In a post-script to the SEC’s April 1 cease and desist order penalizing KBR, Inc. for a confidentiality statement that failed to carve out protected federal whistleblower complaints (our alert on it here), SEC Office of the Whistleblower Chief Sean McKessy today made additional comments that suggest public companies as well as private companies that contract with public companies should immediately review their agreements for compliance.

In a webinar sponsored by the American Bar Association titled “New Developments in Whistleblower Claims and the SEC,” McKessy commented on the recent KBR Order. Here are the key takeaways:

SEC Rule 21F-17 is “Very Broad

McKessy stated that he views the SEC Rule 21F-17 as “very broad,” and “intentionally so.” The Rule provides in relevant part:

  1. No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.

McKessy said that he reads the Rule as stating that “no person shall take any action” to impede an individual from communicating directly with the SEC.

Agreement Review a Continued High Priority for the SEC

McKessy stated that this initiative remains a “priority” for him and his office. “To the extent that we have come across this language [restricting whistleblowers] in a Code of Conduct” or other agreements, the SEC has taken the position that it “falls within our jurisdiction and we have the ability to enforce it.”

He noted that “KBR is a concrete case to demonstrate what I have been saying,” referencing public remarks he has made in the past regarding SEC scrutiny of employment agreements. He stated that the agency is continuing to take affirmative steps to identify agreements that violate the Rule, including soliciting individuals to provide agreements for the SEC to review. Additionally, he reported that the SEC is reviewing executive severance agreements filed with Forms 8-K for any potential violations of the Rule.

The KBR Language is Not a “Safe Harbor”

When asked whether the language required as part of the KBR Order constituted a “safe harbor,” McKessy stated that he would “not go that far,” and that each agreement will be viewed in context. He described the language in the KBR Order as “certainly instructive” but “not restrictive” and not insulating a company from further scrutiny by the SEC. He also stated that it is “really not appropriate for me to bless any language,” and suggested that the same language could be acceptable in one context but not in another depending on the company’s approach to encouraging employees to come forward to report alleged securities fraud.

KBR Could Be Applied to Private Companies

McKessy was also asked whether the SEC would apply the KBR Order to private companies under the U.S. Supreme Court’s 2014 ruling in Lawson v. FMR LLC, 134 S.Ct. 1158 (2014), which expanded Sarbanes-Oxley’s whistleblower protections to employees of private companies who contract with public companies.

McKessy stated that the SEC has not officially taken a position on this issue, but in his personal opinion he can “certainly can see a logical thread behind the logic of the Lawson decision” to be “expanded into this space [private companies],” and that “anyone who has read the Lawson decision can extrapolate from it the broader application.”

SEC Not Bound By Agreements Precluding Production of Company Documents

McKessy was asked regarding the SEC’s position regarding the disclosure of company documents by whistleblowers in their complaints to the agency. He said that it will “surprise no one that companies have a 100% record” of preferring that company documents not be provided to the SEC. But, “[a]t the end of the day” he stated that any kind of agreement restricting an employee from providing company documents to the SEC is not enforceable against the SEC and companies should not “bank on the fact” that the SEC would “feel bound” by that agreement in any way.

McKessy took a more measured approach with regard to privileged company documents, however. McKessy stated that the SEC is “not interested in getting privileged information” and that the SEC discourages whistleblowers and their counsel from providing privileged information as part of their complaints. He noted that while there are “certain exceptions to privilege,” he would “hate to leave the impression that [the agency] is looking to create to create an army of lawyers who can ignore their confidentiality requirements because of the possibility of being paid under our [Dodd-Frank bounty] program.”

Next Steps for Companies

McKessy concluded his remarks on this issue by stating that “[t]his is the time for the company to take a look at standard, standing severance and confidentiality agreements.”

In short, it is clear that we can expect further SEC enforcement actions in this area. Public companies and private companies that contract with public companies should consult with counsel to review their employment agreements to be sure they will not be the next to be caught in the SEC’s crosshairs.