Do Your Confidentiality Clauses Expressly Allow Whistleblowing?
Over the last few months, the SEC has obtained a string of cease and desist orders against SEC reporting companies, both domestic and foreign, to enforce an often overlooked rule adopted under Dodd-Frank. Rule 21F-17 provides that “[n]o person may take any action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications”.
Many practitioners thought little about this rule until this summer. In recent cease and desist orders involving Health Net, BlueLinx and Anheuser-Busch InBev, the SEC has made clear that it believes that a confidentiality clause violates Rule 21F-17 if, read on its face, it would prevent an individual from voluntarily communicating with the SEC regarding potential securities law violations (something that is not “required by law”) or if the clause would require the individual to obtain anyone’s consent or provide notice to anyone in order to engage in such communications. In other words, the SEC now views “standard” confidentiality clauses included in employment, separation, confidentiality and other agreements and policies entered into with employees and other individuals as violating U.S. federal securities laws unless they include a specific carve out allowing whistleblowing.
In recent months, the SEC has imposed fines ranging from $250,000 to more than $6 million on companies using such clauses in their agreements, and required such companies to take remedial actions, including informing current and former employees of their right to communicate with the SEC regarding potential securities law violations. In several cases, the SEC did not allege that any of the affected persons was a whistleblower or had been impeded from being a whistleblower, just that the language used in the agreements was impermissible. The SEC has also taken the position in recent actions that any purported waiver of an individual’s right to obtain a whistleblower award from the SEC is impermissible.
While the cease and desist orders have, to date, been limited to SEC reporting companies, Rule 21F-17 does not appear limited to public companies. Accordingly, private companies subject to U.S. jurisdiction should also consider their compliance with Rule 21F-17.
Because the offending language is language that many consider “standard” for employment, separation, confidentiality and other agreements, as well as corporate governance policies such as codes of conduct and ethics, many companies will need to modify their corporate governance policies and their existing and template agreements to comply with the new interpretations. We have developed language for confidentiality clauses and corporate governance policies that is intended to comply with the SEC’s new interpretations, and have worked with a number of companies to implement compliance regimes. For further information or for assistance in complying with Rule 21F-17, please contact the author or your other Dorsey contacts.