What SOX § 806 protects and how it operates
Section 806 of the Sarbanes-Oxley Act of 2002 is the federal anti-retaliation framework for employees of publicly traded companies and the broader corporate ecosystem that services them. The statute was enacted in the wake of the corporate accounting scandals of the late 1990s and early 2000s — Enron, WorldCom, Tyco, Adelphia, Global Crossing, and similar matters that revealed systemic failures in corporate financial reporting, audit oversight, and management accountability. In each of those matters, the underlying fraud could have been detected and addressed substantially earlier if internal whistleblowers had been protected from retaliation. The legislative response was the Sarbanes-Oxley Act, a comprehensive reform statute that addressed financial reporting requirements, audit committee independence, criminal penalties for corporate fraud, and — under Title VIII, the Corporate and Criminal Fraud Accountability Act of 2002 — the anti-retaliation framework for employee whistleblowers.
The structure of SOX § 806 reflects three core legislative judgments. First, corporate financial fraud is most reliably detected by insiders — employees, officers, and contractors who have day-to-day access to the financial reporting process and the audit trail. Second, internal reporting through corporate compliance channels is often inadequate to address fraud because the very personnel who would be tasked with investigating may themselves be implicated in or aligned with the fraud. Third, effective whistleblower protection requires both broad coverage (reaching all employees in the corporate-services ecosystem) and substantial remedial mechanisms (federal court access, jury trial, meaningful damages). Each of these judgments is reflected in the statutory architecture as it has been developed through the original 2002 enactment, the Dodd-Frank 2010 amendments, and the Supreme Court’s interpretations in Lawson and Murray.
“No [covered] company… or any officer, employee, contractor, subcontractor, or agent of such company, may discharge, demote, suspend, threaten, harass, or in any other manner discriminate against an employee in the terms and conditions of employment because of any lawful act done by the employee —
“(1) to provide information, cause information to be provided, or otherwise assist in an investigation regarding any conduct which the employee reasonably believes constitutes a violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders, when the information or assistance is provided to or the investigation is conducted by — (A) a Federal regulatory or law enforcement agency; (B) any Member of Congress or any committee of Congress; or (C) a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct); or
“(2) to file, cause to be filed, testify, participate in, or otherwise assist in a proceeding filed or about to be filed (with any knowledge of the employer) relating to an alleged violation of section 1341, 1343, 1344, or 1348, any rule or regulation of the Securities and Exchange Commission, or any provision of Federal law relating to fraud against shareholders.”
How Section 922 of Dodd-Frank transformed SOX § 806
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Pub. L. No. 111-203 (July 21, 2010), made several critical amendments to SOX § 806 through Section 922. The amendments were enacted in the aftermath of the 2008 financial crisis and reflected congressional recognition that the original 2002 SOX § 806 framework had been insufficient to surface the systemic fraud that contributed to the crisis. Section 922 substantially strengthened the SOX § 806 framework along four major dimensions.
Section 922(c) of Dodd-Frank extended the OSHA filing deadline from 90 days to 180 days after the date on which the violation occurs or after the date on which the employee became aware of the alleged violation. The pre-Dodd-Frank 90-day deadline had been a substantial impediment to SOX claims — employees often required substantially longer to recognize the connection between their fraud reports and subsequent adverse personnel actions, particularly where the retaliation was structured to appear unrelated to the protected activity.
Section 922(c) of Dodd-Frank explicitly added the right to jury trial in district court actions brought under the SOX § 806 kick-out provision at 18 U.S.C. § 1514A(b)(1)(B). Before Dodd-Frank, federal courts had reached inconsistent conclusions about whether the SOX § 806 kick-out provided a jury trial right; Section 922(c) resolved the question definitively in favor of the right. The jury trial right is significant because juries — drawn from the community in which the alleged fraud occurred — have historically been more receptive to SOX whistleblower claims than judges, particularly where the corporate defendant is well-resourced and where the underlying fraud is technically complex.
Section 922(c) added 18 U.S.C. § 1514A(e), which provides that “no predispute arbitration agreement shall be valid or enforceable, if the agreement requires arbitration of a dispute arising under this section.” The arbitration unenforceability provision is one of the most significant employee-favorable amendments in modern federal whistleblower law and distinguishes SOX § 806 from many other federal whistleblower frameworks. Section 1514A(e) also bars any waiver of SOX § 806 rights by employer-imposed agreement, policy, or condition of employment.
Section 922(b) of Dodd-Frank added coverage for employees of nationally recognized statistical rating organizations (NRSROs) as defined in Section 3(a) of the Securities Exchange Act — Moody’s, S&P Global Ratings, Fitch Ratings, and similar credit rating agencies. The addition reflected congressional concern that NRSRO ratings had played a central role in the 2008 financial crisis (particularly with respect to the inflated ratings of mortgage-backed securities) and that NRSRO employees who wished to report rating-process irregularities required the same protection available to employees of the publicly traded companies whose securities the NRSROs rated.
The Dodd-Frank 2010 amendments to SOX § 806 should be understood as part of the broader Dodd-Frank framework, which also created the separate SEC whistleblower bounty program under Section 922(a) of the Act, codified at 15 U.S.C. § 78u-6. The SEC whistleblower program provides monetary awards (10%–30% of monetary sanctions exceeding $1 million) to whistleblowers who provide original information leading to successful SEC enforcement actions — including FCPA enforcement actions, which have generated some of the largest SEC whistleblower awards in history. SOX § 806 and the SEC whistleblower program operate together: SOX § 806 provides anti-retaliation protection; the SEC program provides monetary award incentives.
Who is protected by SOX § 806
SOX § 806’s coverage is broader than the statutory label “publicly traded companies” might suggest. The Supreme Court’s decision in Lawson v. FMR LLC dramatically expanded the statute’s reach, and the Dodd-Frank amendments added the NRSRO category. The current scope of coverage encompasses five major categories.
Companies with a class of securities registered under Section 12 of the Securities Exchange Act of 1934 (15 U.S.C. § 78l) — meaning companies whose securities are listed on a national securities exchange or that have substantial public ownership. The vast majority of well-known U.S. corporations fall in this category.
Companies that are required to file reports under Section 15(d) of the Securities Exchange Act (15 U.S.C. § 78o(d)) — including companies with public bond offerings even without publicly traded stock. This category expands coverage beyond the publicly listed equity universe.
Subsidiaries and affiliates of publicly traded companies whose financial information is included in the consolidated financial statements of the parent are also covered. The OSHA regulations and ARB case law have applied this coverage broadly to ensure that the parent company cannot insulate its consolidated operations from SOX § 806 liability by routing employment relationships through subsidiary entities.
Employees of contractors, subcontractors, and agents of publicly traded companies are also covered per Lawson v. FMR LLC, 571 U.S. 429 (2014). This is the largest single category by population — investment advisers, accounting firms, law firms, consulting firms, IT services firms, and similar contractors that serve publicly traded clients.
Nationally recognized statistical rating organizations (NRSROs) and their officers, employees, contractors, subcontractors, and agents — added by Section 922(b) of Dodd-Frank. Covers Moody’s, S&P Global Ratings, Fitch Ratings, and other registered credit rating agencies.
Section 1514A(a) explicitly identifies individual respondents alongside the corporate respondent. Officers, employees, contractors, subcontractors, and agents of covered companies can be named as respondents in OSHA administrative complaints and in federal court actions under the 180-day kick-out.
