The Securities and Exchange Commission's (the "SEC" or "Commission") Office of Compliance Inspections and Examinations ("OCIE") issued a risk alert on October 24, 2016, announcing that it will be reviewing registrants' compliance with whistleblower provisions of the Dodd-Frank Act. The risk alert specifically addresses compliance with Rule 21F-17, which states, "[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement…with respect to such communications." Between April 2015 and September 2016, the OCIE issued various cease-and-desist orders against registered companies, investment advisors, and broker dealers asserting violations of Rule 21F-17. These recent enforcement actions identify language in confidentiality and severance agreements that "by itself, or under the circumstances in which the agreements were used, impeded employees and former employees from communicating with the Commission concerning possible securities law violations." For most of these actions, it was the existence of such language that violated Rule 21F-17 and not any alleged enforcement by employers that led to SEC charges.
In addition to reviewing confidentiality and severance agreements for violations, OCIE will be reviewing compliance manuals, codes of ethics, employment agreements, and other relevant agreements in search of provisions that "purport to limit the types of information that an employee may convey to the Commission or other authorities" or "require departing employees to waive their rights to any individual monetary recovery in connection with reporting information to the government."
Remedial actions taken in recent enforcement actions include revising provisions in agreements or inserting explicit text within agreements that state that employees are not prohibited from voluntarily communicating with the Commission or receiving monetary recovery or a whistleblower award and providing notice to employees and to former employees who signed agreements after August 12, 2011, to inform them that they are not prohibited from communicating with the Commission or seeking a whistleblower award.
Analysis of Recent Enforcement Actions
Each of the recent enforcement actions by the Commission identified language that restricts or prohibits disclosure of confidential information without expressly exempting disclosure to the Commission about possible securities law violations. The enforcement action against KBR Inc. in April 2015 identified language in a confidentiality statement that KBR requested interviewees to sign during internal investigations, which prohibited disclosure of information from the investigation without prior consent from KBR’s Law Department. The enforcement action against Merrill Lynch in June 2016 identified language in severance agreements that prohibited the disclosure of confidential information to any person with the exception of compelled disclosure in legal proceedings or unless the former employee received written approval from Merrill Lynch. The enforcement action against BlueLinx Holdings Inc. ("BlueLinx") in August 2016 pertained to provisions in severance agreements that prohibited voluntary disclosure of confidential information to any third party and that required prior written notice or written consent if disclosure was compelled by law. The Commission concluded that these provisions violated Rule 21F-17 because they threatened the receipt of severance benefits or other pay and/or otherwise discouraged communication with the Commission about possible securities violations. Interestingly, although Anheuser Busch InBev ("AB InBev") amended its separation agreements in 2015 to expressly permit communication with government agencies about possible violations of law, the Commission initiated proceedings against AB InBev regarding broad confidentiality language that was contained in a separation agreement that AB InBev entered into prior to such change and that the Commission asserted impeded an employee from communicating directly with the Commission staff regarding securities law violations. The AB InBev separation agreement required the employee "to keep in strict secrecy and confidence any and all unique, confidential and/or proprietary information and material belonging or relating to [the AB InBev subsidiary] that is not a matter of common knowledge or otherwise generally available to the public."
The Commission also took issue with various provisions that the Commission stated "directly targeted the SEC's whistleblower program by removing critically important financial incentives." Specifically, the Commission objected to a provision in BlueLinx's severance agreements that waived an employee's right to monetary recovery in connection with any complaint or charge filed at a government agency. The Commission also objected to Health Net Inc.'s use of a provision in severance agreements which prohibited departing employees from filing for or accepting a whistleblower award (although it expressly stated that nothing in the agreement would impede communication between the employee and government regulators).
Recommendations for Compliance
The Commission's risk alert identifies the following types of documents as open to review for violations of Rule 21F-17: compliance manuals, codes of ethics, employment agreements, and severance agreements. Employers should review their agreement templates and employment policies for language that might be objectionable to the Commission.
In addition to the Commission's guidance, other governmental agencies such as the Equal Employment Opportunity Commission6, the Occupational Safety and Health Administration, and the National Labor Relations Board8 have also indicated their intention to review employment and confidentiality agreements to protect employees' rights to file charges or complaints, participate in investigations, communicate with agency personnel with respect to violations of law and obtain whistleblower remedies. All employers should therefore review their employment-related agreements and policies to determine whether any changes should be made to address the concerns being increasingly raised by various governmental agencies and self-regulatory organizations.