The U.S. Securities and Exchange Commission (SEC)’s recent announcement of yet another whistleblower enforcement matter signals that it regards its whistleblower program as one of the Enforcement Division’s “crown jewels.” The SEC has announced multiple retaliation and whistleblower protection actions against entities that have allegedly impeded whistleblowers’ access to the SEC’s program, removed the benefits of participating in the program, or punished individuals for participating in the program. As we have noted before, these cases demonstrate that the SEC will not hesitate to punish perceived attempts to stifle potential whistleblowers.

The SEC’s Whistleblower Program

Enacted in July 2010, the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) added provisions designed to encourage and incentivize whistleblowers to report potential securities law violations to the SEC. Since then, the SEC has repeatedly emphasized the helpfulness and importance of whistleblower reports to its enforcement program. Numerous multi-million-dollar payouts to SEC whistleblowers have reinforced this message.

The Dodd-Frank Act, and rules adopted thereunder, also contain provisions designed to protect whistleblowers. Among others, Rule 21F-17 states in part that “(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.” Rule 21F-17 became effective in August 2011. Additionally, Rule 21F(h)(1) of the Dodd-Frank Act prohibits employers from taking retaliatory actions against whistleblowers who make protected reports.

Examples of SEC Enforcement On Whistleblower Access

The SEC has announced enforcement actions against companies that have allegedly attempted to prevent employees or former employees from participating in the SEC’s whistleblower program.

On December 19, 2016, for instance, the SEC announced a settled enforcement action against a technology company for its alleged use of severance agreements that contained broad non-disparagement clauses that forbid departing employees from engaging with the SEC in way that “disparages, denigrates, maligns or impugns” the company. The provision required former employees to forfeit virtually all of their severance pay for breaches. The company settled on a neither admit nor deny basis, and agreed to pay a $180,000 civil penalty, as well as other remedial efforts.

This continues a trend from prior cases. In April 2015, the SEC announced an enforcement action against a technology and energy company for alleged violations of Rule 21F-17. The SEC alleged that this company impermissibly required witnesses in certain internal investigations interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of the legal department. The SEC conceded that it was not aware of instances where the company actually sought to enforce the provisions. Nevertheless, the SEC found that the blanket prohibition – without an SEC whistleblowing carve-out – was sufficient to violate Rule 21F-17. The company settled the SEC’s charges on a neither admit nor deny basis and agreed to pay a $130,000 civil penalty.

And in June 2016, the SEC included Rule 21F-17 charges in a settlement with a large bank on other issues. The SEC alleged that the bank’s confidentiality agreements contained similar language to the statements at issue in the above energy and technology company case. As part of its settlement, the bank agreed to revise its agreements and policies and procedures, as well as to supplement its training programs.

Examples of SEC Enforcement On Whistleblower Benefits

The SEC also has announced enforcement actions against companies that have not outright prohibited contacting the SEC, but that have allegedly attempted to remove the benefits that potential whistleblowers might receive from participating in the SEC’s whistleblower program.

On January 17, 2017, for example, the SEC announced a settled enforcement action against a large asset management firm for its alleged improper use of separation agreements that required signing employees to waive their ability to obtain whistleblower awards. The provision, which was added in October 2011 and used until March 2016, were alleged to have been used with more than 1,000 employees, although the SEC’s order notes that it is unaware of instances where the firm actually enforced the provision. The firm settled the SEC’s claims, on a neither admit nor deny basis, and agreed to pay a $340,000 civil penalty and to implement a mandatory yearly training program designed to notify employees of their rights under the SEC’s whistleblower program. The firm also voluntarily revised its separation agreements.

Previously, within the span of one week in August 2016, the SEC announced two settled enforcement actions against companies for their alleged use of severance agreements that contained provisions that required signing employees to waive potential monetary recovery for whistleblowing. (Here and here, and see our prior alert for a detailed discussion of one of the cases.) Both companies settled on a neither admit nor deny basis. One company agreed to pay a $265,000 civil penalty and the other agreed to pay a $340,000 civil penalty.

Examples of SEC Enforcement On Whistleblower Retaliation

The SEC also has announced enforcement actions against companies that have allegedly retaliated against whistleblowers.

On December 20, 2016, for instance, the SEC announced a settled enforcement action against an oil and gas company for its alleged retaliation against an internal whistleblower. The SEC alleged that the employee raised concerns about a process used to calculate the publicly-reported reserves. The SEC claims that the company did not conduct an investigation into the issues and instead the person’s employment was terminated. The SEC also alleged that the company’s form separation agreement included a provision that impermissibly prevented employees from reporting confidential information to the SEC. The company settled, on a neither admit nor deny basis, and agreed to pay a $1.4 million civil penalty.

Similarly, on September 29, 2016, the SEC announced a settled enforcement action against a casino-gaming company for alleged retaliation against an internal whistleblower. In this case, the SEC’s first stand-alone retaliation action, the SEC’s alleged that the whistleblower was removed from key duties and then terminated after reporting potential issues. Notably, though, the company’s internal investigation into the reported concerns determined that that the reported financial statements contained no misstatements. The company settled, on a neither admit nor deny basis, and agreed to pay a $500,000 civil penalty.

Note that these civil penalties far exceed the civil penalties imposed in the above matters. The SEC appears to be sending the unsurprising signal that affirmative retaliatory conduct will be punished much more harshly than (unenforced) language in severance agreements.

Conclusion

The SEC shows no signs of slowing the pace of enforcement actions designed to protect its whistleblower program. As we have previously discussed, companies should promptly undertake a legal review and update of existing employee agreements in light of the SEC’s activities in this area. The adverse publicity, legal costs, and (admittedly, modest) civil penalties that an SEC enforcement action might cause can be avoided in many cases by this sort of preemptive review and update of existing agreements. And in the event that a potential whistleblower makes a report, companies are well advised to avoid any action that could be viewed as retaliation and only take appropriate responsive action, which may entail engaging outside legal counsel to investigate the reported concerns.