Key Takeaways

• Employers’ confidentiality, severance, and nondisparagement agreements must include carveouts to comply with federal whistleblower laws.
• Employers cannot prohibit employees from disclosing confidential or disparaging information to government regulators.
• The SEC is stepping up enforcement and imposing substantial fines for violations.

Employers should check their confidentiality and severance agreements for a common oversight that, for some, is becoming a costly error.

Recent enforcement activity by the Securities and Exchange Commission (SEC) of Rule 21F-17 is catching employers by surprise and resulting in multimillion-dollar fines. The Department of Justice (DOJ), the IRS and other federal agencies have similar rules, all of which are intended to prevent employers from discouraging whistleblowing activity.

What Is Rule 21F-17?

Rule 21F-17(a) prohibits any person from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” There are limited exceptions related to attorney-client privileged communications.

Rule 21F-17(b) allows the SEC to speak directly with employees whose companies have counsel, and companies cannot first require that the employee notify corporate counsel or obtain the company’s consent.

What Common Clauses May Violate Rule 21F-17?

In enforcing the rule, the SEC has found violations in employment agreements, confidentiality agreements, non-disparagement provisions, settlement agreements, severance agreements, handbooks and compliance manuals.

Clauses that may violate the rule include:

• Confidentiality clauses that restrict the right of employees to disclose confidential information to government regulators.
• Confidentiality clauses that require prior consent of the company before disclosing confidential information to government regulators.
• Clauses that prohibit employees from initiating contact with government regulators.
• Settlement or release terms that prohibit the employee from collecting additional money that may be awarded under a government whistleblower award program.
• Clauses that require the employee to notify the company after reporting suspected violations to a government agency.
• Clauses that require corporate counsel to be present in any interview with the SEC.
• Clauses that require the employee to notify the company of any whistleblowing reporting.

What Should Companies Look for in Their Current Documents?

1. Check your confidentiality and nondisclosure clauses.

Clauses prohibiting the disclosure of confidential information should include several carveouts.

These carveouts should permit disclosure of confidential information to government agencies (a) in the course of an investigation, (b) to report suspected wrongdoing, or (c) to make any other disclosures that are protected under the whistleblower provisions of federal or state law or regulation.

Some confidentiality clauses include these carveouts but require the employee to notify the company or its counsel when making such a disclosure. Rule 21F-17, however, requires that an employee be permitted to disclose potentially unlawful activity without notifying the company. Companies may still require employees to report internally suspected wrongdoing, such as through an ethics hotline, but this internal reporting requirement cannot be linked to external reporting.

Rule 21F-17 also prohibits companies from requiring that employees who report wrongdoing allow corporate counsel to be present in conversations with the SEC. The SEC has the right to interview a whistleblower without corporate counsel present.

Other carveouts from confidentiality and nondisclosure clauses may be required under state law. For example, in several states, it is unlawful to prohibit employees from disclosing suspected unlawful workplace misconduct, such as discrimination or harassment.

2. Check your non-disparagement clauses.

Beware of overly broad non-disparagement clauses. Several types of disparaging comments cannot be prohibited.

For example, employees must be permitted to report suspected wrongdoing to government agencies, including not just the SEC but also employment law regulators such as the Equal Employment Opportunity Commission (EEOC) and the National Labor Relations Board (NLRB). Individuals cannot be prohibited from making disparaging comments to these government agencies in the course of filing a complaint or participating in an investigation.

Under the National Labor Relations Act, nonsupervisory employees also have the right to engage in protected concerted activity, even if they are not in a union. Protected concerted activity includes joint action by two or more employees, and it can include individual social media posts criticizing an employer if the post seeks to rally support from other employees. The current NLRB is taking an expansive view of what constitutes protected concerted activity. Protected concerted activity that is disparaging to the company must be permitted.

3. Check your severance and settlement agreements.

In severance and settlement agreements, it is common to prohibit the employee from seeking or accepting additional money for the claims being released.

But these clauses cannot be so broad that they prohibit an employee from collecting an award from a government whistleblower program. The SEC is not the only regulator with a whistleblower award program, so the carveout should be broad enough to permit recovery of any such government-issued award. Other regulators include the DOJ, the Department of Labor, the Department of Transportation and the Commodities Futures Trading Commission.

Warning Signs from the SEC

The SEC’s 2015 Annual Report to Congress on the Dodd-Frank Whistleblower Program signaled an increased focus on agreements that violated Rule 21F-17(a) by interfering with a whistleblower’s ability to report potential wrongdoing. In this report, the SEC emphasized that “[a]ssessing confidentiality agreements for compliance with Rule 21F-17(a) will continue to be a top priority ….” This announcement followed shortly after the SEC’s first enforcement action against a company under Rule 21F-17(a).

In this enforcement action, the SEC brought charges against an engineering company for requiring witnesses in specific internal investigation interviews to sign confidentiality agreements that warned they could face discipline or termination if they discussed matters with parties outside the company without prior approval. The SEC found that this broad prohibition “undermined the purpose of Section 21F and Rule 21F-17(a),” even though it was not aware of any instances in which a company employee was actually prevented from communicating with the SEC about potential securities law violations, and was not aware of any action by the company to enforce the confidentiality agreements. The company agreed to pay a $2.5 million penalty to settle the charges.

The SEC reiterated this commitment to enforcing Rule 21F-17(a) in its 2023 Annual Report to Congress released this fall, stating, “Ensuring that individuals are free to report potential securities-related misconduct to the Commission without reprisal is crucial to the Whistleblower Program.” The SEC continues to bring enforcement actions involving Rule 21F-17(a) violations.

What Are Some Examples of Recent Enforcement Activity?

