The extraordinary outbreak of corporate scandals in large public companies like Enron and WorldCom prompted Congress to enact the Sarbanes-Oxley Act of 2002 (“Sarbanes-Oxley” or “SOX”) to thwart corporate fraud and restore public confidence in corporate governance. As the most far-reaching securities regulations since the securities laws originally passed in 1933 and 1934, Sarbanes-Oxley sought to rein in corporate fraud by enhancing disclosure, strengthening auditor and audit committee independence, holding senior management accountable, and imposing tougher civil and criminal penalties for violations.
Sarbanes-Oxley imposes internal reporting obligations on attorneys. Under § 307 of SOX and the Securities and Exchange Commission’s (“SEC”) implementation of SOX through Rule 205, an attorney who detects evidence of a material violation by her client must report the violation up the ladder to the corporation’s chief legal officer (“CLO”) or the chief executive officer (“CEO”). If these officers do not provide an appropriate response, the attorney must continue up the ladder and report to the audit committee, to a committee of independent directors, or to the full board of directors. Section 307 caps the attorney’s whistleblowing obligation at reports to the corporation’s board of directors, but permits attorneys to go outside the corporation and report to the SEC. In other words, attorneys must serve as internal whistleblowers to the corporation, and may voluntarily serve as external whistleblowers to the SEC.