SEC Warns of Using Confidentiality Language to Stifle Whistleblowers

On April 1, 2015, the Securities and Exchange Commission announced its first ever enforcement action against a company for violating Dodd Frank’s whistle blower rules. In this case, the company was found to have required employees to sign a form confidentiality statement when the company conducted internal investigation interviews.

The Dodd Frank Act implemented a whistleblower program in 2010. Whistleblowers who report wrongdoing to the SEC are eligible to receive rewards of 10 to 30% of any SEC recovery, if the recovery is a result of the whistleblower's information and is greater than $1 million. The rules also provide that whistleblowers are entitled to protection against retaliation from employers for blowing the whistle.1 Whistleblowers are also entitled to report claims anonymously.2

As part of the whistleblower program enacted by Dodd-Frank, the SEC then issued its Rule 21F-17, which provides, in relevant part, that:

(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.

In this case, The SEC determined that the company’s confidentiality statements violated Rule 21F-17 because they warned that witnesses could face disciplinary action, including termination of employment, if they discussed any particulars regarding the subject matter of an interview with anyone without the prior approval of the company’s legal department. Significantly, the violation arose from the confidentiality language itself – the SEC noted that it was not aware of any instance in which an employee was prevented from communicating with the SEC, or that the company even took action to enforce the agreement or otherwise prevent any employee from communicating with the SEC.

The company agreed to pay a $130,000 penalty to settle the SEC’s charges and the company voluntarily amended its form confidentiality statement by adding language to make clear that employees are free to report possible violations to the SEC and other federal agencies without prior firm approval or notifying the company.3

Our perspective:

In this first of its kind SEC case, we note that the confidentiality language that the SEC found problematic was not all that unusual. However, the SEC continues to be aggressive in its enforcement activities, following its record year in 2014 for the number of enforcement cases brought and the dollar amount recovered.

The SEC has stated that its TCR system for reporting tips, complaints and referrals is an important source of its cases and investigations, and whistleblowers have successfully reported wrongdoing which has resulted in several major bounties, including the largest ever award of more than $30 million. Sean McKessy, the Chief of the SEC’s Office of the Whistleblower, has warned in the past that companies not use contracts that could deter whistleblowers from reporting wrongdoing to the SEC.4

In light of this case, advisers should consider whether their standard employee confidentiality provisions in employment, separation or other agreements, or in company manuals or other policies, may need to be updated to clarify that such provisions are not intended to impede their personnel from communicating directly with the SEC about a possible securities law violation. Indeed, non-disparagement provisions have also been found violative of other protected activities, so those may also need to be updated with appropriate language to avoid violating the whistleblower protection rules.

In addition, many advisers also routinely encourage, and some even require, internal reporting of any misconduct or alleged misconduct. The policies and procedures around internal reporting should be similarly carefully scrutinized in light of this case.

SEC3 can assist your firm in creating, implementing, updating and maintaining your policies and procedures. For further information, please contact your SEC3 representative or contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

Be sure to check out SEC3’s upcoming events.


1 The Dodd-Frank Act specifically states that “No employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower.” See Section 21F(h)(1) of the Exchange Act.

2 See Section 21F(d)(2) of the Exchange Act

3 The company’s amended confidentiality statement now reads:
“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”

4 In speeches last year and earlier, McKessy has been quoted as saying his office is “actively looking for examples of confidentiality agreements, separation agreements, [and] employee agreements” that condition certain benefits on not reporting activities to regulators, including the SEC.


Get the latest compliance news and insights - delivered weekly. The SEC3 Communique covers all compliance topics. CCO3 focuses on CCO topics.
tip: check both to keep informed!


SEC3 Newsletter

Commentary: How Compliance Officers & Firms Can Help Limit CCO Personal Liability This article originally appeared on the Thomson Reuters Regulatory Intelligence subscription service for compliance and risk professionals and is... read more »

Wishing One-and-All a Happy, Healthy and Prosperous New Year

We hope each of you found some peace and tranquility in the company of loved ones this holiday season and want to wish one-and-all a happy, healthy and prosperous New... read more »

Understanding How to Mitigate Liability and Navigate Insurance Options (Part II)

In June, we shared our thoughts around common insurance gaps and insurance riders that CCOs as well as managers should understand. One of the gaps we shared related to pre-claim... read more »

Cybersecurity - What have we learned and what have we done?

