In its 2019 Annual Report to Congress, the U.S. Securities and Exchange Commission (“SEC” or “Commission”) whistleblower program announced a “momentous milestone”: The SEC has ordered over $2 billion in sanctions since the inception of the whistleblower program.

The Report outlined other key statistics from FY 2019.  Approximately $60 million was awarded to eight individuals in FY 2019.  Further, the Commission received over 5,200 tips in FY 2019, representing “the second largest number of tips received in a fiscal year.”  The Report noted that from FY 2012 to FY 2019, whistleblower tips to the Commission increased by approximately 74 percent.

The Report also highlighted current trends in whistleblower activity.  International activity was significant, as evidenced by the fact that in FY 2019 individuals from 70 foreign countries submitted whistleblower tips to the Commission.  In FY 2019, three of the whistleblower award recipients “were located abroad, or reported conduct that was occurring abroad, demonstrating the international reach of the program.”  Moreover, several award recipients “reported misconduct that was impacting retail investors, furthering a Commission priority to protect the Main Street investor.”  The Report noted that seven of the eight individuals who received whistleblower awards “reported their concerns to the company.”  Another trending category was cryptocurrencies, which accounted for nearly 300 tips in FY 2019.

The Report underscored the Office of the Whistleblower “continues to view anti-retaliation protections as a high priority to ensure that whistleblowers can report to the Commission without fear of reprisal.”  Similarly, the Report noted the Office of the Whistleblower “continues to work with investigative staff to identify and investigate practices in the use of confidentiality and other kinds of agreements, or engagement in other practices, to interfere with individuals’ abilities to report potential wrongdoing to the Commission.”

As evidenced in the SEC’s Report, the whistleblower program remains in full swing.  Being familiar with the SEC whistleblower program’s activities and priorities can provide valuable information as employers evaluate their policies and procedures.

Too often, internal investigators mistakenly conclude that their reports are for the exclusive review of decision-makers.  Sometimes, this may be true.  However, more often than not, there are two audiences of which an investigator should be mindful – a primary audience and a secondary audience.

The primary audience is the immediate recipient(s) of the report.  This can be a manager, a human resources director, the general counsel’s office, the president or chief executive officer, an audit committee, or the board of directors.  This audience is responsible for digesting the report and making business decisions based on the report.

The secondary audience includes third parties that may review the report for any number of reasons, but who are most often assigned to analyze and question the report.  These third parties can be regulatory bodies, government agencies, an opposing attorney, a court, jurors, or external auditors.  The secondary audience is often looking for fault and/or non-compliance.

Both audiences are equally important and neither audience’s role should be ignored by the report’s author.

The primary audience must understand the findings and conclusions in order to make appropriate decisions impacting an organization.  The primary audience should understand what took place, when it took place, and how, if at all, the underlying facts might relate to company policies or the law.  The primary audience must also understand possible options for remedial steps like training, disciplinary action against someone who violated policy, or termination of an employee.

The secondary audience must understand the same issues as the primary audience.  However, the secondary audience must also understand a number of key points important to legal defenses:  (1) the company takes allegations of wrongdoing seriously; (2) it employs measures to address wrongdoing; (3) it responds to allegations of wrongdoing with a prompt and thorough investigation of the facts; (4) it remedies any wrongdoing; (5) it prohibits retaliation; and (6) the company directs and encourages employees and management alike to comply with laws, regulations, and internal policies.

Report authors should avoid the trap of thinking an investigative report will only be reviewed by internal decision-makers.  While the primary, internal audience is important, the secondary audience is often the one analyzing the report for fault, mistakes, misstatements, or other blemishes that may result in company liability.

The importance of a prompt and thorough internal investigation is more evident than ever, and an effective investigation plan can protect the company’s interests when reviewing internal complaints.  Consider the following when developing an investigation plan.

Take Necessary Immediate Action: When receiving a complaint, outline the issues involved to determine if there are any necessary immediate action items. Should the company separate the employees involved (e.g., implement schedule changes or a leave of absence, with an eye toward avoiding negative action against the complainant)? Is there threat of imminent harm to an individual? Will the investigation be compromised if the company does not take immediate action?

Review: Review applicable policies (e.g., harassment, work rules, progressive discipline) and company practices related to the outlined issues. Review personnel files and other documents to assess whether there is a history of improper conduct, similar complaints in the past, and information relating to motive or bias.

