The SEC is looking at your employee confidentiality agreements, and you should too


Financier Worldwide Magazine

July 2015 Issue

July 2015 Issue

In the nearly five years since Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), much has been written about the Act’s whistleblower provisions. Among other things, the Dodd-Frank Act created a new whistleblower program administered by the US Securities and Exchange Commission (SEC) that provides a significant financial incentive, sometimes referred to as a ‘bounty’, for individuals to report possible violations of federal securities laws by public companies. Not surprisingly, the SEC has boasted of the large bounties awarded to whistleblowers, including a $30m award announced last fall, to incentivise other whistleblowers to report information to the SEC.

More recently, the SEC has turned its attention to companies’ confidentiality agreements, policies and practices that, in its opinion, could discourage whistleblowers from making a report to the SEC. In March 2014, the SEC’s whistleblower office warned companies that it was “actively looking” for agreements and other arrangements that incentivised employees to not report concerns to the SEC. In February 2015, it was reported by the Wall Street Journal that the SEC had sent requests to several companies asking for years of nondisclosure agreements, employment contracts and other documents. In April 2015, the SEC announced an enforcement action against a company that sometimes used confidentiality agreements prohibiting the unauthorised disclosure of the contents of interviews, even though there was nothing to suggest that the agreement had prevented anyone from making a report to the SEC.

These recent actions by the SEC make clear that the agency is actively looking into companies’ policies, practices and agreements to ensure there are no disincentives that might discourage a whistleblower from reporting information that might lead to another large award. Public companies should heed these warnings and review their policies, practices and agreements to ensure they don’t run afoul of the SEC’s whistleblower rules.

The SEC’s ‘anti-impediment’ rule

On 25 May 2011, the SEC adopted final rules implementing its whistleblower program. Much of the commentary about the final rules focused on the SEC’s rejection of a suggested requirement that an employee first utilise a company’s internal compliance and reporting procedures before submitting a report to the SEC. The SEC did not just ignore these comments, it has adopted a rule prohibiting employers and others from taking action “to impede an individual from communicating directly” with the SEC about a possible securities law violation. This rule, SEC Rule 21F-17(a), provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by § 240.21F-4(b)(4)(i) and § 240.21F-4(b)(4)(ii) of this chapter related to the legal representation of a client) with respect to such communications”. The SEC explained in a comment to this rule that “an attempt to enforce a confidentiality agreement against an individual to prevent his or her communications with Commission staff about a possible securities law violation could inhibit those communications even when such an agreement would be legally unenforceable”.

SEC cautions companies against incentivising employees to keep complaints internal

In March 2014, Sean McKessy, chief of the SEC’s Office of the Whistleblower, stated that the SEC was “actively looking” for agreements between employers and employees which provide benefits to employees who agree not to go to the SEC or to report concerns to regulators. Companies were put on notice that the SEC would be targeting and scrutinising creatively-drafted contracts which attempt to incentivise employees to keep complaints internal and refrain from reporting suspected wrongdoing to SEC staff.

The SEC announces first enforcement action relating to employee confidentiality agreement

On 1 April 2015, the SEC announced its first enforcement action based upon what it found to be “improperly restrictive language in [employee] confidentiality agreements with the potential to stifle the whistleblowing process”. The SEC charged Houston-based global technology and engineering firm KBR Inc with violating SEC Rule 21F-17(a) because KBR required witnesses in certain internal investigations to sign confidentiality statements. These confidentiality statements provided, in part, “I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorisation of the Law Department. I understand that the unauthorised disclosure of information may be grounds for disciplinary action up to and including termination of employment”.

The SEC acknowledged that there were “no apparent instances in which KBR specifically prevented employees from communicating with the SEC about specific securities law violations”. Despite this, the SEC found that KBR’s form confidentiality statement violated Rule 21F-17(a).

As part of a settlement with the SEC, KBR agreed to pay $130,000 in penalties, take reasonable efforts to contact employees who had signed this form agreement and revise its confidentiality statement as follows: “nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorisation of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures”.

In announcing this enforcement action and settlement, Mr McKessy issued a statement that “[o]ther employers should similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC”.

Analysis and practical implications of the SEC’s enforcement action

The SEC’s recent enforcement action against KBR is surprising for a number of reasons. First, Rule 21F-17(a) does not, on its face, prohibit agreements like that at issue in the KBR enforcement action. Further, the SEC’s comment on Rule 21F-17(a), suggest the SEC was concerned with attempts to enforce confidentiality agreements to prevent employees from reporting information to the SEC. However, there was nothing to suggest that KBR had sought to enforce such agreements to prevent an employee from making a report to the SEC. In fact, as previously noted, the SEC acknowledged that there was no reason to believe the agreements had prevented a KBR employee from ‘blowing the whistle’ to the SEC.

In light of the SEC’s aggressive enforcement of its rule, other public companies should carefully review their confidentiality agreements – nor is the SEC the only US governmental agency looking into this issue; the Equal Employment Opportunity Commission and the National Labour Relations Board both have made similar challenges to ‘blanket’ employee confidentiality agreements. Companies should consult with legal counsel to ensure that all agreements entered into with employees, including but not limited to confidentiality, employment and separation agreements, avoid any implication that employees are prohibited from reporting issues to the SEC or other governmental agencies. Employers should consider including an affirmative statement that such agreements do not prohibit employees from making a report to the SEC or other governmental agency and they are under no obligation to notify the company that they have ‘blown the whistle’.

Public companies should also review their written policies and practices to ensure that they cannot be seen as prohibiting or discouraging employees from reporting information to the SEC or other governmental agencies. Further, the SEC’s attention to companies’ internal investigation processes should cause boards of directors to review how companies conduct internal investigations. Internal auditors and in-house counsel must be mindful to not say anything that could be construed as prohibiting or discouraging an employee from sharing information with the SEC or another governmental agency. They should clearly articulate that any confidentiality obligations imposed on employees do not prohibit reports to the SEC or another governmental agency. If boards give thoughtful attention to these issues, they can avoid having their companies becoming targets of other enforcement actions by an aggressive governmental agency.


Michael MacPhail is a partner and Kyle Fogt is an associate at Faegre Baker Daniels. Mr MacPhail can be contacted on +1 (303) 607 3692 or by email: Mr Fogt can be contacted on +1 (612) 766 7281 or by email:

© Financier Worldwide


©2001-2019 Financier Worldwide Ltd. All rights reserved.