On April 1, 2015, the SEC announced its first enforcement action targeted at employer confidentiality agreements that it viewed as inhibiting potential whistleblowers from reporting securities law violations.


The Dodd-Frank Wall Street Reform and Consumer Protection Act (Pub. L. 111-203), enacted on July 21, 2010, amended the Securities Exchange Act of 1934 by adding Section 21F (Whistleblower Incentives and Protection) to encourage individuals to report possible violations of securities laws and to prohibit employer retaliation. In furtherance of the objectives of Section 21F, the Securities and Exchange Commission (the SEC) adopted Section 21F-17, effective August 12, 2011, which provides:

  1.  No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.

SEC enforcement action

On April 1, 2015, the SEC announced its first enforcement action targeted at employer confidentiality agreements that it viewed as inhibiting potential whistleblowers from reporting securities law violations, when it filed a cease-and-desist order against global technology and engineering firm KBR, Inc. (In re KBR, Inc., Exch. Act Release No. 74619 (April 1, 2015)).

Pursuant to its company compliance program, when KBR, Inc. (KBR) would receive allegations from an employee of potential violations of the federal securities laws (as well as other potential illegal or unethical conduct) by KBR or its employees, KBR would conduct an internal investigation of the allegations. As part of its internal investigation, company investigators typically would interview the employees who originally made the allegation and other company employees.

In its interview process, which had been in place since before Rule 21F-17 was even adopted, KBR investigators would have employees sign a confidentiality agreement, which included the following provision: 

 I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

Despite the fact that the SEC was not aware of any instances in which a KBR employee was prevented from communicating with the SEC about potential securities law violations, or in which KBR took action to enforce a confidentiality agreement or otherwise prevent such communications, the SEC claimed that the language in the confidentiality agreements would impede whistleblowing by prohibiting KBR employees from discussing the substance of their interview without clearance from the company’s law department under penalty of disciplinary action, which could include termination of employment.

In a settlement of the SEC’s claim, KBR agreed to pay a fine to the SEC of $130,000 and to include the following statement in its confidentiality statement going forward: 

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

KBR also agreed to make reasonable efforts to contact those KBR employees in the United States who signed a confidentiality agreement since August 21, 2011 to the present, and provide them with a copy of the SEC Order and a statement that the company does not require the employee to seek permission from the company’s general counsel before communicating with any governmental agency or entity including, but not limited to, the Department of Justice, the SEC, Congress, or any agency Inspector General, regarding possible violations of federal law or regulations.

Future SEC action

Following the SEC enforcement action against KBR, Sean McKessy of the SEC’s Office of the Whistleblower commented on the recent action against KBR in a webinar sponsored by the American Bar Association on April 22, 2015, entitled New Developments in Whistleblower Claims and the SEC, and stated that this enforcement initiative remains a priority to him and his office. He noted that the SEC is continuing to take affirmative steps to identify agreements that violate Rule 21F-17, including by soliciting agreements for the SEC to review and by reviewing executive agreements filed on Forms 8-K.


In light of the SEC’s recent enforcement action and statements by Mr. McKessy of the SEC’s Office of the Whistleblower that the SEC intends to pursue similar enforcement actions, companies are advised to undertake a review of the confidentiality provisions in their employment, separation and other agreements and policies, and of their standard practices when conducting internal investigations, to determine whether any modifications are needed to such agreements, policies and practices to ensure that they do not prevent individuals from reporting violations of securities laws. Any such review and modifications, however, should carefully balance the applicable legal compliance requirements with the business imperative of maintaining strong confidentiality restrictions for the protection of sensitive proprietary information.