April 1, 2015 the SEC and KBR each issued press releases about a negotiated settlement wherein KBR paid a $130,000 fine based on an allegation that a KBR internal policy violated SEC Rule 21F-17 which prohibits actions that impede individuals from communicating with the SEC about a possible securities law violation. The policy in question precluded KBR current and former employees from communicating with others about KBR internal investigations without prior permission from the KBR law department. Although the SEC admitted it was not aware of any instances in which a KBR employee was prevented from communicating directly with the SEC it found that the confidentiality provision had the potential to impeded such communications because of the threat of discipline by KBR for a violation. The SEC order quotes the KBR provision and the KBR fix negotiated with the SEC.
The KBR confidentiality provision seems pretty standard as a direction to employees to treat internal investigations confidentially, and indeed seems necessary to secure attorney client or work product privilege protection for the interview and protect the integrity of the investigation process. The confidentiality provision arguably also prevents the disclosure of material non-public information to the public which might itself violate security laws.
The fix is relatively innocuous for most circumstances, simply adding language making it clear that the provision does not prevent communications reporting possible violations of federal law or disclosures that are protected by whistleblower provisions of federal law. Where appropriate it seems the clause should also reference state whistleblower laws.