The new OSC Whistleblower Program has prompted discussion about compliance and best practices. We answer some of the key questions on issuers’ minds.
In July 2016, the Ontario Securities Commission (the OSC) formally launched its Whistleblower Program, which seeks to encourage individuals and companies to report suspected violations of Ontario securities laws to the OSC. The Program is modeled after a similar program launched by the Securities and Exchange Commission in the United States in August 2011. The OSC is the first of the Canadian securities regulators to launch such a program.
Since the launch, many reporting issuers have had questions about the implications of the Program and what is required in order to comply with it. In this article, we review the key elements of the Program, its implications for reporting issuers and steps reporting issuers should take to comply with the terms of the Program.
Key Elements of the Whistleblower Program
- Financial incentives. A monetary incentive (up to $5 million, depending on the outcome) is available to eligible whistleblowers who provide the OSC with timely, credible and robust information that leads to an enforcement outcome. Whistleblowers who are complicit in violating Ontario securities law are eligible for an award, although any penalties paid by the culpable whistleblower will be netted against the award, and the OSC retains the right to bring enforcement proceedings.
- Submission of documentation to the OSC. OSC Staff may ask whistleblowers to provide them with relevant documents, unless those documents are not in the whistleblower’s possession or control. Failure to provide documents without “good reason” may disentitle the whistleblower to an award.
- Eligible whistleblowers. Generally, internal audit and compliance personnel, auditors, directors, officers and in-house counsel are ineligible to receive whistleblower awards. However, the Program contains certain exceptions, including where whistleblowing is necessary to prevent substantial injury to the entity or investors, the whistleblower believes the subject of the information is engaging in conduct that will impede an investigation, or 120 days have elapsed since the whistleblower received the information and either reported it internally or became aware that it had been reported internally.
- No retaliation against whistleblowers. Coincident with the launch of the Program, the Ontario Securities Act was amended to prevent retaliation against an employee who has, among other things:
- provided information relating to a potential breach of Ontario securities law to the employer, the OSC, a self-regulatory organization or other law enforcement agency; or
- cooperated in an investigation or proceeding commenced by the OSC, a self-regulatory organization or other law enforcement agency relating to a potential breach of Ontario securities laws.
As of the end of September 2016, it was reported that the Program had already garnered more than 30 tips since its launch. It remains to be seen whether any or all of those tips will result in enforcement action. However, in describing the tips received by the Office of the Whistleblower, OSC Chair Maureen Jensen stated that “[s]ome of them are the kinds of tips that we really wanted – serious offences or serious potential offences in areas that we would never be able to find, such as misstatements in accounting and disclosure violations.”1
By contrast, in the first seven weeks of the SEC whistleblower program, the SEC received 334 whistleblower tips, the most common of which involved complaints of market manipulation, disclosure issues and offering fraud.2
Concerns and Practical Considerations
What internal policy changes are required in order to comply with the Program?
In light of the Program, reporting issuers should review their internal policies to ensure they do not conflict with the terms and goals of the Program. In particular:
- Confidentiality policies. The Ontario Securities Act now contains a section that voids any provision in a contract between employer and employee prohibiting disclosure of information to the OSC. As a result, any existing confidentiality policies should be clear that employees are prohibited from disclosing confidential information except as required or permitted by law. Similarly, any confidentiality agreements in employment agreements, severance agreements or otherwise should contain exceptions for the disclosure of information as required or permitted by law.
- Discipline Policies. Any existing discipline policies should be clear that employees will not be disciplined for exercising their rights under any provincial or federal statute, regulation or national instrument.
- Whistleblower Policies. Any existing whistleblower policies should be consistent with the Program. While reporting issuers should, as described below, have internal whistleblower programs, whistleblower policies should not limit an employee’s ability to report misconduct to the internal whistleblower program (although employees should be encouraged to do so).
We expect the OSC to monitor and take enforcement action against issuers who seek to undermine the Program through their policies, and the Program expressly notes that engaging in reprisals or otherwise attempting to preclude employees from reporting misconduct may expose the employer to enforcement proceedings. While it is too early to point to Canadian examples, we note that the SEC recently issued cease and desist orders against two issuers for violating the whistleblower provisions of the, Securities Exchange Act of 1934 through the use of severance agreements which impeded former employees from coming forward with information about securities law violations and prevented them from accepting any monetary awards from the SEC in connection with a whistleblower report.3 The SEC has also sent a message to the OSC that it should “really be focused on [its] powers to deal with retaliation” in an effort to encourage whistleblowers to come forward. 4
I do not currently have a whistleblower policy. Should I have one?
We encourage all reporting issuers to have internal whistleblower policies, and to encourage employees to make use of such internal policies. Although employees are permitted to report suspected misconduct directly to the OSC through the Program, it is generally preferable—from the employer’s perspective—for the misconduct to be reported to the employer first. This allows the employer to take steps to investigate and/or remediate the issue (as appropriate), and to consider whether to self-report the matter to the OSC (in which case, the employer will be better positioned to provide the OSC with the relevant context). Of course, employees must be permitted to report suspected misconduct to the OSC without first reporting the matter through internal whistleblower policies, and cannot be disciplined or otherwise retaliated against for doing so.
What protections exist to ensure employees do not manipulate the Program in order to avoid termination?
Because employers cannot retaliate against employees for reporting suspected misconduct to the OSC through the Program (including through termination), concerns have been raised that employees may report misconduct to the OSC to, in effect, prevent their own termination. To date, no statistics have been gathered on this issue. However, it is important for employers to remember the following:
- if an employer is unaware that an employee has reported suspected misconduct to the OSC through the Program, it is unlikely that any subsequent termination will be viewed as a violation of the Program; and
- in any event, a termination that can be shown to be entirely unrelated to an employee’s decision to report suspected misconduct to the OSC does not violate the Program. However, employers who terminate an employee who they know has reported suspected misconduct through the Program should ensure they have an adequate record to substantiate the claim that the termination was unrelated to the employee’s report.
2 SEC annual report on the Dodd-Frank Whistleblower Program, Fiscal Year 2011
3 In In the Matter of BlueLinx Holdings Inc. the issuer had used severance agreements that prohibited the disclosure of confidential information by an employee unless the employee was compelled by law to provide the information. Even then, the employee was required to provide written notice to BlueLinx of its intention to and seek BlueLinx’s consent to provide the information. The severance agreements also provided that employees, in accepting a severance package, were waiving their right to any monetary recovery in respect of a complaint brought to the SEC. The SEC found that the agreements “raised impediments to participation…in the SEC’s whistleblower program.” BlueLinx settled for a $265,000 penalty. In In the Matter of Health Net, Inc., HealthNet’s severance agreements prohibited employees from filing an application for or accepting a whistleblower award from the OSC. The SEC found that Health Net’s policy violated the whistleblower program. Health Net settled for a penalty of $340,000.