The Lawson doctrine in depth
The Supreme Court’s decision in Lawson v. FMR LLC, 571 U.S. 429 (2014), substantially expanded SOX § 806’s coverage to include employees of contractors and subcontractors of publicly traded companies. Before Lawson, there had been substantial circuit-court disagreement over whether SOX § 806 covered only direct employees of the publicly traded company itself or also covered the much larger population of employees who worked for contractors, subcontractors, and similar entities providing services to the publicly traded company.
The Supreme Court resolved the question in favor of broad coverage. The Court held that the statutory phrase “no [covered] company… or any officer, employee, contractor, subcontractor, or agent of such company, may discharge… an employee” protects employees of the contractors and subcontractors — not just employees of the publicly traded company. The Court reasoned that the “employee” being protected is the employee of the entity doing the discriminating, which under the statutory text includes contractors and subcontractors of publicly traded companies.
The decision dramatically expanded SOX § 806’s reach. Post-Lawson, the relevant question for coverage analysis is whether the employee’s employer is a contractor or subcontractor of any publicly traded company, not whether the employee is directly employed by the publicly traded company itself. The expanded coverage encompasses:
- Investment advisers — The Lawson plaintiffs themselves worked for investment advisers servicing publicly traded mutual funds.
- Public accounting firms — Employees of audit firms that conduct audits of publicly traded clients.
- Law firms — Employees of law firms that represent publicly traded clients on securities, M&A, financial reporting, and related matters.
- Consulting firms — Employees of management consulting, financial advisory, restructuring, and similar consulting firms engaged by publicly traded clients.
- IT and technology services firms — Employees of IT services, cybersecurity, data analytics, and similar firms engaged by publicly traded clients.
- Other corporate-services contractors — Employees of advertising agencies, public relations firms, executive search firms, benefit administrators, and other contractors engaged by publicly traded clients.
What kinds of reports trigger SOX § 806 protection
SOX § 806(a)(1) protects employees who “provide information, cause information to be provided, or otherwise assist in an investigation” regarding conduct the employee reasonably believes constitutes one of six categories of federal fraud violations.
Six categories of protected reports
Reports of conduct the employee reasonably believes constitutes mail fraud — the use of the U.S. Postal Service or interstate mail carriers in furtherance of a scheme to defraud. Mail fraud is a broad federal criminal statute frequently used to prosecute corporate fraud schemes.
Reports of conduct the employee reasonably believes constitutes wire fraud — the use of interstate wire, radio, or television communications in furtherance of a scheme to defraud. Wire fraud is the federal criminal statute most frequently used to prosecute modern corporate fraud schemes given the ubiquity of electronic communications in corporate operations.
Reports of conduct the employee reasonably believes constitutes bank fraud — schemes to defraud a financial institution or to obtain funds, credits, assets, securities, or other property from a financial institution by false or fraudulent pretenses.
Reports of conduct the employee reasonably believes constitutes securities fraud — schemes to defraud in connection with any security of a covered company or to obtain money or property in connection with the purchase or sale of any security of a covered company. The securities fraud statute is broad and reaches virtually any corporate financial fraud affecting the integrity of securities markets.
Reports of conduct the employee reasonably believes constitutes a violation of any rule or regulation of the Securities and Exchange Commission. This category is exceptionally broad and reaches the full body of SEC regulations including disclosure requirements under Regulation S-K, Regulation S-X, Regulation FD, internal control requirements under SOX itself, insider trading restrictions, the FCPA accounting provisions, and the full range of other SEC regulatory frameworks.
Reports of conduct the employee reasonably believes constitutes a violation of any provision of federal law relating to fraud against shareholders. This catch-all category reaches federal legal violations that may not fit cleanly within the mail/wire/bank/securities fraud framework but that involve fraud against shareholders — including FCPA anti-bribery violations where corrupt payments deceive shareholders about the true nature of company expenditures.
Reporting recipients
SOX § 806(a)(1)(A)–(C) requires the protected report to be made to one of three categories of recipients:
- (A) A Federal regulatory or law enforcement agency. Including the SEC, the FBI, DOJ, FINRA, CFTC, FDIC, OCC, and any other federal regulatory or law enforcement agency with potential jurisdiction over the reported conduct.
- (B) Any Member of Congress or any committee of Congress. Reports to congressional offices or congressional committees are explicitly protected.
- (C) A person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct). The internal reporting prong is critical because most fraud reports are first made internally.
Section 1514A(a)(1)(C)’s internal reporting protection is a critical feature that distinguishes SOX § 806 from the separate Dodd-Frank anti-retaliation provision under § 21F of the Exchange Act. The Supreme Court’s decision in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), held that the Dodd-Frank anti-retaliation provision requires the employee to have reported to the SEC, not merely internally. SOX § 806 has no such requirement — internal reporting to a supervisor or to a person with authority to investigate, discover, or terminate misconduct is squarely within the protected category.
The result is that SOX § 806 provides broader anti-retaliation coverage than Dodd-Frank § 21F for the substantial population of employees who report fraud internally before (or instead of) reporting externally to the SEC.
The “reasonably believes” standard
The protected-activity provisions require only that the employee “reasonably believes” the reported conduct constitutes a violation — not that an actual violation has occurred. The standard has two components: (1) a subjective component — the employee must in fact hold the belief in good faith; and (2) an objective component — the belief must be one that a reasonable person in the employee’s circumstances could have held given the information available. The employee is not required to prove the underlying fraud actually occurred and is not required to use technical legal language in the report.
What kinds of fraud actually trigger SOX § 806 protection
The categories of protected reports under SOX § 806 are abstract: “mail fraud,” “wire fraud,” “SEC rule violations,” “federal law relating to fraud against shareholders.” In practice, SOX § 806 matters arise from a finite set of recurring fraud patterns that have appeared and reappeared in corporate enforcement matters over the past several decades. Understanding the typical fraud patterns is important for both employees evaluating potential reports and for counsel evaluating SOX § 806 matters. The categories below describe the major fraud patterns that constitute SOX § 806 protected reports.
The most common single category of corporate financial fraud. Companies are under constant pressure to meet or exceed quarterly revenue forecasts, and the pressure produces a wide range of revenue manipulation techniques. Common patterns include:
- Premature revenue recognition — booking revenue before it is earned under applicable accounting standards (typically ASC 606 for modern revenue contracts). Examples: booking revenue before the customer takes delivery; booking revenue before customer acceptance milestones are achieved; booking revenue on contracts subject to substantial customer right of return.
- Channel stuffing — forcing distributors, dealers, or customers to take excess inventory at quarter end to artificially inflate reported revenue. The excess inventory typically returns in the subsequent quarter or is sold at substantially discounted prices, masking the true revenue trend.
- Round-trip transactions — sham sales structured with offsetting purchase agreements where the company effectively buys back what it sells, creating the appearance of arms-length revenue.
- Side agreements not disclosed to auditors — written or oral side agreements with customers that materially modify the terms of recorded sales (return rights, payment timing, customer acceptance conditions) but are concealed from the audit team to permit revenue recognition.
- Bill-and-hold arrangements — recording revenue for goods that have been “billed” to customers but remain in the company’s possession, frequently without the documentation required by SEC accounting guidance for legitimate bill-and-hold transactions.
- Multi-element revenue arrangements — improper allocation of revenue across components of bundled transactions to accelerate revenue recognition or to inflate margins on specific elements.
