Securities and Exchange Commission (SEC) rules adopted under Section 21F of the Securities Exchange Act provide financial incentives for employees and others (whistleblowers) to report corporate wrongdoing to the SEC, and prohibit retaliation against them for doing so. One such rule, Rule 21F-17, prohibits any action to impede an individual from communicating directly with the SEC about a possible securities law violation, “including enforcing, or threatening to enforce, a confidentiality agreement.” Rule 21F-17 applies to both companies that are required to file reports with the SEC and companies that are not.  The SEC has recently entered orders in enforcement proceedings finding that certain confidentiality provisions routinely used by many employers violate Rule 21F-17.

Many employment agreements, confidentiality agreements, severance agreements, employee handbooks, and codes of conduct include confidentiality provisions that prohibit an employee from sharing confidential information about the employer, unless the employee is compelled to do so by law or legal process. Such provisions also often require that the employee either provide notice to the employer, or obtain consent from the employer, prior to providing confidential information pursuant to such legal process.  These provisions often do not include an exemption specifically permitting an employee voluntarily to provide confidential information to the SEC. Alternatively, some confidentiality provisions do provide an exemption specifically permitting an employee to provide confidential information voluntarily to the SEC, but further provide that the employee waives any right to any monetary recovery in connection with any complaint or charge the employee may file with the SEC.

Cease-and-Desist Orders issued in three recent SEC enforcement proceedings[1] have found that confidentiality provisions like those outlined above raise an impediment to participation by employees in the SEC’s whistleblower program, and violate Rule 21F-17.  The SEC has found such violations even where there was no indication that the employer had sought to enforce, or had threatened to enforce, the confidentiality provision.  The SEC appears to be concerned that the fact that an employer would have the right to seek to enforce such provisions could have a chilling effect on an employee’s willingness to communicate concerns of possible wrongdoing to the SEC, regardless of whether the employer seeks to invoke the provisions.

Among other findings in the orders, the SEC asserted that: (i) advance notice/permission for disclosure requirements that do not include an exemption for voluntary disclosure of possible securities law violations to the SEC force employees to choose between identifying themselves as whistleblowers or potentially losing their severance pay and benefits; and (ii) provisions that allow voluntary reporting to the SEC, but require an employee to waive any right to a monetary recovery in connection with an investigation operate to impede “the critically important financial incentives that are intended to encourage persons to communicate directly with the [SEC] staff about possible securities law violations.”

These violations of Rule 21F-17 resulted in significant monetary penalties on the employers — $265,000 in one proceeding and $340,000 in another. (In the third proceeding, the employer was required to disgorge $50,000,000, pay $7,000,000 in prejudgment interest, and pay a penalty of $358,000,000, but the order does not specify the amount attributable to the Rule 21F-17 violation.)

Significant remedial actions were also undertaken by the employers in connection with settlement of these enforcement proceedings, ranging from: (i) amending the confidentiality provisions in the agreements to clarify employees’ whistleblower rights; to (ii) providing employees who had signed agreements with an Internet link to the SEC’s order and a statement outlining the employee’s whistleblower rights; to (iii) implementing mandatory annual training for all employees and documentary information concerning employees’ whistleblower rights; to (iv) updating the employer’s code of conduct and other relevant agreements, policies and procedures to ensure employees understand there are no restrictions on their whistleblower rights.

The most alarming aspects of these enforcement proceedings are: (i) the SEC’s objection to the mere existence of the offending confidentiality provisions in agreements, even though the SEC found no indication that the employers had invoked, or threatened to invoke, such provisions (and specifically stated this in two of the proceedings); and (ii) the substantial fines levied on the employers.  Additionally, although one proceeding included other serious securities law violations, the other two proceedings addressed only Rule 21F-17 violations.

These three proceedings addressed Rule 21F-17 violations in severance agreements, but the rule would apply equally to confidentiality provisions in employment agreements, confidentiality agreements, employee handbooks, codes of conduct, and any other agreements with employees. It is likely only a matter of time before the SEC turns its focus to potential Rule 21F-17 violations in these types of agreements as well.  Therefore, we recommend that companies review all confidentiality provisions in agreements with employees and in employee handbooks and codes of conduct, and consider amending these documents as appropriate to be sure there is no suggestion that employees may not voluntarily report wrongdoing to the SEC or other governmental agencies or that they would waive their rights to any monetary recovery relating to such report.

[1] In the Matter of Merrill Lynch, Pierce, Fenner & Smith and Merrill Lynch Professional Clearing Corp., settled in June 2016; In the Matter of Blue Linx Holdings Inc., settled in August 2016; and In the Matter of Health Net, Inc., settled in August 2016.

Today’s blog post is authored by guest blogger, Suzanne (Suzi) Hulst Clawson. Suzi leads Haynsworth Sinkler Boyd’s corporate securities and financial institution regulatory practices.