On August 10, 2016, the U.S. Securities and Exchange Commission (SEC) announced an enforcement action against BlueLinx Holdings Inc., alleging that the company’s severance agreements impeded ex-employees from exercising their SEC whistleblower rights in violation of whistleblower protections. This case, coupled with prior similar cases, demonstrate that the SEC will not hesitate to punish perceived attempts to stifle potential whistleblowers. Companies should thus heed the important takeaways that follow the below discussion of these cases.

The SEC’s Whistleblower Program

Enacted in July 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) added provisions designed to encourage and incentivize whistleblowers to report potential securities law violations to the SEC. Since then, the SEC has repeatedly emphasized the helpfulness and importance of whistleblower reports to its enforcement program. Multiple large financial payouts to SEC whistleblowers have reinforced this message.

The Dodd-Frank Act, and rules adopted thereunder, also contain provisions designed to protect whistleblowers. Among others, Rule 21F-17 states in part that “(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.” Rule 21F-17 became effective in August 2011.

The BlueLinx Case

BlueLinx is a publicly-traded company based in Atlanta. Beginning in 2011, the company entered into severance agreements with certain departing employees. The agreements varied, but they each generally prohibited ex-employees from sharing confidential information. In June 2013 – almost two years after the SEC enacted Rule 21F-17 – BlueLinx modified its agreements to require advance notice to the company before an ex-employee was legally compelled to disclose confidential information, and waiver of any monetary recovery by the ex-employee.

The SEC’s August 10, 2016 order instituting cease-and-desist proceedings against BlueLinx alleges that the company violated Rule 21F-17 in two ways:

First, the SEC alleged that BlueLinx impermissibly “forced ex-employees to choose between identifying themselves to the company as whistleblowers, or potentially losing their severance pay and benefits.” Specifically, the SEC alleged that BlueLinx’s severance agreements prohibited ex-employees from disclosing confidential information unless compelled by law, court, or legal process. And if compelled by law, the severance agreements further required the ex-employee to give prior written notice to BlueLinx’s legal department “to permit the Company to seek an appropriate protective order or other similar protection prior to any such disclosure….” These provisions did not expressly exempt SEC whistleblower disclosures from the restrictions.

Second, the SEC alleged that BlueLinx impermissibly removed “the critically important financial incentives that are intended to encourage persons to communicate directly with the Commission staff about possible securities law violations.” Specifically, the SEC alleged that the severance agreements required ex-employees to waive “the right to any monetary recovery in connection with any such complaint or charge that Employee may file with an administrative agency.” The SEC found it insufficient that the agreements also expressly stated that nothing therein prevented ex-employees from filing a charge with the SEC – foregoing monetary recovery alone was a violation.

BlueLinx settled the SEC’s charges on a neither admit nor deny basis. The company agreed to pay a $265,000 civil penalty and to contact ex-employees who had previously signed severance agreements to tell them that the company does not prohibit disclosures to the SEC. Furthermore, the SEC required BlueLinx to add a new provision to its severance agreements:

Protected Rights. Employee understands that nothing contained in this Agreement limits Employee’s ability to file a charge or complaint with the Equal Employment Opportunity Commission, the National Labor Relations Board, the Occupational Safety and Health Administration, the Securities and Exchange Commission or any other federal, state or local governmental agency or commission ("Government Agencies"). Employee further understands that this Agreement does not limit Employee’s ability to communicate with any Government Agencies or otherwise participate in any investigation or proceeding that may be conducted by any Government Agency, including providing documents or other information, without notice to the Company. This Agreement does not limit Employee’s right to receive an award for information provided to any Government Agencies.

Prior Cases

The BlueLinx matter is not the SEC’s first enforcement case involving language in an employee agreement that allegedly violated whistleblower protections.

In April 2015, the SEC filed a cease-and-desist proceeding against KBR, Inc. for alleged violations of Rule 21F-17. The SEC alleged that KBR impermissibly required witnesses in certain internal investigations interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department. The SEC conceded that it was not aware of instances where KBR actually sought to enforce the provisions. Nevertheless, the SEC found that the blanket prohibition – without an SEC whistleblowing carve-out – was sufficient to violate Rule 21F-17. KBR settled the SEC’s charges on a neither admit nor deny basis and agreed to pay a $130,000 civil penalty.

In June 2016, the SEC included Rule 21F-17 charges in a settlement with Merrill Lynch on other issues. The SEC alleged that the bank’s confidentiality agreements contained similar language as the language at issue in the KBR case. As part of its settlement, Merrill Lynch agreed to revise its agreements and policies and procedures, as well as to supplement its training programs on the issue.

Takeaways

Time will tell the full impact of the BlueLinx, and prior, cases. There are, however, several immediate noteworthy takeaways:

  • The SEC views its whistleblower program as critical to its enforcement program, and it will aggressively punish what it views as attempts to hamper individuals’ ability or incentives to become SEC whistleblowers.
  • These cases involved relatively modest civil penalties. Yet the adverse publicity, and the defense costs and proactive undertakings, increase the negative toll of the actions. Moreover, the SEC may feel compelled to ratchet up the sanctions in the next enforcement case, if it feels that companies are not heeding the message from these matters.
  • The SEC did not allege that BlueLinx, KBR, or Merrill Lynch actually enforced the problematic provisions. Rather, the provisions’ mere existence constituted the violations.
  • The logic of these cases appears to apply to all manner of employer-employee contracts, including employment agreements, confidentiality provisions, agreements signed during an internal investigation, severance agreements, and settlement agreements. Employers thus should be thorough when scouring existing agreements for potential issues.
  • Although the companies involved in each of these cases are public companies (or subsidiaries of public companies), Rule 21F-17’s prohibitions are not so limited. Private companies thus should take note of the these cases as well.
  • The SEC need not limit its review of agreement language to investigations involving other potential securities law issues. In the BlueLinx and KBR cases, for example, the agreement language alone resulted in SEC enforcement action. Indeed, whistleblowers could tip the SEC about problematic language in agreements. Once an issue does arise, it may be too late to identify and remediate potentially problematic contract language. Companies thus should be proactive in scrutinizing and revising their agreements.

In sum, companies should promptly undertake a legal review and update of existing employee agreements in light of these takeaways.