When most employers think of whistleblowers, they likely envision employees like Sherron Watkins and Cynthia Cooper, the Enron and WorldCom whistleblowers who helped bring to light the accounting irregularities that led to the collapses of their respective employers. Indeed, it was that very type of whistleblowing that prompted Congress to establish the anti-retaliation provisions set forth in Section 806 of the Corporate and Criminal Fraud Accountability Act of 2002 (Sarbanes-Oxley Act or SOX), the sweeping reform legislation enacted to restore public confidence in corporate accounting and reporting in the wake of these and other high-profile corporate scandals.

For years, however, SOX whistleblower protections focused on the traditional, easy-to-spot whistleblowers like Watkins and Cooper. Many employees who claimed SOX protection fell outside of this scope. The statistics bore this out, and through May 2011, the Occupational Safety and Health Administration — the federal agency responsible for receiving and investigating SOX whistleblower complaints — had issued merit findings in just 21 SOX cases and dismissed 1,211 others, a dismal winning percentage of less than 2 percent.

Now the pendulum has swung in the opposite direction. Legislative amendments to SOX in the Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as numerous court and agency decisions, have dramatically altered the legal landscape. Employees are now claiming SOX protection for a wide range of conduct that falls outside of the context of alleged fraud against shareholders.

The practical result of this shift is that would-be whistleblowers are everywhere. For a SOX-covered company, taking a proposed adverse employment action against any employee who has aired a grievance or reported a concern must be reviewed for potential risk of a SOX claim. Thus, the employer’s ability to identify and anticipate potential whistleblowers — and prevent any retaliation against them — is more critical than ever.

SOX-Protected Activity Expanded

In the last two years alone, the Department of Labor’s Administration Review Board (ARB) under the Obama administration has issued significant decisions that decidedly favor employees, namely by expanding the scope of reporting activity deemed protected under SOX. For years prior, courts and the ARB had narrowly construed the scope of protected conduct under SOX, holding that SOX required an employee to establish activity that "definitely and specifically" related to one or more of the laws enumerated in Section 806 (i.e., mail fraud; wire, radio or TV fraud; bank fraud; securities fraud; any rule or regulation of the Securities and Exchange Commission; or any violation of federal law relating to fraud against shareholders). In addition, the courts and ARB generally held that some kind of shareholder fraud — like that at the very heart of the Enron and WorldCom scandals — was required.

All of that changed with a string of decisions issued by the ARB in 2011, most notably Sylvester v. Parexel International, 2007-SOX-39, 2007-SOX-42 (ARB May 25, 2011). Sylvester altered the legal landscape previously established under SOX when it concluded that (1) SOX-protected conduct is not limited to complaints relating to fraud against shareholders; (2) the reported misconduct need not "definitely and specifically" relate to one of the laws enumerated under SOX Section 806 — a "reasonable belief" of a violation is sufficient; and (3) a complainant can engage in protected activity under SOX Section 806 even if he or she fails to allege, prove or approximate the specific elements of fraud, such as materiality, scienter, reliance, economic loss or loss causation.

Although some federal courts continue to adhere to the "definitely and specifically" standard, others have followed the ARB. Just recently, the U.S. Court of Appeals for the Third Circuit, in Wiest v. Lynch, 710 F.3d 121 (3rd Cir. 2013), reversed a district court dismissal of a SOX complaint for failure to allege conduct that definitely and specifically related to a rule listed in Section 806. The court applied Chevron deference to the ARB’s decision in Sylvester, a principle of administrative law requiring courts to defer to interpretations of statutes made by those government agencies charged with enforcing them, unless such interpretations are unreasonable.

Taking their cue from Sylvester, subsequent ARB decisions have furthered the employee-friendly trend, finding that the following actions constituted, or potentially constituted, SOX-protected activity:

• Reports of misconduct by a third party, rather than the employer, as well as complaints of misconduct made to local law enforcement, as in Funke v. Federal Express, ARB No. 09-004 (July 8, 2011).

• Internal complaints that do not mention fraud, illegal activity or anything that could reasonably be perceived to be a violation of the SOX-enumerated statutes but instead vaguely refer to the possibility that fraud might be committed, as in Prioleau v. Sikorsky Aircraft, ARB No. 10-060 (Nov. 9, 2011).

• A corporate attorney’s reports of concerns that did not establish fraud or an actual violation of one of the SOX-enumerated statutes but instead reflected a mistaken belief that a violation had occurred, as in Zinn v. American Commercial Lines, ARB No. 10-029 (Mar. 28, 2012).

