The Securities and Exchanges Commission has settled its first enforcement action against a company for “improperly restrictive language in confidentiality agreements”.

SEC Rule 21F-17 prohibits companies from taking any action – including enforcing, or threatening to enforce, a confidentiality agreement – that impedes an employee from reporting possible securities laws violations to the SEC.

When investigating allegations of misconduct including violations of securities laws, KBR required employee witnesses to sign a confidentiality statement at the beginning of their interviews. The statement warned that employees faced disciplinary action – “up to and including termination” – should they disclose the subject matter or any particulars of the interview to anyone without the authorization of the company’s legal department.

The SEC conceded that it had no evidence that any KBR employee was thereby prevented from reporting potential securities law violations, but nevertheless concluded that the language of the confidentiality statement did “impede” communications with the agency.

Without admitting or denying the charges, KBR agreed to pay a $130,000 USD penalty and to cease and desist any violations of Rule 21F-17. The company also amended its confidentiality statement to clarify that employees are not prohibited from “reporting possible violations of federal law or regulation to any governmental agency or entity.” Finally, KBR undertook to make “reasonable efforts” to contact employees who had signed the statement, to inform them that no prior approval is required to communicate with any government agency regarding potential violations of federal law or regulation.

The SEC’s aggressive posture on whistleblower protection suggests that more enforcement actions under Rule 21F-17 are likely. The chief of the SEC’s Office of the Whistleblower issued a press release advising that “other employers should similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.”

Actions for employers

Entities regulated by the SEC should review the confidentiality provisions of employment-related agreements and policies in light of this case. In the short term, the most obvious remedial measure is to insert into these documents the carve-out language adopted by KBR in its amended confidentiality statement.

See the SEC’s decision here and the press release here.