On April 1, 2015, the Securities and Exchange Commission (“SEC”) announced an enforcement action against KBR, Inc. (“KBR”) as a result of provisions in the company’s confidentiality agreements that the SEC found to be improperly restrictive as to potential whistleblowers.1

This is the first enforcement action regarding confidentiality agreements and the whistleblower program, and it comes a year after Sean McKessy, Chief of the SEC’s Office of the Whistleblower, first expressed concern about the potential for such contracts to restrict or have a potential “chilling effect” on whistleblowers. 

The targeted agreements, used by KBR during internal investigations, required the signatory witness to provide notice to KBR and obtain pre-approval before discussing information from the investigation with third-parties. Violation of the confidentiality agreement could result in discipline, including termination of employment. 

The SEC found that these provisions violated SEC Rule 21F-17 by hampering the whistleblower program. Rule 21F-17, which was promulgated under the Dodd-Frank Act, provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation.” 17 C.F.R. § 240.21F-17. The SEC found that the notice and pre-approval requirements in KBR’s confidentiality agreements “potentially discouraged employees from reporting securities violations.”2

KBR settled the action, agreeing to pay a $130,000 penalty and amend the confidentiality agreements to ensure that there was neither any threat of termination or retribution nor any pre-approval requirement for individuals to go to the SEC regarding securities violations. 

In reaching the settlement, KBR did not admit any allegations in the enforcement action and it appears that KBR could have challenged the enforcement action under the circumstances. 

Specifically, in the order, the SEC did not allege that KBR actually inhibited any employee from communicating with the SEC or that KBR intended the provision to have such an effect. The language of SEC Rule 21F-17, however, appears to require at least an intent to impede communication to violate the Rule: “No person may take any action to impede an individual from communicating” with the SEC (emphasis added). The Rule does not say that “any action that impedes” violates the Rule, indicating that intent is required for a violation. Nevertheless, KBR chose to settle the SEC action rather than litigate this point. 

Mr. McKessy warned that “other employers should similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.”3 It also has been recently reported that the SEC has sought information from various public companies of agreements containing confidentiality provisions with employees.4 Given the SEC’s focus, companies that use confidentiality and non-disparagement provisions with employees (whether in company policies, codes of conduct, severance agreements, employment agreements, or otherwise) should consider how these provisions might be viewed by the SEC. Following the KBR settlement, companies should pay special attention to the following two issues:  

  • Does the confidentiality or non-disparagement provision require the potential whistleblower to provide notice to the company before communicating with the government? Although the provisions in KBR’s confidentiality agreement required individuals to provide the company notice and obtain approval before speaking to the government, the SEC’s position on a requirement for an employee only to give notice to the company is uncertain and potentially in flux. The SEC’s head of enforcement, Andrew Ceresney, discussed the potential chilling effect such pre-notification provisions might have on whistleblower reporting in announcing the KBR settlement.5
  • Does the confidentiality or non-disparagement provision restrict a potential whistleblower from reaching out to the government? Although confidentiality and non-disparagement provisions may include carve-outs when disclosure is required by law, these carve-outs tend to contemplate a third-party—which could be the government—reaching out to the individual. It may be ambiguous if these carve-outs do not specifically allow a whistleblower to reach out to the government. Although the KBR settlement does not directly address such provisions, the SEC may, in the future, raise questions about how such carve-outs should be reviewed under SEC Rule 21F-17.

Over the last year, the SEC’s Office of the Whistleblower has focused on what it perceives to be overly restrictive confidentiality agreements. This developing regulatory and enforcement trend warrants attention. 

It is also important to consider how confidentiality provisions will interact with attorney-client privilege during internal investigations. In a case involving KBR before it changed its name, In re Kellogg Brown & Root, Inc., the D.C. Circuit held that the attorney-client privilege protects internal investigation communications when the investigation is conducted for the purpose of obtaining legal advice and appropriately directed by counsel.6 However, the attorney-client privilege prevents only disclosure of communications, not the facts underlying the investigation. Therefore, the facts of a securities violation would not be protected from disclosure, but communications during an investigation of those facts would be protected. The SEC did not address information protected by the attorney-client privilege in the April 1 KBR order. However, Rule 21F-17 expressly carves out confidentiality provisions governing information that was learned only through communications subject to the protection of the attorney-client privilege.