Perhaps no part of the Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) has garnered as much attention as its whistleblower provisions, which pay corporate whistleblowers bounties under some circumstances, and prevent employers from retaliating against whistleblowing employees. Often times, the bounties paid to whistleblowers under Dodd-Frank warrant the most attention-grabbing headlines.  But Dodd-Frank’s anti-retaliation provisions—which protect employees who blow the whistle from retaliation from their employer—are just as important.  After all, the chance of receiving a bounty serves as little comfort if employees fear for their jobs when reporting potential corporate wrongdoing.

But exactly which whistleblowers qualify for protection under Dodd-Frank’s anti-retaliation provisions has been a subject of much debate. By its terms, Dodd-Frank provides that an employer may not take any negative employment action against “a whistleblower.”  Dodd-Frank further defines “whistleblower” as an individual who provides information relating to a violation of the securities laws to the “Commission,” i.e., directly to the SEC.  By its language, then, Dodd-Frank’s anti-retaliation terms do not extend to employees who only report their concerns internally.

Nonetheless, the SEC had historically distinguished between whistleblowers eligible for a bounty and whistleblowers eligible for protection from retaliation: according to SEC’s interpretation, to be eligible for a bounty the employee must report to the SEC itself, while to be eligible for anti-retaliation protection the employee need only report internally. 17 CFR § 240.21F-2.

Whether the SEC’s interpretation comported with Dodd-Frank had split the circuit courts. The Fifth Circuit disagreed with the SEC rule, holding that to be eligible for anti-retaliation protection, the employee must report to the SEC.  The Second Circuit and Ninth Circuit reached the opposite result, concluding that the SEC had it right: to be protected from retaliation, the whistleblower need not report to the SEC directly.

In Digital Realty Trust Inc. v. Paul Somers, the Supreme Court has now resolved the split, holding that, in order for an employee to gain Dodd-Frank’s whistleblower protection, they must report wrongdoing to the SEC itself.  In a unanimous ruling, the Court said that it need look no further than the language of Dodd-Frank itself: the anti-retaliation term applied to “whistleblowers,” which the statute itself defined as individuals who report information to the SEC. The Court further observed that this result is consistent with the objective of Dodd-Frank’s whistleblower program: to encourage the reporting of securities law violations to the SEC itself.

At first blush, the limits put on Dodd-Frank’s anti-retaliation provisions by the Court would seem to benefit businesses, curbing the potential retaliation claims they face from employees. But the side-effects of the decision could be costly for corporations if employees are now incentivized to bring complaints directly to the SEC, rather than first reporting them internally.  Even corporations with robust compliance programs could lose the opportunity to first investigate claims of potential wrongdoing before the SEC launches its own inquiry—which is often followed by costly and time-consuming shareholder litigation

Whether by corporate policy, or statutory provisions such as those implemented by the Sarbanes-Oxley Act, there are numerous other means of anti-retaliation protections for whistleblowing employees. Thus, while the Digital Realty decision may not result in a sea change for the structure of corporate compliance programs, it may well lead to an increase in whistleblowers reporting directly to the SEC.  While companies wait to see whether Digital Realty has a significant impact on how employees report whistleblower concerns, they can redouble efforts to effectively implement and broadly publicize their own internal reporting programs.