April 16, 2015

SEC Applies Whistleblower Protections to Confidentiality Arrangements

Public companies should review their confidentiality arrangements for any provisions that may result in unintended violations of the Dodd-Frank Act’s whistleblower protections.

SEC Enforcement Action

On April 1, 2015, the Securities and Exchange Commission announced that it had settled its first enforcement action based on language in a company’s confidentiality agreements warning employees that they could face discipline and potential termination for discussing internal investigation matters with outside parties without the prior approval of the company’s legal department. The Division of Enforcement charged that KBR, Inc. violated SEC Rule 21F-17 when it included the following provision in the form of confidentiality statement that it required witnesses to sign in connection with certain internal investigations:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

The SEC asserted that, because the investigations could involve violations of federal securities laws, the above provision might potentially discourage employees from reporting the violations. The purpose of Rule 21F-17, which the SEC adopted in connection with the Dodd-Frank Wall Street Reform and Consumer Protection Act in August 2011, was “to encourage whistleblowers to report possible violations of the securities laws by providing financial incentives, prohibiting employment-related retaliation, and providing various confidentiality guarantees.” Section 21F of the Securities Exchange Act of 1934 and Rule 21F-17 prohibit companies from taking any action to impede potential whistleblowers from reporting possible securities law violations to the SEC, including enforcing, or threatening to enforce, a confidentiality agreement.

In the KBR enforcement action the SEC is now taking the position that any blanket prohibition in a company’s employment-related agreements that inhibits witnesses from discussing the substance of an interview has a potential chilling effect on whistleblowers’ willingness to report illegal conduct to the SEC and therefore violates Rule 21F-17. Significantly, there were no apparent instances in which KBR specifically prevented employees from communicating with the SEC about any securities law violations. Further, the SEC found that KBR had never taken any action to enforce these confidentiality agreements or otherwise to prevent this type of communication. In the SEC press release announcing the enforcement action, Andrew J. Ceresney, Director of the Division of Enforcement, said that “[b]y requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us. . . . SEC rules prohibit employers from taking measures through confidentiality, employment, severance, or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.  We will vigorously enforce this provision.”

The KBR enforcement action is part of the SEC’s continuing reinforcement and expansion of the Dodd-Frank Act’s whistleblower protections. On February 25, 2015, The Wall Street Journal reported in an article titled “SEC Probes Companies’ Treatment of Whistleblowers” that the Enforcement Division had sent inquiries to a large number of public companies requesting copies of employment contracts, severance agreements and other employment-related documents that contain confidentiality arrangements as part of an SEC investigation into whether companies were inhibiting whistleblowers through employment-related agreements and policies.

Remedial Steps

To settle the enforcement action, KBR agreed to cease and desist from committing or causing any future violations of Rule 21F-17 and to pay a $130,000 penalty, without admitting or denying the SEC’s charges. Further, KBR agreed to voluntarily amend the confidentiality statement to clarify that employees are free to report possible violations to the SEC and other federal agencies without approval by KBR or fear of retaliation. The amended confidentiality statement includes the following language:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

KBR also agreed to make reasonable efforts to contact KBR employees in the United States who had signed the confidentiality statement from the effective date of Rule 21F-17 through the present, providing these employees with a copy of the SEC enforcement order and a statement that KBR does not require the employee to seek permission from the General Counsel of KBR before communicating with any governmental agency or entity regarding possible violations of federal law or regulations.

Other Governmental Agency Actions Concerning Confidentiality Agreements

The SEC is not the only governmental agency that is challenging employers’ restrictions on disclosures of confidential information. The National Labor Relations Board and the Equal Employment Opportunity Commission have all given recent scrutiny to confidentiality provisions in employment-related documents.

On March 18, 2015, the General Counsel of the NLRB issued Memorandum GC 15-04, “Report of the General Counsel Concerning Employer Rules,” which criticizes employer prohibitions on disclosure of “employee information” or even simply information that is “not public information” as overly broad, based on the conclusion that employees may perceive such restrictions as prohibiting employees from sharing information about wages, benefits and other terms and conditions of employment. The NLRB position applies equally to non-union employees and union employees. However, because the protections of the National Labor Relations Act apply only to employees who are neither managerial nor supervisory, the NLRB’s position applies only to the extent that prohibitions would apply to non-managerial and non-supervisory employees.

In 2014, the EEOC initiated litigation against CVS Pharmacy, Inc., contending that a settlement agreement and general release that, among other terms, prohibited disclosure of information about personnel interfered with employee rights under federal anti-discrimination laws. Although the EEOC’s challenge was dismissed by the United States District Court for the Northern District of Illinois, the case is currently on appeal before the United States Court of Appeals for the Seventh Circuit.

Action Companies Should be Taking Now

Companies should review the provisions in their confidentiality agreements and any confidentiality language in their employment agreements, codes of conduct, employment policies, forms and handbooks, employee releases and termination and severance agreements to determine whether the company should amend any of these documents to ensure that, in the words of the SEC’s KBR press release, they do not “in word or deed stop their employees from reporting potential violations to the SEC.” The language that KBR and the SEC agreed upon in the order that settled the SEC enforcement action may provide a model for companies to use when reviewing their employment-related documents and policies.  Although the SEC clearly approves of that language, companies should consult with counsel to determine the extent to which that language may serve as a suitable model for their own employment-related materials.

To the extent applicable, companies should also consider modifications to confidentiality agreements and other confidentiality language to reduce their exposure to possible challenges by the NLRB and the EEOC.