• A complaint that an accounting practice violated SEC rules, even where the SEC ultimately approved the accounting methods at issue, as in Menendez v. Halliburton, ARB Case No. 09-002, 003 (Sept. 13, 2011).

• Complaints of prospective violations, as in Funke and Vannoy v. Celanese, ARB No. 09-118 (Sept. 28, 2011).

• Complaints about violations of which the employer is already aware, as in Inman v. Fannie Mae, ARB No. 08-060 (June 28, 2011).

In addition, the ARB has even gone as far as to suggest that data raiding in the purported furtherance of whistleblowing may constitute protected activity. For example, in Vannoy, the complainant admitted that he had taken, without permission, business documents containing employees’ credit card information, home addresses and Social Security numbers. He did so purportedly to further his IRS whistleblower program complaint concerning the company’s accounting practices. In concluding that such conduct might nonetheless be protected, the ARB acknowledged the clear tension between protecting confidential information and encouraging whistleblowers to disclose confidential information in furtherance of enforcement of tax and securities laws but ultimately noted that the law generally prohibits employers from relying on confidentiality agreements to prohibit protected whistleblower disclosures.

So what does all of this mean for employers? The bottom line is that a much broader array of conduct is now considered protected activity under SOX, meaning that more and more employees will be able to claim that they engaged in SOX-protected conduct, more SOX whistleblower claims will be filed and fewer claims will be dismissed on a prehearing motion.

Recognizing SOX-Protected Conduct

In the decades that have passed since the enactment of statutes like Title VII, the Age Discrimination in Employment Act and the Americans with Disabilities Act, most employers have become well attuned to claims of retaliation and have implemented policies, reporting mechanisms and other procedures to prevent and address any potential retaliation against employees who engage in protected activity under those anti-discrimination statutes.

On the other hand, employers are likely much less aware of the more subtle forms of activity deemed protected under SOX, as well as the more subtle forms of employer conduct that may be deemed retaliatory. So, what’s an employer to do? First and foremost, employers must alert themselves to the kinds of issues that may implicate SOX, paying particular attention to complaints, reports or concerns about the following:

• Sales practices, potential violations of law and internal controls.

• Accounting, bookkeeping and recording practices.

• Potential violations of the employer’s corporate compliance, code of conduct or ethics program.

• Mail and wire fraud.

Issues to be especially watchful for include any complaints regarding payment transactions made by or to the employer, which often involve transmissions over the wires as well as communications made to banks, potentially implicating bank, wire and/or mail fraud. Complaints or concerns regarding allegedly fraudulent communications sent via email similarly raise the specter of wire fraud.

In addition, employers should consider the potentially protected status of employees who take confidential documents or information in purported furtherance of their whistleblowing, as well as reports to outside agencies, including those other than the SEC or federal criminal authorities.

Moreover, employers should recognize that what at first glance may appear to be a typical employee relations issue may mask broader issues and concerns, including those that may constitute SOX-protected activity. Therefore, employers should take care to ensure that they fully understand the nature of any given employee’s grievance or complaint and whether it implicates SOX. Because employees facing investigation or discipline are incentivized to report issues that may protect them as whistleblowers, employers should particularly anticipate any concerns or complaints raised by them.

By being alert — and training human resources professionals and supervisors to similarly be alert — to the broad scope of conduct now deemed protected under SOX by the ARB and some courts, employers will be better positioned to promptly and satisfactorily address potential SOX-protected complaints as they arise, prevent the occurrence of any action that might be deemed retaliatory and decrease the risk that a SOX claim will be filed, thereby reducing the chance that any claim that is filed succeeds past the initial stages. The employee-friendly trend in SOX litigation makes it imperative that employers look beyond traditional notions of whistleblowing and become alert to the more varied and, in many instances, subtle forms of conduct that can transform what appears to be an employee with a typical internal employee relations issue into a SOX-protected whistleblower. •

Thomas Linthorst is a partner in Morgan, Lewis and Bockius’ labor and employment practice and a co-leader of the Sarbanes-Oxley subpractice, resident in the firm’s Princeton, N.J., office.

Sarah Bouchard is a partner in the firm’s labor and employment practice and a co-leader of the Sarbanes-Oxley subpractice, resident in the firm’s Philadelphia office.

Joy Grese is an associate in the firm’s labor and employment practice, resident in the firm’s New York office.