Even fairly innocuous confidentiality language that might seem unobjectionable to some could lead to an SEC enforcement action under the SEC’s interpretation of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd Frank”).
Congress enacted Dodd Frank on July 21, 2010 and Section 21F of the new law established the Office of the Whistleblower. In the relatively short time that these whistleblower provisions have been implemented they have proven to be quite successful; the SEC recently paid out a record $30 million award to a whistleblower, and even bigger awards are expected as enforcement proceedings prompted by whistleblowers work their way through the system.
Why Confidentiality Agreements Could be a Problem
When it promulgated rules to manage the new whistleblower program those rules included Rule 21F-17, which was enacted to prevent retaliation by companies against whistleblowers. This Rule provides, in relevant part, as follows:
(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.
According to the press release issued by the SEC with respect to the KBR case, the company was sanctioned for “requir[ing] witnesses in certain internal investigations interviews to sign confidentiality statements with language warning that they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department.”
Apparently the company was in the process of conducting an internal investigation into possible securities law violations. As part of its interview process it required all interviewees to sign a confidentiality agreement, which was a standard form KBR had used for several years before the SEC adopted Rule 21F-17, and had not been changed after the Rule was enacted. This agreement contained the following provision:
I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.
The SEC interpreted this language as a violation of Rule 21F-17 because “any company’s blanket prohibition against witnesses discussing the substance of the interview has a potential chilling effect on whistleblowers’ willingness to report illegal conduct to the SEC.”
Interestingly, the SEC did not identify any instance where KBR actually sought to prevent employees from communicating with the SEC. Rather, once it discovered the language the SEC concluded that the mere existence of those provisions could chill a potential whistleblower’s willingness to report illegal conduct to the SEC, and that was enough to trigger an independent enforcement action.
KBR agreed to pay a $130,000 penalty to settle the SEC’s charges and the company voluntarily amended its confidentiality statement by adding the following language:
Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.
In a press release issued in connection with this settlement Andrew J. Ceresney, Director of the SEC’s Division of Enforcement stated that “By requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us. SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”
What Companies Should do in Response to The KBR Action
It is now clear that confidentiality provisions in employee agreements, codes of conduct, employment manuals, forms and handbooks, if overly restrictive, can be the basis for an independent SEC enforcement action. Companies should therefore review their confidentiality agreements to ensure that they do not “in word or deed stop their employees from reporting potential violations to the SEC.” The new language quoted above provides a good example of what the SEC will accept.
In a recent speech SEC Chair Mary Jo White clarified that the KBR enforcement action is not intended to be “a sweeping prohibition on the use of confidentiality agreements. Companies conducting internal investigations can still give the standard Upjohn warnings that explain the scope of the attorney-client privilege in that setting. Companies may continue to protect their trade secrets or other confidential information through the use of properly drawn confidentiality and severance agreements.”
The bottom line is that a company needs to make sure that employees understand that it is always permissible to report possible securities laws violations to the SEC.
Copyright 2015 by Mark W. Pugsley. All rights reserved.