On April 1, 2015, the Securities and Exchange Commission (“SEC”) announced its first enforcement action against a company for using language in a confidentiality agreement that could prevent or deter whistleblowing activity.[1] Rule 21F-17 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.” [2] To date, the SEC has not issued formal guidance as to how to avoid violating Rule 21F-17.

In the fall of 2014, the SEC announced its intention to bring enforcement actions against companies that use restrictive language in agreements and policies that could discourage whistleblowing. Sean McKessy, chief of the SEC’s Office of the Whistleblower, said that the SEC was “on the lookout for contracts [and] codes of conduct” that include language that could prevent or dissuade an employee from reporting securities law violations to the SEC.[3] Thereafter, according to a Wall Street Journal article, the SEC sent letters to a number of companies asking for every “nondisclosure agreement, confidentiality agreement, severance agreement and settlement agreement they entered into with employees since Dodd-Frank went into effect, as well as documents related to corporate training on confidentiality.”[4]

As reflected in the April 1 cease-and-desist order, which was accompanied by a press release,[5] the SEC charged KBR Inc., a global technology and engineering company, with violating Rule 21F-17 by requiring employees to sign a confidentiality agreement before the start of an investigatory interview. The agreement prohibited employees from discussing any particulars of their interviews or the subject matter of the interviews with anyone without the prior authorization of KBR’s legal department. It also threatened that any unauthorized disclosure “may be grounds for disciplinary action up to and including termination of employment.”[6] In its press release, the SEC said that by requiring its employees to sign confidentiality agreements that require pre-notification before contacting the SEC, KBR “potentially discouraged employees from reporting securities violations.” While the SEC acknowledged that it was unaware of any instances in which KBR enforced the agreement or a signatory was prevented from communicating with the SEC, the agreement undermined the purpose of Rule 21F-17 — to “encourage individuals to report to the Commission.” In the press release, Andrew J. Ceresney, director of the SEC’s Division of Enforcement, warned: “We will vigorously enforce this provision.”

As part of its settlement with the SEC, KBR agreed to pay a $130,000 fine and, as a remedial measure, agreed to amend the confidentiality agreement to add the following carve-out:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.[7]

In the press release, McKessy advised that “[o]ther employers should similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.”

In light of the SEC’s actions, companies should review employment, separation and settlement agreements, as well employment and compliance polices and codes of conduct. Common provisions in these agreements and policies — such as provisions designed to prevent unauthorized use and disclosure of confidential, proprietary or trade secret information and separation or settlement terms, non-disparagement provisions, releases, covenants not to sue, cooperation provisions, and internal notification and reporting requirements — may be interpreted to run afoul of Rule 21F-17, unless they are overridden by provisions permitting whistleblowing activity without notice to or authorization by the company.