SEC whistleblower Everyone generally agrees that people and organizations should be able to protect their proprietary and valuable information. But one area where we’ve seen legislative fretting is when that principle potentially impedes reporting wrongdoing to the government. As we have previously blogged, Congress and many state legislatures are exploring (or, in some cases, already enacted) legislative protections for reporting suspected misconduct to the government. And, at the federal level, Congress enacted the Defend Trade Secrets Act, which provides immunity for the disclosure of a trade secret if made in confidence to an attorney or government official for the purpose of investigating a suspected violation of law.

The Securities and Exchange Commission (“SEC”), which is understandably bullish on whistleblower protections, has also enacted regulations to further support whistleblowers. The SEC promulgated a rule—Exchange Act Rule 21F-17(a)—that prohibits any person from taking any action to prevent an individual from contacting the SEC directly to report a possible securities law. Specifically, the rule provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”

Since 2015, the SEC has brought at least 14 enforcement actions involving Exchange Rule 21F-17(a). And a recent consent order with The Brink’s Company (“Brinks”) serves as a reminder that overbroad non-disclosure language can result in regulatory action. The action arose because, between April 2015 and April 2019, Brinks used an employee confidentiality agreement that prohibited employees from disclosing confidential company information to any third party without Brinks’ prior written approval. The agreement’s non-disclosure restriction did not carve out communications to government officials to report a violation of law which, in the SEC’s view, impeded potential whistleblowers. To resolve the investigation, Brinks agreed to:

  • Pay $400,000 as a civil monetary penalty;
  • Cease and desist from any further violations of Exchange Rule 21F-17(a);
  • Insert the following language into its non-disclosure agreements:
    Protected Rights. Employee understands that nothing contained in this Agreement limits Employee’s ability to file a charge or complaint with the Securities and Exchange Commission, or any other federal, state, or local governmental regulatory or law enforcement agency (“Government Agencies”). Employee further understands that nothing in this Agreement limits Employee’s ability to communicate with any Government Agencies or otherwise participate in or fully cooperate with any investigation or proceeding that may be conducted by any Government Agency, including providing documents or other information, without notice to or approval from the Company. Employee can provide confidential information to Government Agencies without risk of being held liable by Brinks for liquidated damages or other financial penalties. This Agreement also does not limit Employee’s right to receive an award for information provided to any Government Agencies.”; and
  • Make reasonable efforts to provide current and former employees with a copy of the order and a statement Brinks permits current or former employees to: (1) provide information and/or documents to, and/or communicate with, Commission staff without notice to or approval from the Company; and (2) accept a whistleblower award from the Commission pursuant to Section 21F of the Exchange Act.

In a separately issued statement, SEC Commissioner Hester Peirce expressed that, while she approved of the settlement terms, she doubted that the SEC could, through an enforcement action, require a company to exclude from its scope any disclosure to any government agency rather than limit the exclusion to the SEC.


It is not enough to simply decline to enforce a confidentiality restriction in a disclosure to a government official. Rather, to comply with Exchange Act Rule 21F-17(a), any confidentiality restriction should include an affirmative statement that nothing in the agreement restricts the signatory’s ability to disclose information to or communicate with government agencies for the purpose of reporting a suspected violation of law.

Additionally, companies should not think that discretion in enforcing overbroad confidentiality restrictions will prevent a potential action by the SEC. In two prior consent orders against KBR and Guggenheim Securities, the consent orders specifically noted that the SEC was unaware of any instances where either (1) an employee was prevented from speaking with an SEC official because of the agreement; or (2) the company took action to enforce the agreement against an employee in connection with a communication to the SEC.

Finally, the SEC believes its prior enforcement activity has been sufficient to put companies on notice of its position and what language is required to comply with Exchange Rule 21-17(a). In the Brinks consent order, the SEC flagged that multiple in-house attorneys received client alerts and case summaries from its outside counsel—but Brinks failed to revise its agreement to include an acceptable carve-out for disclosures to the government. This likely signifies that, in future actions, the SEC will seek higher monetary penalties or more extensive injunctive relief to enforce Exchange Rule 21-17(a).