When Is a Whistleblower Not a Whistleblower

Imagine you are an employee and you suspect another employee, or your employer, has violated federal securities laws. You might want to report these violations to your employer (internal reporting), or you might want to tell the federal government (external reporting). But if you report the violation, you run the risk of being retaliated against by your employer.

When Congress passed the Dodd-Frank Act in 2010, it included an “anti-retaliation” provision to protect those employees who externally report securities violations to the Securities and Exchange Commission (SEC). Indeed, the statutory text clearly defines a reporting employee—a “whistleblower”—as an “individual who provides . . . information relating to a violation of the securities laws to the Securities and Exchange Commission.” The statute is unambiguous: if a person reports a violation of the covered laws to the SEC, Dodd-Frank provides them a remedy to protect themselves from retaliating employers.

In 2014, Paul Somers sued his former employer Digital Realty in the United States District Court for the Northern District of California. Somers claimed that he was fired for complaining to senior management that his supervisor had violated the Sarbanes-Oxley Act of 2002 (one of the securities laws covered by Dodd-Frank). It is undisputed that Somers did not report any violation of the securities laws to the SEC, but he nevertheless asserted in his complaint that Digital Realty retaliated against him in violation of Dodd-Frank’s anti-retaliation provision. Digital Realty moved to dismiss the case because, as noted, it’s clear that Dodd-Frank only protects people who report violations to the SEC. The district court disagreed, however, holding that the definition of “whistleblower” was ambiguous and that Chevron deference was owed to a 2011 SEC rulemaking which had redefined the term “whistleblower” to include not only those who report violations to the SEC, but also those that internally report violations to their employer. Digital Realty appealed to the U.S. Circuit Court of Appeals for the Ninth Circuit, but lost there as well. The Ninth Circuit not only agreed with the district court that the statute was ambiguous, and that Chevron deference should apply to the SEC’s rulemaking, but also—incredibly—upheld Somers claim on the grounds that a better reading of the statute’s text protected internal reporting. Digital Realty petitioned the Supreme Court to hear the case and the Court granted their request.

Cato has filed a brief supporting Digital Realty. We agree with Digital Realty that the statutory language of Dodd-Frank clearly only protects those who report externally to the SEC. If any ambiguity exists, however, the SEC’s 2011 rulemaking should not be granted Chevron deference. The Administrative Procedure Act (APA) requires final rules be the “logical outgrowth” of proposed rules when agencies conduct notice-and-comment rulemaking. In other words, the SEC cannot include things in its final rule that were not in the proposed rule, because it does not give the public “fair notice” and an opportunity to comment on how the SEC intends to interpret the law. When the SEC promulgated its notice of proposed rulemaking, it defined “whistleblower” in line with the statutory definition that Dodd-Frank only applies to those that report externally to the SEC. It did not mention in its proposed rule that it was thinking about changing the definition and did not ask the public for comments on whether it should do so. But when the SEC promulgated its final rule, it expanded the definition of “whistleblower” to cover not only people who report externally, but also to those who report a violation internally to their employers. Thus, the SEC did not give the public an opportunity to comment on that change and did not give them fair notice. This violated the APA. Just two terms ago, the Supreme Court in Encino Motors Cars v. Navarro (2016) reinforced that that agency rules that violate the APA do not receive Chevron deference, and thus the SEC regulation here should not either. Chevron deference is a powerful tool for agencies, and should not be applied when they run afoul of the procedural protections Congress has put in place for the regulated public.