Who’s the Next Target in the SEC’s Quest to Protect Corporate Whistle-blowers?

By Kristin Casler, featuring Jason Canales and Megan Daneshrad of Moses & Singer, LLP

The Securities and Exchange Commission’s clear message in April that it is targeting language in confidentiality agreements that might deter whistle-blowing employees has put companies on the offensive. They are digging through not only confidentiality agreements used in internal investigations but in other documents that the SEC and other regulatory agencies might choose to scrutinize.

The SEC’s Action

Following through on its threats to vigorously enforce Rule 21F-17, the SEC on April 1 announced its first enforcement action against a company, KBR Inc., for what it deemed improperly restrictive language in confidentiality agreements. The restrictive language, the SEC said, had the potential to stifle the whistleblowing process in violation of Rule 21F-17 enacted under the Dodd-Frank Act.

The Houston-based global technology and engineering firm required witnesses in certain internal investigation interviews to sign confidentiality statements that warned that they could face discipline or termination if they discussed the matters with outside parties without the prior approval of KBR’s legal department.  The internal investigations examined possible securities law violations, which the SEC and other regulators would be very interested in.

KBR agreed to pay a $130,000 penalty to settle the SEC’s charges. It amended its confidentiality statement to make it clear that employees are free to report possible violations to federal agencies without prior approval or fear of retaliation.

Taking Notice

The KBR enforcement action was a pretty bold pronouncement by the SEC that it will aggressively police the use of confidentiality statements and will broadly interpret Rule 21F-17, said Jason Canales of Moses & Singer LLP. He said he suspects that the SEC will strike next on severance and/or separation agreements that may more subtly (or creatively) try to stifle would-be whistleblowers. Included in the scrutiny might be language that requires employees to sign agreements mandating that they forego any whistleblower award or represent, as a precondition to obtaining a severance payment, that they have not made a prior report of misconduct to the SEC.

Canales noted that SEC Chair Mary Jo White expressed the SEC’s concern with such agreements in a recent speech at Northwestern University School of Law.

“We think the SEC will also be looking for a case where a company has actually retaliated against a whistleblower who disclosed alleged wrongdoing after agreeing to keep matters confidential,” Canales said.

In the KBR case, the company took no action against any employees, and no employees reported being hindered by the agreement language. 

Should Companies be Worried?

The fact that the SEC took action even though no KBR employee was prevented from communicating with the SEC and KBR did not enforce the confidentiality agreements in question should put all companies on notice that this is a no-nonsense issue, said Megan Daneshrad of Moses & Singer LLP.

In fact, The Wall Street Journal® reported in February that the SEC asked several firms to turn over every nondisclosure agreement, confidentiality agreement, severance agreement and settlement agreement they entered into with employees since Dodd-Frank went into effect. It also asked for documents related to corporate training on confidentiality, all documents that refer or relate to whistleblowing and a list of terminated employees.

And the SEC is not the only source of potential action. Other agencies have indicated that they will be just as aggressive on anti-whistleblower language.

So, corporate counsel should pay close attention to confidentiality statements used in internal investigations, separation agreements, settlement agreements, employee codes of conduct/handbooks and any other provisions/agreements that provide for non-disclosure, confidentiality, non-disparagement and/or cooperation, Daneshrad said.

“The key is to be clear that an employee is not precluded from and will not be penalized for reporting misconduct to the SEC,” she said.

Counsel should look for provisions that expressly bar cooperating with regulators or that require pre-approval from the employer to speak with them. These provisions should be scrutinized and probably revised, Canales said. 

Permissible Language

Companies should continue to incentivize employees to report wrongdoing internally first, but they should also consider notifying employees that they are not prohibited from reporting possible violations of federal law or regulation to any governmental agency. 

How quickly and easily this review process goes will depend on many factors, including the size of the company, the company’s culture, the volume of compliance-related manuals and other materials containing provisions relating to confidentiality and non-disclosure of misconduct. In addition, companies may have to bear with regulation by multiple government agencies that have differing approaches on this issue.  If that’s the case, a thorough review of relevant agency laws and opinions is necessary, Canales said.

For companies regulated by the SEC, an easy first step would be to include a provision in any confidentiality statement used in an internal investigation that mirrors the provision the SEC green-lighted in KBR:

“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

No Threat to Attorney-Client Privilege

The KBR decision does not appear on its face to interfere with confidentiality provisions that are intended to safeguard attorney-client privileged communications, Daneshrad said.  In fact, Rule 21F-17 specifically excludes from its prohibitions information obtained through a communication that was subject to the attorney-client privilege. See 21F-17 and 21F-4(b)(4)(i).  Thus, companies conducting internal investigations can still give the standard Upjohn warnings concerning the scope of the attorney-client privilege in the context of an internal investigation Upjohn v. United States, 449 U.S. 383 (1981); 1981 U.S. LEXIS 56.

However, Daneshrad said counsel should consider whether to expressly inform an employee that reporting to the government knowledge of wrongdoing independent from a privileged conversation is permitted.

Of some concern to employers is the potential threat that whistleblowers may disclose proprietary business information to the SEC. SEC Chair Mary Jo White made clear in her remarks at Northwestern University that companies may continue to protect their trade secrets through the use of confidentiality and severance agreements that are properly limited in scope, Daneshrad said.  Provisions designed to ensure confidentiality and prevent disclosure of proprietary information should make clear that the employee is free to report alleged violations to an agency, but cannot disclose proprietary information in doing so.

“Keep in mind that these provisions may not ultimately pass muster with the SEC and may have to be litigated in order to be found valid,” she said.  

The review process, though, promises to be an arduous one. “If your organization uses a lot of confidentiality clauses, you have a great deal of documents to start sorting through,” Canales said.

Disclaimer: The views and opinions expressed in this article are those of the individual sources referenced and do not reflect the views, opinions or policies of the organizations the sources represent.