A spate of recently settled enforcement actions by the Securities and Exchange Commission (SEC) serves as a reminder to companies of the SEC's focus on whether their agreements with employees improperly undermine the SEC's whistleblower program in ways that violate its Dodd-Frank whistleblower rules. These actions warrant careful consideration and may warrant amendments to company policies and employment documents.

First, a bit of history. The 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act amended the Securities and Exchange Act of 1934 (the Exchange Act) by adding Section 21F, "Whistleblower Incentives and Protection." The purpose of this amendment was to encourage whistleblowers to report possible securities law violations by providing confidentiality guarantees and financial and other incentives and protections. Congress explicitly noted the importance of providing financial incentives to promote whistleblowing to the SEC, as it determined that "a critical component of the Whistleblower Program is the minimum payout that any individual could look towards in determining whether to take the enormous risk of blowing the whistle in calling attention to fraud." To fulfill this purpose, in 2011, the SEC adopted Rule 21F-17, which provides that "[n]o person may take any action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications."

One area of SEC focus in 2015 was on "whether employers were using confidentiality, severance, and other kinds of agreements to interfere with an individual's ability to report potential wrongdoing to the SEC." (See the SEC's 2015 Annual Report on its Whistleblower Program, available here.) This is no surprise in light of reports in early 2015 that the SEC sent letters to numerous unnamed companies requesting every non-disclosure, confidentiality, severance and settlement agreement the companies had entered into with employees since the enactment of Dodd-Frank.

Following this sweep, in April 2015, the SEC announced its first enforcement action, which was against Houston-based KBR, Inc., for the company's use of confidentiality agreements with witnesses in internal investigations. The language at issue provided that employees could face disciplinary action, up to termination, for discussing the substance of their interviews with outside parties without the prior approval of KBR's legal department. KBR and the SEC settled the matter, with KBR paying a $130,000 civil money penalty, agreeing to amend its confidentiality statement and agreeing to contact employees who had signed the confidentiality statement. Chair White noted in a 2015 speech that the KBR case prompted considerable discussion and that a number of other concerns came to the SEC's attention as part of its focus in this area. In addition, the SEC's Office of the Whistleblower indicated in its Annual Report that assessing these agreements would continue to be a top priority in fiscal 2016.

More recently, on August 10, 2016, the SEC announced that it had settled a dispute with Atlanta-based BlueLinx Holdings Inc. regarding its use of severance agreements. The agreements in that matter, nearly all of which were drafted or revised after the enactment of Dodd-Frank, conditioned employees' receipt of post-employment consideration on their agreement not to share with any third party any confidential information concerning BlueLinx that they learned while employed by the company, unless compelled to do so by law or legal process. The agreements also required employees to provide written notice to, or obtain written consent from, the company before providing such information even if pursuant to legal process. The agreements did not exempt communications with the SEC or other regulatory or law enforcement agencies. An amended form of the agreements also provided that, while employees were free to file a charge or complaint with the Equal Employment Opportunity Commission, National Labor Relations Board, Occupational Safety and Health Administration, the SEC, or other administrative agency if applicable law requires the employee be permitted to do so, by signing the agreements and accepting severance benefits, employees waived the right to any monetary recovery in connection with any such complaint or charge.

The SEC determined that these provisions violate Rule 21F-17 by impeding the employees' ability to communicate directly with the SEC regarding possible securities law violations, by forcing employees to choose between identifying themselves as a whistleblower or potentially losing severance benefits, and by requiring employees to forgo monetary recovery in connection with their SEC whistleblower activities. According to the cease-anddesist order to which BlueLinx consented, the severance agreements at issue ran counter to the purpose of Dodd-Frank's whistleblower provisions, which is to encourage and facilitate the reporting of securities violations, and removed the critically important financial incentives intended to encourage such reporting.

In order to resolve the dispute, BlueLinx agreed to pay a $265,000 civil money penalty and to include the following provision in its severance agreements and other agreements with confidential information provisions going forward:

Protected Rights. Employee understands that nothing contained in this Agreement limits Employee's ability to file a charge or complaint with the Equal Employment Opportunity Commission, the National Labor Relations Board, the Occupational Safety and Health Administration, the Securities and Exchange Commission or any other federal, state or local governmental agency or commission ("Government Agencies"). Employee further understands that this Agreement does not limit Employee's ability to communicate with any Government Agencies or otherwise participate in any investigation or proceeding that may be conducted by any Government Agency, including providing documents or other information, without notice to the Company. This Agreement does not limit Employee's right to receive an award for information provided to any Government Agencies.

BlueLinx also agreed to contact former employees who had already signed severance agreements containing the offending language to inform them that they were not prohibited from communicating directly with the SEC, were not required to provide prior notice of such communications to the company and were not prohibited from receiving whistleblower awards from the SEC.

Less than a week after the SEC entered into the settlement with BlueLinx, it issued a similar cease-and-desist order, on a settled basis, with California-based Health Net, Inc. According to the SEC's order, from 2011-2015, Health Net used two forms of voluntary severance agreements that included waivers and releases of claims that violate Rule 21F-17.

Although the agreements made clear that the employees were not prohibited from participating in a federal or state government investigation, the first form included a waiver of any right to individual monetary recovery in any such proceeding or in any proceeding brought based on any communication by the employee to any federal, state or local government agency or department, and also included an express waiver by employees of "the right to file an application for award for original information submitted pursuant to Section 21F of the Securities Exchange Act of 1934." The second form removed the language prohibiting employees from applying for SEC whistleblower awards and retained a version of the waiver of rights to monetary recovery that indicated that "by signing this Release, Employee, to the maximum extent permitted by law...waives any right to any individual monetary recovery...in any proceeding brought based on any communication by Employee to any federal, state or local government agency or department."

Although the SEC order acknowledged that there were no known instances of employees being dissuaded from reporting suspected securities violations to the SEC or of Health Net enforcing the provisions in the agreement, the SEC nonetheless found that the company, by use of both forms, "directly targeted the SEC's whistleblower program" by requiring employees to forgo financial incentives associated with reporting securities law violations. To resolve the matter, Health Net agreed to pay a $340,000 civil money penalty to the SEC and to contact former employees who signed the agreements to provide them with a copy of the cease-and-desist order and to notify them that Health Net does not prohibit former employees from seeking and obtaining a whistleblower award from the SEC.

The SEC's probe, statements and KBR, BlueLinx and Health Net settlements show a continuing commitment by the SEC to crack down on provisions that chill whistleblower activity. The SEC staff has also stated an interest in pursuing lawyers who draft and implement agreements with such provisions. For these reasons, companies are strongly advised to review their confidentiality, non-disclosure, separation and settlement agreements and any confidentiality language in their employment agreements, codes of conduct, employment policies, forms and handbooks with outside counsel to assess whether they explicitly or implicitly preclude or restrict employees from reporting potential violations to the SEC or remove critically important financial incentives of the SEC's program. Companies should take steps to avoid potential violations, and updates to existing policies and agreements may be warranted. Companies should consider how their provisions compare to those at issue and agreed to in the SEC settlement orders, and should consider the inclusion of carve-outs that expressly protect the right of employees to communicate with the SEC about potential securities violations. In doing so, companies should consult with counsel to determine what language best suits their needs and to understand the various potential implications of language changes.