Lessons from the SEC’s First “Pretaliation” Whistleblower Enforcement Action

April 2015
Published by InsideCounsel
On April 1, 2015, the SEC brought the first “pretaliation” whistleblower enforcement action, finding that a confidentiality agreement used by KBR, Inc., a Houston-based technology and engineering firm, violated whistleblower anti-retaliation rules the Commission enacted pursuant to the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. The action should encourage in-house counsel for covered entities to immediately review their clients’ confidentiality and similar agreements for compliance with Commission rules.
 
KBR’s standard procedures for internal investigations required witnesses to sign a form confidentiality statement. In the statement, witnesses agreed that they are “prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department” and that “unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”
 
This form confidentiality statement was used by KBR before and since the Commission adopted Rule 21F-17, which prohibits “any action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation, including enforcing or threatening to enforce, a confidentiality agreement.”
 
Although the SEC was not aware of any instance in which the confidentiality statement or KBR’s actions interfered with protected whistleblowing activity, the SEC, nevertheless, found that the confidentiality statement violated Rule 21F-17.
 
Without admitting or denying the findings in the SEC’s cease-and-desist order, KBR agreed to pay a $130,000 fine, amend its confidentiality statement, and make reasonable efforts to contact employees who signed the confidentiality statement since Rule 21F-17 went into effect to inform them that they are not prohibited from communicating with government agencies about possible violations of federal law.
 
In addition to its significance as the first “pretaliation” whistleblower enforcement action brought by the SEC, the KBR cease-and-desist order is noteworthy for three additional reasons. First, the enforcement action appears to have focused solely on the perceived effect of KBR’s form confidentiality statement, and was not part of a broader anti-retaliation enforcement action against KBR. Second, the SEC brought the enforcement action even though it did not find any instance in which protected whistleblowing activity was actually stifled by the confidentiality statement or any other company action. In other words, the action suggests the SEC views merely having a confidentiality agreement without a carve-out for protected whistleblowing as a violation of Commission rules. Third, KBR’s form confidentiality statement did not expressly prohibit communications with law enforcement; thus, the SEC has implicitly rejected the potential argument that a carve-out for protected whistleblowing activity should be implied into all confidentiality agreements.
 
The SEC’s broad reading of Rule 21F-17 in the KBR cease-and-desist order is consistent with public warnings over the last year from Sean McKessey, the SEC’s Chief of the Office of the Whistleblower, that the SEC was actively investigating “pretaliation” whistleblower enforcement actions under Rule 21F-17. Mr. McKessey has even previously warned that persons who draft agreements that violate Rule 21F-17, including in-house and outside counsel, could be precluded from practicing before the SEC.
 
There is an argument that the SEC’s reading of Rule 21F-17 is overly broad and that the rule does not go so far as to prohibit merely having confidentiality agreements that do not have express carve-outs for protected whistleblowing activity. Whether the SEC’s reading of the rule is correct has not been fully litigated. Nevertheless, in the wake of the KBR action, companies that do not now include such carve-outs are at risk of an enforcement action. Thus, companies that wish to eliminate this risk should immediately review confidentiality, non-disclosure, settlement and/or severance agreements to determine whether they comply with Rule 21F-17. This review should include all confidentiality and similar agreements, not just confidentiality agreements used in internal investigations, which were the subject of the KBR cease-and-desist order.
 
If it appears that certain agreements do not comply with Rule 21F-17, companies should consider both immediately amending those agreements to clarify that they do not prohibit employees from communicating with government agencies about possible violations of federal law or from conducting other protected whistleblowing activity, and making reasonable efforts to contact employees that signed those agreements since Rule 21F-17 went into effect and inform them, in writing, that they are not prohibited from reporting possible violations of federal law to government agencies.
- Authored by Rogers & Hardin LLP attorneys Josh Gunnemann and Tim Fitzmaurice.

Media Contact

Shelly P. Walters
Executive Director
Direct  404.420.4643
swalters@rh-law.com
vCard

Related Attorneys

Related Practices

Related Files

Related Links