The U.S. Securities and Exchange Commission’s whistleblower program has taken off since its creation in 2010 from the Dodd-Frank financial reforms, awarding more than $150 million in bounties to tipsters who have helped the agency bring successful enforcement actions. Last year, the SEC’s enforcement director at the time, Andrew Ceresney, called the whistleblower office a “game changer” for the agency.

But as that office has doled out awards and taken steps to protect whistleblowers, a question has loomed large over the agency: To be eligible for the anti-retaliation protections embedded in Dodd-Frank, must a corporate insider contact the SEC or is it enough to only report internally to an employer?

Central to the question is Dodd-Frank’s definition of a whistleblower as someone who brings information “to the commission.” The SEC has taken a broad view of whistleblower protections, interpreting the law to extend also to employees who only report internally. But companies, fighting to shut down the retaliation claims of fired employees, have argued the protections don’t extend to those who only bring concerns to their employers. Those differing views have divided the federal appeals courts. The U.S. Supreme Court has agreed to take up the dispute.

The National Law Journal recently brought together the first chief of the SEC whistleblower office, Phillips & Cohen partner Sean McKessy, and Davis Polk & Wardwell partner Linda Thomsen, a former SEC enforcement director, to discuss whistleblower issues. The following discussion was edited for length and clarity.

The National Law Journal: Sean’s successor at the SEC whistleblower office, Jane Norberg, recently said she found it “ironic” that companies that were once worried about maintaining internal reporting are now arguing that whistleblowers can only be protected under Dodd-Frank if they go to the SEC. There’s puzzlement over why companies would, at once, want to have employees report internally but have a regulatory regime that only gives them protection if they go to the commission.

Thomsen: I don’t think they’re inconsistent. It is all to enforce the law as written. People don’t voluntarily take on costs or obligations that aren’t in the law. I think it’s a fair interpretation of the law. And we’ll see where the Supreme Court comes out, but Congress writes laws for reasons.

McKessy: I guess the first thing I would say is this is not coming from someone who’s not aware of, insensitive to the difficulty sometimes that internal lawyers have with implementing regulatory regimes, because I worked in-house for 11 years in between my SEC stints. I always feel like I need to say that because what I’m going to say is going to sound very heavy-handed and, maybe, if it was coming from someone who just was a regulator, would sound naive. But I really am puzzled … by this philosophical argument about what the statute says … I was out saying, because you have a legal defense that’s colorable doesn’t mean you should do it in every instance, and I think ultimately, this is going to be one of those cases. I tried my best from my bully pulpit to say, “You should really think long and hard about whether it’s worth getting rid of this one employee or defending yourself against this one employee’s retaliation claim by availing yourself of an argument that, if you win, you lose.”

NLJ: Last year, we saw a string of enforcement actions over severance agreements with confidentiality provisions that, in the SEC’s view, could have a chilling effect on former employees contacting the agency. What do you think of the SEC’s approach to those agreements in the whistleblower context?

Thomsen: By and large, those provisions were not designed to keep people from providing information to the SEC or the CFTC or the IRS or whomever else has whistleblowing programs. And one way to approach that would have been to tell people that that was something that people were worried about. And I know Sean did. But the commission brought enforcement actions, as opposed to using its bully pulpit, and that strikes me as perhaps a little over-the-top.

McKessy: I think part of the problem — and I think Linda would agree — is that the SEC has such a broad spectrum of the kinds of companies that are under its jurisdiction that it’s very difficult to have the kind of nuanced guidance that is applicable and for every size company, every kind of company, every industry. And so unfortunately — or fortunately, depending on your viewpoint — you have a regulatory scheme that has to be broad enough to allow the commission to be surgical and decisive about how to implement its tools. I get the “regulation by enforcement” [criticism], but at some point, no matter how defined your regulation is, you’re going to have to enforce it. Enforcement is going to bring to light something more than a regulation can, which is, “How did they implement this? How did they view this? How did they view that?” You can regulate all you want, you can give speeches about it all you want, but what people want to see is what kind of cases does the SEC bring.

Thomsen: And the counter to that is that, “If you’re a hammer, everything looks like a nail.” The first case involving confidentiality agreements, if I’m remembering correctly, made clear in the order itself that the company had no intention of chilling and that the person who had signed the agreement had not been chilled. So, baked into it, there was no harm. It was sort of a surprise.

NLJ: We’re at an interesting juncture with the Trump administration settling in and the SEC’s new chairman, Jay Clayton, taking the reins. What, if anything, should be changed about the whistleblower program?

McKessy: My own view is that there were obviously some very strong feelings about culpability, about internal reporting. I think the commission did a good job in trying to satisfy both apocalyptic arguments. Neither side was 100 percent happy, which is usually a sign that you’ve hit on the right side. But we’ll see, again, as the pendulum swings, how much some of those policy decisions that were made now get opened and re-aired. I just hope that there’s a full debate around them.

Thomsen: I don’t think the commission has ever paid a bounty to anyone who was not meritorious, and there’s plenty of process — and Sean might suggest too much process — about that, so you don’t quibble with that. What you worry about are the investigations that are very, very costly to institutions and entities and companies that are meritless, and you worry about the paralysis, if you will, that companies find themselves in when they want to take, for example, personnel actions. As soon as they start the process, someone will declare themselves to be a whistleblower. It’s very difficult to manage, and companies end up keeping people at jobs much longer than they might otherwise, where they have to worry about their performance and whether or not those same people are engaging in not only poor performance, but inappropriate performance. And you don’t see evidence that the commission worries about that enough.