Background
Under Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Congress expanded protections for whistleblowers reporting possible violations of federal securities laws to the Securities and Exchange Commission (SEC).[1] Specifically, the statute established certain financial incentives and confidentiality guarantees for whistleblowers reporting potential violations of securities laws. In 2011, the SEC implemented rules (as subsequently amended) regarding the Dodd-Frank whistleblower program. Under SEC Rule 21F-17(a), no person may take an action to impede an individual from communicating directly with the SEC about possible securities law violations, including by enforcing or threatening to enforce confidentiality agreements with respect to such communications (subject to certain limited exceptions).
As exemplified by cease and desist orders and other publicly-filed complaints, the SEC has pursued more than 20 enforcement actions since at least 2015, based on actions it alleged were taken by companies (or individuals) to impede reporting by potential whistleblowers. In many of these actions, the SEC’s charges centered around language in company documentation that the SEC viewed as potentially restricting protected whistleblower activity. Notably, the SEC charged a number of companies with rule violations based on such documentation even where there was no indication that a company acted willfully to impede any reporting, or that any individuals were in fact impeded from reporting as a result of the restrictive language.
While the majority of the enforcement actions have historically been brought by the SEC against public companies, it is clear that private companies need to be mindful of these rules as well. The SEC illustrated this point in September 2023, when it zeroed in on rule compliance by a private company.[2]
What to Do Now
Given the recent uptick in whistleblower enforcement activity by the SEC, we expect that companies will continue to review their employment agreements, separation agreements, releases, employee handbooks, company policies, and other relevant documentation to ensure that they do not contain provisions which, in the SEC’s view, impermissibly impede whistleblower protected activity.
To that end, based upon our review of the enforcement actions, we have culled a list of our top 10 tips in drafting whistleblower compliant arrangements.
The Top 10 List
Tip 1: Carveout for Government Agency Contact
Documents that restrict an employee from divulging a company’s confidential information should contain a whistleblower carveout, providing that:
- No restriction on reporting. The employee is not prohibited from reporting possible violations of federal laws or regulations to the SEC or other governmental agencies, or making other disclosures protected under the whistleblower provisions of federal laws or regulations.
- No prior approval. The employee is not required to seek prior authorization of the company before reporting or disclosing any such violations.
- No after-the-fact notice. The employee is not required to notify the company after a report or disclosure has been made.
Tip 2: Allow Voluntary Disclosure
It is not sufficient for the whistleblower carveout to permit only disclosures of confidential information that are made pursuant to a subpoena, court order, or other compulsory legal process. The whistleblower carveout should also permit an employee to voluntarily disclose confidential information to governmental bodies, even outside of any compulsory legal process.
Tip 3: Broadly Construe the Information Disclosable
Do not improperly limit the type of company confidential information that a whistleblower may disclose to the SEC. For example, do not draft a whistleblower carveout so narrowly that only information relating to a departing employee’s severance agreement or its underlying facts and circumstances may be reported to the SEC. As a general rule, the SEC has made its view clear that a whistleblower should be permitted to disclose confidential information to the SEC that the whistleblower deems relevant with respect to possible violations of securities laws.[3]
Tip 4: No Representation As to Prior Reporting
Do not ask an employee to represent, in a release of claims or other document, that the employee has not previously filed a whistleblower complaint or charge against the company with the SEC. As described in Tip 1 above, the SEC views it as problematic to require an employee to give notice to the company after-the-fact that the employee has made a whistleblower report to the SEC.
Tip 5: Do Not Limit Monetary Awards
Do not limit an employee’s right to receive a monetary award under the Dodd-Frank whistleblower program. According to the SEC, it is a violation of Rule 21F-17(a) if a company requires an employee to waive the employee’s right to a monetary award under the whistleblower program, even if the employee is receiving consideration from the company (such as severance benefits) in return. The SEC views the financial incentives offered to whistleblowers as an integral component of the whistleblower program and has taken the position that these financial incentives are not waivable.
Tip 6: No Reporting Penalties
Do not require an employee to pay liquidated damages or incur other financial penalties for breaching an overbroad confidentiality provision that restricts whistleblower protected activity. This is what we view as a “double whammy”: (a) the company’s documentation has a confidentiality provision that the SEC deems overly restrictive (i.e., it lacks a sufficient whistleblower carveout), and (b) the documentation imposes financial penalties on an employee who breaches said overbroad confidentiality provision.
Tip 7: Take a Holistic Approach
Take a holistic approach when reviewing a document by looking beyond nondisclosure of confidential information provisions. For example, review nondisparagement provisions and cooperation provisions to ensure they do not restrict reporting to the SEC, or impermissibly require that the employee notify the employer before or after making reports to the SEC.
A whistleblower carveout is frequently embedded into the nondisclosure of confidential information section of legal documents. Consider cross-referencing it in a nondisparagement or cooperation provision to clarify that any prohibitions against disparaging the company or cooperating in an investigation without notifying the company shall not be construed so as to restrict whistleblower protected activity.
Tip 8: Ensure Internal Consistency
Along the same lines, make sure that a whistleblower carveout in one section of a document is not contradicted by another section of the same document. For instance, a whistleblower carveout in one section of a document could be undermined by another section of the same document, which requires that the employee report any charges it has filed with the SEC, to the company’s legal department.
Tip 9: Ensure Organization-wide Consistency
Relatedly, make sure a whistleblower carveout in one document is not contradicted by a more restrictive provision in a different company document. For example, a whistleblower carveout in Company Document A could be undermined by Company Document B, if Company Document B requires that the employee seek prior approval from the company’s legal department before reporting possible securities law violations to the SEC.
Think broadly about the types of documents to check for compliance across the organization. Which company documents contain language restricting voluntary communications with third parties? Which company documents require employees to provide notice to the company when contacted by the government or in connection with an investigation? Do provisions in a subsidiary company document conflict with a parent company document?
Typical examples of documents that may be implicated include: (a) a broad range of agreements (e.g., confidentiality, consulting, employment, separation, and severance agreements), (b) a release of claims, (c) an employee handbook, (d) various company policies (e.g., code of conduct and insider trading policy), and (e) training programs and materials.
Tip 10: Consider Third Party Agreements
Think more broadly than just employee arrangements. The company may not impede any potential whistleblowers from communicating with the SEC. Therefore, documents that impede nonemployees, such as customers or investors, from reporting possible securities law violations, could also be considered violations of Rule 21F-17(a).
Interested in More?
For a deeper look at lessons learned from Rule 21F-17(a) enforcement actions and more practice pointers, please watch a recording of our one-hour webinar on the topic here.
[1] Section 922 of the Dodd-Frank Act added Section 21F (“Securities Whistleblower Incentives and Protection”) to the Securities and Exchange Act of 1934.
[2] See our prior client alert on the SEC’s recent enforcement action against privately held Monolith Resources here.
[3] However, we note that based upon the text of Rule 21F-17(a), it appears that it would not constitute a rule violation for companies to seek to enforce confidentiality arrangements restricting the disclosure of confidential information (a) that was obtained through a communication subject to the attorney-client privilege, the disclosure of which would not otherwise be permitted by an attorney, or (b) that was obtained in connection with the legal representation of a client on whose behalf a person, the person’s employer or the person’s firm are providing services, if the person seeks to use the information to make a whistleblower submission for their own benefit, and the disclosure of such information would not otherwise be permitted by an attorney.