In light of the SEC’s first enforcement action against a company for impeding whistleblower activity in violation of Rule 21F-17, employers may wish to consider clarifying in their agreements, policies and practices that involve confidentiality obligations that employees may provide truthful information to the SEC or other governmental agencies concerning potential violations of law.
Rule 21F-17, adopted pursuant to the Dodd-Frank Act, provides in relevant part:
(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.
KBR, a Houston-based global technology and engineering firm, had a practice of conducting internal investigations in response to complaints regarding potential illegal or unethical conduct, which included interviewing employees (including those who had lodged a complaint). KBR required witnesses in these internal investigations to sign a confidentiality statement that included the following language:
I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.
The SEC acknowledged that it was not aware of any employee in fact being prevented from communicating directly with SEC staff, or of KBR taking any action to enforce these confidentiality statements. Nevertheless, the SEC concluded that that the language in the confidentiality statement impeded communications with the SEC staff about potential securities violations by requiring permission from KBR’s legal department or face the prospect of discipline.
In settling the matter without admitting or denying the SEC’s charges, KBR agreed to pay a $130,000 civil penalty and to amend its form confidentiality statement to include the following language:
Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.
KBR also undertook to make reasonable efforts to notify U.S. employees who had signed the confidentiality statement that KBR’s permission is not required to communicate with any governmental agency regarding possible violations of federal law or regulation.
Avoiding Impediments to Whistleblowers
Confidentiality agreements in the context of internal investigations can support several legitimate business purposes. For example, they can discourage witnesses from collaborating or colluding in a way that undermines the investigation’s integrity, while also reminding employees that they may not share the company’s material nonpublic information. If a company pursues these objectives through a confidentiality agreement, it is important to draft the agreement to avoid the implication that employees are restricted from communicating to governmental agencies about possible legal violations.
While not every company uses confidentiality agreements for internal investigations, nearly all companies provide a series of oral notices commonly known as “Upjohn warnings” (named after the U.S. Supreme Court’s holding in Upjohn Co. v. United States, 449 U.S. 383 (1981)) that inherently relate to who controls information. Among other things, these warnings inform interviewed employees that company counsel alone controls the attorney-client privilege as to anything employees communicate to company counsel, including the power to waive the privilege. While there is a legitimate need to maintain attorney-client privilege with regard to these interviews, it is important that Upjohn warnings not lead employees to believe they are restricted from communicating to governmental agencies about possible legal violations.
It is also important to note that the SEC’s press release for the KBR matter indicates that improper silencing of whistleblowers could involve contexts other than internal investigations, including employment, severance, or other types of agreements. Confidentiality obligations are also sometimes found in company policies, such as codes of conduct and insider trading policies. There are legitimate business reasons to protect trade secrets, strategies, and other proprietary company information from competitors. And there is a securities law requirement to safeguard material nonpublic information. It is important, however, that confidentiality obligations in these contexts not create the impression that employees are restricted from communicating to governmental agencies about possible legal violations.