United States: Caution: Having A Deficient Whistleblowing And Compliance System May Have Consequences

The SEC announced two whistleblowing cases in April 2015. In the first case, the SEC issued a whistleblowing award between USD 1.4 and 1.6 million. The whistleblower, a compliance professional, had assisted the SEC in an investigation which led to enforcement action. Allegedly, management at the whistleblower's company – which was not named – was aware of potential misconduct but did not take any steps to prevent it. In light of his position as a compliance manager, the whistleblower believed that reporting to the SEC was necessary to prevent financial harm to investors and the company. In the second case, a company (KBR) had allegedly used language in confidentiality statements that could stifle whistleblower activity.

The first case highlights the importance of effective whistleblowing systems that deal with the threat of external whistleblowing by encouraging employees to report misconduct internally rather than stopping them from reporting externally. At the same time, also in light of the second case, companies should be extremely careful in creating these whistleblowing/compliance systems, especially when drafting employment and confidentiality agreements. They should ensure that the language used does not conflict with the applicable whistleblower rules under US law.

The SEC announced the USD 1.4 – 1.6 million award to the whistleblowing compliance professional on 22 April 2015. The information provided had assisted the SEC in its enforcement action against the whistleblower's company to prevent misconduct that could cause substantial financial harm to investors or the company.  This is the second award made to a compliance professional. The first award was issued in August 2014.

The whistleblower noticed that management had become aware of conduct that could harm investors, but that it had failed to take steps to prevent this misconduct. According to the SEC, in view of his position as a compliance professional, the whistleblower had good reasons to believe that disclosing this inaction to the SEC was the right thing to do.

On 1 April 2015, the SEC announced, in a separate matter, its first enforcement action against a company for using confidentiality agreements with, according to the SEC, improperly restrictive language that could stifle the whistleblowing process. The company in question, KBR, agreed to pay a USD 130,000 penalty to settle the case, and it agreed to cease and desist from committing or causing any future violations. It also amended its confidentiality agreements. This is a rather unique development as the SEC's enforcement action was solely based on the language of the confidentiality agreement:

"Though the Commission is unaware of any instances in which (a KBR employee) was in fact prevented from communicating directly with Commission Staff about potential securities law violations, or  KBR took action to enforce the form confidentiality agreement or otherwise prevent such communications, the language found in the form confidentiality statement impedes such communications by prohibiting employees from discussing the substance of their interview without clearance from KBR's law department under penalty of disciplinary action  including termination of employment."

The SEC announced last year (see In context June 2015) that more regulatory attention was being paid to efforts to discourage employees from reporting misconduct to the SEC, including via confidentiality agreements.

These SEC enforcement actions underscore the importance of effective whistleblowing systems that deal with the threat of external whistleblowing by encouraging employees to report misconduct internally rather than stopping them from reporting externally. In addition, companies should be extremely careful when drafting employment and confidentiality agreements. They should make sure that the language, although serving a legitimate purpose, does not impede any communication that frustrates the purpose of the whistleblower provisions of the Securities Exchange Act. After all, as the Act states: "No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications."

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.