Approximately a year ago, Debevoise & Plimpton LLP issued a client update regarding statements made by the Chief of the SEC’s Office of the Whistleblower, Sean McKessy, in which he warned companies and their counsel against drafting contracts that attempt to dissuade would-be whistleblowers from reporting company wrongdoing to the SEC.1 Mr. McKessy specifically noted that his office was “actively looking for examples of confidentiality agreements, separation agreements, [and] employee agreements” that condition certain benefits on not reporting activities to regulators, including the SEC. Last week, the SEC held true to its word and announced a first-of-its-kind enforcement action against Houston-based technology and engineering firm, KBR, Inc., in which KBR agreed to settle allegations that certain of its confidentiality agreements could be read to impede employees from reporting wrongdoing to the SEC.2 While neither admitting nor denying the findings, KBR agreed to pay a $130,000 penalty and to amend its confidentiality agreement language.

When implementing the whistleblower provisions of Dodd-Frank, the SEC broadly interpreted the anti-retaliation protections of the Act when issuing Exchange Act Rule 21F-17, which—among other protections—prohibits “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.”3 The KBR action is the first time the SEC has sought to enforce that provision.

The SEC order alleges that KBR regularly conducts internal investigations of potential wrongdoing at the company, and as part of these investigations, typically interviews KBR employees. At the start of the interviews, internal investigators ask the employees to sign confidentiality statements regarding the interview and the information provided. Specifically, the SEC alleges, KBR witnesses had to agree to the following contractual provision:

I understand that . . . I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that unauthorized disclosure . . . may be grounds for disciplinary action up to and including termination of employment.4

According to the SEC, such language could discourage a witness-employee from bringing wrongdoing to the attention of the SEC without approval from KBR’s law department. Even though the SEC acknowledged that it knew of no instances when a KBR employee was, in fact, prevented from communicating with the SEC, or when KBR sought to enforce the confidentiality agreement or prevent such communications, the SEC found the potential for such interference sufficient to bring the action.

In light of the KBR action, public companies and regulated entities should avoid broad confidentiality language in contracts with employees that do not contain an express carve out for reporting to governmental entities.5 Specifically, Mr. McKessy advises employers to “review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.”6 This includes not only confidentiality agreements or statements like the one KBR used for internal investigations, but also employment agreements, Codes of Conduct, and – perhaps most significantly – separation agreements or settlements with departing employees, including those who have threatened or filed employment-related litigation.

While employers should follow this advice, they do not need to be concerned that all agreements to maintain confidentiality with employees may run afoul of SEC rules. In particular, provisions which seek to maintain confidentiality for the purpose of preserving the attorney-client privilege are permitted specifically by the SEC’s rules.7 For example, if during an internal investigation, an attorney conducts an interview of a company employee, the company may request that the employee treat confidential information discussed at the meeting to preserve the attorney-client privilege. While not explicitly required under the plain language of the SEC’s whistleblower rules, companies should consider whether to expressly inform the employee that reporting to the government any independent knowledge of wrongdoing (known apart from the privileged conversation) is always permitted. Until this area of the law develops more fully, this precautionary step appears to be the safest course to ensure that that the SEC cannot allege any interference with would-be whistleblowers.

While the KBR action may be the first action brought under Rule 21F-17, it is unlikely to be the last. As widely reported in the media earlier this year, the SEC has sent inquiries to numerous companies requesting a wide range of nondisclosure, employment and other agreements, presumably to review whether these agreements contain overly broad provisions that may chill whistleblower reporting. We expect the SEC’s focus on whistleblower issues to continue and perhaps even intensify over the near term.