Regulatory Landscape In April 2015, the Securities and Exchange Commission ("SEC's") Division of Investment Management issued a guidance update, identifying cybersecurity as a critical issue. Several regulators are in fact focusing... read more »

Gatekeepers in SEC Crosshairs

Ever since the enforcement cases were announced as part of the SEC’s “Operation Broken Gate,” the SEC enforcement division has continued to ramp up scrutiny of gatekeepers including third-party service... read more »

Anna M. Bencrowsky, CRCP, CMFS Joins SEC3

We are pleased to announce that Anna M. Bencrowsky, CRCP, CMFS has joined SEC3 as a Senior Consultant. Prior to joining SEC3, Anna held several executive compliance positions. Anna recently retired... read more »


Upcoming Events - September & October 2017

Upcoming Events Don’t miss the opportunity to meet with us in person to discuss the topics that matter most to you. SEC3 is teaming up with industry experts in NYC to discuss...

May 23, 2017 - Webcast: WannaCry Ransomware: Were You Really Protected or Just L…

When: Tuesday, May 23rd, 2017 | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. We...

June 14, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Willkie Farr & Gallagher LLP | 600 Travis Street | Suite 2310 | Houston, TX Barry Barbash from Willkie Farr & Gallagher LLP,...

June 13, 2017 - Compliance Breakfast Briefing

8:30-9:00am - Networking and Continental Breakfast 9:00-10:30am - Program Location: Haynes and Boone, LLP | 2323 Victory Avenue | Suite 700 | Dallas, TX 75219 Validated parking is available in the garage attached...

May 31, 2017 - Chicago

9:00-9:30 a.m - Networking and Continental Breakfast 9:30-11:00 a.m - Program Location: Baker & McKenzie LLP | 300 East Randolph Drive | Suite 5000 | Chicago, IL 60601 Kristin Gonzalez and Jerome Tomas...

May 17, 2017 (NYC WIMF)

This event is by invitation only. Please email to learn more.

May 15, 2017 (NYC Chief Compliance Officer Roundtable)

9:00-9:30am - Networking and Continental Breakfast 9:30-11:00am - Program Location: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone:...

Webcast: The Most Insidious Cybersecurity Threat Is Also The Least Understood

When: Tuesday, April 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder, BW Cyber Services John Lukan, Managing Director, SEC Compliance Consultants, Inc. Ransomware, the...

CCO Liability (Part III): Managing Liability Webinar

In this webinar, panelists discuss indemnifications and insurance as potential remedies to address the direct financial risks to a CCO. Attendees will learn: What terms and conditions should Chief Compliance Officers be...

Webinar: CCO Liability (Part III): Managing Liability: Navigating Indemnities an…

When: Tuesday, February 21, 2017 Schedule: 11:00am ET / 10:00am CT / 9:00am MT / 8:00am PT / 7:00am AT Description of Webinar: The National Society of Compliance Professionals is pleased to host...

Webcast: SEC 2017 Examination Focus Area – Cybersecurity Testing

Penetration Testing & Vulnerability Assessments - Examining the SEC & FINRA Requirements When: Wednesday, January 25th | Schedule: 12pm - 1pm EST Who: Paul Caiazzo, CEO and Co-Founder, TruShield Security Solutions Michael Brice, Founder,...

Chief Compliance Officer Roundtable: Breakfast Briefing

When: October 20, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 | 22nd Floor Boardroom | Phone: 212.885.5000 Thomas Westle and Janaya...

Practicing Law Institute - Hedge Fund Management 2016

When: September 15, 2016 Where: New York & concurrent webcast | 1177 Avenue of the Americas | New York, NY 10036 Schedule: 9:00 am – 5:00 pm Janaya Moscony, President of SEC3 will...


When: April 13, 2016 Where: Blank Rome LLP | The Chrysler Building | 405 Lexington Avenue | New York, NY 10174 22nd Floor Boardroom Thomas Westle and Janaya Moscony, along with industry experts,...


When: November 17, 2015 Where: Convene Midtown East | 730 Third Avenue | New York, NY 10017 Janaya Moscony, President, SEC Compliance Consultants, Inc. will be moderating a...