Staff in the Office of Compliance Inspections and Examinations (the “Staff”) recently issued a Risk Alert (the “Risk Alert”) regarding compliance with key whistleblower provisions arising out of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”). The Risk Alert follows several enforcement actions recently brought by the Securities and Exchange Commission (the “Commission”) charging violations of Rule 21F-17 of the Commission’s whistleblower regulations.
The Dodd-Frank Act amended the Securities Exchange Act of 1934 (“Exchange Act”) by adding Section 21F, entitled “Securities Whistleblower Incentives and Protection.” To aid in the implementation of Section 21F the Commission adopted Rule 21F-17 under the Exchange Act, which provides that “no person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”
Recent enforcement actions identified certain provisions of confidentiality and other agreements required by employers as contributing to violations of Rule 21F-17 because they contained language that, by itself or under the circumstances in which the agreements were used, impeded employees and former employees from communicating with the Commission concerning possible securities law violations. This impediment can be especially pronounced when such documents (e.g., severance agreements) provide that an employee may forfeit all benefits if he or she violates any terms of the agreement.
Remedial actions taken in recent enforcement actions, in addition to fines ranging from $250,000 to over $6,000,000, have included:
- revising documents on a going-forward basis to make it clear that nothing contained in those documents prohibits employees or former employees from voluntarily communicating with the Commission or other authorities regarding possible violations of law or from recovering a Commission whistleblower award;
- providing general notice to employees, or notice to employees who signed restrictive agreements, of their right to contact the Commission or other authorities; and
- contacting former employees who signed severance agreements to inform them that the company does not prohibit them from communicating with the Commission or seeking a whistleblower award.
The Risk Alert identified several documents that the Staff reviewed to assess compliance with Rule 21F-17 including:
- Compliance Manuals;
- Codes of Ethics;
- Employment Agreements; and
- Severance Agreements.
In this review, the Staff assessed whether these documents contained provisions similar to those in agreements that the Commission recently found to violate Rule 21F-17, including provisions that: (a) purport to limit the types of information that an employee may convey to the Commission or other authorities; and (b) require departing employees to waive their rights to any individual monetary recovery in connection with reporting information to the government.
The Staff also assessed whether these documents contained other provisions that may contribute to violations of Rule 21F-17 in circumstances where they could impede employees or former employees from communicating with the Commission, such as provisions that:
- require an employee to represent that he or she has not assisted in any investigation involving the registrant;
- prohibit any and all disclosure of confidential information, without any exception for voluntary communications with the Commission concerning possible securities laws violations;
- require an employee to notify and/or obtain consent from the registrant prior to disclosing confidential information, without any exception for voluntary communications with the Commission concerning possible securities laws violations; or
- purport to permit disclosure of confidential information only as required by law, without any exception for voluntary communications with the Commission concerning possible securities laws violations.
Registrants or those with employees or operations in the United States are encouraged to consider the issues identified in the Risk Alert to evaluate whether their compliance manuals, codes of ethics, employment agreements, severance agreements, confidentiality agreements and other documents contain language that may be inconsistent with Rule 21F-17.
 National Exam Program Risk Alert, Volume VI, Issue 1 dated October 24, 2016.
 See, e.g., In the Matter of KBR, Inc., Release No. 34-74619 (April 1, 2015); In the Matter of Merrill Lynch, Pierce, Fenner & Smith Incorporated et al, Release No 78141, (June 23, 2016); In the Matter of Health Net, Inc. Release No 78590 (Aug. 16, 2016); In the Matter of BlueLinx Holdings Inc., Release No. 78528 (Aug. 10, 2016); In the Matter of Anheuser-Busch, Release No. 78957 (Sept. 28, 2016).
 “Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934,” Release No. 34-64545.
 See In the Matter of Health Net, Inc. (respondent’s severance agreements included language requiring the signatory to waive his or her right to any monetary recovery pursuant to Section 21F of the Exchange Act); In the Matter of BlueLinx Holdings Inc. (respondent’s severance agreements included language requiring the signatory to waive his or her right to any monetary recovery related to any government investigation); In the Matter of Merrill Lynch, Pierce, Fenner & Smith Incorporated et. al. (language found in respondent’s form severance agreement limited the types of disclosures that the employees could make to the Commission or government authorities); In the Matter of KBR, Inc. (before interviewing employees in internal investigations into possible securities law violations, respondent required witnesses to sign a confidentiality statement agreeing that they would not discuss the subject matter of the interview without prior approval of the Law Department); In the Matter of Anheuser-Busch (respondent’s separation agreement contained language that impeded an employee of respondent’s wholly owned subsidiary from communicating directly with Commission staff).