Identify An Investigator: Who has experience and/or training for this particular complaint? Consider whether the identified investigator is directly or indirectly involved with the complaint. Is the individual a close friend of or in a subordinate position to the complainant or the accused? If yes, the investigator may not be perceived as objective. Will the investigator be an effective witness in future administrative or civil proceedings? Is the investigator knowledgeable of company policies? Depending on the circumstances, assistance from an outside investigator or legal counsel may be necessary. Consider whether there are threats of legal action, serious acts, previous lawsuits by the complainant, or whether the company failed to act on prior known complaints.

Develop An Interview Strategy: At the onset, identify key witnesses, when and where to conduct each interview (off-site, in private, conference room), and prepare a list of questions for each interviewee. Reference the outline of issues to ensure questions are tailored to elicit critical information and details associated with each issue. Anticipate that the witness list may be subject to change as the interviews progress. If necessary, witnesses may also be taken out of order and questions may be modified.

Preserve Evidence: Through the course of an investigation, key documents, files, audio and visual recordings may be identified. Take measures to preserve these sources of information as needed. In light of potential allegations of cyberbullying and harassment, ask an employee if they are willing and able to provide a copy of any purported harassing or discriminatory on-line post or text message. Further, ask the employee to retain the information until otherwise informed. Document such a request in the investigation plan.

With these investigation plan practices in mind, the company may be better prepared to resolve workplace disputes and establish it conducted a reasonable, good faith investigation.

The Department of Justice Criminal Division has clarified its policy on the Department’s assessment of a company’s claim that it cannot afford to pay a criminal fine in a memorandum issued on October 8, 2019.  Criminal Division department head Brian Benczkowski had previewed the memorandum during a speech in September.

While the DOJ already permitted corporate defendants to seek reduction of criminal fines, the Benczkowski memo sets forth more specific guidelines on the factors that will support a claim for fine reduction, signaling efforts to make the criminal fine assessment procedures more transparent.  The Benczkowski memo is particularly useful, considering the Federal Sentencing Guidelines on corporate criminal fines can be confusing and vague.  The defense often has difficulty determining what facts it must demonstrate to establish a company’s inability to pay.

The Federal Sentencing Guidelines permit reduction of criminal fines if a company is unable to pay the fine, even on installment (aka, a corporate poverty claim).  Before asserting an inability to pay, the company and the government must agree on what the fine should be under the law, notwithstanding the company’s finances.  Then, companies seeking to establish an inability to pay must complete an 11-question questionnaire on the company’s finances, including assets and liabilities, current and anticipated cash flow, and working capital needs.

Criminal Division attorneys use the responses when applying the statutory sentencing factors (18 U.S.C. § 3572(a) & (b)), the Federal Sentencing Guidelines (U.S.S.G. § 8C2.2 & 8C3.3), and the Justice Manual’s principles on consideration of collateral consequences in corporate criminal cases.  Footnote four of the Benczkowski memo confirms that Criminal Division attorneys may adjust a proposed fine based on a significant adverse collateral consequence, even if that consequence might not threaten the organization’s viability.  Significantly, the Benczkowski memo identifies adverse collateral consequences deemed relevant and irrelevant to the assessment of a company’s inability to pay claim.

Relevant collateral consequences include the company’s ability to fund pension obligations or provide the amount of capital, maintenance, or equipment required by law or regulation.  Additionally, Criminal Division attorneys may consider whether the proposed monetary penalty is likely to cause layoffs, product shortages, or significantly disrupt competition in a market.

Collateral consequences generally deemed irrelevant include adverse impacts on growth, future opportunities, planned or future product lines, future dividends, unvested or future executive compensation or bonuses, and planned or future hiring or retention.

While Criminal Division attorneys have significant discretion to reduce a company’s criminal fine or monetary penalty, it is subject to certain limitations.  The Benczkowski memo mirrors the language of both the statutory sentencing factors and Federal Sentencing Guidelines in checking this discretion.  Attorneys may only recommend an adjustment to the monetary penalty to the extent necessary to avoid (1) threatening the continued viability of the organization and/or (2) impairing the organization’s ability to make restitution to victims.

Benczkowski explained that the clarified guidelines are meant to promote transparency and incentivize corporate compliance. Generally, members of the defense bar have acknowledged the DOJ’s movement toward transparency and welcomed the new guidance.  If a company receives a reduction in fines, the reasons for granting it will likely be in the settlement, offering other companies insight into what may qualify as a “significant collateral consequence” for the purposes of fine reduction.  Ultimately, the Benczkowski memo and the DOJ policy contained therein signals a new era of cooperation, providing relief to companies facing financial ruin in the face of steep criminal fines, while incentivizing cooperation and compliance with the Criminal Division.

The White Collar and Government Enforcement practice group at Jackson Lewis, PC is experienced in handling corporate sentencing issues and available to assist clients facing such matters.

