The SEC has become increasingly vigilant and aggressive about what employers say in their confidentiality agreements and the context in which they say it.  We previously cautioned employers when FINRA issued a Regulatory Notice cracking down on the use of confidentiality provisions that restrict employees from communicating with FINRA, the SEC, or any other self-regulatory organization or regulatory authority.  The SEC has now followed suit in In re KBR, Inc., (pdf) the SEC’s first-ever enforcement action against a company for using overly restrictive language in one of its confidentiality agreements.  (See, e.g., “SEC Declares Open Season on Employee Agreements,” (Law 360) (subscription required).

The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) amended the Securities and Exchange Act to include the whistleblower incentives and protections set forth in Section 21F.  Rule 21F-17 prohibits employers from taking any action to “impede” an employee from communicating with the SEC about a possible securities law violation, including enforcing or threatening to enforce a confidentiality agreement.  The SEC’s Chief of the Office of the Whistleblower, Sean McKessy, previously indicated that his office would be analyzing and looking to bring enforcement actions with respect to severance agreements, confidentiality agreements, and employment agreements that violate Rule 21F-17(a), part of the implementing regulations of the Dodd-Frank whistleblower incentive award program (i.e., the “bounty” program).

Interestingly, the SEC selected a very specific and particular type of agreement for its first publicized action: not a severance, employment, or general confidentiality agreement or policy, but rather an agreement that KBR’s compliance investigators required witnesses interviewed in connection with certain internal investigations to sign, warning them that they could face discipline or be fired if they discussed the substance of the interview with outside parties without prior approval from KBR’s legal department.  KBR had begun using the form agreement at issue prior to the promulgation of Rule 21F-17.

Although there was no evidence that any KBR employees were ever actually prevented from communicating with the SEC pursuant to the confidentiality agreement, or that KBR took any actions to enforce the terms of the agreement, the SEC found that KBR’s use of the confidentiality agreement was unlawful because it improperly restricted employees from communicating with the SEC about the subject of an interview without KBR’s permission, and it undermined the purpose of Section 21F by discouraging employees from reporting possible SEC rules violations through threat of discipline.

KBR has agreed to pay the SEC $130,000 to settle the charges and voluntarily amended its confidentiality statement to expressly provide that it does not preclude employees from reporting possible violations of law or regulations to any government agency or from making other disclosures protected under federal whistleblower laws.  The amended provision also makes clear that employees do not need KBR’s authorization to make such disclosures.

This should serve as a warning that blanket confidentiality provisions that arguably forbid employees from communicating with regulatory agencies, or require pre-approval to do so, unless carefully drafted to comply with Rule 21F-17, may run afoul of federal law.  The SEC is fully committed to prosecuting such violations.  Employers should therefore carefully review, and revise as necessary, all confidentiality agreements they use – whether in stand-alone agreements, employment agreements, separation agreements, or other policies or standards of conduct – so that they too do not become the targets of SEC enforcement actions or other regulatory scrutiny.

Back to Workforce Bulletin Blog

Search This Blog

Blog Editors

Authors

Related Services

Topics

Select Category

Archives

Select archive
Jump to Page

Subscribe

Sign up to receive an email notification when new Workforce Bulletin posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.