Key Provisions To Include In Your Confidentiality Agreement
Many companies require employees, agents and third parties to sign form confidentiality agreements to protect such companies’ proprietary information and trade secrets. This week, the Securities and Exchange Commission (SEC) signaled that such seemingly innocuous agreements could land such companies in hot water for violation of federal law.
On April 1, 2015, the SEC announced enforcement action against KBR, Inc. for requiring employees to sign a form confidentiality agreement as a routine part of internal investigations. The SEC found that language in KBR, Inc.’s form confidentiality agreement could potentially discourage employees from communicating with the SEC about possible securities law violations in contravention of the whistleblower protections of Rule 21F-17 of the Dodd-Frank Act. Rule 21F-7 provides in relevant part:
“No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”
The relevant language in KBR, Inc.’s form confidentiality agreement seemed innocent enough:
“I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.”
The SEC found that KBR, Inc. had never taken action to enforce the confidentiality agreement and no employee had ever been prevented from communicating with the SEC about securities law violations. Nevertheless, the SEC determined that the language in KBR. Inc.’s confidentiality agreement was restrictive enough to discourage employees from reporting to the SEC. The SEC required KBR, Inc. to pay a fine, revise its form agreement and contact all employees that had signed the agreement since 2011 to advise them (1) that they are not prohibited from reporting violations of federal law or regulations and (2) that prior notification or authorization from KBR, Inc. to make such reports is unnecessary.
Rule 21F-7 is broad and applies to the restriction of any “individual” that may seek to make whistleblower reports. Accordingly, it applies to confidentiality agreements used not only for employees, but ANY person that may sign a form confidentiality agreement with a company subject to the Dodd Frank Act in ANY context. In light of the SEC’s enforcement action in KBR, Inc.’s case, managers of public companies (and private companies that engage in securities offerings or other activity subject to the Dodd Frank Act) should take the following actions to ensure compliance with Rule 21F-7:
1) Review all form confidentiality agreements to ascertain whether they contain (1) language that could restrict a signatory from reporting possible violations of federal laws or regulations, or (2) language that requires prior authorization or notification before an individual may report possible violations of federal laws or regulations.
2) Revise all form confidentiality agreements to include explicit language explaining that the signatory has the unrestricted right to report possible violations of federal laws or regulations or make other protected disclosures. Explicit language should also be included to indicate that no prior authorization or notification is required to make such reports or disclosures.
3) Contact previous signatories of form confidentiality agreements that remain in effect to inform such signatories of their rights under Rule 21F-7. Maintain written documentation of such contact in case of any future investigation by regulators.
If you have questions about Rule 21F-7 or if you would like assistance in reviewing or updating your confidentiality agreements, feel free to contact us for assistance.
Comments are Closed