A threshold issue in any internal investigation is the selection of an investigator.  A number of considerations will guide a company’s decision.

Internal or External Investigator

There are several factors to consider in selecting an investigator, and practical considerations frequently indicate that the investigation be conducted by an internal investigator.  However, employers often opt to engage external investigators for a variety of reasons, including high stakes or highly sensitive matters, investigations of a high-level officer, or investigations of an employee in the internal investigator’s chain of command.

If an external investigator is selected, the company should provide the investigator access to material company policies.  It may be appropriate to identify an independent company representative to assist the investigator in gaining access to personnel files and other documents and information needed to conduct the investigation.  In some cases, a special committee composed of subject matter experts from relevant areas of the company may be desirable to assist in the investigation.

Ability to Testify

Another consideration is whether the investigator will be available to the company to testify in disciplinary proceedings, arbitrations, and litigation.  The company should discuss this issue with the investigator at the onset to confirm that the investigator has the requisite experience, capability, and willingness to testify in such proceedings.

Special Considerations for Attorney-Investigators

Other considerations apply when the investigator is an attorney.  For example, if an attorney conducts the investigation, the company should consider that in future proceedings, the investigator may be a witness.  Additionally, in certain circumstances, the factual investigation and findings of an outside attorney may be subject to disclosure in future proceedings, even if the company takes the initial position that the investigator’s work is subject to the attorney-client communication privilege or the attorney work-product doctrine.

Ultimately, several factors affect a company’s decision in selecting an investigator.  The decision should be given significant weight, as it can impact the effectiveness of the investigation as a whole.

In today’s post #MeToo era, most companies, big or small, will likely need to conduct an internal investigation on an employee’s claims. Knowing how to conduct a successful internal investigation will help a company protect itself. Not only do internal investigations help avoid litigation, they may also improve employee morale, increase productivity, and oftentimes, end inappropriate conduct in the workplace.

Here are several items to consider when preparing for and conducting effective internal investigations:


  1. Intake each complaint. Who and what has the employee reported? When and where did the conduct occur? Before beginning interviews, conduct an initial interview to assess the scope of the investigation. In addition, gather background information such as policies, procedures, prior relevant complaints, and the personnel files for each involved party.
  2. Preserve evidence. If there is evidence of the alleged misconduct in emails, instant messages or videos, take steps to protect and preserve that information in its original form in a timely manner.
  3. Interview key witnesses. Interview the complainant, witnesses who saw or know something, co-workers, managers/supervisors, and persons with other key knowledge. When interviewing each individual, ask that individual to identify other witnesses or evidence relevant to the investigation. If a witness refuses to participate in an interview, document any unsuccessful attempts to interview him/her.
  4. Interview separately. After identifying the relevant parties, interview each party alone and in private. Interviewing each individual separately helps bring out more information from each party. As you interview, look for opportunities to find inconsistencies with each party’s story.
  5. Implement corrective action if needed. Determine corrective action, develop a plan, and be open to conducting additional training as a preventative measure.


  1. Appear biased. Enter into each investigation with an open mind. Do not act or appear to act out of malice towards the complainant or any other individual.
  2. Promise confidentiality. You may instead assure involved parties that you will treat all information with the utmost sensitivity and share that information only on a need-to-know basis.
  3. Spread news. Do not discuss the investigation with persons inside or outside the company that have no need to know about it.
  4. Forget a closeout report. The closeout report should include a summary of the allegations, the evidence gathered, and the factual conclusions. Take careful notes throughout the investigation so that you can easily recall information to add to the report.
  5. Forget to follow up. After the investigation concludes, notify the relevant parties, including the complainant, that appropriate action has been taken and advise the witnesses to immediately raise any concerns of retaliation.



Codes of Conduct are designed to set forth an organization’s values and principles, while detailing expectations for employees. In many ways, it is one of the most important documents an organization can develop. At times, when an employer decides it needs to develop a Code, it often asks counsel whether there is a sample Code or boilerplate language the company can adopt. But is an “off-the-shelf” Code of Conduct really of any value to an organization? The answer should be apparent – sufficient consideration should be devoted to a task that the organization will say this is the standard by which our business will operate!

Legal sources recommending or requiring Codes of Conduct and Business Ethics typically offer little in the way of details as to what an effective Code must include. For example, Section 802.1(a) of the Federal Sentencing Guidelines provides that in order for an organization to mitigate vicarious liability for the criminal conduct of its employees, it must have an effective compliance and ethics program in place. However, in describing an effective compliance and ethics program, the Guidelines provide little guidance other than requiring the organization to use due diligence to prevent and detect criminal conduct and otherwise promote an organizational culture that encourages ethical conduct by its employees and a commitment to compliance with legal requirements. The Guidelines state that compliance and ethics programs must be “reasonably designed, implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct.”

