April 2, 2015
On April 1, 2015, the Securities and Exchange Commission announced its first enforcement action against a company for including "improperly restrictive language in confidentiality agreements," SEC Press Release 2015-54, which the SEC asserted "impede[d]" employees from reporting possible securities violations to the Commission. In re KBR, Inc., Exchange Act Release No. 74619 (Apr. 1, 2015). In a settled administrative proceeding against Houston technology firm KBR, Inc., the SEC found that the company violated SEC Rule 21F-17, promulgated under the whistleblower provisions of the Dodd-Frank Act. That Rule provides in pertinent part that "[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement. . . with respect to such communications." Without admitting or denying the allegations, KBR agreed to pay a $130,000 civil penalty and take other remedial actions.
The SEC’s unprecedented action follows months of statements by the agency expressing concern about provisions in employment confidentiality, severance, and other agreements that the SEC has said could discourage employees from reporting possible securities violations by their employers to the Commission. The agency has recently conducted a "sweep" of public companies’, broker-dealers’, and private funds’ confidentiality agreements to identify potential candidates for enforcement action, and the head of the SEC’s Office of the Whistleblower, Sean McKessy, has said that "bring[ing] a case" based on such agreements is "the new thing that I’ve got people really enthusiastic for." Stephanie Russell-Kraft, SEC Whistleblower Head to Punish Cos. That Silence Tipsters, Law360 (Oct. 17, 2014). In re KBR is the first such case, and confirms that the Commission intends to take an aggressive approach to interpreting and enforcing Rule 21F-17.
A question remains how far the Commission’s enforcement activity will extend beyond confidentiality agreements–like KBR’s–that concern internal company investigations of potential compliance concerns, as distinguished from confidentiality provisions in general employment contracts, for example. Nonetheless, public companies and others will want to examine their existing agreements and practices in light of the SEC’s reading of the Rule, while recognizing that the SEC’s surprisingly broad interpretation of the Rule has not been accepted by any court, and may be at odds with companies’ legitimate interests in protecting trade secrets and other confidential information.
The KBR Action And Settlement
According to the SEC’s administrative order (available at www.sec.gov/litigation/admin/2015/34-74619.pdf), KBR required any employee interviewed as part of an internal investigation into potential legal violations or unethical conduct to sign a confidentiality statement. By signing, the employee acknowledged that he was "prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department," and that "the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment."
The Commission asserted that by including this language in the confidentiality statement, the company had violated SEC Rule 21F-17. Specifically, the SEC stated, "This language undermines the purpose of Section 21F and Rule 21F-17(a), which is to ‘encourag[e] individuals to report to the Commission.’"
Notably, the SEC acknowledged that it was "unaware of any instances" in which a KBR employee had actually been deterred from communicating with the SEC, or where KBR had attempted to enforce the confidentiality agreements. Nor was there any indication that KBR had acted with the intent to impede employees from communicating with the Commission.
According to the SEC, as part of a settlement of the enforcement action KBR has amended its confidentiality agreement to expressly provide that nothing in the agreement prohibits employees "from reporting possible violations of federal law or regulation to any governmental agency or entity," and to state that any employee making such a report did not need to seek prior authorization from or to notify the company. Under the terms of the settlement, in addition to the $130,000 civil penalty, KBR was ordered to provide a copy of the SEC order to employees who had signed the prior confidentiality agreement and to inform them that they did not need to seek permission to communicate with the government about possible legal violations.
Confidentiality Provisions Post-KBR
The SEC’s case against KBR, its recent rhetoric, and investigative activity demonstrate the agency’s aggressive and far-reaching position on the permissibility of employment confidentiality, severance, and other agreements that include language seeking to prevent the unauthorized disclosure of confidential company information. However, it should be emphasized that the SEC’s action was filed as a settled proceeding, and it is far from clear that the Commission’s position would ultimately be upheld if tested in a litigated case. For example, the Commission admitted that KBR had taken no actions against whistleblowers, as well as no actions to enforce the confidentiality statements. In fact, it appears that the only "conduct" that formed the basis for the SEC’s enforcement action was KBR’s inclusion of the confidentiality language in the statements; in explaining its action, the Commission said only that the confidentiality language "undermine[d] the purpose" of Dodd-Frank and the SEC’s whistleblower rule.
The SEC’s position is thus arguably inconsistent with the very text of Rule 21F-17, which expressly requires an "action to impede" whistleblowing activity. Here, KBR did not take any actions that fell within the terms of the Rule. Thus, should the SEC take further steps to enforce its sweeping position on confidentiality agreements, its position may not withstand scrutiny in the courts.
It should also be noted that the context of this first enforcement action may reflect the Commission’s own recognition that Rule 21F-17 is much narrower than some of the SEC’s public statements have suggested. The agency targeted only KBR’s use of confidentiality statements in internal investigations that in some instances conceivably could concern alleged securities violations–the Commission does not appear to have required the company to revise all its confidentiality agreements with employees. This suggests that the SEC’s actual enforcement activity in this area may be limited to contexts with some relationship to potential whistleblowing, rather than extending to all employment confidentiality agreements–at least for now. Nonetheless, to avoid becoming the next test case for future SEC Division of Enforcement attacks on employee confidentiality agreements, there are several actions that companies should take post-KBR:
* * *
After KBR, many employers may struggle to reconcile their need to protect sensitive business information with the SEC’s broad stance on what constitutes permissible confidentiality language. KBR is not the last word on the matter, however, and employers may be able to challenge–successfully–the SEC’s position.
Gibson, Dunn & Crutcher’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment or Securities Enforcement practice groups, or the authors:
Marc J. Fagel – San Francisco (415-393-8332, email@example.com)
Eugene Scalia – Washington, D.C. (202-955-8206, firstname.lastname@example.org)
Barry R. Goldsmith – New York (212-351-2440, email@example.com)
Rachel E. Mondl – Washington, D.C. (202-887-3624, firstname.lastname@example.org)
Labor and Employment Group:
Eugene Scalia – Co-Chair, Washington, D.C. (202-955-8206, email@example.com)
Catherine A. Conway – Co-Chair, Los Angeles (213-229-7822, firstname.lastname@example.org)
William J. Kilberg P.C. – Washington, D.C. (202-955-8573, email@example.com)
Jason C. Schwartz – Washington, D.C. (202-955-8242, firstname.lastname@example.org)
Karl G. Nelson – Dallas (214-698-3203, email@example.com)
Jessica Brown – Denver (303-298-5944, firstname.lastname@example.org)
Scott A. Kruse – Los Angeles (213-229-7970, email@example.com)
Michele L. Maryott – Orange County (949-451-3945, firstname.lastname@example.org)
Jesse A. Cripps – Los Angeles (213-229-7792, email@example.com)
Katherine V.A. Smith – Los Angeles (213-229-7107, firstname.lastname@example.org)
Securities Enforcement Group:
Barry R. Goldsmith – Co-Chair, New York (212-351-2440, email@example.com)
Mark K. Schonfeld – Co-Chair, New York (212-351-2433, firstname.lastname@example.org)
Michael Li-Ming Wong – Co-Chair, San Francisco (415-393-8234, email@example.com)
Marc J. Fagel – San Francisco (415-393-8332, firstname.lastname@example.org)
© 2015 Gibson, Dunn & Crutcher LLP