- Long-term contract revenue manipulation — improper percentage-of-completion estimates that accelerate revenue recognition on long-term contracts, particularly common in construction, defense, aerospace, and engineering-services industries.
- Subscription and SaaS revenue manipulation — improper recognition of upfront payments, improper treatment of contract modifications, or improper revenue allocations across multi-year subscription contracts.
Manipulating the income statement by capitalizing expenses as assets rather than recognizing them as period costs. Capitalized expenses appear on the balance sheet rather than as expenses on the income statement, artificially inflating reported earnings. Common patterns include:
- Operating expense capitalization — capitalizing routine operating expenses (rent, salaries, utilities) as capital expenditures or as inventory. The WorldCom fraud famously involved capitalization of routine telecommunications line costs.
- Software development cost capitalization — improper application of ASC 985-20 or ASC 350-40 to capitalize software development costs that should be expensed under applicable accounting standards.
- Research and development capitalization — capitalizing R&D costs that should be expensed under ASC 730, particularly common in pharmaceutical, biotechnology, and technology industries.
- Deferred cost manipulation — recording costs as deferred assets to be amortized over future periods rather than recognizing them as current-period expenses.
- Inventory cost classification — including period costs (selling, general, administrative) in inventory cost rather than as period expenses, artificially inflating current earnings while creating future earnings drag.
Manipulating inventory balances to overstate assets and understate cost of goods sold, producing inflated earnings. Common patterns include:
- Ghost inventory — recording inventory that does not physically exist or that has been double-counted across multiple locations.
- Inventory overvaluation — carrying obsolete, damaged, or otherwise impaired inventory at full cost rather than writing it down to net realizable value as required by ASC 330.
- Cutoff manipulation — manipulating the timing of inventory recognition at period-end, including shipping goods to off-site locations to remove them from year-end physical counts or holding goods at suppliers to keep them off the books.
- Cycle count manipulation — manipulating physical inventory counts through deliberately incorrect counting, double-counting, or falsified count sheets.
- LIFO/FIFO manipulation — improper application of inventory cost flow assumptions to produce inflated earnings.
- Inventory location concealment — concealing the physical location of inventory or maintaining inventory at unauthorized locations to facilitate fraudulent counts.
Overstating the value of assets carried on the balance sheet to inflate net assets and book value, often by avoiding required impairment writedowns. Common patterns include:
- Goodwill impairment avoidance — failing to record required goodwill impairments under ASC 350, particularly when underlying business operations have deteriorated.
- Intangible asset overvaluation — carrying intangible assets (customer lists, technology, brand names) at amounts exceeding fair value under ASC 350.
- Fixed asset overvaluation — failing to record required impairments of property, plant, and equipment under ASC 360.
- Mark-to-market manipulation — manipulating fair value measurements for level 2 or level 3 financial instruments under ASC 820. Particularly prevalent in financial services and energy trading.
- Hard-to-value (level 3) asset overvaluation — overstating fair value of level 3 assets (instruments without observable market prices) where management has substantial discretion in valuation methodology.
- Investment securities overvaluation — failing to recognize required other-than-temporary impairments or carrying available-for-sale securities at amounts exceeding fair value.
Concealing transactions between the company and related parties (officers, directors, affiliated entities, controlling shareholders) that have not been disclosed as required under ASC 850 and SEC Regulation S-K Item 404. Common patterns include:
- Undisclosed related-party transactions — transactions with related parties not disclosed in financial statement footnotes or in proxy statement Item 404 disclosures.
- Non-arm’s-length pricing — transactions priced on terms substantially different from those available in arm’s-length transactions with unrelated parties.
- Family-owned vendor arrangements — purchasing arrangements with vendors owned by family members of officers or directors, frequently at inflated prices.
- Executive-affiliated entity transactions — transactions with entities controlled by or affiliated with executive officers, including consulting arrangements, leasing arrangements, and supply arrangements.
- Joint venture parent-affiliate dealings — undisclosed dealings between joint ventures and their parent companies or affiliates of the parent.
Concealing liabilities through structures that keep them off the company’s reported balance sheet, producing misleading leverage and financial position metrics. The Enron fraud famously involved extensive use of special-purpose entities to conceal liabilities. Common patterns include:
- Special-purpose entities (SPEs) — using off-balance-sheet entities to hold debt or obligations that should be consolidated under ASC 810.
- Synthetic lease abuse — using synthetic lease structures to keep what is economically debt off the balance sheet.
- Unconsolidated affiliate exposures — undisclosed exposures to unconsolidated affiliates including guarantee obligations, contingent liabilities, and economic interests.
- Guarantee obligations understatement — failure to disclose or accrue for guarantee obligations under ASC 460.
- Contingent liabilities understatement — failure to accrue or disclose probable or reasonably possible liabilities under ASC 450 (loss contingencies). Common in litigation, environmental, regulatory, and warranty contexts.
- Pension and OPEB underaccounting — manipulation of actuarial assumptions to understate pension and other post-employment benefit liabilities under ASC 715.
Trading in company securities (or tipping others to trade) on the basis of material non-public information, in violation of federal securities laws and SEC Rule 10b-5. Common patterns include:
- Insider trading by officers and directors — trading in advance of material non-public corporate developments (earnings announcements, M&A transactions, regulatory actions, clinical trial results).
- Tipping material non-public information — providing material non-public information to third parties who then trade, in violation of Rule 10b-5 and the misappropriation theory of insider trading.
- Selective disclosure violations (Regulation FD) — disclosing material non-public information to selected analysts, investors, or others in violation of Regulation FD’s prohibition on selective disclosure.
- Pre-announcement trading window violations — trading during company-imposed blackout periods or otherwise in violation of company insider trading policies.
- Rule 10b5-1 plan manipulation — manipulating Rule 10b5-1 trading plans to permit trading on the basis of material non-public information that becomes available after plan adoption.
Material omissions or misstatements in periodic SEC filings, registration statements, proxy statements, or other public disclosures. Common patterns include:
- MD&A misstatements — material misstatements or omissions in Management’s Discussion and Analysis (Item 303 of Regulation S-K), including omitted known trends, uncertainties, or material changes in financial condition or results of operations.
- Risk factor inadequacies — failure to disclose material risks in the risk factor section (Item 105 of Regulation S-K) of registration statements and periodic reports.
- Material event disclosure failures — failure to timely disclose material events on Form 8-K within the required four-business-day window.
- Subsequent event disclosure failures — failure to disclose material subsequent events occurring after the balance sheet date but before issuance of the financial statements.
- Forecast and guidance misstatements — material misstatements in earnings guidance, revenue forecasts, or other forward-looking statements.
- Going concern omissions — failure to disclose substantial doubt about the company’s ability to continue as a going concern under ASC 205-40.
- Material weakness omissions — failure to disclose material weaknesses in internal control over financial reporting under Item 308 of Regulation S-K and SOX Section 404.
- Cybersecurity incident disclosure failures — under the SEC’s 2023 cybersecurity disclosure rules, failure to timely disclose material cybersecurity incidents on Form 8-K Item 1.05 or to provide required cybersecurity risk management disclosures.
Failures in internal control over financial reporting and disclosure controls and procedures, often material to financial statement reliability. Common patterns include:
- Material weakness concealment — concealing identified material weaknesses or significant deficiencies from external auditors, the audit committee, or required SEC disclosure.
- Section 404 attestation issues — improper management or auditor attestations regarding effectiveness of internal control over financial reporting under SOX Section 404.
