On April 1, 2015, the Securities and Exchange Commission (SEC) announced its first enforcement action against a company for using improperly restrictive language in employee confidentiality agreements, noting that such limits undermine the whistleblower provision added by the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).1

The Whistleblower Provision

Dodd-Frank amended the Securities Exchange Act of 1934, adding a new whistleblower provision, Section 21F, “Whistleblower Incentives and Protection.”  Pursuant to this new authority, the SEC promulgated a series of rules in 2011, including Rule 21F-17(a), which provides in relevant part that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”  

KBR’s Confidentiality Statement

A Houston-based global technology and engineering firm, KBR Inc., consented to the entry of an Order requiring it to cease-and-desist from violating Rule 21F-17.2  KRB’s practice was to conduct internal investigations whenever it received complaints of potential illegal or unethical conduct by KBR or its employees.  At the beginning of interviews conducted in connection with KBR’s internal investigations, KBR required that employee witnesses (including employees who lodged the original complaint) agree to a confidentiality agreement, which included the following provision: 

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

According to the Order, the company’s blanket limitation against witnesses discussing the substance of their interviews, which could include reporting specific securities law violations to the SEC, was as an impediment to a potential whistleblower that undermined the purpose of the whistleblower provision.  KBR agreed to pay civil money penalties, revise its confidentiality statement, and to provide all KBR employees who signed the confidentiality statement since Rule 21F came into effect with a copy of the Order and a statement regarding the exception.

Lessons From the SEC’s Recent Enforcement Action

Companies Should Review Agreements That “In Word Or Effect” Limit Reporting

Since the enactment of Dodd-Frank, some companies have sought to address whistleblowing by entering into a variety of agreements with employees, or by amending internal policies and procedures, that may limit the whistleblowing provision.  The SEC, in In re KBR, Inc., sends a clear message that companies must reconsider limitations that may silence potential whistleblowers.

Actual Instance Of Prevention From Reporting Not Required For Enforcement Action

Note that the SEC issued the Order despite acknowledging that it was unaware of any instances in which a KBR employee was in fact prevented from communicating directly with the SEC or in which KBR took any action to enforce the confidentiality agreement or otherwise prevent such communications.  

Properly Executed Confidentiality Provisions May Be Appropriate 

There may be legitimate reasons that companies might want to continue asking witnesses in internal investigations to keep the interview confidential.  Since the National Labor Relations Board’s (NLRB) 2012 decision in Banner Health System,3 which found that a blanket policy that required employees to maintain confidentiality during an internal investigation infringed the employees’ statutory right to discuss among themselves their terms and conditions of employment and otherwise engage in concerted protected activity, employers have been more careful about justifying requests for confidentiality on a case-by-case basis.  For example, confidentiality might be appropriate to protect witnesses from harassment or intimidation and to prevent evidence from being destroyed or witnesses from colluding or fabricating testimony if given advance notice.  For companies who wish to continue requesting confidentiality in internal investigations when justified, the SEC’s implicit acceptance of the company’s amendment to its confidentiality agreement to add an exception for contacting “any governmental agency or entity” to “report[] possible violations of federal law or regulation” is instructive.4

Companies Should Undertake A Broad Review Of Provisions That May Impact Whistleblowing 

Companies should be aware that the prohibition against silencing whistleblowers does not just apply to confidentiality agreements arising in the context of internal investigations.  The Director of the SEC’s Division of Enforcement warned that the SEC will vigorously enforce Rule 21F-17(a) when  employers take “measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.” (emphasis added).  Accordingly, any broad confidentiality provision that binds employees, including employment agreements and severance agreements, or any policies or procedures that may have the same effect, also should be amended to make it clear that the employee remains free to contact governmental agencies or entities to report possible violations of federal law. 

Companies Should Continue To Encourage Internal Reporting While Articulating Clearly That These Efforts Are Not Meant To Impede Employee’s Ability To Use The Whistleblower Program

In the new era of whistleblowing, companies must encourage internal reporting without fear of retaliation to identify potential problems within their organizations before they become serious regulatory violations that should be reported.  As companies implement new agreements, or review and amend existing agreements, care should be taken to ensure that employees understand a few key principals, including that (i) the company has a robust compliance program; (ii) that employees will be heard internally; and, (iii) that nothing in policies, procedures, or agreements prevents employees from making a protected disclosure under the whistleblower program.