The SEC Enforcement Action

A recent enforcement action by the U.S. Securities and Exchange Commission aims to protect employees from signing confidentiality agreements that would prevent them from acting as whistleblowers. On April 1, 2015, the SEC announced a settlement with KBR, Inc. (“KBR”) in which KBR will pay a $130,000 civil penalty and agreed to cease and desist from any future violations of SEC Rules, while not admitting or denying the SEC’s charges. As the first enforcement action of its kind, the SEC has taken an aggressive stance against KBR, one of the country’s largest government contractors. The announcement serves as a warning to companies that efforts to silence potential whistleblowers through restrictive confidentiality agreements will not be tolerated by the SEC. The ruling underscores the need to protect whistleblowers, and therefore, the SEC’s ruling is likely to have a significant effect on employers’ historical use of restrictive confidentiality agreements.

The settlement stems from KBR’s inclusion of a provision in its confidentiality agreements that would preclude employees (and former employees) from reporting details of internal investigations to third parties, including the federal government and government agencies such as the SEC, without first seeking approval from KBR.

Specifically, the provision in question required employees to attest that:

“I understand that in order to protect the integrity of this review I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”

The SEC has declared that agreements containing such language are illegal pursuant to SEC’s Rule 21F-17, enacted under the Dodd-Frank Act of 2010. Rule 21F-17 became effective on August 12, 2011 and prohibits companies from engaging “in action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.” While the SEC’s order states that there was no evidence that KBR had taken action against any current or former KBR employee for any alleged violation of the confidentiality provision, the mere potential to silence employees or former employees was sufficient to violate SEC Rule 21F-17.

Andrew J. Ceresny, Director of the SEC’S Division of Enforcement stated that “[b]y requiring its employees and former employees to sign confidentiality agreements imposing pre-notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us[.]”¹ He further warned other companies that “SEC rules prohibit employers from taking measures through confidentiality, employment, severance or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”²

The SEC has said in recent months that it would crack down on employers who seek to threaten or take action against potential whistleblowers.³ In the KBR ruling, the SEC has made good on its promise. The ruling places a significant responsibility on the part of companies to ensure that employees or former employees who sign confidentiality agreements do not face the threat of retaliation upon disclosure of possible legal violations to government entities.

What Can You Do?

The SEC’s ruling does not preclude confidentiality agreements in their entirety. Yet, companies must heed the SEC’s instruction or face severe civil penalties and potential criminal penalties. Companies seeking to comply with the SEC’s recent ruling while protecting their legitimate interests in maintaining confidentiality can likely avoid liability by including a carve-out for disclosure to government agencies of potential legal violations. Indeed, the SEC noted that already, KBR voluntarily has amended its existing confidentiality agreements to include the following:

“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

A significant takeaway for companies is that companies must provide parties signing a confidentiality agreement with the requisite knowledge that such agreements would not prevent disclosure of potential violations of federal law to government agencies. To ensure compliance, employers should review their existing confidentiality agreements and revise them on a going forward basis to fall in line with Rule 21F-17. Additionally, companies should consult with counsel to determine if any existing agreements are problematic and in need of revision.