Any time new compliance legislation surfaces, inside counsel should evaluate whether existing e-discovery technology and processes are adequate. This analysis is particularly important when evaluating your company’s response to the Dodd-Frank Act, which adds significant financial incentives for whistleblowers to go straight to the Securities and Exchange Commission (SEC) with complaints without first going through internal channels.

Enacted July 21, 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act is the most comprehensive U.S. financial reform since the 1930s. In May 2011, the whistleblower provisions were approved and went into effect in August. Often referred to as the “whistleblower bounty program,” the provisions were designed to incentivize an individual with knowledge of potential securities violations to come forward for the opportunity to receive a windfall payment of 10 percent to 30 percent of the SEC’s recovery.

Penalties imposed by the SEC often range from tens to hundreds of millions of dollars. The new provisions supplement existing whistleblower administrative enforcement procedures under the Sarbanes-Oxley Act of 2002 and amends the Securities Exchange Act of 1934 create a new whistleblower incentive program.

During the commenting period on the proposed provisions, concerns were raised about the lack of requirement for a whistleblower to first report violations internally. The SEC addressed this concern by giving whistleblowers the option of first reporting suspected violations internally before reporting the violation to the government. As long as the same information is provided to the SEC within 120 days, the individual is still eligible to receive an award.

As a further attempt to encourage individuals to report internally, the SEC included anti-retaliation provisions that take effect regardless of the success of any enforcement action. Retaliation includes actions such as demotion, dismissal, suspension, threats or other harassment as a result of an employee lawfully trying to provide information to the SEC. These provisions are applicable to both public and private companies.

These anti-retaliation provisions have been further clarified as the U.S. District Court for the Southern District of New York has issued the first ruling on a Dodd-Frank-related case.

In Egan v. TradingScreen, Inc., an employee filed for anti-retaliation protection when he was fired after successfully pointing out malfeasance by the company’s CEO. In this case, the employee did not go directly to the SEC, but instead reported his concerns internally.

When the CEO fired him, he sought protection under the anti-retaliation provisions of Dodd-Frank. The court ruled that anti-retaliation requires that an employee’s disclosures be made to the SEC unless they fall into any of the four categories of disclosures that do not require reporting to the SEC as a predicate to filing suit. Following the court’s ruling against the plaintiff on the defendant’s motion to dismiss, the plaintiff was granted leave to amend the complaint. The amended complaint also failed to survive the defendant’s renewed motion to dismiss.

One interpretation of the court’s response is that going straight to the SEC may be an employee’s safest choice to ensure full anti-retaliation protection, as the incentive for monetary award may outweigh loyalty to the company.

Because of this, organizations face a very difficult challenge trying to compete with a potential lottery effect from Dodd-Frank. This is compounded by the fact that the SEC has set aside more than $450 million for a whistleblower fund, making it difficult for organizations to compete with the potential windfall payday whistleblowers could receive from the SEC.

Another concern that was raised as part of the whistleblower provisions is the fear that employees may be racing to the SEC’s doors to file weak or wholly illegitimate claims on the chance that they may win the lottery. The result would be to undermine the internal reporting and compliance procedures organizations have put in place following Sarbanes-Oxley.

What companies must take away from this information is to be prepared. Despite the monetary incentive for reporting directly to the SEC, companies will still likely see an increase in the number of internal complaints about potential securities violations.

The key is to have the e-discovery systems in place to react quickly to resolve these complaints and avoid the whistleblower going to the SEC. Because the SEC will likely review a company’s actions before and after a complaint is filed, organizations must have the technology available to identify, investigate and resolve potential violations efficiently and accurately.

Companies should examine their entire compliance and internal processes in anticipation of an individual going forward to the SEC and should inform employees about all internal options in order to make them feel secure in first reporting any violations internally. It is not enough to have policies outlined, organizations must be prepared and keep employees as informed as possible.

Organizations also must be prepared for the SEC to file a separate action or proceeding to enforce the anti-retaliation provisions. The rules define a whistleblower for purposes of the anti-retaliation provisions as a person who reports a “possible” violation.

It is important to note that the whistleblower does not have to receive an award from the SEC to be afforded the protections of the anti-retaliation provisions. In order to avoid these claims of retaliation, organizations must conduct investigations carefully and defensibly and use technology to search for potential evidence supporting or defending the whistleblowers claims. The technology in place should maintain an audit log and preserve metadata, should move quickly to preserve the 120-day time period and should produce evidence for reporting to the SEC.

Ultimately, the whistleblower provisions will increase government scrutiny on organizations. Responding quickly and thoroughly to potential violations will help minimize organizations’ exposure. It will be critical to communicate with the whistleblower promptly and use the proper technology to respond to the claims and avoid compounding the issue with additional claims for retaliation by the whistleblower.

Chad McManamy, assistant general counsel for Guidance Software also contributed to this article.