The SEC’s August 2016 cease-and-desist orders in BlueLinx Holdings, Inc. and Health Net, Inc., and its previous 2015 cease-and-desist order in KBR, Inc., reflect the SEC’s determination to prevent publicly traded companies from placing “gag” agreements on any employees who could be potential whistleblowers. The SEC is doing so by reaching deep into companies’ standard written agreements that are intended to protect the company’s confidential business information from improper use or disclosure for competitive business purposes. These agreements include:
Essentially, the SEC is telling publicly traded companies that they need to carve out exceptions to these agreements to allow potential whistleblowers – without threat of violating such an agreement – to communicate the company’s confidential business information freely to the SEC regarding a possible securities law violation. Here’s why:
Pursuant to its enforcement role under Dodd-Frank, and to encourage employee reporting to the SEC of possible securities law violations without fear of employer retaliation, in May 2011 the SEC adopted Rule 21F-17, which became effective on August 12, 2011. The Rule provides:
No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.
Applying Rule 21F-17 in KBR, BlueLinx, and Health Net, the SEC has determined that the following restrictions in confidentiality agreements and statements, such as in those referenced above, will run afoul of Rule 21F-17 where there is no carve out for communicating with the SEC:
In addition, in BlueLinx and Health Net, the SEC further determined that waivers in severance agreements (and, presumably, in settlement agreements), of employees’ rights to apply for or receive individual bounty awards from the SEC – such as under Dodd-Frank – also run afoul of Rule 21F-17. According to the SEC, such waivers impede an individual from directly communicating with the SEC about possible securities laws violations.
In addition to requiring BlueLinx Holdings, Inc., Health Net and KBR to amend their confidentiality agreements to ensure carve outs for communicating with the SEC, the SEC has ordered each company to “reach back” to individuals who signed confidentiality agreements that run afoul of Rule 21F-17, and to let them know that the agreements do not prevent them from disclosing confidential business information to the SEC. Remarkably, the “reach back” goes back to August 12, 2011, the date Rule 21F-17 became effective. The SEC also assessed hefty fines against each company for violating Rule 21F-17: Health Net, $340,000; BlueLinx, $265,000; and KBR, $130,000.
In light of the SEC’s ongoing determination to maintain open lines of communications with potential whistleblowers, publicly traded companies are well advised to review their various confidential business information agreements to ensure that such agreements do not impede potential whistleblowers.
Kevin E. Griffith is the office managing shareholder of the Columbus office of Littler Mendelson. He practices primarily in the areas of business competition litigation and employment litigation and has extensive litigation experience in cases involving corporate raiding and interference with contract claims, and enforcing and defending employment contracts, trade secrets, and covenants-not-to-compete. In addition, Kevin counsels large corporate clients concerning compliance with federal and state employment-related laws, such as Sarbanes-Oxley Act and Dodd-Frank Act’s whistleblower provisions.