SEC Sounds the Alarm on Confidentiality Agreements That May Stifle Whistleblowers
Better check the language in your employee confidentiality agreements. The SEC is on the lookout for wording that could potentially be used to prevent whistleblowers from communicating with regulatory agencies.
The Commission on April 1 levied a $130,000 civil money penalty against a Houston-based global technology and engineering firm for allegedly doing just that. Itís the SECís first enforcement action against a company "for using improperly restrictive language in confidentiality agreements with the potential to stifle the whistleblower process." As part of a settlement, it charged the firm, KBR, with violating Rule 21F-17 of the Securities Exchange Act, which prevents persons from taking any action that would prevent a whistleblower from coming forward.
"I think that the SEC has been looking for some time for a case with a confidentiality agreement that it could say impedes whistleblowers," said Mayer Brown partner Matthew Rossi, noting that the agency in June 2014 took action against a firm it said retaliated against a whistleblower (ACA Insight, 6/23/14).
Advisers should pay attention and not let the fact that the SECís first action was against a corporation. "The SEC would not distinguish between corporate confidentiality agreements and investment adviser agreements," said Shearman & Sterling partner Nathan Greene. "This is intended as a wake-up call to any
industry subject to SEC oversight."
"There is no reason the SEC could not apply the same reasoning to an investment adviser," said Zaccaro Morgan partner Nicolas Morgan.
The original confidentiality statement
KBR, as part of its compliance program, conducts internal investigations when it receives complaints or allegations from employees of potential illegal or unethical conduct, including in the area of federal securities laws, by the company or its employees, according to the SECís administrative order instituting the settlement. The SEC said that in KBRís interviews of company employees in such investigations,†the company†typically uses a form confidentiality statement that requires witnesses to agree to and sign the following:
"I understand that in order to protect the integrity of this review, I am prohibited from discussing any†particulars regarding this interview and the subject matter discussed during the interview, without the†prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including† termination of employment."
The SEC found this statement problematic. "The† language found in the form confidentiality statement impedes such communications [with Commission staff] by prohibiting employees from discussing the substance of their interview without clearance from KBRís law department under penalty of disciplinary action, including termination of employment. This† language undermines the purpose of Section 21F [of the Securities Exchange Act] and Rule 21F-17(a), which is to Ďencourage individuals to report to the Commission.í"
The SEC made clear in the administrative order that it had no evidence that KBR either prevented an employee from communicating with SEC staff or otherwise took action to enforce the confidentiality agreement.
The new confidentiality statement
KBR, in what the SEC labeled a remedial step, amended its confidentiality statement so that employees could communicate with the SEC and other regulatory† bodies, and removed the threat of disciplinary action and termination. Here is the new wording:
"Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity,† including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other† disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures."
"KBR takes its compliance obligations very seriously, and the SECís order recognizes that the Commission is not aware of KBR having ever specifically prevented anyone from talking to the SEC or any other governmental agency," said the attorneys representing KBR. "Still, KBR agreed to resolve the matter amicably because it does recognize the SECís concerns about confidentiality agreements. The KBR agreements were intended solely to protect the integrity of KBRís internal investigations and the attorney-client privilege, not to impede whistleblowers, and the company has agreed to modify its agreements to make this point clear."
Issues and choices
What should an advisory firm that uses confidentiality statements do? There are several courses of action, each with some risk. "There is no perfect solution," said Rossi. Consider these options:
Use the same language KBR used in its amended† confidentiality statement. "This is the safest course," Rossi said. The SEC can hardly object if a firm uses it, since the agency stated that it considered KBRís use of it to be a remedial measure. It does raise some† issues, however. For one, specifically mentioning the SEC and other regulators in the statement might give employees the thought of contacting them where they might not have had that thought before, he said. Morgan noted that the KBR amended language does not address the question of privileged information between an employee and a company attorney. If an employee reveals privileged information to the SEC or another regulatory body, then a prosecutor might argue that the employer has waived its rights in† regard to that privileged information, he said.
Strike a middle ground between the original KBR statement and the new one. A firm could draft a confidentiality statement that removes the threat of disciplinary action or termination, but that also†does not explicitly state that employees are free to report to the SEC and other regulators, said Rossi. The issue here, of course, is that the SEC might say that the statement discourages employees from† approaching regulators. "Any confidentiality provisions should avoid language that could be interpreted as requiring pre-clearance from an employer or threatening disciplinary action if a party to the agreement contacts regulators," he said.
Protect privileged information. Specifically state that information employees learned for the first time during questioning by the legal staff is protected and cannot be reported. This preserves the firmís right to assert that information is privileged, said Morgan. Whether the SEC will find such language acceptable remains to be seen.
Donít use confidentiality agreements. The only† advantage to this option is that the SEC will not be able to object to anything in a confidentiality agreement, since there will not be one. The firm, however, will be unprotected in terms of privileged information.
"Itís important to remember that the SEC is looking for these kinds of cases," said Rossi. "There will be more of them."