Recent enforcement actions brought by the U.S. Securities and Exchange Commission (SEC) underscore the SEC's renewed commitment to protecting and encouraging whistleblowers, particularly in connection with what the SEC views as employer conduct that may impede or deter employee whistleblowers from reporting possible violations of federal securities laws.

In August 2016, the SEC entered into settlements with two companies for allegedly violating SEC Rule 21F-17 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Rule 21F-17), which provides that "[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a potential securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement."¹

First, on August 10, 2016, the SEC entered into a settlement with BlueLinx Holdings, Inc. (BlueLinx) for language in its standard severance agreements, which generally prohibited employees from divulging confidential information without written permission of or notice to BlueLinx and provided that, while employees could file a claim with the SEC (and other agencies), the employee waived the right to monetary recovery in relation to such a claim.² The SEC found that such language violated Rule 21F-17 by raising "impediments" to participation in the SEC whistleblower program and "removed the critically important financial incentives that are intended to encourage persons to communicate" with the SEC about possible securities law violations.³ Among other things, the SEC's cease-and-desist order imposed a $265,000 civil penalty against BlueLinx and required BlueLinx to (i) contact former employees who signed the severance agreements; (ii) provide those employees with a link to the SEC's cease-and-desist order; and (iii) confirm with those employees that they could provide information to the SEC and accept a whistleblower award from the SEC.⁴ Going forward, BlueLinx must also include language in its severance agreements specifying that nothing in those agreements limits the employee's right to receive an award for information provided to a government agency, including the SEC.

Further, on August 16, 2016, Health Net, Inc. (Health Net), in a settlement reached with the SEC, agreed to pay the SEC a $340,000 civil penalty stemming from similar language in its severance agreements which required employees to waive: (i) "the right to file an application for award for original information submitted pursuant to Section 21F of the Securities Exchange Act of 1934;" and (ii) "any right to any individual monetary recovery in any [lawsuit against the Company] or in any proceeding brought based on any communication by Employee to any federal, state, or local government agency or department."⁵ Like BlueLinx, Health Net had amended its agreement language on several occasions to clarify that nothing in the agreement prohibited employees from communicating directly with a government regulator as part of an investigation.⁶ However, the SEC found that, because the agreement language prohibited an employee from accepting any individual financial awards for providing information regarding possible securities law violations, it violated Rule 21F-17. Like BlueLinx, Health Net also agreed to contact former employees to inform them that their severance agreements do not prohibit them from obtaining SEC whistleblower awards.⁷

On September 28, 2016, Anheuser-Busch InBev SA/NV (AB InBev) agreed to disgorge more than $2.7 million and to pay a civil money penalty of more than $3 million to settle SEC charges based on violations of the Foreign Corrupt Practices Act (FCPA) and Rule 21F-17(a).⁸ There, a subsidiary of AB InBev entered into a confidential release with a former employee who had raised concerns to AB InBev of alleged FCPA violations.⁹ The release not only precluded the former employee from disclosing the company's confidential information, including to government regulators, but also required him to pay liquidated damages of $250,000 in the event of a breach.¹⁰ The SEC found that this language, and the employee's related concern regarding the threat of liquidated damages, caused the employee to stop communicating with the SEC, as he had been doing on a voluntary basis prior to executing the confidential release. In addition to paying the civil penalty, AB InBev agreed to make reasonable efforts to notify other former employees that their release agreements do not prohibit them from contacting the SEC about possible violations of the federal securities laws.¹¹

Consistent with its focus on whistleblower protections, on September 29, 2016, the SEC brought its first-ever enforcement action based exclusively on alleged retaliation against a whistleblower.¹² In that action, the SEC alleged that International Game Technology (IGT) fired an executive whistleblower because he reported to management and the SEC his suspicions that the company's financial statements might be misstated.¹³ As a result, the SEC ordered IGT to pay a $500,000 civil money penalty.¹⁴ The IGT cease-and-desist order is unique in that the SEC did not allege violations of any securities laws other than Section 21(h) of the Exchange Act, signaling the SEC's willingness to pursue stand-alone retaliation actions, as compared to the Paradigm Capital Management, Inc. action from 2014, in which the SEC also charged the hedge fund advisory firm with engaging in prohibited principal transactions.¹⁵

