Although 2017 has barely begun, the Securities and Exchange Commission (SEC) has continued to aggressively pursue enforcement actions against companies for whistleblower-related violations. As part of its initiative, the SEC has taken aim at employers for including what previously have been considered standard provisions in severance agreements under the theory that these provisions might inhibit former employees from coming forward with information or formal complaints. Specifically, the SEC has taken issue with provisions requiring that individuals maintain the confidentiality of company information, refrain from disparaging the company, return all company property and waive the right to recovery from whistleblowing activity.

This advisory reviews the relevant recent enforcement actions, and provides sample language firms may wish to consider including in their employment and severance agreements to help avoid being subject to SEC or Commodity Futures Trading Commission (CFTC) sanctions for infringing employees' whistleblower rights.


The Dodd–Frank Wall Street Reform and Consumer Protection Act, enacted in July 2010, amended the Securities and Exchange Act of 1934 by adding Section 21F, "Whistleblower Incentives and Protection." In response, the SEC adopted Rule 21F-17(a), which prohibits any person from taking action to impede an individual from communicating directly with SEC staff about a potential securities law violation.[1] Rule 21F-17(a) went into effect on August 12, 2011.

In addition to the SEC's whistleblower provisions, the CFTC has express rules prohibiting the waiver "by any agreement, policy, form, or condition of employment, including by a predispute arbitration agreement" of the right of any person to file a whistleblower complaint and receive an award from it.[2] In 2016, the CFTC proposed to amend its whistleblower program to more closely emulate that of the SEC; however, no final action on the CFTC proposal has been taken. Significantly, the CFTC's proposed amendments prohibit any confidentiality or pre-dispute arbitration agreement provisions in employment contracts that might deter an individual from communicating a possible violation of law to the CFTC.[3]

The SEC has taken a broad view of its own rules, and it appears that even including a general confidentiality provision within a severance agreement with no specific reference to the SEC could potentially be considered a violation. The recent whistleblower actions described below highlight that it is important for persons subject to SEC or CFTC jurisdiction to ensure that employee severance agreements, employment agreements that require confidentiality and other policies do not violate applicable law or SEC or CFTC whistleblower rules.

Enforcement Actions

In re BlackRock, Inc.

  • On January 17, the SEC announced that BlackRock, Inc. agreed to a $340,000 fine to settle charges that it improperly used severance agreements where exiting employees were forced to waive their rights to receive whistleblower awards.[4]
  • 1,067 departing BlackRock employees signed severance agreements containing language stating that, in order to receive monetary separation payments from BlackRock, they must "waive any right to recovery of incentives for reporting of misconduct including, without limitation, under the Dodd-Frank Wall Street Reform and Consumer Protection Act and the Sarbanes-Oxley Act of 2002."[5]
  • However, these agreements did not expressly prohibit the departing employees from communicating directly with the SEC regarding potential violations of law.
  • Although the SEC acknowledged it was unaware of any instances in which BlackRock took action to enforce these provisions, the SEC maintained that the severance agreements directly targeted the SEC's whistleblower program by removing the financial incentives intended to encourage persons to communicate directly with the SEC regarding possible securities law violations and thus violate Rule 21F-17(a).

In re NeuStar, Inc.

  • In an action on December 19, 2016, against NeuStar, Inc., the SEC claimed that at least 246 NeuStar employees executed the firm's standard severance agreement containing a broad non-disparagement clause prohibiting employees from communicating information that "disparages, denigrates, maligns or impugns NeuStar" to, among others, agencies including the SEC.[6]
  • A separate provision of the severance agreement required former employees to acknowledge that breach of the non-disparagement clause "would cause irreparable injury and damage to NeuStar," and compelled forfeiture of all but $100 of any severance compensation in the event of such a breach.[7]
  • NeuStar agreed to pay a fine of $180,000 to settle the case.

In re BlueLinx Holdings Inc.

  • On August 10, 2016, BlueLinx Holdings Inc. agreed to pay a fine of $265,000 to settle SEC charges that the company inhibited whistleblowing by former employees.[8]
  • The SEC alleged that BlueLinx included provisions in severance agreements prohibiting former employees from sharing with anyone confidential information concerning BlueLinx that they had learned while employed by the company, unless compelled to do so by law or legal process.
  • The provisions also required employees either to provide written notice to the company or to obtain written consent from the company's legal department before providing confidential information pursuant to such legal process.
  • BlueLinx then amended its severance agreements to authorize whistleblowing, but added a standard clause requiring ex-employees to waive their right to any monetary recovery in connection with any complaint or charge filed with an administrative agency.[9]
  • By including these clauses in its severance agreements, the SEC claimed that BlueLinx impeded its employees from communicating directly with the SEC staff about possible securities law violations, and violated Rule 21F-17(a).

In re KBR, Inc.

