Keeping its promise announced last year, the Securities and Exchange Commission on April 1, 2015, released a cease-and-desist order ("Order") declaring illegal a publicly traded company's use of a confidentiality agreement that prohibited employees during an internal investigation from discussing—whether inside or outside the company without legal approval—the substance of their interviews involving potentially illegal or unethical conduct by the company or its employees. The SEC also levied a $130,000.00 civil penalty against the company.

The SEC Office of the Whistleblower ("OWB") prosecutes claims against companies that violate the prohibitions against whistleblower retaliation. Going back to March 2014, the OWB has made clear its interest in assuring that employers not attempt to constrain employees and other protected individuals from reporting alleged unlawful activities.  Indeed, this interest is quite similar to the Equal Employment Opportunity Commission's declared interest in assuring, through various enforcement actions, that employees not waive their rights to file charges of discrimination with that agency.

The SEC's new Order illustrates the significant compliance risks posed by fairly commonplace confidentiality restrictions on disclosing internal matters.  The SEC could construe such restrictions as prohibiting employees from informing enforcement agencies about alleged unethical or unlawful conduct. 

Rule 21F-17(a) of the Exchange Act provides: "[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement…with respect to such communications." 

As the SEC stated in the Order, prior to the promulgation of Rule 21F-17 and continuing into the time that Rule has been in effect, the company in question—KBR, Inc., headquartered in Houston—used a form confidentiality statement as part of its internal investigations into claims of potentially illegal or unethical conduct.  KBR investigators had witnesses sign the statement at the start of an interview.  The statement provided:

Due to the sensitive nature of this review, I understand that the information discussed during this interview is confidential. I further understand that the information that I provide will be protected and remain within the confines of this review and only authorized personnel will have access to the information contained in this report. 

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the specific advance authorization of [the Company's] General Counsel.

I acknowledge and agree that I understand the unauthorized disclosure of this information could cause irreparable harm to the review and reflect adversely on [Company] as a company and/or [Company] performance in the Middle East Region and therefore, I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

The SEC conceded that it was "unaware of any instances in which (i) a KBR employee was in fact prevented from communicating directly with Commission Staff about potential securities law violations, or (ii) KBR took action to enforce the form confidentiality agreement or otherwise prevent such communications." 

Nevertheless, the SEC concluded that "the language found in the form confidentiality statement impedes such communications by prohibiting employees from discussing the substance of their interview without clearance from KBR's law department under penalty of disciplinary action including termination of employment." 

Thus, concluded the SEC, "this language undermines the purpose of Section 21F Rule 21F-17(a), which is to encourage individuals to report to the Commission."  (Internal quotes omitted.)

In pursuit of this goal of identifying confidentiality policies, statements and agreements of this nature, the SEC has been seeking, from a large number of companies via formal investigation notices and document requests, every confidentiality agreement, nondisclosure agreement, settlement agreement, and severance agreement the companies entered into with employees since the Dodd–Frank Wall Street Reform and Consumer Protection Act went into effect in 2010. 

The SEC is also seeking documents related to corporate training on confidentiality, as well as all documents that refer or relate to whistleblowing such as codes of conduct and reporting policies, and lists of terminated employees. The SEC wants to point to these documents as evidence of retaliation.  In the SEC's view, these types of confidentiality and non-disclosure agreements and clauses can represent a form of systemic retaliation if they are overly broad and serve to silence would-be whistleblowers.

The compliance risk for employers created by this enforcement is that the OWB is not only going after agreements that would affirmatively prohibit these kinds of complaints. Rather, in the view of OWB, these type of agreements and clauses need to explicitly reaffirm the employees' rights to bring SEC-related complaints and disclose related information to the SEC—and to be able to do so unimpeded— in order for such agreements and clauses to pass muster.

There are at least four key areas where these issues arise:  in release agreements, which may be part of settlements of active or threatened litigation, or part of more generic severance agreements; in stand-alone confidentiality or non-disclosure agreements, which are commonly issued to employees at the commencement of their employment; in internal policies regarding complaints of unethical or unlawful practices; and in investigation protocols regarding discussions of confidentiality and the attorney-client privilege.  These agreements, policies, and protocols, then, need to be closely examined and revised appropriately to ensure that employees are under no misunderstanding that the company does not bar them from filing claims with, or disclosing pertinent information to, enforcement agencies against the employer.

The SEC's approach runs parallel to the EEOC's current approach. The EEOC has proactively attacked settlement agreements entered into between employers and employees or former employees. The EEOC has asserted in these cases that it can unilaterally challenge such agreements even without a charging party, needing only "reasonable cause" for proceeding with its challenge.

Recommendations for Employers

The following recommendations are first steps all employers should consider.

Employers are advised to review separation agreements and confidentiality agreements and clauses with an eye toward strengthening provisions preserving the employee's right to file administrative charges or lawsuits, as well as the rights to disclose certain information. The rights should apply to any government agency charged with enforcement of any law, not just employment laws.

Internal codes of conduct, policies, confidentiality statements, and certification procedures must not create an unequivocal requirement for employees to bring legal or ethical concerns to the attention of the employer prior to, or instead of, the attention of an enforcement agency.  The documents should affirmatively remind employees that they have the right to file claims and disclose information regarding the employer's business practices, not only with the SEC or OWB, but with the EEOC, the Department of Labor, or any other applicable enforcement entity.    

Internal investigation protocols should be closely scrutinized and revised to permit the legitimate application of the attorney-client privilege and confidentiality for internal investigations while concurrently permitting and advising employees of their rights to communicate with enforcement agencies (including the SEC) and the company's commitment to prohibit retaliation because of such protected conduct.

Employee training modules should be examined for statements that could be read to dissuade employees from communicating with enforcement agencies, and managers should be trained to avoid making statements to employees that impinge on those rights.