LEGAL
Non-reporting companies that provide services to SEC reporting companies must revisit their internal compliance policies and procedures given a recent US Supreme Court ruling extending the whistleblower protections under the Sarbanes-Oxley Act (SOX) to certain non-reporting company employees.
In Lawson v. FMR LLC, the Supreme Court held that the whistleblower and anti-retaliation provisions of SOX extend to the employees of a private contractor or private subcontractor to a public company. As a result, employees of a private company who claim they were retaliated against for reporting potential fraud at a public company client of their employer can bring claims against their employer for violations of SOX Section 806.
Non-reporting companies that provide services to reporting company clients should review their compliance policies and procedures and consider adopting additional policies and procedures that reflect whistleblower best practices already implemented by public companies. Specifically, these companies should consider:
As a best practice, reporting companies should consider reviewing whether their non-reporting contractors and subcontractors have anti-retaliation policies and whistleblower hotlines. Among other things, this may help a reporting company avoid any negative publicity that could arise from retaining a contractor later found to have lacked appropriate whistleblower protections.
For more on this case from an employment law perspective, see Labor & Employment: SOX Whistleblower Coverage.
For a sample code of ethics and business conduct, see Standard Document, Model Code of Ethics and Business Conduct for a Public Company.
Following the recently issued final Framework for Improving Critical Infrastructure Cybersecurity (Framework) by the National Institute of Standards and Technology, counsel should confer with executive management, including, where applicable, their organization's chief information officer or an independent information technology consultant, to:
Although the Framework's standards are voluntary, they pose the risk that private litigants and regulators will use (or misuse) them as a benchmark of the minimum measures organizations must take to run an acceptable cybersecurity program.
The Framework, which was issued in response to a 2013 presidential executive order, seeks to:
The Framework's application is broad. Contrary to the common understanding of "critical infrastructure," it incorporates the US Department of Homeland Security's 16 critical infrastructure sectors, which include a variety of operations such as sports leagues, hotels, casinos and retailers. Because of its broad application, the Framework may be most useful:
For more information on cybersecurity, see Practice Note, Cyber Attacks: Prevention and Proactive Responses.
Employers with fewer than 100 employees have important transition relief available under final regulations (which are part of a series of final rules) implementing health care reform's employer mandate.
The employer mandate generally applies to large employers, defined as employers who employed on average at least 50 full-time employees, including full-time equivalent employees, on business days during the prior year. Under the transition relief, for employers with fewer than 100 employees, employer mandate penalties will not apply for any month during 2015 or the portion of a 2015 plan year that falls in 2016. The final regulations also make several clarifications, including to rules addressing an employer's first year as a large employer subject to the employer mandate.
In a related development, the IRS has issued final regulations implementing information reporting rules for large employers and insurers, along with related employee statements. These rules, which require employers with at least 50 full-time employees to inform the IRS about the health coverage they offer to employees, are necessary to administering the employer mandate. The final rules provide for:
The information reporting rules also require employers to provide statements to employees for use in determining whether an employee may claim a premium tax credit under health care reform.
For more information on the employer mandate and related requirements, see Practice Note, Employer Mandate under Health Care Reform: Overview.
This look at the major issues on the horizon for corporate counsel comes from Practical Law – an online legal know-how service. View all the looming issues now – compliments of Practical Law The Journal, which covers the latest transactional and compliance topics that impact your practice. To gain access to more related know- how resources, please visit us.practicallaw.com.
-->
