If you are a public company or an entity that is subject to the jurisdiction of the U.S. Securities Exchange Commission (SEC), then this warning now applies to you. On April 1, the SEC announced its first enforcement action against a company for using a confidentiality agreement that hindered the whistleblowing provision of the Dodd-Frank Act.1 KBR, Inc. (KBR) agreed to a consent order for a violation of the Whistleblower Protection Rule (Rule 21F-17). KBR improperly required employees who were witnesses in investigation interviews to sign confidentiality statements containing language that warned them of potential disciplinary action, including termination, if they disclosed the investigation to third parties without KBR's consent. KBR agreed to pay the SEC a $130,000 penalty and amend its confidentiality statement.

The Dodd-Frank Act added Section 21F, “Whistleblower Incentives and Protection,” to the Securities Exchange Act of 1934, amended. The SEC adopted Rule 21F-17, which provides the following relevant part:

(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities laws violation, including enforcing or threatening to enforce, a confidentiality agreement ... with respect to such communication.

KBR's procedure for investigating employee complaints and allegations regarding potential illegal or unethical conduct involving KBR provides for the undertaking of an internal investigation. Employees who are interviewed as part of the internal investigation are directed to sign a statement. The statement provides the following:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

Although KBR has not enforced the confidentiality statement, the SEC viewed the statement as an impediment to the whistleblower process, undermining Rule 21F-17(a). The SEC consent order required that KBR amend the statement as follows:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulations to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

The SEC enforcement program continues to be active in the whistleblower area. The KBR matter illustrates that companies must establish appropriate procedures for internal investigations and that all confidentiality agreements must be reviewed to ensure compliance with Rule 21F-17.