On April 1, the SEC announced its first whistleblower protection enforcement action against a company involving the use of restrictive language in a confidentiality agreement. The SEC charged Houston-based technology and engineering firm KBR, Inc. with violating Rule 21F-17 under the Securities Exchange Act of 1934, which prohibits any person or company from taking any action to impede an individual from communicating directly with the SEC staff about a possible securities-law violation, including enforcing, or threatening to enforce, a confidentiality agreement with respect to such communications. Rule 21F, which became effective on August 12, 2011, was adopted by the SEC to implement the whistleblower provisions of Exchange Act Section 21F, which was added to the Exchange Act in 2010 by the Dodd-Frank Act.

Enforcement action

In connection with internal investigations conducted by KBR of allegations of potential illegal or unethical conduct by KBR or its employees, including allegations of potential violations of the federal securities laws, KBR investigators required employee witnesses interviewed as part of the investigation to sign a form of confidentiality statement at the start of the interview. The confidentiality statement contained the following provisions:

“I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”

The SEC found that KBR’s inclusion of these provisions in its form of confidentiality statement violated Rule 21F-17. The SEC acknowledged in its order settling the enforcement action that it was unaware of any instances in which a KBR employee was prevented from communicating directly with the SEC staff about potential securities-law violations, or in which KBR took action to enforce the form of confidentiality agreement or otherwise prevent such communications. Nevertheless, the SEC found that the confidentiality-statement provisions impeded those types of communications by prohibiting employees from discussing the substance of their interview with the SEC staff without clearance from KBR’s law department under penalty of disciplinary actions, including termination of employment. The SEC stated that the provisions undermined the purpose of Exchange Act Section 21F and Rule 21F-17, which is to encourage individuals to report to the SEC.

In settling cease-and-desist proceedings brought by the SEC, KBR agreed to pay a civil money penalty of $130,000 and to amend its confidentiality statement to include the following statement:

“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

The SEC stated in its press release announcing this enforcement action that “[b]y requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us,” and that “SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.” The SEC warned that it “will vigorously enforce this provision.” The SEC advised employers to “review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC.”


We recommend that employers review their forms of confidentiality, employment, severance and similar agreements, as well as codes of conduct and employee policies and handbooks, to ensure that those documents do not contain language that requires employees to obtain authorization from the employer before reporting to the SEC or other U.S. authorities. Employers also should consider adding language to their forms of agreements and codes, policies and handbooks that is similar to the language KBR agreed to add to its form of confidentiality statement.  Further, employers generally should be mindful of the whistleblower and anti-retaliation protections contained in Section 21F of the Exchange Act and Rule 21F-17 when communicating to employees about their confidentiality obligations or investigating or responding to allegations of illegal conduct.