Similarly, Item 406 of Securities and Exchange Commission Regulation S-K requires covered companies to adopt a Code applicable to the principal executive officer, financial officer, accounting officer or controller or other persons performing similar functions. The Code must be reasonably designed to deter wrongdoing and to promote:

  • honest and ethical conduct;
  • full, fair and accurate timely and understandable reports to the Commission as well as public disclosures;
  • compliance with applicable laws; and
  • prompt internal reporting and accountability for adherence to the Code.

In addition to the requirements of Item 406, companies listed on the New York Stock Exchange are required to have a Code that applies to all directors, officers, and employees that addresses conflicts, corporate opportunities, confidentiality, fair dealing, protection of company assets, and legal compliance. Companies listed on NASDAQ must have a Code that applies to all directors, officers, and employees and contains an enforcement mechanism that ensures prompt and consistent enforcement of the Code, provides for anti-retaliation protection, clear and objective compliance standards, and a fair process to determine violations.

Beyond statutory and regulatory requirements, the particular industry a company operates within also may present particularized challenges that should be addressed in a Code. For example, is the company in a heavily-regulated industry like healthcare? Does the company have operations outside the United States? Does the company have government contracts that impose obligations on the company? In drafting or reviewing a Code of Conduct, these various factors must be taken into consideration. What works for one company might not work for another, even if the companies operate in the same industry. Since the fundamental principle underlying a Code of Conduct is that it be part of an effective compliance and ethics program, due consideration must be paid to what topics the Code needs to cover, whether the Code accurately and adequately reflects the company’s mission and core values, and whether the policies and reporting structures set forth in the Code are adequately designed to ensure issues raised by employees are timely and appropriately addressed.

In today’s climate, boards are under increased scrutiny and governance continues to be a key compliance function. As a result, sound governance practices are an important focus for organizations.

Boards are expected to set organizational culture and foster an environment that encourages ethical conduct and a commitment to legal compliance. These expectations have played out in the wake of the #MeToo movement, with many boards reviewing their contribution to the company’s culture and their role in monitoring that culture. Board members are now overseeing the addition of anti-harassment policies, establishing procedures for addressing workplace harassment complaints, and taking an active role in the company’s response to such complaints.

In order to further its goal of sound governance practices, the board should first understand its legal duties to the organization. These include:

  • The Duty of Care. Directors should exercise diligence and attentiveness to their board responsibilities by attending meetings and actively participating. They should exercise reasonable prudence in carrying out their duties in the best interest of the organization.
  • The Duty of Loyalty. Directors owe a duty to faithfully pursue the interests of the organization, rather than their own personal interests or that of any other person or organization. Directors should avoid conflicts of interest or even the appearance of them. Directors are prohibited from self-dealing or diverting opportunities for their own personal gain.
  • The Duty of Obedience.Directors should act with fidelity, within the law, to the organization’s mission. Directors should be familiar with federal, state, and local laws related to the organization, as well as be familiar with and follow the organization’s governing documents.
  • Fiduciary Responsibilities. Financial oversight is a core responsibility of the board. Directors have equal and shared fiduciary responsibility for the organization. They should understand the content and significance of the organization’s financial statements and audits, and protect and appropriately use the organization’s resources.

Successful boards are self-aware, function in constructive partnership with chief executives, and are committed to continually improving performance. Best practices for meeting these responsibilities and incorporating good governance principles often include:

  • Meeting Attendance. Board members should make it a priority to attend all board meetings unless exceptional circumstances exist. One of the legal obligations for all directors is the duty of care. Without attending meetings — and preparing for them conscientiously — a board member is less capable of participating in educated and independent decision-making.
  • Member Recruitment. The board should be strategic about member recruitment and define its ideal composition based on the organization’s priorities.
  • Strategic Planning. The board should play a substantive role in developing, approving, and supporting organizational strategy. One of the board’s primary responsibilities is to set the direction for the organization.
  • Chief Executive Oversight. The board should develop a written job description for the chief executive, define the annual expectations jointly with the chief executive, and evaluate the chief executive’s performance annually.
  • Audit. The board often oversees the organization’s annual audit, selects the auditor, and meets with the auditor in an executive session without staff present to discuss the results.
  • Review of Bylaws and Policies. The board should review and amend its bylaws periodically as necessary. Board members should also review company policies and training requirements to ensure they remain legally compliant and reflect best practices.
  • Use of Committees. The board’s standing committee structure should be lean and strategic. Typically only ongoing board activities warrant a standing committee.
  • Complaints and Investigations. The board should understand how to identify complaints in their various forms, take those complaints seriously, and ensure they are investigated by the right people. This includes ensuring that no employee is punished or discriminated against because he or she reported improper conduct.

