How to Avoid Risk of SEC Whistleblower Rule Violations in Connection with Employee-related Documents

5 min read

On February 3, 2023, the US Securities and Exchange Commission ("SEC") announced that a public company agreed to pay $35 million to settle charges of, among other things, violations of the whistleblower protection rule.1 Securities Exchange Act of 1934 Rule 21F-17(a) prohibits any person from taking "any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications."

Since the Dodd-Frank Act provided the Commission with the power to bring actions against persons, including companies, for impeding reports to the SEC, the SEC has brought over 16 enforcement actions for violations of the whistleblower protection rule.2 As this is the second time in a little over six months that the SEC has brought such an action, it appears to be a continuing area of focus for enforcement.

The facts of each action are instructive as companies draft employment-related documents. Even when such documents contain no prohibition on truthful reporting to agencies, certain stipulations, like providing notice, could be considered an impediment to communication with the SEC. Further, including a clause about government reporting in one section of a document may not excuse language viewed as impeding reporting in another section. Employers should carefully review their agreement templates and employment policies for language that might be objectionable to the SEC.

The SEC charged Activision Blizzard Inc. ("Activision"), a video game developer and publisher, with violating Rule 21F-17(a). According to the SEC Order, Activision violated this rule by requiring in its separation agreements that former employees "notify the company if they received a request from a government administrative agency in connection with a report or complaint." The SEC found, however, that it was "not aware of any specific instances in which a former Activision Blizzard employee was prevented from communicating with Commission staff about potential violations of securities laws or in which Activision Blizzard took action to enforce the notification clause or otherwise prevent such communications."

Further, the SEC acknowledged that some separation agreements included a clause stating that:

Nothing in this Release prevents me from . . . giving truthful testimony, or truthfully responding to a valid subpoena, or communicating or filing a charge with government or regulatory entities (such as the Equal Employment Opportunity Commission, National Labor Relations Board, Department of Labor, or Securities and Exchange Commission).

Notwithstanding this clause, the SEC found that the notice provisions undermined the purpose of Rule 21F-17(a) to "encourage[e] individuals to report to the Commission."3

In June 2022, the SEC also announced settled charges for violating Rule 21F-17(a) against The Brink’s Company ("Brinks"), a publicly traded cash transit and money processing services company.4 The SEC found that Brinks was requiring employees during onboarding to sign restrictive confidentiality agreements prohibiting the disclosure of information to third parties, without an exemption for SEC whistleblowers, and threatening employees with liquidated damages and legal fees if they did so. Brinks agreed to pay $400,000 in civil money penalties and to add new language in its confidentiality agreements that made it clear that employees could communicate with the SEC without notice to, or approval from, the company and inform former employees of the same.5

Notably, a couple of the earlier Rule 21F-17(a) actions related to companies that sought to remove the financial incentive to individuals wishing to act as whistleblowers. For example, the Commission objected to a provision in BlueLinx Holdings, Inc.'s severance agreements that waived an employee’s right to monetary recovery in connection with any complaint or charge filed at a government agency.6 The Commission also objected to Health Net, Inc.’s use of a provision in severance agreements that prohibited departing employees from filing for or accepting a whistleblower award (although it expressly stated that nothing in the agreement would impede communication between the employee and government regulators).7

These actions serve as a reminder to ensure employee-related documents cannot be read to impede reporting to the SEC. Such documents could include provisions in employee compliance manuals, codes of ethics, employment agreements, and separation agreements. Often, it is the existence of language that may be viewed as impeding reporting to the SEC and not any actual enforcement of such language by an employer that will lead to SEC charges.

1 The SEC also charged the company with violation of the disclosure controls provision, Securities Exchange Act of 1934 Rule 13a-15(a). Activision made risk factor disclosures in certain annual reports that stated: “If we do not continue to attract, retain, and motivate skilled personnel, we will be unable to effectively conduct our business.” The SEC found that Activision lacked controls and procedures among its separate business units to collect and analyze employee complaints of workplace misconduct. Furthermore, although Activision required that business unit leaders report certain categories of potentially material information to the company’s Disclosure Committee, those categories did not include information relevant to Activision’s ability to retain employees, such as employee complaints or incidents of workplace misconduct. As a result, complaints related to workplace misconduct were neither collected nor analyzed for disclosure purposes. In the Matter of Activision Blizzard, Inc., Release No. 96796 (Feb. 3, 2023).
2 Office of the Whistleblower FY 2022 Report at 6,
3 Securities Whistleblower Incentives and Protections Adopting Release, Release No. 34-63434 (June 13, 2011).
4 In the Matter of The Brink’s Co., Release No. 95138 (June 22, 2022).
5 Further, in April 2022, the SEC settled with David Hansen, the co-founder and former executive of NS8, Inc. (“NS8”), a private technology company, for violations of the same Rule. An NS8 employee raised concerns to Hansen and others that the company was overstating its numbers of paying customers, which was used for external communications to potential and existing investors. Thereafter, the SEC found that Hansen allegedly removed the employee’s access to NS8’s computer systems and later fired the employee. In the Matter of David Hansen, Release No. 94703 (April 12, 2022).
6 In the Matter of BlueLinx Holdings, Inc., Release No. 78528 (Aug. 10, 2016).
7 In the Matter of Health Net, Inc., Release No. 78590 (Aug. 16, 2016).

Arianna Skipper (White & Case, Law Clerk, New York) contributed to the development of this publication.

White & Case means the international legal practice comprising White & Case LLP, a New York State registered limited liability partnership, White & Case LLP, a limited liability partnership incorporated under English law and all other affiliated partnerships, companies and entities.

This article is prepared for the general information of interested persons. It is not, and does not attempt to be, comprehensive in nature. Due to the general nature of its content, it should not be regarded as legal advice.

© 2023 White & Case LLP