By Richard Shea and Barbara Hoffman

These days, many employment agreements, severance agreements, releases, plan documents, SPDs, and other compensation and benefits arrangements impose confidentiality requirements on employees, both current and former. Yesterday the SEC issued its first order addressing how employee confidentiality obligations can be phrased consistent with the agency’s regulations implementing the Dodd-Frank whistleblower provisions. Companies may want to review the SEC order and the wording of their existing employee confidentiality obligations to determine whether changes might be helpful or required.

On April 1, 2015, the SEC issued its first order circumscribing the scope of confidentiality requirements companies can impose on their employees. The order highlights the agency’s commitment both (1) to ensure that employees are free to contact the Commission directly about possible securities law violations, and (2) to take action against any confidentiality requirements that might discourage or prevent those contacts.

In light of the order, companies will want to review any policies, procedures, practices, forms, agreements, or plans that impose confidentiality obligations on employees—potentially including, for example, codes of conduct, confidentiality policies, releases, employment agreements, termination or severance agreements, severance plans, or other compensation or benefits arrangements.

The applicable regulation—SEC Rule 21F-17(a)—provides that “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”

The confidentiality provision at issue appeared in a standard form that employees signed when being interviewed as witnesses in internal investigations. The form included the following confidentiality requirement:

I [the employee] am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for disciplinary action up to and including termination of employment.

The SEC order recited that the Commission was not aware of evidence that the company took any action to enforce the confidentiality provision or to prevent communications with the Commission in any other way, nor was it aware of evidence that the provision prevented any employee from making such communications. The company’s use of the confidentiality provision pre-dated Rule 21F-17 and continued after the Rule’s effective date.

The Commission issued a cease and desist order, imposed a fine of $130,000, and agreed to the company’s undertaking to try to contact its employees in the United States who signed the statement at any time after August 21, 2011.

The Commission also cited with approval the company’s amended confidentiality provision:

Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.

In light of the Commission’s order, companies will want to review any policies, procedures, practices, forms, agreements, or plans that impose confidentiality obligations on employees and consider, if necessary, whether revisions should be made in accordance with this most recent action by the Commission.