The Securities and Exchange Commission (SEC) has brought three actions in the last year under the Dodd-Frank Whistleblower provisions, which demonstrates the importance of ensuring employer-imposed agreements, policies, and practices do not run afoul of Rule 21F-17—a relatively new rule that is quickly becoming one of the SEC’s favorite enforcement tools.

The SEC’s Whistleblower Program

In 2010, as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act, the SEC established a whistleblower program designed to encourage individuals to provide timely, useful information to the SEC in order to enhance the SEC’s enforcement operations. To this end, the program offers significant monetary incentives to individuals who voluntarily provide the SEC with original information leading to an enforcement action yielding more than $1 million in monetary sanctions. Whistleblowers are entitled to receive an award of 10-30 percent of the amount collected in an action by the SEC or any related action. The awards come from an investor protection fund established by Congress that is financed through monetary sanctions paid by violators of securities laws.

In addition to the significant monetary incentives, the program provides important protections to whistleblowers to ensure that they are not subject to retaliation for providing tips to the SEC or discouraged from providing information to the SEC. These protections derive in part from Rule 21F-17(a), which became effective on August 12, 2011, and provides that no person may take any action to impede a whistleblower from communicating directly with the SEC about a possible securities law violation, including by enforcing or threatening to enforce a confidentiality agreement with respect to such communications.

As recent SEC charges demonstrate, this rule has important implications for employers because it applies to any policy, agreement or procedure that may impede an individual from sharing information with the SEC, including confidentiality and non-disclosure agreements as well as separation, severance, settlement, and non-disparagement agreements.

Recent Charges for Anti-Whistleblower Provisions

Over the past year, several companies have paid civil penalties based on employer-imposed agreements that the SEC concluded were in violation of Rule 21F-17.

Last week, BlueLinx Holdings Inc. agreed to pay a $265,000 penalty for including provisions in its severance agreements that required outgoing employees to waive their rights to monetary recovery if they filed a charge or complaint with the SEC or other federal agencies. One of the confidentiality provisions at issue stated:

[The Employee shall not] disclose to any person or entity not expressly authorized by the Company any Confidential Information or Trade Secrets . . . . Anything herein to the contrary notwithstanding, you shall not be restricted from disclosing or using Confidential Information or Trade Secrets that are required to be disclosed by law, court or other legal process; provided, however, that in the event disclosure is required by law, you shall provide the Company’s Legal Department with prompt written notice of such requirement in time to permit the Company to seek an appropriate protective order or other similar protection prior to any such disclosure by you.

Likewise, another confidentiality provision stated:

Employee further acknowledges and agrees that nothing in this Agreement prevents Employee from filing a charge with . . . the Equal Employment Opportunity Commission, the National Labor Relations Board, the Occupational Safety and Health Administration, the Securities and Exchange Commission or any other administrative agency if applicable law requires that Employee be permitted to do so; however, Employee understands and agrees that Employee is waiving the right to any monetary recovery in connection with any such complaint or charge that Employee may file with an administrative agency.

Approximately 160 employees had signed severance agreements that contained the provision since it was added to all of BlueLinx’s severance agreements in or about June 2013—nearly two years after the adoption of Rule 21F-17. Because the severance agreement required employees leaving the company to waive potential whistleblower awards or risk losing payments and other benefits under the agreement, the SEC concluded that it impeded individuals from sharing information about possible securities law violations with the SEC and thus violated Rule 21F-17.

In addition to the $265,000 penalty, BlueLinx agreed to amend its agreements to make clear that employees may report possible securities laws violations to the SEC and other agencies. BlueLinx also agreed to make reasonable efforts to contact former employees who had executed severance agreements after August 12, 2011, to notify them that BlueLinx does not prohibit them from providing information to the SEC or accepting SEC whistleblower awards.

The charges against BlueLinx come a year after the SEC’s first enforcement action for a Rule 21F-17 violation. In April 2015, the SEC penalized KBR, Inc. for an anti-whistleblower provision in the confidentiality agreements that KBR required its employees to sign when participating in the company’s internal investigations. The provision at issue stated:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

KBR paid a $130,000 fine for the provision and, like BlueLinx, agreed to amend its confidentiality agreement to make clear that employees will not be subject to retaliation for reporting potential violations to the SEC, and they do not need to seek approval before doing so. KBR agreed to include the following language in its amended agreement:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

Earlier this year, the SEC also imposed penalties against an investment firm for language in a severance agreement that prohibited employees from disclosing any aspect of the company’s confidential information or trade secrets to any person or entity, except pursuant to formal legal process, or unless the former employee first obtained the written approval of an authorized company representative. The SEC observed that this provision impeded the “voluntary” disclosure of confidential information to the SEC and other agencies. The SEC penalized the company for including a provision in its severance agreement that advised outgoing employees that the agreement did not prohibit initiating communications directly with the SEC or other authorities, but limited the types of information that could be conveyed to information relating to the severance agreement itself or its underlying facts and circumstances.

Notably, in all three actions, the SEC held the companies liable for Rule 21F-17 violations without any evidence that any employee had actually been prevented from disclosing confidential information to the government.

Avoiding Civil Penalties for Rule 21F-17 Violations

Companies should expect the SEC to continue to scrutinize language included in employer-imposed agreements and policies. The SEC’s annual report for 2015 identified assessing confidentiality agreements for compliance with SEC rules and regulations as a top priority for fiscal year 2016. True to its word, the Enforcement Division has been sending out requests to public issuers asking for copies of corporate confidentiality policies. In addition, the Office of Compliance, Inspections and Examinations has been routinely asking registrants during examinations for copies of employment agreements, severance agreements, employment policies, and any other documents that contain “confidentiality” provisions to ensure that they do not contain language that could be construed as interfering with the rights of whistleblowers.

The SEC’s recent actions and charges signal that it will continue to prioritize these types of agreements and policies in the years to come. In light of the SEC’s scrutiny of confidentiality provisions, all employers should review their agreements, policies, and practices to ensure that they do not contain provisions that could be construed as an obstacle to an individual’s attempt to provide information about potential wrongdoing to the SEC.