As the SEC increasingly relies on its Whistleblower Program to encourage people to come forward with information leading to securities enforcement actions, it is taking meaningful steps to protect that valuable resource. Just a few months after the SEC brought its first whistleblower retaliation case against an employer in June 2014, the chief of the SEC’s Office of the Whistleblower revealed that he was actively looking to bring a case against an employer not merely for after-the-fact retaliation but for entering into confidentiality agreements that prospectively impede would-be whistleblowers from contacting the SEC. On April 1, 2015, the SEC brought such a case—the first of its kind— against a company that required employees that had participated in internal investigative interviews to sign restrictive confidentiality agreements. Without admitting or denying the allegations, the company settled with the SEC for $130,000 and agreed to take remedial action regarding its restrictive agreements.

SEC Rule 21F-17

Under SEC Rule 21F-17, adopted in 2011 under Dodd-Frank, employers are prohibited from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.” For additional background on the Whistleblower Program and its anti-retaliation provisions, see SEC Issues Largest Whistleblower Award to Date and SEC Issues First Award Under New Whistleblower Program.

The KBR Enforcement Action

On April 1, 2015, the SEC announced a settlement with technology and engineering firm KBR, Inc. (“KBR”) regarding KBR’s alleged violation of Rule 21F-17. KBR regularly investigated employee complaints of misconduct, including allegations regarding potential violations of federal securities laws. At the outset of interviews conducted in connection with those investigations, KBR required interviewees to sign a form confidentiality statement preventing them from discussing the subject of the interview “without prior authorization of the Law Department.” Employees were told that unauthorized disclosure could result in disciplinary action “up to and including termination of employment.”

In settling the charges, KBR agreed to remedial actions. First, it agreed to amend its confidentiality agreement to include language stating, “[n]othing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity . . . I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.” KBR further agreed to make efforts to contact employees who signed the agreement between the effective date of Rule 21F-17 (August 21, 2011) through present. KBR additionally paid a civil monetary penalty of $130,000.

Importantly, the SEC’s order stated that it was unaware of any instances where a KBR employee was actually impeded from communicating with the SEC or where KBR took action to enforce the confidentiality agreement. It found only that the plain language of the confidentiality agreement undermined the purpose of Rule 21F-17. Andrew Ceresny, Director of the SEC’s Division of Enforcement, said of the action, “SEC rules prohibit employers from taking measures through . . . agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce that provision.”

Key Takeaways

The KBR action makes good on the SEC’s repeated warnings that it will take action against employers that impede or retaliate against potential whistleblowers. Accordingly, companies should consider whether broad confidentiality provisions could be construed as discouraging employees from reporting misconduct to regulators or law enforcement agencies (by, for example, requiring the employee to report misconduct first to the employer or to seek permission before reporting to a regulator), although that context differs from that at issue in KBR. In the event companies have concerns about these types of agreements, the addition of the remedial language noted above appears to satisfy the SEC.

It remains to be seen whether the SEC will ever take the additional step of addressing common Upjohn warnings. As a measure of caution, company counsel conducting internal investigations should be careful to deliver precise Upjohn warnings to witnesses. As is often required, counsel should still inform witnesses in appropriate circumstances that counsel represents the company, not the witness, and that the conversation with counsel is covered by the company’s attorney- client privilege, which the company, alone, has the power to waive. However, counsel should not imply that the witness is prohibited from disclosing his or her personal knowledge about the underlying facts and circumstances—as opposed to the specifics of the interview itself or information learned solely through that privileged communication—to regulators or law enforcement officials.