Third Circuit Confirms Limits on Scope of Protected Activity Under SOX
On July 16, 2020, the Third Circuit affirmed the dismissal of a former IT analyst’s whistleblower retaliation claim, holding that he lacked an objectively reasonable belief that his complaints implicated one of the enumerated forms of fraud in the SOX whistleblower provision. Reilly v. GlaxoSmithKline, LLC, No. 19-cv-2897.
Plaintiff was an IT analyst for the Company, where his duties included maintaining the Company’s AS/400 computer servers and addressing performance and security issues related to them. Beginning in 2011, Plaintiff allegedly began complaining to his supervisor about performance issues caused by the decision to “uncap” the servers’ processors, which allowed them to share capacity. In 2013, he allegedly voiced an additional concern that the servers’ access management plan provided certain users with more authority than they should be allowed. Plaintiff was placed in charge of remediating both of the foregoing issues. Plaintiff escalated his complaints to the Company’s compliance office in 2014, then to the CEO in 2015, adding that he believed these issues were not adequately disclosed in the Company’s 2013 SEC report. In response, the Company conducted two internal investigations, both of which concluded that Plaintiff’s complaints were unfounded.
In 2014, due to a decision to outsource management of the AS/400 servers, Plaintiff was notified that his department would be reduced to one analyst position and one manager position. Believing he was “protected” due to his complaints, plaintiff decided not to apply for the remaining analyst position and his employment was eventually terminated in June 2015. One month later, Plaintiff filed a SOX whistleblower retaliation complaint in the U.S. District Court for the Eastern District of Pennsylvania. The Court granted the Company’s motion for summary judgment (see our post here).
On appeal, the Third Circuit, relying on its decision in Wiest v. Tyco Elecs. Corp., 812 F.3d 319 (3d Cir. 2016) (see our post on that decision here), reiterated that “Section 806 of SOX protects whistleblowing employees from retaliation for providing information regarding conduct which the employee reasonably believes constitutes mail fraud, wire fraud, bank fraud, securities fraud, a violation of any rule or regulation of the SEC, or fraud against shareholders.” The court held that Plaintiff failed to show that his “belief” that the Company was committing one of the enumerated forms of fraud was objectively reasonable. First, the court found that it would not have been objectively reasonable for Plaintiff to believe that the Company was perpetuating a fraud while, at the same time, assigning him to remediate the very issues he complained of. Describing Plaintiff’s complaints as “workplace disagreements about routine IT issues,” the Court noted that the Company was not required to include such technical details in its SEC reports. In fact, the court stated that in its annual SEC reports, the Company had sufficiently disclosed risks related to cybersecurity and its computer systems, which in any event, did not relate to fraud. Finding that Plaintiff had failed to show that his complaints about internal controls “relat[ed] in an understandable way” to any of Section 806’s enumerated forms of fraud, the court affirmed the lower court’s ruling dismissing Plaintiff’s claim.
Reilly reinforces that employees complaining of alleged violations of internal company policies or controls must still state an objectively reasonable belief that those violations implicate one of the provisions specifically enumerated in SOX.