According to a recent Wall Street Journal article, the SEC has launched an inquiry into whether corporations are using confidentiality agreements to prevent employees from communicating with the SEC about potential securities law violations. This is an issue that has been raised several times in the past year. For example, last March the SEC reportedly opened an investigation of a defense contractor's alleged use of confidentiality agreements to prohibit employees from reporting fraud allegations to federal authorities. The SEC's Office of the Whistleblower also stated in its 2014 annual report that it was "working to identify employee confidentiality, severance, and other kinds of agreements that may interfere with an employee’s ability to report potential wrongdoing to the SEC." In accord with that objective, the SEC has now sent letters to a number of companies asking for copies of nondisclosure, confidentiality, severance, and settlement agreements and other documents relating to whistleblowing, as reported by the WSJ. The inquiry raises significant questions concerning the boundaries between SEC investigative powers and corporate interests in maintaining confidentiality and protecting the attorney-client privilege.
As we have discussed in previous posts, Section 922 of the Dodd-Frank Act established a whistleblowing program under the auspices of the SEC. The program offers monetary awards to eligible individuals who provide original information about violations of the federal securities laws resulting in a Commission enforcement action involving more than $1 million in sanctions. Awards can range from 10% to 30% of the money collected – indeed, last fall the SEC announced an award of $30 million or more to a whistleblower.
One of the SEC regulations relating to its whistleblower program, 17 CFR § 240.21F-17, entitled “Staff communications with individuals reporting possible securities law violations,” specifically bars actions to prevent an individual from communicating with the SEC about possible securities law violations, and authorizes the SEC to communicate directly with corporate personnel without consent of corporate counsel:
(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by §240.21F-4(b)(4)(i) and §240.21F-4(b)(4)(ii) of this chapter related to the legal representation of a client) with respect to such communications.
(b) If you are a director, officer, member, agent, or employee of an entity that has counsel, and you have initiated communication with the Commission relating to a possible securities law violation, the staff is authorized to communicate directly with you regarding the possible securities law violation without seeking the consent of the entity's counsel.
This rule limits the power of corporations to control their internal confidential information when it is in the hands of a whistleblower. The SEC may argue that enforcement of even the most basic confidentiality agreement would violate the rule if it prevents an employee from turning over information about a “possible securities law violation” to the SEC. This creates a potential minefield for corporations, especially in areas where the alleged securities violation may be intertwined with critical confidential proprietary information such as trade secrets and other intellectual property, and where disclosure may have adverse collateral consequences.
The rule also raises concerns regarding the protection of privileged attorney-client communications. Although the rule contains a carve-out for enforcement of “agreements” relating to “legal representation of a client,” it is unclear whether a specific agreement protecting the confidentiality of attorney-client communications is necessary to take advantage of this exception. In addition, if corporate personnel have initiated communications with the SEC about possible securities law violations, section (b) authorizes SEC attorneys to communicate directly with them even where the corporation is represented by counsel and does not consent. Attorney ethical rules typically bar such communications. As stated in Rule 4.2 of the American Bar Association’s Model Rules of Professional Conduct: “In representing a client, a lawyer shall not communicate about the subject of the representation with a person the lawyer knows to be represented by another lawyer in the matter, unless the lawyer has the consent of the other lawyer or is authorized to do so by law or a court order.” The SEC has taken the position that there is no conflict with the ethical rules because Rule 21F-17(b) fits within the "authorized by law" exception to ABA Model Rule 4.2.
Given the breadth of Rule 21F-17, there is a danger that legitimate efforts by corporate counsel to protect confidential and/or privileged information from disclosure by disgruntled corporate employees may be interpreted as improper interference by the SEC. One can hope that in its current inquiry the SEC will focus on truly egregious situations that merit its attention.