SEC Whistleblower Program: Recent Enforcement Actions Indicate That Confidentiality Protections and Waivers Can Be Too Tight

In light of three recent enforcement actions by the SEC, public companies would be well-advised to review the nondisclosure and waiver clauses in agreements with their employees, such as confidentiality agreements, severance agreements and employee manuals. These enforcement actions highlight the SEC’s increasingly aggressive defense of its whistleblower program against measures taken by public companies to discourage employees from participating. The SEC’s whistleblower program provides significant monetary incentives under certain circumstances to individuals who provide information to the SEC regarding potential securities violations.

Confidentiality Clauses

The first of these enforcement actions was brought in 2015 against KBR, Inc., which had a provision in its form confidentiality agreement signed by employees participating in internal investigations that prevented employees who reported fraud from discussing the subject matter of their allegations with anyone, absent specific authorization from the company. The offending clause provided:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

The SEC observed that the effect of the provision was to impede an individual from communicating directly with its staff about a possible securities law violation. In this regard, Rule 21F-17(a), promulgated in 2011 to implement the new whistleblower incentives provision added by the Dodd-Frank Act, provides that:

No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.

While noting that KBR had not prevented any employee from communicating directly with the SEC staff or taken any action to enforce the provision, the SEC asserted that the agreement language undermined the purpose of the whistleblower incentive statute, which is to encourage individuals to report fraud to the SEC, and therefore violated Rule 21F-17. KBR settled the enforcement action by agreeing to pay a $130,000 fine and to change its agreements and policies to replace the prohibition with language making clear that contact with government officials is permissible. KBR also agreed to contact its U.S. employees who signed the confidentiality agreement after Rule 21F-17 went into effect to advise them of the SEC order and that contact with government officials regarding possible violations of law does not require prior permission from the company.

No Further Recovery Clauses

In August 2016, SEC brought two more enforcement actions under Rule 21F-17, one against BlueLinx Holdings Inc., and the other against Health Net, Inc., based on provisions in each company’s employee severance documentation. In a nod to the KBR action, both companies had previously modified their form agreements to permit employees to file a charge or complaint with a governmental agency and to participate in a government investigation. But, each company had also added to the agreements a waiver of the employee’s right to seek a monetary recovery for whistleblowing. For example, the BlueLinx provision stated:

Employee further acknowledges and agrees that nothing in this Agreement prevents Employee from filing a charge with … the Securities and Exchange Commission or any other administrative agency if applicable law requires that the Employee be permitted to do so; however, Employee understands and agrees that Employee is waiving the right to any monetary recovery in connection with any such complaint or charge that Employee may file with an administrative agency.

Like KBR, neither company had actually enforced or indicated any intention of enforcing the waiver provision. The SEC asserted, however, that the mere presence of the waiver impermissibly targeted the whistleblower program by removing the financial incentive to communicate directly with SEC staff regarding securities violations.

Both companies settled, with BlueLinx agreeing to pay a fine of $265,000 and Health Net agreeing to a fine of $340,000. As with KBR, both companies further agreed to contact former employees to let them know they would not enforce the waiver provision, and BlueLinx agreed to modify its agreements going forward to make clear that whistleblower rights were not affected by the prior agreements.

Defend Trade Secrets Act of 2016

If companies need any more reason to reexamine and revise their employee confidentiality arrangements, Congress has provided one in the form of the Defend Trade Secrets Act (DTSA). Signed into law in 2016, the DTSA creates a private right of action under federal law for misappropriation of trade secrets, and includes a whistleblower clause that provides immunity for disclosure of trade secrets to government officials for the sole purpose of reporting violations of the law. In this regard, employers must give notice of that immunity “in any contract or agreement with an employee that governs the use of a trade secret or other confidential information.” Employers who do not do so cannot recover treble damages or attorneys’ fees that may otherwise be available under the DTSA. The notice of immunity may be in the contract or the contract may include a cross reference to a policy document containing the notice that is provided to the employee and sets forth the employer’s reporting policy for a suspected violation of law.

Action Items

These developments provide a strong incentive for public companies to review their employee manuals, severance agreements and confidentiality and other trade secret protective agreements to address these issues.  Confidentiality clauses may need carve-outs that permit disclosure to the SEC or other governmental agencies, without requiring prior notification to the company. In addition, “no further recovery” clauses and waivers may need to be removed or revised to permit recovery of whistleblower bounties.

The SEC’s Enforcement Division has indicated it intends to vigorously enforce Rule 21F-17 as a means of supporting its whistleblower program. With a few changes to these documents and a carefully worded memorandum to employees to modify any existing agreements, a public company may avoid a Rule 21F-17 enforcement action, saving substantial cost and embarrassment, and at the same time preserve its rights under the DTSA.

Please contact Mark Metz (313-568-5434), Robert Murphy (202-906-8721) or your Dykema relationship attorney if you would like any assistance.