As we discussed in a post last month, the SEC has been closely scrutinizing whether companies may be using non-disclosure and confidentiality agreements that could discourage employees from acting as whistleblowers and communicating with the SEC about potential securities law violations. Yesterday the SEC announced its first enforcement action in this area, against public company KBR, Inc. In the SEC’s press release, SEC Director of Enforcement Andrew Ceresney commented that

“SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”

In its order instituting the proceeding against KBR, the SEC alleged that when KBR undertook internal investigations concerning employee complaints of potentially illegal or unethical conduct, KBR investigators would ask witnesses to sign agreements containing the following provision:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

The SEC found that this language undermined the purpose of the SEC’s whistleblower program and, in particular, SEC Rule 21F-17(a), which states that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement… with respect to such communications.”

Although the SEC acknowledged that it was unaware of any instances in which KBR actually sought to enforce its confidentiality agreements to prevent employees from communicating with the SEC, the SEC nevertheless brought an action against KBR. In settlement, KBR agreed to pay a civil penalty of $130,000 and to amend its confidentiality agreements to include the following language:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

Companies under the SEC’s jurisdiction should consider reviewing their employee non-disclosure and confidentiality agreements in light of the SEC’s action. At the same time, as we discussed in our previous post on this subject, companies also have a legitimate need to protect confidential and privileged information from indiscriminate disclosure, and they will need to consider how best to meet that need while complying with regulatory requirements.