The SEC filed a first-of-its-kind enforcement action against a company for the use of overly restrictive language in its form confidentiality agreements with employees. The offending provision, according to the SEC, had the potential to prevent would-be whistleblowers from coming forward and therefore violated Rule 21F-17, enacted under the Dodd-Frank Act of  2010. Companies are now on notice: the SEC will seek to prevent “pre- taliation” against potential whistleblowers through targeted enforcement of this rule. As a result, it is important that companies review and, if necessary, update their forms of confidentiality agreements and any other related agreements and communications that mention government entities.


KBR, Inc., a global technology and engineering firm based out of Houston, Texas, used form confidentiality agreements for years in connection with interviews and internal investigations conducted by the company. According to KBR, the practice began while the company was working to provide base logistics support to the U.S. military in Iraq. While there, the company hired investigators to interview witnesses and ask them to sign confidentiality agreements drafted with the objective of preserving the company’s privilege. After completing their operations in Iraq, the company continued to use some of the same form agreements when conducting internal investigations in the United States.

The agreements contained a provision that prevented employees from discussing particulars or the subject matter of their interview without prior approval from KBR’s legal department. The provision also stated that any unauthorized disclosure of information could result in disciplinary action including termination.


Rule 21F-17 prevents employers from impeding their employees from communicating directly with the SEC about possible securities law violations. The rule specifically prohibits “enforcing, or threatening to enforce, a confidentiality agreement.” Sean McKessy, the SEC Director of the Office of the Whistleblower, has dubbed this type of action “pre- taliation” and the SEC has made it clear that preventing companies from “pre-taliating” against their employees through the use of confidentiality agreements, separation agreements, and employee agreements is a top priority.


Although the confidentiality provisions were used in the company’s form agreements for years, the SEC had no evidence that KBR had ever taken any action to enforce them. Regardless, according to the SEC, the presence of the language alone undermined the stated purpose of Rule 21F-17, which is to encourage individuals to report to the SEC.

KBR settled without admitting or denying the allegations. Under the settlement, in addition to paying a $130,000 fine, KBR also agreed to amend its form confidentiality agreements with language to make it explicitly clear that employees are free to speak to the SEC and other government agencies about possible violations of the law without KBR’s permission. KBR also agreed to contact their employees in the United States who signed the confidentiality statement from August 21, 2011 to the present and provide them with a statement that they are not required to seek KBR’s permission before communicating with any governmental agency.


The SEC’s enforcement action against KBR displayed the breadth of Rule 21F-17. The mere existence of potentially chilling language is sufficient to warrant a violation and a fine. If the SEC follows its general practice after first-of-a-kind enforcement actions, the penalties associated with a Rule 21F-17 violation are likely to increase. Furthermore, with the SEC actively seeking out violations of the rule, companies need to be especially diligent and take swift, appropriate steps to bring their agreements into compliance.

Conduct a Broad Review of Existing Documents. In a press release announcing the action against KBR, the SEC warned that other companies should take steps to review their agreements for provisions that could prevent their employees from reporting potential violations to the SEC in both “word and effect.” Companies should heed this warning and undertake a broad review of any existing documents that might be affected by Rule 21F-17. This list could include company manuals, separation agreements, confidentiality agreements, internal investigation forms, employment agreements and agreements with third party consultants. The review should focus on identifying overly broad language that has any potential to confuse employees or discourage them from speaking with federal regulators. Additionally, any provisions that threaten disciplinary action if employees disclose information without the company’s approval should also be flagged. Companies would also be well served by compiling an inventory of any documents that contained questionable provisions and the employees that signed them.

Amend Non-Compliant Confidentiality Provisions in Existing Documents. Once non-compliant provisions have been identified, a company should then take steps to amend them. A helpful starting point for this process is the following language in KBR’s amendment to its confidentiality statements, which the SEC implicitly endorsed as a safe harbor:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures, and I am not required to notify the company that I have made such reports or disclosures.

However, while this language can serve as an initial template, any amendments or larger changes to a company’s agreements should be carefully drafted with attention to balancing full compliance with Rule 21F-17 with the company’s preservation of attorney- client privilege, trade secrets and other confidentiality concerns such as those related to analysts, competitors, media and other non- governmental parties. In addition, besides the SEC, other government agencies, including the National Labor Relations Board, have been focused on restraints on employee communications and their regulations must be taken into consideration as well.

Communicate with Employees Who Have Already Signed Agreements. After amending form documents for future use, companies should consider contacting current and accessible former employees who already signed any non-compliant agreement. Similar to KBR’s agreed-to undertaking, any communication should include a statement that makes it very clear that the employee is not prohibited from reporting possible violations of federal law to federal agencies and prior authorization from the company is not required to do so.

Consider a Review of Internal Whistleblower Policies. The broader goal of the SEC’s increased enforcement of Rule 21F-17 is to protect whistleblowers. Any steps a company can take to refine their whistleblower policies and encourage participation in an internal reporting process will help the company both identify and address potential misconduct early and comply with Rule 21F-17.