- Section 302 certification issues — false CEO/CFO certifications under SOX Section 302 regarding fair presentation of financial statements and disclosure controls effectiveness.
- Segregation of duties failures — failure to maintain appropriate segregation of duties in financial reporting processes.
- IT general controls deficiencies — material deficiencies in IT general controls over financial reporting systems, including access controls, change management, and program development controls.
- Override of controls by management — management override of internal controls (the “tone at the top” problem), often used to perpetrate financial fraud.
- Documentation deficiencies — inadequate documentation of internal control design or operating effectiveness, particularly in areas requiring management judgment.
Manipulating accounting estimates (reserves, allowances, accruals) to manage reported earnings across periods. Common patterns include:
- Cookie-jar reserves — creating excessive reserves in profitable periods that can be released in subsequent periods to “smooth” earnings, in violation of the matching principle and ASC requirements.
- Big-bath accounting — recording excessive impairments and restructuring charges in periods that are already poor to reset the baseline for future periods.
- Bad debt reserve manipulation — manipulation of allowance for doubtful accounts to manage current-period earnings.
- Return reserve manipulation — manipulation of sales return reserves to smooth or inflate reported revenue.
- Warranty reserve manipulation — under- or over-accrual of warranty reserves to manage current-period margins.
- Litigation reserve manipulation — manipulation of litigation reserves under ASC 450 to manage reported earnings.
- Restructuring reserve manipulation — recording restructuring charges that exceed actual restructuring costs (creating a cookie-jar reserve) or failing to record required restructuring costs to defer recognition.
- Pension and OPEB assumption manipulation — manipulation of discount rate, expected return on plan assets, and other actuarial assumptions to manage reported pension expense.
Conduct designed to obstruct, mislead, or improperly influence the external audit process. Common patterns include:
- Concealing information from auditors — withholding documents, side agreements, communications, or other information material to the audit.
- Pressuring auditors to accept improper treatment — pressuring engagement teams to accept aggressive accounting positions through complaints to firm leadership, threats to replace the auditor, or other pressure tactics.
- Influencing the audit committee — improperly influencing the audit committee’s selection or evaluation of auditors, particularly to suppress audit findings.
- Restricting audit scope — improperly limiting the scope of audit procedures, restricting access to subsidiary records, or restricting audit team access to personnel.
- Document destruction during audit — destroying documents during or in anticipation of audit, including communications that would expose financial reporting irregularities.
- Witness coaching — coaching employees on what to say (and what not to say) to auditors regarding accounting and disclosure matters.
Trading or other conduct designed to manipulate the price of company securities in violation of federal securities laws. Common patterns include:
- Pump-and-dump schemes — coordinated efforts to artificially inflate stock price followed by insider selling at inflated prices.
- Spoofing and layering — placing orders without intent to execute to create false appearance of supply or demand.
- Wash trading — coordinated trades between affiliated parties to create false appearance of trading volume.
- Marking the close — concentrated trading near the close of trading to influence closing prices.
- Cross-trade manipulation — manipulation of cross-trades between affiliated accounts or funds at off-market prices.
- Buyback manipulation — manipulation of corporate share repurchase programs to support stock price.
Particularly common in the financial services sector, including patterns that contributed to the 2008 financial crisis. Common patterns include:
- Mortgage-backed securities misrepresentation — misrepresentation of underlying mortgage characteristics, loan-to-value ratios, owner-occupancy, or other material loan characteristics in securitization disclosure.
- Loan loss reserve manipulation — manipulation of allowance for loan losses under CECL (current expected credit losses) standard or prior incurred-loss standard.
- Subprime exposure misrepresentation — misrepresentation of company exposure to subprime, distressed, or non-performing assets.
- Credit quality misrepresentation — misrepresentation of credit ratings, credit quality, or risk profile of loan portfolios or investment portfolios.
- Underwriting standards misrepresentation — misrepresentation of loan underwriting standards or loan origination practices.
- Bank Secrecy Act / Anti-Money Laundering violations — violations of BSA/AML requirements under 31 U.S.C. § 5311 et seq. and the implementing regulations.
Conduct designed to suppress, obstruct, or cover up other whistleblower complaints or related investigations. Common patterns include:
- Retaliation against other whistleblowers — retaliation against employees who have previously reported fraud, often used to deter future reports.
- Concealing internal investigations — concealing the existence, scope, or findings of internal investigations into fraud allegations.
- Improperly closing investigations — closing internal investigations without adequate investigation, without addressing root causes, or with predetermined outcomes.
- Witness intimidation — intimidating witnesses to internal investigations, government investigations, or litigation.
- Document destruction — destroying documents in anticipation of or during regulatory investigations, government inquiries, or litigation.
- Privilege misuse — using attorney-client privilege or work product doctrine to improperly conceal underlying facts (as opposed to legal advice).
The categories above are illustrative rather than exhaustive. SOX § 806 protects reports of any conduct the employee reasonably believes constitutes mail fraud, wire fraud, bank fraud, securities fraud, an SEC rule or regulation violation, or a violation of federal law relating to fraud against shareholders. The “reasonably believes” standard means that the employee does not need to correctly characterize the fraud as fitting one of these technical categories — the employee need only reasonably believe that the reported conduct violates federal fraud or securities law. Many SOX § 806 matters involve novel or hybrid fraud patterns that combine elements of several categories.
How Foreign Corrupt Practices Act reports trigger SOX § 806 protection
The Foreign Corrupt Practices Act of 1977 (FCPA), codified at 15 U.S.C. §§ 78dd-1, 78dd-2, 78dd-3 (anti-bribery provisions) and 15 U.S.C. § 78m(b)(2)(A)–(B) (accounting provisions), is the principal U.S. anti-corruption statute. The FCPA prohibits corrupt payments to foreign government officials for business purposes and imposes accounting and internal controls requirements on issuers. The statute is enforced civilly by the Securities and Exchange Commission and criminally by the Department of Justice. FCPA enforcement actions have produced some of the largest corporate penalties in federal enforcement history.
FCPA violations have a direct and important connection to SOX § 806. Reports of FCPA violations frequently constitute SOX § 806 protected activity through multiple pathways. The connection is structural rather than incidental — the FCPA accounting provisions are SEC-administered rules, and FCPA bribery payments necessarily distort the books and records of the company in ways that affect shareholder reporting.
The two parts of the FCPA
The FCPA anti-bribery provisions prohibit corrupt payments — including payments of money, things of value, gifts, entertainment, charitable contributions, or other things of value — to foreign government officials, foreign political parties or party officials, or candidates for foreign political office for the purpose of obtaining or retaining business or directing business to any person. The anti-bribery provisions apply to: issuers (publicly traded companies) under § 78dd-1; domestic concerns (U.S. persons and entities) under § 78dd-2; and foreign persons and entities acting in U.S. territory under § 78dd-3. The provisions also reach intermediary payments — companies cannot pay third parties knowing the payment will be passed to foreign officials.
The FCPA accounting provisions apply to issuers (publicly traded companies). The books-and-records provision under § 78m(b)(2)(A) requires issuers to “make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer.” The internal accounting controls provision under § 78m(b)(2)(B) requires issuers to “devise and maintain a system of internal accounting controls sufficient to provide reasonable assurances” about specific accounting outcomes including: transactions are executed with management authorization; transactions are recorded as necessary to permit GAAP-compliant financial statements; access to assets is permitted only with management authorization; and recorded assets are compared with existing assets at reasonable intervals.