On October 24, 2016, the SEC issued a Risk Alert targeting investment advisers and broker dealers and their compliance with whistleblower rules under Rule 21F-17.¹⁶ In the Risk Alert, the SEC confirmed that the Office of Compliance Inspections and Examinations is reviewing, among other things, "compliance manuals, codes of ethics, employment agreements and severance agreements" to determine whether provisions relating to confidential information and reporting of alleged securities law violations may conflict with Rule 21F-17.¹⁷ Per the Risk Alert, "[r]egistrants are encouraged to consider the issues identified in the Risk Alert" and to evaluate the above referenced documents and others that "may be inconsistent with Rule 21F-17."¹⁸

The SEC is not alone in its current focus on employer agreements and the implications they have on an employee's ability to freely communicate with governmental agencies. On August 23, 2016, the Occupational Safety and Health Administration (OSHA) issued guidelines for approving settlement agreements between employers and employees in whistleblower cases.¹⁹ In the guidance, OSHA specified that agreements that, among other things, discourage employees from sharing information with the government or filing a complaint with the government or participating in a governmental proceeding will not be approved.²⁰ OSHA's guidance targets many of the same types of clauses that have garnered the SEC's focus.

Employers, particularly registrants subject to the SEC, should have their agreements (employment, separation, severance, restrictive covenant, non-disclosure and confidentiality agreements, for example), policies, codes and guidelines reviewed by counsel to identify and rectify language that may run afoul of Rule 21F-17. In doing so, companies should keep in mind that other governmental agencies, including the Equal Employment Opportunity Commission, National Labor Relations Board and OSHA have taken positions similar to those espoused by the SEC with respect to agreement and policy provisions that seemingly impinge on certain employee "rights." Employers are cautioned against utilizing a "one size fits all" clause for all documents, as those may not adequately cure or address all issues identified as problematic by the SEC and other governmental agencies. Further, employers, in consultation with counsel, should continue to monitor future developments at the SEC in 2017, particularly in light of any changes to the agency's staff and to its enforcement priorities in light of future appointments to be made by President-Elect Donald Trump.

_{1 In April 2015, the SEC instituted a first-of-its-kind enforcement action against KBR, Inc. (KBR) for violating Rule 21F-17 based on language contained in KBR's confidentiality agreements with its employees. See In the Matter of KBR, Inc., No. 3-16466 (Apr. 1, 2015).
2 See In the Matter of BlueLinx Holdings, Inc., No. 3-17371 (Aug. 10, 2016).
3 Id.
4 Id.
5 Id.
6 See In the Matter of Health Net, Inc., No. 3-17396 (Aug. 16, 2016).
7 Id. at 4.
8 In the Matter of Anheuser-Busch InBev SA/NV, No. 3-17586 (Sept. 28, 2016).
9 Id. at 6.
10 Id. at 6–7.
11 Id. at 12.
12 In the Matter of International Game Technology, No. 3-17596 (Sept. 29, 2016).
13 Id. at 2.
14 Id. at 5.
15 In the Matter of Paradigm Capital Management, Inc., No. 3-15930 (June 16, 2014).
16 U.S. SEC. & EXCH. COMM'N, OFFICE OF COMPLIANCE INSPECTIONS AND EXAMINATIONS, NAT'L EXAM PROGRAM RISK ALERT, VOL. VI, ISSUE 1, EXAMINING WHISTLEBLOWER RULE COMPLIANCE (2016) (available at: https://www.sec.gov/ocie/announcement/ocie-2016-risk-alert-examining-whistleblower-rule-compliance.pdf).
17 Id.
18 Id.
19 U.S. DEP'T OF LABOR OCCUPATIONAL SAFETY & HEALTH ADMIN., NEW POLICY GUIDELINES FOR APPROVING SETTLEMENT AGREEMENTS IN WHISTLEBLOWER CASES (2016) (available at: http://www.whistleblowers.gov/memo/InterimGuidance-DeFactoGagOrderProvisions.pdf).
20 Id.}