Whistleblower Rule Compliance: SEC’s OCIE Issues Risk Alert in Wake of Illustrative Enforcement Actions

On October 24, staff of the Securities Exchange Commission (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) released a Risk Alert titled “Examining Whistleblower Rule Compliance” (the “Risk Alert”).[1]  The Risk Alert puts registered investment advisers and registered broker-dealers on notice that OCIE is examining investment advisers for compliance with the whistleblower protections of Section 21F of the Securities Exchange Act of 1934 (the “Exchange Act”).  Specifically, as part of its examinations, OCIE is reviewing a variety of documents for possible violations of Rule 21F-17 under the Exchange Act, including compliance manuals, codes of ethics, employment agreements, confidentiality agreements and severance agreements.  Additionally, the Risk Alert includes a list of provisions that, if included in any of the foregoing documents, OCIE believes may contribute to violations of Rule 21F-17.

Section 21F was added to the Exchange Act through the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Dodd-Frank Act”).  The purpose of Section 21F was to “encourage whistleblowers to report possible violations of the securities laws by providing financing incentives” and to protect whistleblowers from employment-related retaliation.[2]  Congress explicitly noted that financial incentives were a “critical component” of the whistleblower protections given the “enormous risk of blowing the whistle in calling attention to fraud.”[3]  To give effect to the protections of Section 21F, the SEC adopted Rule 21F-17 under the Exchange Act which provides, in relevant part, that “no person may take any action to impede an individual from communicating direction with the [SEC] about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”[4]

In recent months, the SEC has issued a string of enforcement actions identifying violations of Rule 21F-17.  For example, in an enforcement action against Health Net, Inc., the SEC found Health Net’s separation agreements violated rule 21F-17[5] by containing language that required departing employees to waive their rights to monetary recovery in any proceeding brought before any governmental agency. The SEC concluded that this language “directly targeted the SEC’s whistleblower program by removing the critically important financial incentives” intended to encourage communications with the SEC.[6]  Importantly, the SEC made this finding despite it being “unaware of any instances” in which a former employee was actually dissuaded from reporting to the SEC based on the language of the separation agreements.[7]  

In the SEC’s action against BlueLinx Holdings, Inc., the SEC found that BlueLinx had violated Rule 21F-17 by effectively requiring departing employees to sign a separation agreement pursuant to which the employee waived rights to monetary recovery in any proceeding brought before any governmental agency.[8]  Additionally, the BlueLinx separation agreements required that departing employees notify BlueLinx’s legal department before disclosing any confidential information to any governmental agency or other third party.[9]  This, the SEC found, “forced those employees to choose between identifying themselves to the company as whistleblowers or potentiality losing their severance pay and benefits,” and therefore, violated Rule 21F-17.[10]

More recently, the SEC brought an enforcement action against Anheuser-Busch Inbev, SA/NV.[11] Anheuser-Busch’s separation agreement required a departing employee to maintain the company’s confidential information in strict secrecy unless required by law.  The separation agreement also included a $250,000 liquidated damages penalty in the event of a breach of its confidentiality restrictions.[12]  The SEC found that the separation agreement, as drafted, impeded communication with the SEC and pointed to an actual instance in which an employee who had previously been communicating with the SEC, stopped doing so upon signing the separation agreement.[13]  Given this, the SEC found that the separation agreement violated Rule 21F-17.[14]

In the wake of these enforcement actions, OCIE issued the Risk Alert providing investment advisers with a list of relevant documents and agreements that OCIE will review and which investment advisers should carefully consider, for compliance with Rule 21F-17. The Risk Alert also provides a non-exclusive list of potentially offending provisions that OCIE believes “may contribute to violations of Rule 21F-17”, including provisions that:

1. require an employee to represent that he or she has not assisted in any investigation involving the registrant;
2. prohibit any and all disclosures of confidential information, without providing any exception for voluntary communications with the SEC concerning possible securities laws violations;
3. require an employee to notify and/or obtain consent from the investment adviser prior to disclosing confidential information, without providing any exception for voluntary communications with the SEC concerning possible securities laws violations; or
4. permit disclosures of confidential information only as required by law, without providing any exception for voluntary communications with the SEC concerning possible securities laws violations.[15]

Finally, the Risk Alert includes a list of remedial actions, derived from recent enforcement actions, that an investment adviser should take in the event that any of its agreements with employees or former employees include any of the provisions that may violate Rule 21F-17, including:

1. amending any such documents to subsequently clarify that, notwithstanding anything in the document to the contrary, nothing contained in such document prohibits any employee or former employee from voluntarily communicating with the SEC or other authorities regarding possible violations of law or from recovering a whistleblower award;
2. providing a general notice to employees, or notice specifically to any employees who signed restrictive agreements, of their right to contact the SEC or other authorities; and
3. contacting any former employees who previously signed severance agreements to explicitly inform them that the investment adviser does not, and will not, prohibit the former employee from communicating with the SEC or seeking a whistleblower award.

The Risk Alert and the recent enforcement actions discussed above make clear that the SEC is focused on protecting whistleblowers and removing what the SEC views as potential impediments to communicating with the SEC.  Investment advisers should carefully review their compliance manuals, codes of ethics, employment agreements and separation agreements, as well as any confidentiality agreements, releases, orientation and training materials, internal policies, and other documents and processes to ensure that these do not contain provisions that may impede or otherwise have a chilling effect on a party’s ability to communicate with the SEC regarding potential securities laws violations or to collect monetary awards under Section 21F.  In light of the Risk Alert, updates and amendments should be made, where appropriate, to ensure these agreements, documents and processes are in compliance with Section 21F.  Additionally, investment advisers should provide detailed notice of any amendments to the other parties.  Finally, investment advisers should carefully consider whether their agreements, documents and processes should be amended to include the above-described carve-outs for communications with the SEC and other governmental authorities.