FCPA coverage
FCPA coverage tracks closely with SOX § 806 coverage but operates through different categories. The anti-bribery provisions apply to:
- Issuers (15 U.S.C. § 78dd-1) — any issuer with a class of securities registered under § 12 of the Exchange Act or required to file under § 15(d). Includes foreign issuers whose securities are traded on U.S. exchanges or that have U.S. reporting obligations.
- Domestic concerns (15 U.S.C. § 78dd-2) — U.S. citizens, nationals, and residents, and U.S. entities (corporations, partnerships, etc., organized under U.S. law or with principal place of business in the U.S.).
- Foreign persons and entities (15 U.S.C. § 78dd-3) — foreign persons and entities acting “while in the territory of the United States” to make corrupt payments.
The accounting provisions apply only to issuers — which is the same population covered by SOX § 806’s publicly-traded-company prong.
How FCPA reports trigger SOX § 806 protection
Reports of FCPA violations are SOX § 806 protected activity through multiple pathways. The connection is direct because FCPA accounting violations are SEC rule violations, and FCPA anti-bribery violations necessarily create accounting violations:
The FCPA accounting provisions are SEC-administered rules. Reports of FCPA accounting violations (books-and-records violations under § 78m(b)(2)(A) or internal accounting controls violations under § 78m(b)(2)(B)) are reports of “any rule or regulation of the Securities and Exchange Commission” under § 1514A(a)(1)(E). This pathway is the most direct and most commonly invoked — virtually every FCPA-related whistleblower report triggers SOX § 806 protection through this pathway because FCPA bribery payments necessarily affect the company’s books and records.
FCPA bribery payments are typically concealed as legitimate business expenses — consulting fees, marketing expenses, commissions, charitable contributions, gifts, travel and entertainment, intermediary payments, and similar expense categories. The misclassification is itself a books-and-records violation under § 78m(b)(2)(A). Reports of these misclassifications trigger SOX § 806 protection under the SEC rule violation prong.
When FCPA violations result in material misstatements in periodic SEC filings — including misstated expense categories, undisclosed contingent liabilities for FCPA penalties, false certifications under SOX Sections 302 and 404, or misleading disclosures about company controls and compliance — the misstatements constitute reports of securities fraud under 18 U.S.C. § 1348 within the meaning of § 1514A(a)(1)(D).
FCPA anti-bribery violations may themselves constitute “any provision of federal law relating to fraud against shareholders” under § 1514A(a)(1)(F) — because corrupt foreign payments deceive shareholders about the true nature of company expenditures, create undisclosed contingent liabilities for FCPA penalties, and may distort reported earnings and margins by inflating revenue from corruptly obtained business.
Common FCPA whistleblower scenarios
FCPA whistleblower matters arise from a recurring set of factual patterns reflecting the typical mechanisms of foreign corruption:
- Subsidiary employee identifying improper foreign payments. A subsidiary employee — typically in a finance, accounting, controlling, or operations role — identifies payments to foreign government officials disguised as consulting fees, agent commissions, charitable contributions, or other expense categories.
- Internal audit employee identifying intermediary payment schemes. An internal audit employee identifies payments to third-party intermediaries — agents, distributors, joint venture partners, consultants — where the third party has connections to foreign officials and where the company has performed inadequate due diligence.
- Compliance officer identifying inadequate due diligence on foreign agents. A compliance officer identifies systemic failures in the company’s due diligence on foreign agents, distributors, or joint venture partners — including failures to identify red flags such as politically exposed persons, government connections, or unusual compensation structures.
- Accountant identifying misclassified expenses associated with bribery. An accountant identifies a pattern of misclassified expenses — particularly large or unusual payments to consultants, intermediaries, or charitable organizations — that lack adequate documentation or appear inconsistent with the company’s stated business operations.
- Executive identifying systemic FCPA violations. A senior executive — typically a CFO, controller, general counsel, chief compliance officer, or business unit leader — identifies systemic FCPA violations in foreign operations and seeks remediation, only to face retaliation from other senior management.
- Local employee in foreign jurisdiction identifying improper payments. An employee in a foreign jurisdiction (frequently a finance manager, country manager, or operations leader) identifies improper payments to local government officials and reports them to U.S. parent company personnel.
- Acquisition diligence team identifying legacy FCPA exposure. An employee on an acquisition diligence team identifies legacy FCPA exposure at a target company that the company has decided to acquire despite the exposure.
- Tax employee identifying foreign payments inconsistent with business purposes. A tax employee identifies foreign payments that appear inconsistent with the company’s documented business purposes or that have been structured to avoid tax reporting in ways that suggest underlying corruption.
- Whistleblower facing retaliation after SEC FCPA report. An employee who has reported suspected FCPA violations to the SEC’s Office of the Whistleblower under Dodd-Frank § 21F faces retaliation after the company learns of the report.
The SEC whistleblower program under Dodd-Frank § 21F (15 U.S.C. § 78u-6) covers FCPA reports because the FCPA is SEC-administered. FCPA-related whistleblower awards have included some of the largest SEC whistleblower payments in history because FCPA enforcement actions typically involve substantial penalties.
An FCPA whistleblower may simultaneously: (1) file under SOX § 806 if retaliated against by the employer; (2) seek SEC whistleblower awards under § 21F for the FCPA reporting itself (potentially 10%–30% of monetary sanctions exceeding $1 million); (3) pursue Dodd-Frank § 21F(h) anti-retaliation claims if the whistleblower reported to the SEC; and (4) potentially pursue parallel state-law and federal-law claims.
The DOJ also accepts FCPA reporting through its FCPA self-reporting policy, although DOJ does not maintain a whistleblower bounty program parallel to the SEC’s. Counsel handling FCPA whistleblower matters routinely coordinate across SOX § 806, SEC whistleblower, and DOJ reporting channels.
Contributing factor and the clear-and-convincing affirmative defense
SOX § 806 incorporates the AIR21 burden-shifting framework under 49 U.S.C. § 42121(b) through 18 U.S.C. § 1514A(b)(2)(C). The framework is the same that applies under STAA, FRSA, SPA, FSMA, and the other AIR21-family whistleblower statutes — with one critical addition: the Supreme Court’s most recent and most important interpretation of the contributing-factor standard, Murray v. UBS Securities, LLC, was decided in the SOX § 806 context.
Phase 1: The employee’s contributing-factor showing
“The Secretary may determine that a violation of subsection (a) has occurred only if the complainant demonstrates that any [protected activity] was a contributing factor in the unfavorable personnel action alleged in the complaint.”
The employee’s initial burden is to demonstrate by a preponderance of the evidence that protected activity was a contributing factor in the adverse personnel action. A contributing factor is one that, alone or in combination with other factors, affected in some way the outcome of the employer’s decision.
Phase 2: The employer’s clear-and-convincing affirmative defense
“Relief may not be ordered under subparagraph (A) if the employer demonstrates by clear and convincing evidence that the employer would have taken the same unfavorable personnel action in the absence of that behavior.”
Once the employee establishes contributing-factor causation, the burden shifts to the employer. The employer’s burden is to demonstrate by clear and convincing evidence that it would have taken the same adverse personnel action absent the protected activity. The clear-and-convincing standard is substantially higher than the preponderance standard.
