Mark Oberti writes:
On April 1, 2015, the SEC took action against — including a $130,000.00 fine — a company over concerns that the company was preventing its employees from potentially blowing the whistle on illegal activity. The action is significant because the SEC was targeting typical language in a confidentiality agreement and there were no allegations that the company, KBR, Inc., was violating any substantive securities law.
The Dodd-Frank Act amended the Securities Exchange Act to provide for whistleblower incentives and protections in order to encourage individuals to report possible violations of securities laws, but the new law goes further than merely encouraging reporting. Under SEC Rule 21F-17, companies may not take action to impede individuals from communicating with SEC staff about possible law violations, “including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”
Like many large companies, KBR has a compliance program to process complaints from employees concerning potentially unethical or illegal conduct. KBR has its own investigators who review these complaints and interview witnesses, including the individual who made the allegations. For many years KBR used a form confidentiality agreement in connection with its internal investigations. KBR’s investigators asked witnesses to sign the statement at the beginning of an interview. The form provided as follows: “I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”
The SEC asserted that this language violated Dodd-Frank and Rule 21F-17. Despite finding that (1) no employee was actually prevented form reporting potential law violations to the SEC, and (2) KBR had not tried to enforce the confidentiality agreement, the SEC nonetheless found that the offending language “undermines the purpose of Section 21F,” which is to encourage individuals to report to the SEC.
Without admitting wrongdoing, KBR agreed to (1) contact employees who had previously signed the agreement and advise them that they do not need permission from KBR’s legal department to report potential illegal activity to the government, (2) refrain from further violations , and (3) pay a $130,000 civil monetary penalty.
The SEC’s order in this case is a warning to other companies that may have similar, otherwise typical confidentiality provisions which are intended to protect privileged communications, and not intended or used to prevent employees from reporting potential law violations to the SEC. Moreover, the fact that the SEC’s action involved a company not even accused of actually preventing such reporting, or violating any substantive securities law, may signal that the SEC intends to be aggressive in searching out similar provisions in confidentiality agreements used by other companies for similar enforcement actions. Accordingly, employers should review their confidentiality agreements to ensure they do not run afoul of SEC Rule 21F-17 as interpreted by the SEC in this case.