newyork1.jpg

SEC Warns of Using Confidentiality Language to Stifle Whistleblowers

On April 1, 2015, the Securities and Exchange Commission announced its first ever enforcement action against a company for violating Dodd Frank’s whistle blower rules. In this case, the company was found to have required employees to sign a form confidentiality statement when the company conducted internal investigation interviews.

The Dodd Frank Act implemented a whistleblower program in 2010. Whistleblowers who report wrongdoing to the SEC are eligible to receive rewards of 10 to 30% of any SEC recovery, if the recovery is a result of the whistleblower's information and is greater than $1 million. The rules also provide that whistleblowers are entitled to protection against retaliation from employers for blowing the whistle.1 Whistleblowers are also entitled to report claims anonymously.2

As part of the whistleblower program enacted by Dodd-Frank, the SEC then issued its Rule 21F-17, which provides, in relevant part, that:

(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.

In this case, The SEC determined that the company’s confidentiality statements violated Rule 21F-17 because they warned that witnesses could face disciplinary action, including termination of employment, if they discussed any particulars regarding the subject matter of an interview with anyone without the prior approval of the company’s legal department. Significantly, the violation arose from the confidentiality language itself – the SEC noted that it was not aware of any instance in which an employee was prevented from communicating with the SEC, or that the company even took action to enforce the agreement or otherwise prevent any employee from communicating with the SEC.

The company agreed to pay a $130,000 penalty to settle the SEC’s charges and the company voluntarily amended its form confidentiality statement by adding language to make clear that employees are free to report possible violations to the SEC and other federal agencies without prior firm approval or notifying the company.3

Our perspective:

In this first of its kind SEC case, we note that the confidentiality language that the SEC found problematic was not all that unusual. However, the SEC continues to be aggressive in its enforcement activities, following its record year in 2014 for the number of enforcement cases brought and the dollar amount recovered.

The SEC has stated that its TCR system for reporting tips, complaints and referrals is an important source of its cases and investigations, and whistleblowers have successfully reported wrongdoing which has resulted in several major bounties, including the largest ever award of more than $30 million. Sean McKessy, the Chief of the SEC’s Office of the Whistleblower, has warned in the past that companies not use contracts that could deter whistleblowers from reporting wrongdoing to the SEC.4

In light of this case, advisers should consider whether their standard employee confidentiality provisions in employment, separation or other agreements, or in company manuals or other policies, may need to be updated to clarify that such provisions are not intended to impede their personnel from communicating directly with the SEC about a possible securities law violation. Indeed, non-disparagement provisions have also been found violative of other protected activities, so those may also need to be updated with appropriate language to avoid violating the whistleblower protection rules.

In addition, many advisers also routinely encourage, and some even require, internal reporting of any misconduct or alleged misconduct. The policies and procedures around internal reporting should be similarly carefully scrutinized in light of this case.

SEC3 can assist your firm in creating, implementing, updating and maintaining your policies and procedures. For further information, please contact your SEC3 representative or contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Be sure to check out SEC3’s upcoming events.

 

1 The Dodd-Frank Act specifically states that “No employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower.” See Section 21F(h)(1) of the Exchange Act. https://www.sec.gov/about/offices/owb/reg-21f.pdf

2 See Section 21F(d)(2) of the Exchange Act https://www.sec.gov/about/offices/owb/reg-21f.pdf

3 The company’s amended confidentiality statement now reads:
“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

4 In speeches last year and earlier, McKessy has been quoted as saying his office is “actively looking for examples of confidentiality agreements, separation agreements, [and] employee agreements” that condition certain benefits on not reporting activities to regulators, including the SEC.

Newsletter

Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!

Communiques

Exciting Summer Project -- Dig Into Some Sand or Dig Into Your Firm's Best Ex Pr…

The Office of Compliance Inspections and Examinations (OCIE) issued a risk alert July 11 targeting investment advisers’ most common deficiencies with regard to their best execution obligations under the Investment... read more »

SEC Adopts Fund Liquidity Reporting and Disclosure Changes

The final week of June was a busy one for SEC releases following the SEC’s June 28th open meeting. Among these was a revisit of Rule 22e-4 under the Investment... read more »

More SEC Settlements - This Time Form PF Filing Deficiencies

On June 1st, the SEC announced settlements with 13 RIAs who repeatedly failed to file Form PF reports. Most of these firms never filed over the review period (2012 through... read more »

Two Recent Enforcement Actions Against Private Fund Advisers

The industry should not misinterpret the SEC’s 2018 National Exam Program Priorities as a shift away from private fund advisers. As discussed during the SEC’s recent National Compliance Outreach Seminar... read more »

2018 - Are you ready for your next SEC exam?

The pool of registered investment advisers that will be subject to an SEC exam in 2018 is at the highest level seen in years. The SEC projects it will examine... read more »

Navigating the Changes to Form ADV

On August 25, 2016, the U.S. Securities and Exchange Commission adopted numerous substantive and technical amendments to Form ADV. While the adopting release required advisers to begin complying with the... read more »

Events

Dorsey PF 2018 Symposium

When: September 26, 2018 (8:30 am - 6 pm Where: Dorsey & Whitney LLP | 51 W. 52nd Street | New York, NY 10019 Directions > SEC3’s President, Janaya Moscony will join...

Chief Compliance Officer Roundtable: Breakfast Briefing - June 14, 2018

When: June 14, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Webinar: 2018 SEC Exam Priorities & Recent Exam Highlights

Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. Tobin S. Cochran, Managing Member/President of Focus 1 Associates, LLC and...

Chief Compliance Officer Roundtable: Breakfast Briefing - February 7, 2018

When: February 7, 2018 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Schedule: 9:00-9:30am - Networking...

Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email info@seccc.com to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...

Webcast: SEC 2017 Examination Focus Area – Cybersecurity Testing

Penetration Testing & Vulnerability Assessments - Examining the SEC & FINRA Requirements When: Wednesday, January 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder,...