Because the trend of increased board scrutiny will likely continue, board members should understand their roles and comply with the corresponding legal requirements.

In Wadler v. Bio-Rad Labs., Inc., the Ninth Circuit narrowed the circumstances under which a plaintiff can prove a Sarbanes-Oxley Act (“SOX”) claim.

Sanford Wadler, the former general counsel of Bio-Rad Laboratories, Inc., alleged that during his tenure, he raised concerns that Bio-Rad violated the Foreign Corrupt Practices Act (“FCPA”) in connection with certain business dealings in China. The CEO of Bio-Rad allegedly discovered that Wadler had reported his concerns to the Board’s Audit Committee and two days later, the CEO allegedly told human resources that “Wadler had ‘been acting a little bizarre lately’” and that he “might ‘want to put him on an administrative leave.’”

Wadler’s concerns were investigated, but the investigation concluded there was no evidence of an FCPA violation in China. Three days after the investigation findings were reported to the Board, the CEO fired Wadler.

Wadler sued under SOX, the Dodd-Frank Act, and California public policy. The jury returned a verdict in Wadler’s favor, resulting in an approximately $11 million award. The Defendants appealed, claiming the district court erred when it instructed the jury that the FCPA constitutes “‘rule[s] or regulation[s] of the Securities and Exchange Commission’ (‘SEC’) for purposes of whether Wadler engaged in ‘protected activity’ under SOX § 806[.]”

Applying concepts of statutory interpretation, the Ninth Circuit held that “an FCPA provision is not a ‘rule or regulation of the [SEC].’” The Ninth Circuit reasoned: “That the phrase ‘rule or regulation’ is used in conjunction with an administrative agency, the SEC, suggests that it encompasses only administrative rules or regulations,” not statutes such as the FCPA.

Wadler argued that the phrase “rule or regulation” should be interpreted broadly because of “SOX’s remedial purpose.” The Ninth Circuit swiftly rejected Wadler’s plea, reinforcing its conclusion that the statute’s text is paramount.

Ultimately, the Ninth Circuit “vacate[d] the SOX verdict” and remanded to the trial court with instructions “to consider whether a new trial is warranted.”

New board of directors appointments such as Indra Nooyi joining Amazon, Nikki Haley nominated by Boeing, and Michelle J. Howard as IBM’s latest director illustrate the accelerating trend of gender and minority diversity on corporate boards – an apt topic for Women’s History Month. And there are plentiful reasons for promoting board diversity.

Sometimes board diversity is required by law. Outside the U.S., primarily in Europe, gender diversity on boards is often required. Since 2003, when Norway adopted a 40% women directors standard, a number of other countries (including Germany, Spain, and France) now require various minimum women directors. In the U.S., California has become the first state to set gender diversity rules by law for all public corporations headquartered in the state. California’s SB 826 requires one woman director for such company boards by year-end 2019. By 2021, the number of women directors required rises to two (for boards of five) and three (for boards of six or more). Recent research published by the Board Governance Research LLC indicates that covered California companies must fill 1,060 existing or new board seats with women by year-end 2021. Several other states have taken the softer approach of adopting resolutions supporting voluntary actions. In fact, California began with this approach years ago and ended up with modest diversity improvements. Whether a state should or can properly legislate requirements for board diversity is controversial and legal challenges will likely follow the California law. Meanwhile, corporations continue to add diverse candidates to their boards, often for practical business reasons.

Over the past two years, women and minorities totaled a solid 50% of new S&P 500 directors, as reported in Spencer Stuart’s 2018 Board Index. Women candidates appear to be making particularly big strides and now represent 24% of all directors. Smaller public companies have more work to do. Why is this progress so important for a business? Institutional investors and proxy advisors (such as Blackrock, State Street, Vanguard, ISS, and Glass Lewis) have adopted voting policies requiring diversity progress, some with specific goals and consequences of negative voting recommendations. Further, firms like Russell Reynolds point to business research and studies showing that leadership diversity, beginning with board diversity, simply improves business performance. See 2019 Corporate Governance Trends and Harvard Business Review.

The trend toward board diversity will continue. We’ll be on the watch for legislative developments, court challenges, and corporate announcements.

*“Treasure diversity. Seek unity, not uniformity. Strive for oneness, not sameness.” Dan Zadra