SEC Punishes One Corporation for Confidentiality Agreements

It’s no secret that the U.S. Securities and Exchange Commission wants employees to have an unimpeded line of communication when it comes to whistleblower complaints.

It came as no surprise when the SEC imposed a $2.2 million sanction against Paradigm Capital Management for retaliating against a whistleblower.  More surprising was the cease and desist order the SEC imposed on Houston-based KBR, Inc. in addition to $130,000 in fines for having language in a confidentiality agreement that the SEC said violated Rule 21F-17.

From this story we’ve learned that even generic language in such an agreement could be construed as a violation of Rule 21F-17, which states:

No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.

In the case of KBR, its confidentiality agreements were given to employees at the start of internal investigations at the company (including investigations common to a corporate whistleblower program).

The agreements employees were required to sign included the following language specifically:

I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

This language, which KBR had been using before Dodd-Frank Wall Street Reform and Consumer Protection Act became law, was likely intended to support the proper corporate purpose of maintaining confidential information, including the integrity of the company’s attorney-client privilege.

In addition, these agreements weren’t part of KBR policy, but still administered and signed. From the SEC’s cease and desist order:

Although use of the form confidentiality statement is not required by KBR policy, the statement is included as an enclosure to the KBR Code of Business Conduct Investigation Procedures manual, and KBR investigators have had witnesses sign the statement at the start of an interview.

To be clear, there was no evidence that KBR actually enforced the agreement or prevented any employee from communicating with the SEC. From the cease and desist:

Though the Commission is unaware of any instances in which (i) a KBR employee was in fact prevented from communicating directly with Commission Staff about potential securities law violations, or (ii) KBR took action to enforce the form confidentiality agreement or otherwise prevent such communications, the language found in the form confidentiality statement impedes such communications by prohibiting employees from discussing the substance of their interview without clearance from KBR’s law department under penalty of disciplinary action including termination of employment.

The SEC’s cease and desist order also noted KBR’s remedial steps. KBR amended its confidentiality statement to now include the following:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

SEC Targeting Corporate Agreements

This latest action by the SEC comes as no surprise if you’ve been following comments by certain government agents. The director of the SEC’s Office of the Whistleblower, Sean McKessy, reportedly has goals to crack down on illegal employment and confidentiality agreements and made statements in support of that back in October 2014.

In this article at, McKessy was quoted as saying, “We are going to bring a case where somebody has asked an employee or forced an employee to sign a document that in order of substance means they can’t report to us. This is now the new thing that I’ve got people really enthusiastic for.”

McKessy assured people that they’d know the context “when we bring it,” and that the cases “will show there is language out there.”

According to the report, McKessy said he expected to take a stand on severance agreements, confidentiality agreements and employment agreements even if they didn’t explicitly state that the person signing the agreement couldn’t report to the SEC.

He even gave a timeframe back in October in which these types of actions would be taken by the SEC: “I’ll put it at my peril — in the next year and half or so, if we haven’t done that, I’ll be very surprised.”

While some may be concerned that standard confidentiality and employment agreements could be cause for SEC scrutiny, others say the KBR enforcement action doesn’t suggest cause for concern in that area.

For example, Ropes & Gray law firm puts it like this in a recent client alert:

While it is always possible that the SEC could seek to cast an even broader net in the future, the enforcement action against KBR does not suggest that garden-variety confidentiality provisions included in general employment or organizational documents would violate the Dodd-Frank Act. Nor does the SEC’s enforcement action suggest that a company or its lawyers violate Rule 21F-17 by giving an employee, at the outset of an internal investigation interview, a standard oral “Upjohn warning” explaining that the interview is subject to the company’s attorney-client privilege.

Given McKessy’s public comments, however, corporations should be on guard.

Any Investigation by the SEC is Costly

While KBR may not have meant to restrict employee communication with the SEC, one can see why the SEC would be sensitive to this. Corporations will naturally prefer to avoid SEC involvement for a variety of reasons, including the costs associated with an investigation by the SEC once they become aware of an issue.

It’s not surprising that good corporations would want to be able to obtain information from the whistleblowers themselves and handle the situation in a way that addresses the issues before it becomes costly to shareholders.

Notwithstanding these goals and concerns, corporations must be on guard to avoid running afoul of Rule 21F-17.

SEC Investigations and your D&O Insurance

As a reminder, your D&O insurance policy will cover individual Ds and Os in an informal investigation of individuals, but is likely to exclude the investigation costs your corporation incurs in a formal or informal investigation by the SEC.

This remains true in the current market unless you’ve paid additional premium for a corporate investigation-specific endorsement.

In an earlier post, I discussed the nature of SEC investigations these days. Previously, an enforcement officer needed approval from the SEC’s commissioners to launch a formal SEC investigation; today, the process has changed to make it easier for the local agents to pursue an investigation, and it can sometimes start with a casual phone call.

Types of SEC investigations look something like this:

  • Informal questions asked of the company, usually including document requests
  • Informal questions asked of individuals, maybe including document requests
  • Formal investigation of the company including a subpoena
  • Formal investigation of individuals, often involving a Wells Notice and/or a subpoena

In closing, the lesson learned from the KBR case teaches us that when communicating vital information to employees about their rights – especially when it comes to internal investigations – they should absolutely know their complaints will be handled in the best way possible internally, and they should also be aware of the option to report to the Office of the Whistleblower.

And, when it comes to all of your agreements – be it confidentiality agreements specific to internal investigations or standard confidentiality agreements, language in employment agreements or severance agreements – have your counsel review the text to ensure it does not raise a red flag with the SEC.


The views expressed in this blog are solely those of the author. This blog should not be taken as insurance or legal advice for your particular situation. Questions? Comments? Concerns? Email:



Table of Contents