Murray v. UBS Securities — the SOX-anchored contributing-factor decision
The Supreme Court’s decision in Murray v. UBS Securities, LLC, 601 U.S. 23 (2024), is the most important federal whistleblower precedent of the modern era. The decision arose in the SOX § 806 context — Murray was a research strategist at UBS who alleged he was terminated for refusing to skew his research to support UBS’s business relationships, in violation of the firm’s obligations under federal securities law and SEC regulations.
The Court squarely held that the contributing-factor standard does not require proof of retaliatory intent, animus, or motive. The complainant need only show that the protected activity contributed to the adverse action; the complainant is not required to show that the employer harbored a retaliatory state of mind. The decision resolved a circuit split that had created uncertainty about the contributing-factor standard’s elements and squarely rejected the argument that the contributing-factor framework imported a but-for-style animus requirement.
Murray matters for SOX § 806 cases for three reasons. First, the decision was rendered in the SOX § 806 context — meaning Murray is the home-statute Supreme Court precedent rather than a case from another AIR21-family statute that must be applied by analogy. The Court’s reasoning addresses SOX § 806 directly.
Second, the decision resolved the circuit split that had created the most significant doctrinal uncertainty in SOX § 806 litigation. Before Murray, some courts had read SOX § 806 as requiring proof of retaliatory animus — effectively raising the employee’s burden to a but-for-style standard. Murray definitively rejected this approach.
Third, the decision applies across the AIR21-family by extension. While decided in the SOX § 806 context, Murray applies to STAA, FRSA, SPA, FSMA, NTSSA, and other AIR21-incorporating statutes through the shared statutory framework. SOX § 806 thus serves as the doctrinal lead-vehicle for AIR21-family contributing-factor analysis.
How SOX § 806 complaints proceed
SOX § 806 complaints proceed through the OSHA administrative process under 29 CFR Part 1980 with options for completion within the administrative process or kick-out to federal district court.
180-day OSHA filing
An employee who believes that he or she has been retaliated against in violation of SOX § 806 must file a complaint with OSHA within 180 days after the alleged violation occurs or after the date on which the employee became aware of the alleged violation. The deadline was extended from 90 days by Section 922(c) of Dodd-Frank. Complaints may be filed by the employee directly or by another person on the employee’s behalf.
OSHA investigation and preliminary order
OSHA evaluates the complaint and, if it meets the threshold pleading requirements, conducts an investigation. The respondent receives notice and an opportunity to respond. OSHA may interview witnesses, request documents, and conduct other investigatory steps. The investigation produces either a finding of reasonable cause to believe SOX § 806 was violated (followed by a preliminary order requiring relief) or a finding that the complaint should be dismissed.
ALJ hearing and ARB review
Either party may file objections to the OSHA findings within 30 days and request a hearing before a Department of Labor Administrative Law Judge. The ALJ hearing is a de novo evidentiary proceeding. The ALJ’s decision may be appealed to the Department of Labor Administrative Review Board (ARB), and the ARB’s decision may be appealed to the U.S. Court of Appeals.
The 180-day kick-out
“With respect to a complaint under paragraph (1), if the Secretary has not issued a final decision within 180 days of the filing of the complaint and there is no showing that such delay is due to the bad faith of the claimant, the claimant may bring an action at law or equity for de novo review in the appropriate district court of the United States, which shall have jurisdiction over such an action without regard to the amount in controversy, and which action shall, at the request of either party to such action, be tried by the court with a jury.”
The 180-day kick-out is distinctively shorter than the 210-day kick-out applicable to STAA, FRSA, SPA, and most other AIR21-family statutes. The shorter kick-out window reflects Congress’s policy judgment that SOX § 806 claims involving corporate financial fraud should be subject to expedited federal court access. The federal court action is de novo and provides the right to jury trial.
What an employee can recover under SOX § 806
The SOX § 806 damages framework under 18 U.S.C. § 1514A(c) provides three categories of relief.
“(1) In general. — An employee prevailing in any action under subsection (b)(1) shall be entitled to all relief necessary to make the employee whole.
“(2) Compensatory damages. — Relief for any action under paragraph (1) shall include —
“(A) reinstatement with the same seniority status that the employee would have had, but for the discrimination;
“(B) the amount of back pay, with interest; and
“(C) compensation for any special damages sustained as a result of the discrimination, including litigation costs, expert witness fees, and reasonable attorney fees.”
Reinstatement with seniority status
The employee is entitled to reinstatement to the former position with the same seniority status, pay, benefits, and conditions of employment the employee would have had absent the discrimination. Where reinstatement is not feasible, the employee may receive front pay in lieu of reinstatement.
Back pay with interest
The employee is entitled to back pay with interest from the date of the adverse action through reinstatement (or, where reinstatement is not feasible, through judgment). Back pay includes wages, salary, bonus, commissions, benefits, retirement contributions, and other compensation.
Special damages — broadly construed
Section 1514A(c)(2)(C) provides for “compensation for any special damages sustained as a result of the discrimination.” The “special damages” category has been interpreted broadly by the Administrative Review Board and federal courts to encompass:
- Emotional distress and mental anguish damages — the most common application of the special-damages provision.
- Reputational harm — particularly significant in securities-industry matters where reputational damage can substantially affect career prospects.
- Pain and suffering — where the retaliation has caused physical or psychological harm.
- Out-of-pocket expenses — costs of finding alternative employment, costs of relocation, costs of medical care attributable to the retaliation.
- Lost professional opportunities — quantifiable losses of professional opportunities attributable to the retaliation.
Attorney’s fees and expert witness costs
Section 1514A(c)(2)(C) explicitly includes “litigation costs, expert witness fees, and reasonable attorney fees” within the special-damages category. The fee-shifting framework makes SOX § 806 litigation economically viable for employees whose underlying damages might otherwise be insufficient to justify counsel investment.
What is not available — punitive damages
Punitive damages are not available under SOX § 806. This is a distinguishing feature from STAA, FRSA, SPA, and other AIR21-family statutes that include statutory punitive damages caps (typically $250,000). Federal courts have consistently held that the SOX § 806 damages framework does not authorize punitive damages — including Hanna v. WCI Communities, Inc., No. 04-80595-CIV (S.D. Fla. Dec. 2, 2004), and Murray v. TXU Corp., 2005 WL 1356444 (N.D. Tex. June 7, 2005). The absence of punitive damages is partially compensated by the broad interpretation of “special damages,” by the substantial back pay and front pay typically available in publicly-traded-company cases, and by the mandatory fee-shifting framework.
How SOX § 806 coordinates with other frameworks
SOX § 806 frequently operates alongside other federal frameworks. Counsel handling SOX § 806 matters routinely consider parallel claims under several related statutes.
Section 922(a) of Dodd-Frank created a separate SEC whistleblower bounty program providing monetary awards (10%–30% of monetary sanctions exceeding $1 million) to whistleblowers who provide original information leading to successful SEC enforcement actions — including FCPA enforcement actions, which have generated some of the largest SEC whistleblower awards in history. SOX § 806 provides anti-retaliation protection; the SEC program provides monetary award incentives.
The Dodd-Frank anti-retaliation provision under § 21F(h) is a separate anti-retaliation framework that provides different remedies than SOX § 806. After Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), the Dodd-Frank anti-retaliation provision applies only to employees who reported to the SEC, not merely internally. SOX § 806 covers internal reporting; Dodd-Frank § 21F(h) covers SEC reporting and provides distinct remedies.
