On November 22, 2022, the US Securities and Exchange Commission (SEC or Commission) filed an amended securities fraud complaint against Adam Rogas, the former Chief Executive Officer of NS8, Inc. (NS8), alleging that, among things, Rogas engaged in whistleblower impeding and retaliation against the NS8 employee who blew the whistle on Rogas’ fraudulent conduct. The case follows In re David Hansen, a whistleblower impeding action the SEC settled against the co-founder and Chief Information Officer of NS8. As Arnold & Porter partner Jane Norberg, who was the former Chief of the SEC’s Office of the Whistleblower, discussed in a recent interview with Law360, In re David Hansen was one of 16 total actions the SEC has taken against companies and individuals for violating Rule 21F-17 under the Securities Exchange Act of 1934 (Exchange Act). Rule 21F-17 prohibits anyone taking steps “to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.”
Relevant Facts in Rogas
In the amended complaint against Rogas, the SEC alleges that the NS8 employee raised concerns about inflated customer data and falsified financial statements twice internally before submitting an anonymous whistleblower tip to the SEC. Shortly thereafter, in the midst of a dispute over office workspace, the employee again raised his concerns over the falsified financial statements. According to the complaint, it was during this workplace dispute that the employee “became upset” over the possible relocation of his workspace and threatened that, unless the inflated customer data was addressed, he would “reveal his allegations to NS8’s customers, investors, and any other interested parties.” That same day, Rogas and Hansen cut off the employee’s access to the company’s computer system and revoked the employee’s access to the building. Moreover, the complaint alleges that the employee’s company computer was used to access the employee’s personal passwords and his Hotmail, Dropbox, Facebook, Glassdoor, and Google accounts where he stored correspondence with his attorney and his SEC whistleblower tip. The complaint notes that Rogas fired the employee that same week.
While some of the alleged facts in Rogas are extreme (e.g., accessing the employee’s personal passwords and accounts), there are still several key takeaways that companies should consider in light of the case:
- Do Not Ignore Information from a Disgruntled Employee. Regardless of how allegations come to light in the workplace, they should be taken seriously. Even if allegations are made in the heat of the moment, or in the context of an unrelated dispute, do not let the dispute overshadow the underlying allegations and cloud good judgment. Here, the employee voiced concerns while becoming upset over a possible workspace relocation. While the alleged actions by Rogas and Hansen in the aftermath are extreme, it is easy to disregard allegations made in the heat of the moment as unfounded accusations. Treat any allegations, regardless of how raised, in accordance with company policies and procedures related to internal reports.
- Exercise Caution When Shutting Down Computer and Building Access. Be sure to have clearly documented and sound reasons before shutting down an employee’s access to the company’s computer system and building in the aftermath of an internal report. For example, is there concern that the employee was involved in the wrongdoing and may be destroying evidence? Is there evidence that the employee is providing sensitive company information to someone other than the government? Every case will depend on the specific facts and circumstances, but simply trying to stop an employee from gaining access to further information about the wrongdoing may invite an SEC investigation.
- Stress Test Internal Reporting Channels. Just as companies perform tabletop exercises related to cybersecurity or other crisis situations, consideration should be given to stress testing internal reporting structures and crisis response. For example, do first line supervisors know how to handle a report from a disgruntled employee? Are they trained on how to recognize a report even when the delivery is in the midst of a dispute? Do they know who to elevate the concern to? Are c-suite employees trained on proper handling of reports? With the willingness of more employees to report externally (including to the media) when they perceive their report is not being handled properly, companies will want to have practiced fast-moving, crisis situations related to employee reports before they happen. This can prevent extreme responses that can be costly to the company in terms of both public relations and regulatory scrutiny.
- Actions as Well as Words Can Draw Impeding Charges. The SEC has brought 16 actions to date against companies and individuals for attempts to impede reporting to the SEC under Rule 21F-17 of the Exchange Act. While most of those cases were based on language in severance agreements, codes of conduct, employee trainings, and other documents, the Hansen settled action and amended charges against Rogas demonstrate the SEC’s willingness to bring charges based on actions taken by individual employees in the wake of an internal report. Company counsel should be part of the procedural chain and risk assessment when considering actions to be taken against an internal reporter.
- The SEC is Focused on Whistleblower Protection. The current SEC administration had pulled out all stops to ensure that whistleblowers feel welcome to report to the SEC, including by bringing whistleblower protection cases. During a recent panel discussion, the Chief of the SEC’s Office of the Whistleblower, Nicole Creola Kelly, explained that Rule 21F-17 impeding cases are now “bread and butter” cases for the Office. In addition, when the SEC announced its enforcement results for FY 2022, it highlighted the Office of the Whistleblower as “an integral part of the Enforcement Program” and the whistleblower program as a critical tool in the SEC’s enforcement arsenal. Expect the SEC to continue to scrutinize actions taken against whistleblowers and internal reporters.
 Securities Enforcement Forum 2022 (Nov. 15, 2022).
This post comes to us from Arnold & Porter Kaye Scholer LLP. It is based on the firm’s memorandum, “Top Takeaways from a Recent SEC Whistleblower Impeding and Retaliation Case,” dated December 19, 2022, and available here.