• D.E. Shaw – https://www.sec.gov/news/press-release/2023-213

In September 2023, the SEC announced that it had settled charges against D.E. Shaw & Co., a global investment and technology firm, for violating Rule 21F-17. The company paid $10 million in penalties for impeding whistleblowing.

The SEC found that between 2011 and 2019, D.E. Shaw required employees to sign agreements prohibiting disclosure of confidential corporate information, broadly defined as any information gained in the course of employment, to anyone outside the company unless authorized or required by law. The SEC also found that between 2011 and 2023, the company required departing employees to sign a release affirming that they had not filed any complaints with any government agency in order to receive deferred compensation and other benefits.

The company had circulated a notice to employees in 2017 that they were not prohibited from communicating with regulators about possible violations of law and that prior notice to D.E. Shaw was not required. But the company failed to include similar language in its employment agreements until 2019 and in its releases until 2023, after the investigation had commenced.

The SEC announced that “entities employing confidentiality, separation, employment and other related agreements should take careful notice of today’s enforcement action” and emphasized its commitment to whistleblower protections.

• Activision – https://www.sec.gov/news/press-release/2023-22

In February 2023, the SEC announced that Activision Blizzard Inc. had agreed to pay a $35 million penalty for similar infractions.

The SEC found that the company’s separation agreements violated Rule 21F-17 by requiring former employees to inform the company if they received a request for information from the SEC. The SEC considered the clause an unlawful attempt “to impede former employees from communicating directly with Commission staff about possible securities violations.”

• Brinks – https://www.sec.gov/enforce/34-95138-s

In June 2022, the SEC announced that it had settled charges with The Brink’s Company (Brinks) for requiring employees to sign confidentiality agreements that prohibited disclosure of any financial or business information to third parties without including an exception for potential SEC whistleblowers. The agreement also threatened current and former employees with liquidated damages and fees if they disclosed financial or business information to third parties without first notifying the company. The SEC deemed the clause unlawful because it failed to include an exception for reporting suspected unlawful activity to the SEC. This form agreement had been signed by thousands of employees.

Brinks agreed to a cease-and-desist order finding that it violated Rule 21F-17(a) and paid a $400,000 penalty. The company also agreed to undertake efforts to (i) amend its employment agreements to clarify that employees may report possible securities law violations to the SEC without prior approval or forfeiture of any resulting whistleblower award and (ii) make reasonable efforts to contact current and former employees who had executed the confidentiality agreement and notify them of these changes.

Do Private Employers Need to Comply?

Private employers are also required to comply with Rule 21F-17.

• Monolith – https://www.sec.gov/news/press-release/2023-172

The SEC announced in September 2023 that it had settled charges against Monolith Resources LLC, a private energy and technology company, for violations of whistleblower protection rules. The company agreed to pay $225,000 in penalties and to engage in other remedial actions.

From February 2020 to March 2023, the company used separation agreements that required departing employees to waive their right to a monetary whistleblower award. The SEC announced that “both private and public companies” are prohibited from in any way disincentivizing employees from communicating with SEC staff about potential securities law violations. As part of the settlement, the company agreed to notify former employees that their agreements would not limit their ability to obtain financial awards for providing information to government agencies.

Do These Requirements Apply to Other Types of Agreements?

Yes. The requirement to comply with Rule 21F-17 also applies to customer and vendor agreements.

• J.P. Morgan – https://www.sec.gov/news/press-release/2024-7

On Jan. 16, 2024, the SEC announced that it has settled charges against J.P. Morgan Securities for violating Rule 21F-17(a) when it asked retail clients to sign confidential release agreements if they received a credit or settlement over $1,000. The SEC alleged that the agreements violated Rule 21F-17 because they required the client to keep the settlement and all underlying facts confidential. Despite allowing clients to respond to SEC inquiries, the agreement did not permit clients to voluntarily contact the SEC.

The SEC found that this clause impeded hundreds of advisory clients and brokerage customers from reporting potential violations. Gurbir S. Gewal, director of the SEC’s Division of Enforcement, stated, “Whether it’s in your employment contracts, settlement agreements, or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing.” J.P. Morgan agreed to pay $18 million in penalties.

Do Other Agencies Have Similar Requirements?

Yes. Several federal agencies have whistleblower award programs. Like the SEC, these agencies prohibit companies from interfering with employees’ rights to engage in whistleblowing or to collect government-administered whistleblowing awards.

Agencies with such rules include:

• The DOJ, including for reporting suspected Foreign Corrupt Practices Act violations, under 15 U.S.C. § 78u–6 - Securities whistleblower incentives and protection.
• The Department of Labor, including the Occupational Safety and Health Administration, under Private Settlement Policy Guidelines and 29 U.S.C. § 660(c)(1).
• The IRS, which protects whistleblowers against retaliation under 26 U.S.C. § 7623 - Expenses of detection of underpayments and fraud, etc.
• The Department of Transportation, which provides for monetary awards to whistleblowers under 49 U.S.C. § 30172 - Whistleblower incentives and protections.
• The Commodities Futures Trading Commission, which has nondiscretionary duty to pay awards to whistleblowers under 7 U.S.C. § 26(b).

A compilation of federal whistleblower protection statutes can also be found here.

Conclusion

These recent actions and statements from the SEC signal its continued focus on enforcing Rule 21F-17.

Employers should revisit their policies and employee agreements to ensure that they include carveouts for communications with regulators and other terms that would comply with Rule 21F-17. Overly broad clauses may be unlawful and may result in costly penalties.

Finally, employers should keep in mind that the SEC is not the only agency that provides protections for whistleblowing activity, and compliance with other agencies’ rules is equally important.

[View source.]