The Securities and Exchange Commission (“SEC”) announced on April 1, 2015 that it was instituting enforcement proceedings relating to the whistleblower provisions of the 2010 Dodd–Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) based on an employer’s requiring its employees to enter into a confidentiality agreement that the SEC believes might discourage potential whistleblowers from reporting violations of securities laws. Importantly, there was no attempt by the employer to enforce the confidentiality provision. Rather, the SEC based its determination solely on the possibility that the provision could stymie the reporting of securities violations to the SEC.

The case involved Houston-based global technology and engineering firm, KBR, Inc. (“KBR”). The confidentiality agreement at issue prohibited KBR employees interviewed during company internal investigations of possible illegal or unethical conduct from “discussing any particulars” regarding the investigatory interview without prior authorization from KBR’s legal department. The confidentiality agreement further informed witnesses that they could be disciplined—and possibly terminated—for making unauthorized disclosures.

Rule 21F-17, promulgated by the SEC under the auspices of Dodd-Frank, prohibits any corporate action that would “impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement…with respect to such communications.” Although the SEC acknowledged that it was not aware of any instances in which a KBR employee was prevented from communicating with the SEC, nor was it aware of any instances where KBR actually enforced, or threatened to enforce these agreements, the Commission took the position that the agreement’s language undermined Rule 21F-17 because it could effectively foreclose employee contact with the SEC by threatening job loss absent clearance from KBR legal.

Regardless of the lack of any intentional wrongdoing or circumvention of applicable law, KBR has nonetheless agreed to pay $130,000 to settle the matter. The terms of the settlement require KBR to not only amend the terms of its confidentiality agreement to clarify that nothing in the agreement prohibits the reporting of possible violations of federal law or regulations to any governmental entity, but to also make reasonable efforts to track down and notify any KBR employee in the United States who signed the same form of agreement between 2011 and the present that KBR will not require the employee to seek permission before communicating with any governmental agency.

The import of the SEC’s action extends well beyond confidentiality agreements in the context of internal investigations. The Wall Street Journal reported in February of this year that the SEC issued document requests to a number of companies seeking copies of their severance agreements, codes of conduct, executive employment agreements and standard confidentiality agreements. The SEC’s investigating compliance with Rule 21F-17 is certainly a reason for its requests. Thus, there is little doubt the SEC will be asserting violations of Rule 21F-17 against other companies subject to Dodd-Frank that fail to have what the SEC views as the proper whistleblower carve-out in various forms of agreements. Indeed, in the Commission’s press release on the KBR matter, SEC Division of Enforcement Director Andrew Ceresney promised to “vigorously enforce” Rule 21F-17 moving forward.

Extraordinary in the SEC’s public comment, though, was a special warning issued to in-house counsel by Sean McKessy, Chief of the SEC's Office of the Whistleblower. McKessy indicated in a recent interview that in-house lawyers responsible for drafting language that violates Rule 21F-17 could be held personally liable, threatening, "If you are an in-house lawyer drafting language saying you can’t come to the SEC, it's not just the company that is in peril, you are too."

Employers subject to Dodd-Frank and their in-house counsel are therefore well advised to undertake a thorough review all agreements, policies, codes of conduct and employee communications to ensure Rule 21F-17 compliance. In light of the aggressive posture taken regarding the exposure of in-house counsel, review by outside counsel should be considered.