Companies Should Review Employee Agreements and Policies Following SEC's Aggressive Stance on Impediments to Whistleblowing

by Wilson Sonsini Goodrich & Rosati

In two recently announced settlements, the U.S. Securities and Exchange Commission (SEC) adopted a strict interpretation of the whistleblower protections afforded under the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank). In doing so, the SEC imposed monetary sanctions on companies for including language in employment-related agreements that it asserts deters employees from reporting securities law violations to the SEC's Office of the Whistleblower (and other agencies). The companies also agreed to other remedial measures as part of their settlements with the SEC. Whether or not the SEC's asserted positions would ultimately prevail in court, in light of these settlements and the SEC's apparent enforcement position, employers should consider reviewing their policies, codes of conduct, and employee agreements to ensure that that they do not include provisions that the SEC may assert deter employees from coming forward with information about potential securities law violations. Even those companies not subject to the SEC's jurisdiction may wish to undertake such measures, as the SEC's stance is similar to that now taken by the National Labor Relations Board (NLRB) and the Equal Employment Opportunity Commission (EEOC) in their respective efforts to ensure that employers do not adopt or enforce policies that may deter employees from contacting or cooperating with those agencies.

SEC Strictly Construes Impediments to Whistleblowing Under Dodd-Frank

Like many employers, BlueLinx Holdings included in its separation agreements a provision prohibiting separating employees from disclosing the company's confidential or proprietary information to third parties without the company's permission, and required employees to give the company notice of any request or requirement to produce such information. BlueLinx's release agreements also included the somewhat common provision that while separating employees were not prohibited from filing a charge with government agencies or providing them relevant information, they were nevertheless prohibited from recovering monetary relief in connection with such actions. Many employers have adopted such a "no additional recovery" approach in light of the EEOC having previously condoned it (although it has now apparently abandoned this position).

In In The Matter of BlueLinx Holdings Inc., the SEC determined that the requirement that employees give notice to their employer and obtain the company's permission before disclosing confidential information "impeded" whistleblowing under Rule 21F-17 of Dodd-Frank where the company did not also expressly make clear that communications with the SEC were not subject to his requirement. Rule 21F-17 provides, in relevant part:

(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement... with respect to such communications.

This position asserted by the SEC in BlueLinx follows its settlement of two other matters involving KBR in April 2015 and Merrill Lynch in June 2016. In each matter, the SEC disapproved of the company's use of agreements that it asserted restricted an employee's ability to disclose information to government agencies.

Regarding the "no additional recovery" provision in BlueLinx's release agreement, the SEC asserted that BlueLinx's restriction on the recovery of monetary awards forced employees leaving the company to waive possible whistleblower awards or risk losing their severance payments and other post-employment benefits. The SEC maintained that prohibiting employees from accepting awards "impedes" whistleblowing and therefore is contrary to the stated congressional purpose underlying Dodd-Frank's provisions "to encourage whistleblowers to report possible violations of the securities laws by providing financial incentives, prohibiting employment-related retaliation, and providing various confidentiality guarantees."

In addition to a $265,000 monetary penalty, as part of a settlement agreement with the SEC, BlueLinx agreed (1) to amend its severance agreements to make clear that employees may report possible securities law violations to the SEC and other federal agencies without BlueLinx's prior approval and without having to forfeit any resulting whistleblower award; and (2) to make reasonable efforts to contact former employees who had executed severance agreements in the last several years to notify them that BlueLinx does not prohibit former employees from providing information to the SEC staff or from accepting SEC whistleblower awards.

The SEC underscored its decision to impose stiff penalties on employers for violations of Rule 21F when, the week after issuing its decision in BlueLinx, it fined California-based health insurance provider Health Net $340,000 for entering into severance agreements requiring employees to waive their right to monetary recovery in any administrative proceeding. Health Net agreed to pay the penalty and take remedial action even though the severance agreements at issue explicitly informed employees of their right to communicate with the SEC and participate in any subsequent investigations. Health Net also agreed to advise former employees that had entered into the alleged impermissible agreements that the agreement did not prohibit them from seeking and obtaining a whistleblower award from the SEC.

Employers Should Review Their Employee Agreements and Policies

These recent decisions make clear that the SEC is aggressively pursuing companies that utilize provisions in agreements or policies that arguably discourage whistleblowers from volunteering information about possible securities law violations. As noted above, other federal agencies, including the EEOC and NLRB, are similarly pursuing corrective measures against employers. In response, employers should consider revising release agreements if they provide for the waiver of monetary relief in connection with employees' participation in administrative proceedings. Similarly, employers should review other employment-related documents, including company policies and other agreements with employees that include restrictions on the disclosure of company information, and revise them as needed. Any such revisions should be made thoughtfully to maintain the maximum protection of company confidential information. Also, in light of the SEC's imposition of penalties and pursuit of other remedial measures where it maintains companies have used offensive provisions, employers may wish to consider whether or not to address agreements already in place with employees—especially those companies subject to the SEC's jurisdiction.

While considering revisions to employee agreements in light of these SEC developments, employers also should consider adding language to address the recently enacted federal Defense of Trade Secrets Act (DTSA). As explained in our previous WSGR Alert, in order to be eligible to recover exemplary damages or attorneys' fees in a trade secrets misappropriation action under the DTSA, employers must have provided employees with notice that, in certain circumstances, the DTSA grants immunity from civil or criminal liability to individuals who confidentially disclose an employer's trade secrets. Finally, in light of very recent developments involving mandatory arbitration agreements that include class action waivers, employers should consult with counsel as to whether its forms and policies should be revised.

Written by:

Wilson Sonsini Goodrich & Rosati

Wilson Sonsini Goodrich & Rosati on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.