing employees to waive their rights to any individual monetary recovery in connection with reporting information to the government.”

Administrative Proceedings Against Guggenheim

According to the findings in the Commission’s order, which Guggenheim neither admitted nor denied, from April 2016 to July 2020, the firm’s compliance manual contained the following language:

Employees are also strictly prohibited from initiating contact with any Regulator without prior approval from the Legal or Compliance Department. This prohibition applies to any subject matter that might be discussed with a Regulator, including an individual’s registration status with FINRA. Any employee that violates this policy may be subject to disciplinary action by the Firm.

According to the order, Guggenheim had reviewed and updated this manual annually. New hires were required to sign an acknowledgement that they had read the manual, and all employees had to sign such an acknowledgment on an annual basis.

In addition, according to the order, similar language was used in at least two annual compliance trainings. Specifically, the training materials contained a slide entitled “Communications with Regulators” with the following sub-bullet:

Employees are prohibited from initiating contact with any regulator without prior approval from Legal or Compliance, including conversation[s] regarding an individual’s registration status with FINRA.

The Commission also found that Guggenheim Capital, LLC (GC), which is the majority indirect owner of Guggenheim, maintained additional policies and procedures that applied to Guggenheim employees. According to the order, GC’s Code of Conduct included a provision that it “should not be interpreted to restrict or interfere with any employee’s rights, free speech, or any whistleblower protections under applicable laws, regulations and requirements.” In July 2016, as part of a review of applicable whistleblower and confidentiality provisions, GC added language to its Code of Conduct that provided: “Nothing in this policy or any other Company policy or agreement is intended to prohibit you (with or without prior notice to the Company) from reporting to or participating in an investigation with a government agency or authority about a possible violation of law, or from making other disclosures protected by applicable whistleblower statutes.” Finally, and importantly, the order noted that, if there were circumstances in which a GC policy and a Guggenheim policy covered the same procedures, the more restrictive policy was to be followed.

Guggenheim revised the language in the compliance manual after being contacted by the SEC staff, and the Commission acknowledged that it was unaware of any instances in which (i) an employee was prevented from communicating any potential securities laws violations or (ii) Guggenheim took action to enforce the compliance manual’s restrictions or otherwise prevent such communications.

Practical Takeaways

The message of this enforcement action is clear: the SEC does not consider Rule 21F-17 to be limited to severance agreements or confidentiality agreements. In light of this case, companies would be well advised to conduct a prompt and thorough review of applicable documents to ensure that they do not limit, or could be read to limit or impede in any way, an individual’s rights to communicate freely with the Commission about a possible securities law violation. In conducting this type of risk assessment, the following are some considerations to bear in mind:

• Thorough and expansive document review. The review should be expansive and cover any documentation an employee is expected to review, follow, or receive during the course of her/his employment, such as (i) compliance manuals, (ii) training materials, (iii) codes of ethics, (iv) employment manuals, (v) codes of conduct, (vi) employment agreements, (vii) separation agreements, (viii) employee incentive plans and related agreements, and (ix) confidentiality agreements, including those used during an internal investigation.
• Contractor, investor, and other third-party documents. Rule 21F-17 is not limited to communications with employees; it also prohibits actions that would impede any “individual” from reporting to the SEC. This means that a company should consider documents that cover non-employees, such as agreements with consultants and contractors, as well as investor documents.
• Review for unclear or contradictory terms. The Commission expects companies to speak clearly in its agreements and policies,¹ and it is important that the documents do not contain contradictory terms. As evidenced by the Guggenheim case, compliant language in one document does not necessarily excuse non-compliant or contradictory language in another.

Arnold & Porter is continuing to monitor developments in this area and will continue to issue client advisories related to whistleblowing and best practices for companies. If you are seeking advice on conducting a risk assessment review for language that potentially violates Rule 21F-17, or how to mitigate risks in connection with whistleblower reporting and compliance, please reach out to any author of this Advisory or your regular Arnold & Porter contact.

© Arnold & Porter Kaye Scholer LLP 2021 All Rights Reserved. This Advisory is intended to be a general summary of the law and does not constitute legal advice. You should consult with counsel to determine applicable legal requirements in a specific fact situation.