Companies subject to The Dodd-Frank Wall Street Reform and Consumer Protection Act, enacted on July 21, 2010, and the Securities Exchange Act of 1934, are on notice: the SEC is prosecuting violations of Section 21F-17 of the Exchange Act, which prevents companies, through the use of confidentiality agreements, from impeding the ability of whistleblowers to report potential securities violations to the SEC. On Wednesday, April 1, 2015, the SEC announced its first enforcement action against a company for using restrictive language in its confidentiality agreements which had, or could have, a chilling effect on protected whistleblower conduct. In In the Matter of KBR, Inc., Administrative Proceeding File No. 3-16466, the SEC commenced a cease and desist proceeding pursuant to Section 21C of the Exchange Act for the purpose of entering a Cease-And-Desist Order against KBR, Inc., a public company regulated by the SEC, whereby KBR agreed to undertake certain remedial action, including the amendment of its confidentiality agreements and payment of a civil penalty of $130,000.00 to the United States Treasury in accordance with Section 21F(g)(3) of the Exchange Act.

Through its investigation of KBR, the SEC learned that KBR, like many publicly traded companies, maintained a compliance program which monitored and responded to employee complaints about potential illegal or unethical conduct, including potential violations of federal securities laws. In its internal investigation process, KBR implemented a confidentiality agreement which KBR required its employee witnesses to sign upon being interviewed. In relevant part, the confidentiality agreement used by KBR prohibited the employee from “discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department.”

There was no evidence of any instance in which the confidentiality agreement used by KBR prevented an employee from reporting securities violations to the SEC. Similarly, the SEC instituted its action against KBR without evidence of any actual retaliatory conduct by the company. Still, the SEC determined that the confidentiality provision violated Rule 21F-17 because the confidentiality provision warned employees they could face disciplinary action if they discussed internal investigations with anyone without prior approval from the company’s legal department. This blanket language likely, or at least conceivably, discouraged employees from blowing the whistle on securities violations. The fact that the confidentiality agreements used by KBR were implemented prior to the enactment of the anti-retaliation provisions of Section 21F was of no legal moment. In fact, as part of its settlement, KBR agreed to modify its confidentiality agreement to include a carve-out specifically acknowledging an employee’s right to report securities violations or make other disclosures contemplated by the whistleblower protections of the Exchange Act.

Section 240.21F-2 of the Exchange Act defines a “whistleblower” as being anyone who provides the Commission with information relating to a possible violation of federal securities laws. 17 C.F.R. 240.21F-2. For the purposes of the anti-retaliation protections afforded by Section 21F(h)(1) of the Exchange Act, 15 U.S.C. 78u-6(h)(1)(A), a whistleblower is entitled to protection if he or she provides information to the SEC that the whistleblower reasonably believes relates to a possible violation of federal securities laws. Section 21F(h)(1) of the Exchange Act, in relevant part, provides:

“No employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower—

  1. In providing information to the Commission in accordance with this section;
  2. In initiating, testifying in, or assisting in any investigation or judicial or administrative action of the Commission based upon or related to such information; or
  3. In making disclosures that are required or protected under the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7201 et seq.)”

Notably, Rule 21F-17 provides: “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement…with respect to such communications.”

In its prosecution of KBR, the SEC sent a message: employers should revisit and amend existing confidentiality, non-disclosure or other employment agreements to ensure compliance with the recent changes to the Exchange Act. Blanket prohibitions in confidentiality agreements that could have a “chilling effect” on protected whistleblower conduct will not survive SEC scrutiny. Confidentiality agreements like those used by KBR, which imposed pre-notification requirements of its employees as a condition precedent to reporting potential securities violations to the SEC, will not pass muster. In a recent press release issued by the SEC, Andrew J. Ceresney, Director of the Division of Enforcement, cautioned employers: “SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”

The SEC’s commitment to enforcing the relatively new anti-retaliation provisions of the Exchange Act should come as no surprise. Over the last several years, employers have seen the strength and breadth of their confidentiality agreements eroded by the National Labor Relations Board (through its interpretation and enforcement of Section 7 of the National Labor Relations Act) and by the Equal Employment Opportunity Commission (through its interpretation and enforcement of Title VII and other anti-discrimination and anti-retaliation mandates). Though discouraging, the SEC’s further erosion of the protections shielded by employers through their confidentiality arrangements with employees should not lead to the wholesale abandonment of confidentiality agreements. Employers still have legitimate business interests to protect, and a properly drafted and narrowly tailored confidentiality agreement is an important and effective means to achieve that end. Furthermore, while boilerplate confidentiality provisions like that used by KBR may have been invalidated by the SEC, properly drafted confidentiality agreements under different and appropriate circumstances should stand to scrutiny.

What does all of this mean to employers? Compliance officers and HR professionals, particularly those associated with or employed by companies regulated by the SEC, should immediately review and, if necessary, revise their confidentiality agreements to comport with current law. Additionally, employers should review their employee handbooks, company policies and procedures, existing employment agreements and form separation agreements, and should consult with employment counsel to ensure compliance with all applicable federal and state laws, as well as any administrative interpretations of those laws, to avoid exposure to stiff fines and other sanctions like those imposed upon KBR.