On April 1, the Securities and Exchange Commission (“SEC”) brought its first enforcement action based on confidentiality agreements that the SEC alleged had the potential to “stifle the whistleblowing process.” Houston-based company KBR, Inc. (“KBR”), agreed to pay $130,000 as a civil penalty for including impermissible restrictions in confidentiality agreements signed by witnesses during internal investigations. According to the SEC, the restrictions imposed by KBR’s confidentiality statements violated Rule 21F-17 of the Securities Exchange Act of 1934, a whistleblower provision enacted pursuant to the Dodd-Frank Act in 2010 which prohibits acts that might impede an individual from communicating with the SEC about potential securities law violations. In light of the SEC’s action, companies should review their agreements containing confidentiality provisions, such as severance and non-disclosure agreements, and consider whether those agreements could be viewed as impeding a whistleblower from reporting misconduct.
Rule 21F-17 was adopted by the SEC to prohibit companies and their management from interfering with an employee’s right to contact the SEC and report misconduct involving possible securities law violations. In the April 1 action, the SEC reported that when KBR conducted internal investigations of potential illegal or unethical conduct by the company or its employees, KBR required employees and other witnesses to sign confidentiality agreements that prevented an individual from reporting misconduct to the SEC without obtaining the approval of the company’s legal department. KBR’s confidentiality form, used both before and after Rule 21F-17 went into effect in August 2011, stated as follows:
I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.
The SEC’s Order made clear that there was no allegation that KBR (1) actually prevented any communication between employees and the SEC about potential violations or (2) ever enforced the confidentiality agreements. KBR settled the SEC’s action without admitting or denying the SEC’s charges, agreed to cease and desist from causing any future violations of Rule 21F-17, and agreed to pay a penalty of $130,000. The SEC acknowledged the remedial action taken by KBR; the company modified its confidentiality agreement to specifically state that the agreement does not prevent reporting potential violations to governmental agencies or entities and that prior authorization of the company’s legal department is not required before reporting misconduct to any government agency, including the SEC. Further, KBR entered into an undertaking to make reasonable efforts to: (1) contact any KBR employees who had signed the statement from August 21, 2011 until the present; (2) provide those employees with a copy of the SEC Order; and (3) advise those employees that they would not need to seek permission before reporting any possible violations.
Andrew J. Ceresny, Director of the SEC’s Division of Enforcement, stated that the SEC intends to “vigorously enforce” SEC rules that “prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.” The $130,000 penalty imposed against KBR likely reflects that this was the SEC’s first action against a company under Rule 21F-17 for impeding whistleblowers. Future sanctions by the SEC likely will be more significant. Accordingly, employers are advised to review their policies and agreements, particularly confidentiality agreements and severance agreements, to make sure they do not impermissibly prevent disclosures to the SEC.