October 24, 2020

Volume X, Number 298


October 23, 2020

Subscribe to Latest Legal News and Analysis

October 22, 2020

Subscribe to Latest Legal News and Analysis

October 21, 2020

Subscribe to Latest Legal News and Analysis

Summary Judgment Decision in Long-Running Erhart SOX Case Limits the Scope of Protected Activity Under SEC Books and Records and Internal Controls Rules

On March 31, 2020, the U.S. District Court for the Southern District Court of California entered partial summary judgment in Erhart v. BofI Holding, Inc., a prominent, long-running whistleblower lawsuit under the Sarbanes-Oxley and Dodd-Frank Acts. The court’s decision provides welcome limitations on the scope of protected activity under these statutes, but also emphasizes the need for employers to be diligent in protecting their confidential data and documents against theft by internal actors.

The plaintiff, Charles Erhart, was an internal auditor for the Bank of the Internet, a publicly-traded financial institution. Although Erhart claimed he battled upper management to confront illegality in a turbulent corporate environment, the Bank contended that he was, in the court’s words, an “auditor gone rogue - a loose cannon who recklessly handled confidential information and conducted unauthorized investigations.” Among other things, the Bank claimed Erhart instructed staff to run unauthorized due diligence reports to find “dirt” on another executive’s son, improperly accessed the Bank’s CEO’s personal tax returns, and disseminated confidential compensation data to other employees.

Wherever the truth lies, Erhart ultimately filed a whistleblower lawsuit under Sarbanes-Oxley and Dodd-Frank, claiming he had been retaliated against for reporting illegal conduct. The next day, the New York Times ran a story about the lawsuit and the stock price of the Bank’s holding company fell by thirty percent. Numerous securities lawsuits asserting similar claims to those alleged in Erhart’s lawsuit followed. The Bank later filed its own lawsuit against Erhart, asserting contract and tort claims based on his alleged theft of confidential information. The court’s summary judgment ruling significantly narrowed both Erhart’s and the Bank’s claims. With respect to Erhart’s whistleblower claims, the court ruled that the bulk of his alleged internal and external reporting did not constitute protected activity under either Sarbanes-Oxley or Dodd-Frank. Erhart claimed he reported illegal or improper conduct spanning eleven categories of wrongdoing, including, among other things, late 401(k) contributions, the lack of Board approval of the Bank’s strategic plan, high deposit concentration risk, the failure to disclose to regulators the Bank’s receipt of subpoenas, and improprieties with respect to the CEO’s brother’s account. The court noted that Sarbanes-Oxley and Dodd-Frank do not generally protect alleged whistleblowers who report any type of wrongdoing, but only extend protection to certain types of reports of certain types of fraud and securities violations.

Seeking to evade Sarbanes-Oxley and Dodd-Frank’s limitations on protected activity, Erhart advanced expansive arguments based on the SEC’s “Books and Records” and “Internal Controls” rules. The court rejected these arguments. The court found that the Books and Records rule implicated only the accuracy of records necessary to accurately and fairly reflect the transactions and dispositions of a corporation’s assets, not any and all corporate records. Similarly, the court limited the Internal Controls rule to procedures to assure accurate financial reporting and prevent unauthorized financial transactions, rejecting the argument that it required compliance with any and all laws or risk management objectives. Based on these narrow interpretations, the court granted the Bank summary judgment on Erhart’s claims based on reporting alleged illegal conduct and wrongdoing outside of the scope of the SEC rules, finding they did not constitute protected activity.

Although the court’s narrow construction of the scope of Sarbanes-Oxley and Dodd-Frank protected activity is a welcome sign for employers, its rulings on the Bank’s claims against Erhart for document misappropriation are not. After previously ruling in the case that the Bank could not enforce Erhart’s confidentiality agreement with respect to confidential documents and information he removed that directly related to his whistleblowing activity, the court also struck down the bulk of the Bank’s tort claims relating to Erhart’s document misappropriation. The court ruled that California’s uniform trade secret act preempted the Bank’s tort claims for Erhart’s misappropriation of confidential business information. The Bank’s claims were limited to Erhart’s alleged misappropriation of confidential documents containing personally identifiable information of the Bank’s customers and employees. The court’s ruling emphasizes the need for employers to enforce the rigorous security measures required to obtain trade secret protection, such as marking documents as confidential, limiting internal distribution and access, maintaining and enforcing confidentiality agreements, and ensuring information is protected by information security best practices.

Although the court’s decision limited the Bank’s ability to seek redress for Erhart’s misappropriation of confidential information, it continues a trend of employer victories on the scope of Sarbanes-Oxley and Dodd-Frank protected activity. Polsinelli will continue to monitor this trend and other developments in the whistleblower space.

© Polsinelli PC, Polsinelli LLP in CaliforniaNational Law Review, Volume X, Number 101



About this Author

Conne Bertram Government Contract Lawyer Polsinelli Law Firm

Connie focuses her practice on whistleblower, trade secrets, government contractors and employee mobility counseling and litigation. She frequently conducts confidential internal investigations involving executive-level employees, including alleged fraud, theft or misuse of company data, trade secrets, sexual harassment and code of conduct violations. She routinely counsels, investigates and litigates restrictive covenant and trade secrets disputes between employers and former employees.

Connie has defended complex whistleblower, trade secrets and restrictive...

Jack Blum Polsinelli Employment Attorney

Jack Blum is an associate in the firm’s Employment Disputes, Litigation, and Arbitration practice, where he represents employers in connection with a wide range of employment law issues. Jack has extensive experience in defending employers against claims by their employees in federal and state courts, as well as before government agencies like the EEOC, Department of Labor, and state human rights commissions. Jack aggressively defends his client’s personnel practices and decisions while not losing sight of their underlying business goals and objectives. Jack represents clients in all aspects of complex employment litigation and has advised and defended employer clients regarding a wide variety of employee claims, including:

• Employment discrimination, harassment, and retaliation
• Wage and hour
• Employment contract disputes
• Independent contractor/employee misclassification audits 
• Tort claims arising out of the employment relationship

Jack also has extensive experience representing parties in litigation arising from employee mobility, including claims involving non-competition, non-solicitation, and confidentiality agreements as well as the misappropriation of trade secrets. Significantly, Jack has experience in both prosecuting and defending these claims and is, therefore, able to offer clients a well-rounded assessment of their options and courses of action. Jack also has experience redressing employee data breaches under the Computer Fraud and Abuse Act.

Jack also has a background in employment counseling, where he has worked closely with in-house counsel, human resources personnel, and business executives to craft personnel policies that meet the client’s business requirements while complying with applicable laws. Jack has particular experience in assisting clients with issues relating to employee/independent contractor classifications, and regularly advises clients regarding the defensibility of classifications, drafts independent contractor agreements to provide the strongest possible arguments in support of the classification, and defends misclassification claims asserted by employees and government agencies. Jack also walks clients through sensitive personnel actions to reduce the potential for litigation or at least best position the client in the event that litigation is inevitable. Jack draws heavily upon this counseling experience in representing clients in litigation.

During law school, Jack served as a legal intern in the U.S. Securities and Exchange Commission’s Office of the Inspector General where he contributed to several high-profile internal investigations, and also interned with the Maryland Attorney General’s Office.