Where the underlying fraud involved false claims against the federal government (Medicare, Medicaid, defense contracts, federal grants, federal contracts), the federal False Claims Act qui tam framework may apply alongside SOX § 806. The FCA qui tam framework provides relator share recoveries (15%–30% of government recoveries) and anti-retaliation protection under 31 U.S.C. § 3730(h).
Where the publicly traded company is a federal contractor or subcontractor, the NDAA § 4712 federal contractor whistleblower protection at 41 U.S.C. § 4712 may apply alongside SOX § 806. NDAA § 4712 protects employees of federal contractors and subcontractors from retaliation for reporting violations of law, gross mismanagement, gross waste of federal funds, abuse of authority, or substantial danger to public health or safety.
For employees of broker-dealers, FINRA Rule 2010 (high standards of commercial honor and just and equitable principles of trade) and related FINRA rules may apply alongside SOX § 806. FINRA Form U5 termination disclosures, regulatory inquiries, and arbitration proceedings under the FINRA Code of Arbitration Procedure may create parallel proceedings.
State-law claims frequently accompany SOX § 806 matters. Common parallel claims include: tortious interference with contract or business relationships; breach of contract; intentional infliction of emotional distress; defamation; and state-law whistleblower protection statutes. Choice-of-law analysis is often critical because state tortious interference standards vary substantially across states.
For Texas-based SOX § 806 matters, the Texas common-law Sabine Pilot wrongful-discharge cause of action may apply where the employee was discharged for refusing to perform an illegal act. The Sabine Pilot framework provides an independent state-law cause of action with different procedural and substantive requirements than SOX § 806.
SOX § 806’s place in the federal whistleblower architecture
SOX § 806 is one member of the broader AIR21-family of federal whistleblower statutes. All share the contributing-factor / clear-and-convincing burden-shifting framework, OSHA administration, and federal court kick-out provisions.
| Statute | Subject Matter | Kick-Out | Punitive Damages | Distinctive Features |
|---|---|---|---|---|
| SOX § 806 (this page) | Securities/financial fraud at publicly traded companies | 180 days | None | 18 U.S.C. § 1514A · Arbitration unenforceable · Jury trial · Broad Lawson coverage |
| STAA | Commercial motor vehicle safety | 210 days | Up to $250,000 | 49 U.S.C. § 31105 · Dual refusal-to-operate structure · FMCSA coordination |
| FRSA | Railroad safety | 210 days | Up to $250,000 | 49 U.S.C. § 20109 · Non-arbitrable under § 20109(e) · FELA injury-reporting protection |
| SPA | Maritime safety | 210 days | Up to $250,000 | 46 U.S.C. § 2114 · Coast Guard reporting protected · Jones Act parallel framework |
| AIR21 | Aviation safety | 180 days | None (compensatory only) | 49 U.S.C. § 42121 · 90-day filing · Original framework template |
| FSMA | Food safety | 210 days | Available (no cap) | 21 U.S.C. § 399d · Food worker reporting · FDA coordination |
| NTSSA | Mass transit security | 210 days | Up to $250,000 | 6 U.S.C. § 1142 · Transit worker protection |
What SOX § 806 matters typically look like
A finance, accounting, or audit employee identifies financial reporting irregularities — improper revenue recognition, inadequate disclosure of contingent liabilities, related-party transaction concerns, asset valuation issues, or similar accounting irregularities. The employee reports the concerns internally to a supervisor, to internal audit, to the audit committee, or to general counsel. The employer subsequently terminates the employee on stated grounds unrelated to the reporting. The SOX § 806 claim arises under § 1514A(a)(1)(C) (internal reporting to person with supervisory authority) and § 1514A(a)(1)(E)–(F) (reasonable belief of SEC rule violation and federal law fraud against shareholders).
An employee submits a tip, complaint, or referral to the SEC concerning conduct the employee reasonably believes constitutes securities fraud or violation of SEC rules. The employer learns of the report and subjects the employee to retaliation. The SOX § 806 claim arises from § 1514A(a)(1)(A) (report to federal regulatory agency). The matter may also implicate Dodd-Frank § 21F(h) anti-retaliation and SEC whistleblower bounty awards under § 21F.
An employee identifies FCPA anti-bribery or accounting violations and reports them internally or to the SEC. The employer retaliates. The SOX § 806 claim arises under § 1514A(a)(1)(E) (SEC rule violations — FCPA accounting provisions are SEC rules) and § 1514A(a)(1)(F) (federal law relating to fraud against shareholders). The matter may also implicate Dodd-Frank § 21F SEC whistleblower bounty awards (FCPA enforcement actions produce some of the largest such awards) and DOJ FCPA enforcement consequences.
A public accounting firm employee identifies fraud or accounting irregularities at a publicly traded audit client. The audit firm employee reports the concerns to the engagement partner, to the firm’s quality control function, or to firm leadership. The audit firm subsequently retaliates against the employee. The SOX § 806 claim arises under Lawson v. FMR LLC‘s contractor-coverage doctrine — the audit firm is a contractor of the publicly traded audit client.
An investment adviser employee — at a firm advising publicly traded mutual funds or other publicly traded clients — identifies fraud, regulatory violations, or breaches of fiduciary duty in the firm’s operations. The employee reports internally to compliance, to firm leadership, or to the SEC. The investment adviser retaliates. The SOX § 806 claim arises under Lawson‘s contractor-coverage doctrine — the Lawson plaintiffs themselves were investment adviser employees.
A registered representative or other securities-industry employee identifies fraud or securities law violations at the broker-dealer or in customer accounts. The employee reports internally or to FINRA or the SEC. The broker-dealer retaliates through termination (often documented through FINRA Form U5 disclosures). The SOX § 806 claim arises alongside potential FINRA proceedings and Form U5 expungement matters.
An employee identifies suspected insider trading by officers or other employees, or identifies suspected Regulation FD violations. The employee reports to compliance, to outside counsel, or to the SEC. The employer retaliates. The SOX § 806 claim arises from § 1514A(a)(1)(E) (reasonable belief of SEC rule violation) and § 1514A(a)(1)(F) (reasonable belief of federal law fraud against shareholders).
A subordinate finance or accounting employee refuses to certify or sub-certify financial statements, internal controls assessments, or disclosures that the employee reasonably believes contain material misstatements or omissions. The refusal — itself a form of reporting under § 1514A — triggers retaliation.
The structural significance of SOX § 806
The integrity of public securities markets depends on whistleblower protection. Public securities markets function only when investors can rely on the accuracy and completeness of corporate financial reporting. Corporate financial reporting in turn depends on the willingness of finance, accounting, audit, compliance, and other employees to surface irregularities through internal and external reporting channels. Without SOX § 806’s anti-retaliation framework, these employees would be deterred from reporting by fear of career-ending retaliation — and the corporate financial reporting system would lose the critical insider-detection function that makes meaningful enforcement possible.
The Lawson coverage expansion captures the modern corporate-services ecosystem. The pre-Lawson SOX § 806 framework would have left the substantial population of corporate-services employees — investment advisers, accountants, lawyers, consultants, and similar contractors — outside the statute’s protection. Given that these employees often have the deepest visibility into client fraud, excluding them from coverage would have created a substantial gap. Lawson closed the gap.
The Dodd-Frank arbitration unenforceability provision is critical. Without the explicit arbitration-unenforceability provision in § 1514A(e), employers would routinely impose arbitration agreements that would route SOX § 806 claims to arbitration — typically before single arbitrators selected by the employer, without juries, without meaningful discovery, and without published precedent.