  • The SEC's first whistleblower protection action involving restrictive language was brought in April 2015 against KBR, Inc. where KBR agreed to pay a $130,000 fine to settle the charges.[10]
  • Through its compliance program, KBR received complaints from its employees regarding potential illegal conduct by KBR or its employees, and KBR's practice was to conduct internal investigations of these allegations.
  • As a part of these investigations KBR used a form confidentiality statement which was in place both before and after the SEC adopted Rule 21-F-17(a).
  • The SEC challenged KBR's use of the confidentiality statement because not only did it warn an employee prior to an internal investigation interview that the interview itself was confidential, but it also prohibited an employee from discussing with third parties even the subject matter of the interview without prior authorization from KBR's legal department.[11]
  • The SEC stated that this language undermines the purpose of Section 21F and Rule 21F-17(a), which is to "encourage whistleblowers to report possible violations of the securities laws."[12]

What Companies Should Do Now

  • In light of the recent regulatory focus on severance agreements and whistleblower protection, SEC registrants and SEC-regulated companies, as well as CFTC registrants and entities subject to CFTC rules, are encouraged to review their form employment and severance agreements and employee policies to ensure that they do not contain confidentiality requirements that could be interpreted by the SEC as preventing an employee from making a whistleblower complaint.
  • Severance agreements that contain broad confidentiality or non-disparagement requirements should include a carve-out for whistleblower complaints even if they do not expressly prohibit communications with the SEC. A suggested provision might read something as follows:
    "Nothing contained in this Agreement is intended to or shall limit Employee's ability to respond to a lawful subpoena; report to or cooperate with any government agency (which shall include the ability to participate in an investigation or provide documents or other information to a government agency with relevant jurisdiction, and to recover any remuneration awarded for doing so); or comply with any other legal obligation."

    Of course, even with this language, the entire agreement must be reviewed to ensure that there are no other terms that expressly preclude the employee from providing documents or other information to a government agency with relevant jurisdiction or violate SEC or CFTC requirements.

  • Although these SEC cases do not indicate that a standard Upjohn warning would violate Rule 21F-17, the KBR action suggests that agreements used as part of an internal investigation interview that contain language beyond a standard Upjohn warning may be problematic. (Upjohn warnings are provided to employees when a company is involved in litigation or is conducting an internal investigation, and they clarify that the attorney-client privilege over communications between the attorney and the employee belongs solely to the company.[13]) Companies should ensure that their Upjohn warnings do not suggest that disclosure of non-privileged information to government agencies will subject an employee to any adverse action by the company.

[1]17 C.F.R. § 240.21F-17.

[2]17 C.F.R. Part 165.19.

[3]Whistleblower Awards Process, 81 Fed. Reg. 59551 (proposed Aug. 30, 2016), available at

[4]Order Instituting Cease-and-Desist Proceedings, In re BlackRock, Inc., Exchange Act Release No. 79804 (Jan. 17, 2017), available at

[5]The full language of the agreement stated that "To the fullest extent permitted by applicable law, you hereby release and forever discharge, BlackRock, as defined above, from all claims for, and you waive any right to recovery of, incentives for reporting of misconduct, including, without limitation, under the Dodd-Frank Wall Street Reform and Consumer Protection Act and the Sarbanes-Oxley Act of 2002, relating to conduct occurring prior to the date of this Agreement." Id. ¶ 7.

[6]The full language of the severance agreements read: "[E]xcept as specifically authorized in writing by NeuStar or as may be required by law or legal process, I agree not to engage in any communication that disparages, denigrates, maligns or impugns NeuStar or its officers, directors, shareholders, investors, potential investors, partners, predecessors, subsidiaries, employees, consultants, attorneys, or any others associated with NeuStar, including but not limited to communications with accountants, investment bankers, commercial bankers, insurance brokers or carriers, media, journalists, reporters, equity analysts, investors, potential investors, customers, suppliers, competitors, joint venture partners and regulators (including but not limited to the Securities and Exchange Commission, the Federal Communications Commission, the Canadian Radio-television Telecommunications Commission, the North American Numbering Council, the Canadian LNP Consortium, Inc., the LNPA Working Group, the United States Department of Commerce, the Internet Corporation for Assigned Names and Numbers, the Alliance for Telecommunications Industry Solutions, the North American Portability Management, LLC, public utility commissions and industry associations (including but not limited to the GSM Association, the United States Telecom Association, CTIA-The Wireless Association and CompTel)) (emphasis added)." Order Instituting Cease-and-Desist Proceedings, In re NeuStar, Inc., Exchange Act Release No. 79593 at ¶ 5 (Dec. 19, 2016), available at

[7]Id. ¶ 6.

[8]Order Instituting Cease-and-Desist Proceedings, In re BlueLinx Holdings Inc., Exchange Act Release No. 78528 (Aug. 10, 2016), available at

[9]The amended agreements provided that: "Employee further acknowledges and agrees that nothing in this Agreement prevents Employee from filing a charge with . . . the Equal Employment Opportunity Commission, the National Labor Relations Board, the Occupational Safety and Health Administration, the Securities and Exchange Commission or any other administrative agency if applicable law requires that Employee be permitted to do so; however, Employee understands and agrees that Employee is waiving the right to any monetary recovery in connection with any such complaint or charge that Employee may file with an administrative agency. (Emphasis added.)" Id. ¶ 14.

[10]Order Instituting Cease-and-Desist Proceedings, In re KBR, Inc., Exchange Act Release No. 74619 (Apr. 1, 2015), available at; SEC Press Release 2015-54.

[11]The form confidentiality statement required witnesses to agree to the following provisions: "I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment." Id. ¶ 6.

[12]See Id. ¶ 2.

[13]Upjohn Co. v. United States, 449 U.S. 383, 387 (1981).