June 20, 2021

Volume XI, Number 171


June 18, 2021

Subscribe to Latest Legal News and Analysis

June 17, 2021

Subscribe to Latest Legal News and Analysis

SEC Says Employee Confidentiality Agreement Violates Dodd-Frank Whistleblower Provisions

The SEC announced on April 1, 2015 that it had settled cease and desist proceedings against KBR Inc., a Houston-based technology and engineering firm, based on restrictive language in employee confidentiality agreements that KBR used in connection with an internal investigation. In its settlement, KBR agreed to certain compliance measures and payment of a $130,000 penalty.

KBR conducted employee interviews as part of internal investigations regarding potential illegal or unethical conduct by employees. During those interviews, KBR required employees to sign a form confidentiality statement by which employees agreed not to discuss the particulars of their interview without receiving prior authorization from KBR. The confidentiality agreement further noted that any violation of the agreement could be grounds for disciplinary action or termination.

In its cease and desist order, the SEC determined that the language in KBR's confidentiality agreement violated Section 21F of the Securities Exchange Act, which addresses whistleblower incentives and protection and was implemented as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank) and SEC Rule 21F-17(a), which provides in relevant part:

No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement… with respect to such communications.


This first-of-its-kind enforcement action is remarkable in that there is no claim that KBR ever attempted to prevent any communication between an employee and the SEC or that KBR ever took any action to enforce or to threaten to enforce the confidentiality agreement. KBR's sole misstep appears to have been the language in its confidentiality agreement, which read as follows:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.


As part of the settlement, KBR amended its confidentiality agreements to provide that:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.


In a statement about the settlement, SEC enforcement head Andrew Ceresney said, "By requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us." He further noted that "SEC rules prohibit employer from taking measures through confidentiality, employment, severance, or other types of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision."

In a separate statement, SEC whistleblower chief Sean McKessy stated, "Other employers should similarly review and amend existing and historical agreements that in word or effect stop their employees from reporting potential violations to the SEC."

Although this enforcement action is the first of its kind, it is unlikely to be the last such proceeding. The SEC had foreshadowed such a proceeding when Rule 21F-17 was being finalized, in the SEC's public comments about the rule, and in the SEC's actions in recent months.

In its commentary regarding the implementation of Rule 21F-17, the SEC specifically noted that it wanted to curb any effect that confidentiality agreements might have on an employee's ability to blow the whistle. "[A]n attempt to enforce a confidentiality agreement against a whistleblower to prevent his or her communications with Commission staff about a possible securities law violation could inhibit those communications even when such an agreement would be legally unenforceable, and would undermine the effectiveness of the countervailing incentives that Congress established to encourage whistleblowers to disclose possible violations to the Commission."

In June 2014, the SEC brought its first whistleblower retaliation case, when it accused Paradigm Capital Management, Inc., a hedge fund advising company, of firing a trader after learning that the trader had reported suspect trading activity to the SEC. Ultimately, Paradigm agreed to pay approximately $2.2 million in sanctions to settle the SEC's charges. In an interview dated October 17, 2014, McKessy discussed the SEC's focus on retaliation cases, and reiterated the SEC's intention to bring cases related to confidentiality agreements. "We are going to bring a case where somebody has asked an employee or forced an employee to sign a document that in order of substance means they can’t report to us," he said. "This is now the new thing that I've got people really enthusiastic for." Although McKessy did not specifically identify what language would run afoul of Rule 21F-17, he noted that the rule applied to severance agreements, confidentiality agreements and employment agreements, even if they didn’t explicitly state, "You can’t report this to the SEC."

Finally, in February of this year, the Wall Street Journal reported that the SEC had sent requests to a number of companies seeking years of non-disclosure agreements, employment contracts and other documents as part of an agency probe. According to the WSJ, the SEC's request sought "every nondisclosure agreement, confidentiality agreement, severance agreement and settlement agreement [the companies] entered into with employees since Dodd-Frank went into effect, as well as documents related to corporate training on confidentiality." The SEC further requested "all documents that refer or relate to whistleblowing."

The breadth and scope of the SEC's investigation is remarkable. Companies should review their various agreements with their employees, their codes of conduct, internal reporting and compliance policies and termination agreements to make sure that they neither expressly nor impliedly run afoul of Rule 21F-17. In bringing this proceeding against KBR, and in its public statements both before and after the revelation of their settlement, the SEC has made it clear that it is targeting any and all confidentiality agreements that may be interpreted as an effort to impede a whistleblower's direct communication with the SEC. Would the SEC take the position that requiring an employee to sign a confidentiality agreement at the time of her/his hiring, far before any allegations of wrongdoing ever arose, impeded that employee’s ability to communicate with the SEC regarding a subsequent issue? Would the SEC take the position that confidentiality restrictions in a non-compete agreement, without specific language permitting the employee to talk to the SEC, violate Rule 21F-17? Although the SEC has not articulated any bright line rules regarding what is or is not in violation, the SEC's public comments have not revealed any intent to limit Rule 21F-17 to situations involving internal investigations. Instead, the SEC may take that position that all types of agreements seeking confidentiality — whether they are in employment agreements, termination agreements, or non-compete agreements – may be subject to this rule.

For in-house counsel, the SEC has warned that in-house lawyers are subject to being held liable themselves if they are responsible for drafting language that violates Rule 21F-17. Mr. McKessy said in a recent interview that "If you are an in-house lawyer drafting language saying you can’t come to the SEC, it's not just the company that is in peril, you are too."

© 2021 Schiff Hardin LLPNational Law Review, Volume V, Number 93



About this Author

Schiff Hardin provides services to banks, savings associations and other types of financial institutions nationwide and internationally. In addition to our traditional strengths in mergers and acquisitions, securities and financings, bank regulatory compliance, and trust department counseling, we have a particular and increasing focus on corporate governance and fiduciary litigation.