Tech Company Co-Founder Settles SEC Charges for Violating Whistleblower Protection Rules

The co-founder and former executive ("Respondent") of a Las Vegas-based tech company settled SEC charges for violating whistleblower protection rules.

In the Order, the SEC found that the Respondent had taken action to prevent an employee from communicating with SEC staff to report a possible securities law violation. The SEC established that the whistleblower had raised concerns to the Respondent that the company 's customer data was false. The customer data was communicated to potential and existing investors. The SEC found that the Respondent and the company's CEO, after hearing about these concerns, took steps to remove the employee's access to company computers. Further, the employee threatened to take the information of allegedly falsified reports public, and was fired shortly thereafter.

As a result, the SEC determined that the Respondent violated SEA Rule 21F-17(a) (Staff communications with individuals reporting possible securities law violations). The Respondent agreed to a cease-and-desist order and a civil penalty of $97,523.

SEC Commissioner Hester M. Peirce dissented. She argued that the Order did not explicitly state the actions taken to hinder the employee's ability to communicate directly with the SEC. She stated that SEA Rule 21F-17(a) ensures a whistleblower's ability to communicate with the SEC and said that the Respondent did not prevent the employee from doing so. Further, she concluded that the actions taken by the Respondent could not implicate anti-retaliation rules because he was unaware that the employee was cooperating with the SEC. Ms. Peirce also addressed the dangers that could come from a broad interpretation of reporting protection rules, saying that disallowing companies to limit the employee's access to data under SEA Rule 21F-17(a) could pose major cybersecurity risks.