Cease-and-Desist Order Charges That Employer’s Confidentiality Requirement for Internal Investigations Contravened the Whistleblower Provision of the Securities Exchange Act of 1934 


On April 1, 2015, the Securities and Exchange Commission (the “SEC”) announced an enforcement action seeking to strike an employee confidentiality requirement, for allegedly “using improperly restrictive language in confidentiality agreements with the potential to stifle the whistleblowing process.”1 The SEC’s Office of the Whistleblower had previously publicized its interest in reviewing confidentiality agreements with this concern in mind. The action was brought against KBR, Inc., a technology and engineering company based in Houston, Texas, alleging violation of Rule 21F-17, the rule implementing the DoddFrank Act’s Whistleblower Provisions found in Section 21F of the Securities and Exchange Act of 1934 (the “Exchange Act”). As described in the Cease-and-Desist Order (the “Order”),2 the SEC charged that KBR’s form confidentiality statement, which it used in connection with its internal investigations, violated Rule 21F-17 because it prohibited “employees from discussing the substance of their interview without clearance from KBR’s law department under penalty of disciplinary action including termination of employment,” thereby undermining the purpose of Section 21F. The Order was issued even though it noted that the SEC was not aware of KBR having taken action to enforce its policy or of any KBR employee having been prevented from communicating with SEC staff. (Order at 3.) KBR agreed to pay a fine of $130,000 and took the remedial step of amending its confidentiality statement to include language affirmatively stating that employees are not prohibited from reporting possible violations of federal law or regulation to the Department of Justice, SEC, Congress or any agency Inspector General, or from making any “disclosures that are protected under the whistleblower provisions of federal law or regulation.”


The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) amended the Exchange Act by adding a new Section 21F, “Whistleblower Incentives and Protection” (the “Whistleblower Provision”). See 15 U.S.C. § 78u-6. Section 21F provides a mandatory reward for individuals who provide original, independently derived information to the SEC relating to a violation of securities laws that leads to a successful enforcement action with monetary sanctions exceeding $1,000,000. The Whistleblower Provision also provides that “no employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment” for providing information to the SEC or making any disclosure required or protected under the securities laws. Id. at § 78u-6(h). 

The SEC’s Rule 21F-17, which became effective on August 12, 2011, provides: “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.” 17 C.F.R. § 240.21F-17(a). In the public release that accompanied the rule’s promulgation, the SEC stated that the rule was intended to fulfill the “congressional purpose” underlying the Whistleblower Provision, in particular, “to encourage whistleblowers to report possible violations of the securities laws by providing financial incentives and prohibiting employment-based retaliation.” SEC Release No. 34-64545, at p. 198 (Aug. 12, 2011). In recent months, the SEC has initiated investigations of a number of employers, seeking copies of confidentiality agreements, either entered into with current employees or as part of severance agreements, apparently in an initiative to determine whether such agreements go beyond what the SEC considers acceptable.


As part of its internal investigations of employee allegations and complaints, KBR used a form confidentiality agreement in connection with interviews, designed for the employee to sign at the start of the employee’s interview. The agreement states that the employee will not disclose “any particulars regarding [the] interview and the subject matter discussed during the interview” without prior authorization from the KBR legal department and describes that unauthorized disclosure may be grounds for disciplinary action up to and including termination of employment. (Order at 2.3 )

The SEC contended that KBR’s “form confidentiality statement impedes . . . communications [with the SEC] by prohibiting employees from discussing the substance of their interview without clearance from KBR’s law department under penalty of disciplinary action including termination of employment.” Because KBR’s investigations included allegations of possible securities violations, the SEC concluded that KBR’s confidentiality agreement “undermines the purpose of Section 21F,” “which is to encourage individuals to report to the Commission,” and thus violates SEC Rule 21F-17. (Id. at 3.)

The Order was issued despite the fact that it notes that the SEC is not aware of any instances where a KBR employee was prevented from communicating directly with the SEC about securities law violations, or any instances where KBR took action to enforce the form confidentiality agreement or otherwise prevent such communications. (Id.) 

KBR submitted an Offer of Settlement, which was accepted, and it consented to the Order. Specifically, KBR undertook to make reasonable efforts to contact KBR employees in the United States who had signed the confidentiality statement from August 21, 2011 to the present, and to provide those employees with a copy of the Order and a statement that KBR does not require the employee to seek permission before communicating with any government agency or entity regarding possible violations of federal law or regulation. KBR agreed to certify, in writing, its compliance with this undertaking. KBR also agreed to pay a civil monetary penalty of $130,000. In addition, KBR, as a “remedial step” amended its confidentiality agreement to include the following statement: 

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.


Employers may wish to review any requisite confidentiality provisions.

Although, as noted, the SEC was not aware of KBR’s policy having deterred any employee from communicating with the agency, it nonetheless found the language of confidentiality agreement itself enough to undermine the purpose of the Whistleblower Provision. KBR, as a “remedial measure,” revised its policy to state that employees are free to report violations to any government agency. Employers may wish to review required confidentiality provisions, including in connection with investigations, personnel actions and policy manuals, and to consider adding language underscoring that the confidentiality agreement is not meant to limit the employee’s right to provide truthful information to the SEC or other regulatory agencies concerning potential violations of law.

Employers should expect continued focus on workplace policies generally with respect to whistleblowers.

In a press release accompanying the Order, the Director of the Division of Enforcement expressed the agency’s intention to continue monitoring employer policies that may impact whistleblowing, without limitation to investigations.4 Employee separation agreements, which often include confidentiality undertakings, are another area that the SEC may investigate. And the SEC is not the only agency with interest in employers’ confidentiality requirements for workplace investigations. The National Labor Relations Board has also taken the position that, except for certain circumstances, employers should refrain from requiring employees interviewed in connection with an investigation to keep the information confidential.5