The contributing-factor standard under Murray is materially more plaintiff-favorable than but-for causation. The AIR21 contributing-factor framework is among the most plaintiff-favorable in federal employment law. Combined with Murray‘s clarification that no animus showing is required, the framework substantially advantages employee complainants compared to the typical but-for retaliation framework.
The FCPA enforcement framework depends on whistleblower coverage. FCPA enforcement is among the most active areas of SEC and DOJ enforcement, with substantial penalties typical of FCPA matters. Effective FCPA enforcement depends on the availability of whistleblowers willing to report foreign corruption — and the SOX § 806 anti-retaliation framework, combined with the Dodd-Frank § 21F SEC whistleblower bounty program, is the legal infrastructure that makes FCPA whistleblowing possible.
The internal-reporting protection ensures meaningful corporate compliance. By protecting internal reporting, SOX § 806 creates the legal infrastructure that makes corporate compliance programs meaningful. Without internal-reporting protection, employees would have no choice but to immediately escalate concerns externally — typically to the SEC, with substantial reputational consequences for the company.
How the firm approaches SOX § 806 matters
Doyle Dennis Avery LLP represents employees in SOX § 806 whistleblower matters across the full range of fact patterns — internal accounting fraud reports, SEC reports, FCPA reports, audit-firm employee reports, investment adviser employee reports, securities-industry registered representative reports, insider trading and Regulation FD reports, and disclosure refusal cases. The firm’s SOX § 806 practice draws on its broader federal whistleblower practice, including its FRSA practice anchored on Garza v. Union Pacific Railroad Company and its STAA practice anchored on Johnson v. Pilot Water Solutions — both operating under the same AIR21 burden-shifting framework that governs SOX § 806.
The firm’s SOX § 806 practice is selective by design — these matters are most successful where the protected activity is documented or otherwise provable, where the timing of the adverse action supports the contributing-factor inference, where the employer’s stated reasons for the adverse action are vulnerable under the clear-and-convincing standard, where the damages model is substantial (publicly-traded-company employee salaries are typically high, which produces meaningful back pay and front pay), where the employer’s conduct supports broad special-damages findings, and where the federal court venue is favorable. Two of the firm’s named partners are board certified by the Texas Board of Legal Specialization — Jeffrey Avery in Labor and Employment Law and Michael Patrick Doyle in Personal Injury Trial Law.
The firm’s SOX § 806 practice frequently coordinates with the firm’s broader federal whistleblower practice. The Supreme Court’s decision in Murray v. UBS Securities — decided in the SOX § 806 context — applies across the AIR21-family, meaning the firm’s SOX § 806 work directly informs its STAA, FRSA, SPA, and FSMA practice and vice versa. Where the matter meets the firm’s criteria, representation proceeds on a contingency basis with the firm advancing litigation costs.
The firm’s pending Surface Transportation Assistance Act matter on behalf of a commercial driver. The firm’s briefing applies the Supreme Court’s decision in Murray v. UBS Securities, LLC, 601 U.S. 23 (2024) — the SOX § 806–anchored contributing-factor decision — to the STAA context through the shared AIR21 burden-shifting framework. The cross-statute application of Murray illustrates the doctrinal connection between SOX § 806 and the broader AIR21-family of whistleblower statutes.
The firm’s pending Federal Rail Safety Act matter on behalf of locomotive engineer Juan Garza against Union Pacific Railroad Company. The OSHA Secretary’s Findings Order issued August 6, 2025, found reasonable cause to believe Union Pacific violated FRSA and awarded $184,869.60 in back pay, $10,428.41 in interest, $10,000 in compensatory damages, $150,000 in punitive damages, reasonable attorney’s fees, and $3,750 in expert witness fees. The FRSA framework operates under the same AIR21 contributing-factor / clear-and-convincing burden-shifting framework that governs SOX § 806.
The firm represents workers in federal whistleblower retaliation matters across the OSHA-administered statute family that shares SOX § 806’s AIR21 contributing-factor / clear-and-convincing burden-shifting framework — SOX § 806 (publicly traded companies), STAA (commercial motor vehicle), FRSA (railroad), SPA (maritime), AIR21 (aviation), NTSSA (transit), FSMA (food safety), CPSIA (consumer products), and other AIR21-framework statutes. The shared procedural architecture and the shared substantive standards under Murray v. UBS Securities, LLC, 601 U.S. 23 (2024), make the firm’s experience across the broader OSHA whistleblower-statute family directly applicable to SOX § 806 matters.
Whistleblower retaliation matter with a damages framework directly transferable to SOX § 806 litigation. The willful violation finding and the resulting damages structure illustrate the available range when the defendant’s conduct meets enhanced damages standards. The whistleblower framework, the causation analysis, and the damages structure all transfer directly to SOX § 806 special-damages analysis.
The firm’s verdict in a Texas workers’ compensation retaliation matter — affirmed by the Fourteenth Court of Appeals; petition for review denied by the Texas Supreme Court. While SOX § 806 does not provide punitive damages, the firm’s trial and appellate experience in obtaining and defending substantial damages findings transfers directly to SOX § 806 matters.
The firm’s employment practice routinely coordinates SOX § 806 claims with: the Dodd-Frank § 21F SEC whistleblower bounty program; Dodd-Frank § 21F(h) anti-retaliation; the federal False Claims Act qui tam framework; NDAA § 4712 federal contractor whistleblower; FINRA Code of Arbitration Procedure parallel proceedings; Form U5 expungement matters; state-law tortious interference claims; Sabine Pilot Texas wrongful-discharge claims; and other applicable federal and state frameworks.
What employees ask about SOX § 806 claims
What is Section 806 of the Sarbanes-Oxley Act?
Who is covered by SOX § 806?
What kinds of fraud trigger SOX § 806 protection?
Does SOX § 806 protect reports of FCPA violations?
What activities are protected under SOX § 806?
What is the contributing-factor standard under SOX § 806?
How long do I have to file a SOX § 806 complaint?
Can SOX § 806 claims be arbitrated?
What damages can I recover under SOX § 806?
How does SOX § 806 relate to the Dodd-Frank SEC whistleblower bounty program?
What is Lawson v. FMR LLC?
How does SOX § 806 differ from STAA, FRSA, and SPA?
SOX § 806 protects employees of publicly traded companies — and their contractors and subcontractors. 180-day filing deadline.
If you are an employee of a publicly traded company, a subsidiary or affiliate, a contractor or subcontractor (including investment advisers, accounting firms, law firms, consulting firms, and other corporate-services contractors per Lawson v. FMR LLC), or a nationally recognized statistical rating organization, and you have been disciplined, demoted, suspended, threatened, harassed, or otherwise subjected to adverse personnel action because you reported conduct you reasonably believed constituted mail fraud, wire fraud, bank fraud, securities fraud, FCPA anti-bribery or accounting violations, other SEC rule or regulation violations, or other federal law relating to fraud against shareholders — to a federal regulatory or law enforcement agency, to Congress, or internally to a supervisor or person with authority to investigate misconduct — you may have a claim under 18 U.S.C. § 1514A. SOX § 806’s contributing-factor causation standard under Murray v. UBS Securities, LLC does not require proof of retaliatory intent or animus, and the clear-and-convincing affirmative-defense burden places a steep evidentiary burden on the employer. Predispute arbitration agreements are unenforceable. SOX § 806 claims must be filed with OSHA within 180 days of the retaliation — the deadline is strictly enforced.
Speak with our team →