SEC Targets Confidentiality Agreements That Stifle Whistle-Blowing

April 14, 2015

On April 1, 2015, the Securities and Exchange Commission (“SEC”) announced its first enforcement action and settlement against a company for violations of the whistleblower protection provisions of the Dodd-Frank Act regulations.  KBR, Inc. required some of its employees to sign a Confidentiality Statement which warned that an employee could be subject to discipline, up to and including termination, if the employee discussed an internal investigation with outside parties without receiving prior authorization from KBR’s legal department.  The SEC found that the Confidentiality Statement violated SEC Rule 21F-17, which forbids companies from “tak[ing] any action to impede an individual from communicating directly” with the SEC regarding possible securities violations. Although the SEC did not find that KBR had tried to enforce the provision or prevent anyone from speaking with the SEC, the SEC found that the language within the confidentiality agreement alone was sufficient to violate Rule 21F-17(a). The SEC’s announcement is being hailed as a major victory for whistleblowers, protecting them from signing excessively restrictive confidentiality agreements that threaten lawsuits and termination for reporting allegations of fraud. The SEC’s Cease-and-Desist Order found that this Confidentiality Statement had a sufficient potential to intimidate whistleblowing activity, and was contrary to SEC Rule 21F-17’s purpose of encouraging individuals to report potential violations to the SEC. In addition to a $130,000 fine, KBR voluntarily amended its Confidentiality Statement to inform employees that the Statement does not prohibit employees from reporting possible violations of federal law or regulation to any government agency or entity.  Additionally, KBR agreed to notify KBR employees that signed the Confidentiality Statement about the SEC Order.  Given the SEC’s renewed focus on confidentiality agreements, companies that utilize these agreements (whether contained in company policies, codes of conduct, severance agreements, employment agreements, or otherwise) should consider how these provisions might be viewed by the SEC. Employer Takeaways
  • The SEC’s enforcement action against KBR demonstrates that all employee agreements must be drafted to ensure that they do not suggest that the reporting of a potential violation to government agencies will subject the employee to an adverse employment action.
  • Employers and in-house counsel should review their confidentiality, settlement and severance agreements to ensure that customary confidentiality provisions do not prevent an individual from communicating with the SEC about a potential securities law violation.
  • Internal policies, confidentiality statements, codes of conduct, and certification procedures should remind employees that they have the right to file claims and disclose information regarding the employer's business practices, not only with the SEC but with the EEOC, the Department of Labor, or any other applicable enforcement entity.
For more information about how your organization should comply with the SEC’s regulations, please contact Dina M. Mastellone, Esq., Director of the Human Resources Practice Group at 732-842-2732,, or Julia A. O’Halloran, Esq. at 973-646-3296,  

Tag: General