On April 1, 2015, the SEC announced its first enforcement action against a company for utilizing language in a confidentiality agreement which could discourage whistleblowing.

The SEC charged KBR, Inc., a Houston-based global technology and engineering firm, with violating Rule 21F-17 of the Exchange Act. Rule 21F-17, adopted pursuant to the Dodd-Frank Act, provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement. . .with respect to such communications.”

As part of its compliance program, KBR regularly receives allegations from its employees of potential illegal or unethical conduct by KBR or its employees. In looking into such matters, KBR would typically conduct an internal investigation which would include interviewing KBR employees.   In connection with such internal investigation interviews, KBR required witnesses to sign confidentiality statements which provided that such witnesses could face disciplinary action and even be fired if they discussed the matters discussed in the interview with outside parties without the prior approval of KBR’s legal department.  Because such investigations could involve violations of securities laws, the SEC claimed that the restrictive language in the KBR confidentiality statements violated Rule 21F-17. Notably, the SEC was not aware of any instance where (i) this restrictive language prevented a KBR employee from communicating with the SEC about potential securities violations, or (ii) KBR took any action to enforce such language in its confidentiality statements.

In order to settle the enforcement action, without admitting or denying the SEC’s charges, KBR (i) agreed to pay a $130,000 penalty, (ii) agreed to make reasonable efforts to contact KBR employees in the U.S. who had signed the confidentiality statement since August 21, 2011 to clarify that such employees are free to report possible violations of federal law or regulation to governmental agencies without obtaining the permission of KBR’s general counsel, and (iii) amended its confidentiality statement to include the following language:

“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

In light of the above enforcement action, companies should review agreements that they have with their employees, as well as Company policies, to make sure that such documents do not contain language that would potentially stifle whistleblowing.