SEC Extends Whistleblower Protection Rules to Private Business Use of Employee Confidentiality Agreements

September 20, 2023 Advisory

The use of confidentiality agreements at the beginning and end of an employment relationship is a common practice in the business world. For good reason, public and private businesses need to protect their valuable information from competitor hands. Over the last eight years, the United States Securities and Exchange Commission (SEC) limited publicly held businesses’ use of confidentiality agreements that in any way discouraged the reporting of potential securities law violations to the SEC and government entities.[i] In contrast, private companies did not have it on their radar to vet standard form employee agreements for SEC compliance – until now, with a recent enforcement action.[ii]


A key feature of the SEC’s whistleblower protection regime is Rule 21F-17(a), which prohibits taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement ... with respect to such communications.”

Since its adoption, the SEC has applied Rule 21F-17(a) to routine confidentiality agreements, anti-disparagement clauses, or internal policies that could theoretically discourage potential whistleblowers from bringing their concerns to the SEC. SEC Rule 21F-17 enforcement actions came in several flavors. First, the SEC has taken the view that confidentiality agreements must expressly permit the employee to report potential securities violations to the government. Second, company confidentiality agreements may not limit the employee’s ability to recover any financial reward that they may receive for reporting potential violations. According to the SEC, removing a potential financial reward for reporting suspected violations may reduce whistleblower reporting incentives. Next, the company may not impose any obligation on the employee to notify the company if the SEC contacts them seeking information about the company. Finally, a company cannot condition their severance agreements on a representation that the exiting employee has not filed a complaint with a government agency.[iii] The SEC has taken a prophylactic approach to interpreting Rule 21F-17(a). From the SEC’s view, it simply does not matter that there is no proof that any person ever had a concern or was in any way discouraged from reporting potential securities law violations to the SEC.

What Has Changed

Recently, the SEC charged a privately owned, Nebraska-based energy and technology company (the “Company”) with violating its whistleblower protection rules. The Company’s standard severance agreement imposed confidentiality requirements on its departing employees. The agreement provided that “nothing in this agreement is intended to limit in anyway your right or ability to file a charge or claim with any federal, state or local agency.” However, the agreement required exiting employees to forego any recovery of a monetary award for filing their claim or participating in the governmental agency investigation or action. The agreement also required the waiver of any resulting equitable relief, such as reinstatement.

While 22 of the Company’s former employees signed the agreement in question, the SEC noted that it found no instances where any employee was actually discouraged from reporting any potential securities law violations or that the Company took any affirmative steps to prevent any employee communication or cooperation with the SEC. Despite this, the SEC found that “[the] separation agreements raised impediments to participation in the Commission’s whistleblower program by having the employees forego the critically important financial incentives that are intended to encourage persons to communicate directly with the Commission staff about possible securities law violations. Such restrictions on accepting financial awards for providing information regarding possible securities law violations to the Commission undermine the purpose of Section 21F and Rule 21F-17(a) …”

In addition to the entry of a cease-and-desist order, the Company paid $225,000 for the violation. While this penalty may appear very high for victimless conduct, the penalty could have been much higher. Indeed, the SEC noted that the Company received a reduced sanction based on its proactive remedial measures. The Company revised its form severance agreements “to make clear that the agreement does not in any way limit a separated employee’s ability to obtain an incentive award in connection with providing information to governmental agencies.” Additionally, the Company contacted all of its former employees and retracted the limitation on the receipt of any award or equitable relief.

In announcing the enforcement action, the SEC made a strong pronouncement:

“Both private and public companies must understand that they cannot take actions or use separation agreements that in any way disincentivize employees from communicating with SEC staff about potential violations of the federal securities laws” and “[a]ny attempt to stifle or discourage this type of communication undermines our regulatory oversight and will be dealt with appropriately.”

Key Takeaways

The SEC Order represents a new push into the way privately held businesses manage their employment relationships. The SEC has staked its position that the use of any restriction that may discourage whistleblower activity will be sanctioned regardless of the nature of the business’ ownership. All businesses, public or private, should take the opportunity to review their employee separation and confidentiality agreements with an eye to the Order, especially in the employment context. Businesses should revise their standard agreements to assure that they: (i) expressly permit the employee to report potential legal violations to the government; (ii) place no limit on the employee’s ability to recover any financial reward that they may receive for reporting potential violations (whistleblowing); (iii) impose no obligation to notify the company if the government seeks information about the company; and (iv) avoid requiring an employee represent that they have not filed a complaint with a government agency.

However, the SEC Order does not appear to prohibit employees from entering into a separation agreement permitting them to file administrative charges with the EEOC, DOL or other similar agencies after signing, but waiving their right to any recovery based on those administrative charges in exchange for a separation payment, as many standard separation agreements require.

[i] See In re KBR, Inc., Exchange Act Rel. No. 74619 (April 1, 2015); In re Merrill Lynch, Peirce, Fenner & Smith, Inc., Exchange Act Rel. No. 78141 (June 23, 2016); In re BlueLinx Holdings, Inc., Exchange Act Rel. No. 78528 (Aug. 10, 2016); In re HealthNet, Inc., Exchange Act Rel. No. 78590 (Aug. 16, 2016); In re Anheuser-Busch InBev SA/NV, Exchange Act Rel. No. 78957 (Sept. 28, 2016); In re NeuStar, Inc., Exchange Act Rel. No. 79593 (Dec. 19, 2016); In re SandRidge Energy, Inc., Exchange Act Rel. No. 79607 (Dec. 20, 2016); In re BlackRock, Inc., Exchange Act Rel. No. 79804 (Jan. 17, 2017); In re Homestreet, Inc., et al., Exchange Act Rel. No. 79844 (Jan. 19, 2017); In re Brinks Co., SEC Exchange Act Rel. No, 95138 (June 22, 2022).

[ii] See In re Monolith Resources, LLC, Exchange Act Re. No. 98322 (Sept. 8, 2023). To date, the only “non-public” company that the SEC brought an enforcement action against that included a Rule 21F-17(a) charge was where the company was accused of engaging in a fraudulent securities offering and used confidentiality provisions in investor settlement agreements in an attempt to prevent investor complaints to the SEC. See SEC v. Collectors Café, Inc.,et ano, 19-CV-04355-LGS-GWG (S.D.N.Y. Nov. 4, 2019)

[iii] In re CBRE, Inc., Exchange Act Re. No. 98429 (Sept. 19, 2023).

Contact Us
  • Worldwide
  • Boston, MA
  • Chicago, IL
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
222 South Main St.
Suite 1830
Salt Lake City, UT 84101
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware