In practice, public companies have conducted internal investigations when presented with information or complaints about potential misconduct. These in-house efforts serve a number of purposes and agendas. In its purest form, the motivation behind an internal investigation is to ferret out misconduct and give the company an opportunity to right wrongs and implement better compliance practices. In practice, such internal reviews are often used to see what a prosecutor or regulator might find and then send the plumbers in to quickly and quietly repair the damage before it comes to wider light. In some instances, a point (or some would argue "the" point) of an internal investigation is to bring a complaining employee into an intimidating scenario replete with unsmiling lawyers, several documents requiring multiple signatures, and a sense that it would have been best if you had just kept your mouth shut.
Across the spectrum of firms trying to do the right thing internally through trying to intimidate a complaining employee, a practice developed of having those involved in the in-house investigation sign a confidentiality agreement that required the prior approval of the firm's General Counsel before you could discuss the ongoing inquiry with any third party. As you may well imagine, sometimes the purpose behind that document was to protect trade secrets -- and, just as obviously, it was a way of keeping those who knew things from blabbing to the press and the government. Alas, all good things must come to an end.
Pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act, the Securities and Exchange Commission ("SEC") promulgated the following rule, effective August 12, 2011:
§ 240.21F-17 Staff communications with individuals reporting possible securities law violations.
(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by § 240.21F-4(b)(4)(i) and § 240.21F-4(b)(4)(ii) of this chapter related to the legal representation of a client) with respect to such communications.
(b) If you are a director, officer, member, agent, or employee of an entity that has counsel, and you have initiated communication with the Commission relating to a possible securities law violation, the staff is authorized to communicate directly with you regarding the possible securities law violation without seeking the consent of the entity's counsel.
Following the August 2011 implementation of Rule 21F-17, companies should have reconsidered what their form confidentiality agreements said and likely revised in accordance with the new restrictions. Today's BrokeAndBroker.com Blog considers an SEC settlement involving the federal regulator's concern about whether a firm had violated the prohibitions against impeding the SEC's investigations via a form confidentiality agreement.
In anticipation of the institution of proceedings by the Securities and Exchange Commission ("SEC"), without admitting or denying the findings, KBR, Inc. submitted an Offer of Settlement, which the SEC accepted and, accordingly, the federal regulator entered an Order Instituting Cease-And-Desist Proceedings. In the Matter of KBR, Inc., Respondent (Securities and Exchange Commission, Order Instituting Cease-And-Desist Proceedings, '34 Act Release no. 74619; Admin. Proc. File No. 3-16466 / April 1, 2015) (the"OIP").
KBR Internal Investigation Protocol
The OIP alleges that KBR conducts internal investigations following its receipt of employee complaints about potentially illegal/unethical conduct. As part of its compliance protocol, the firm's investigators typically interview the complaining employee and others. Prior to and subsequent to the promulgation of Rule 21F-17, KBR allegedly used a form confidentiality statement as part of these internal investigations and purportedly had witnesses sign the statement at the beginning of an interview. In pertinent part, the confidentiality statement provided:
Impeding and/or Undermining
I understand that in order to protect the integrity of this review, I am prohibited from discussing any particulars regarding this interview and the subject matter discussed during the interview, without the prior authorization of the Law Department. I understand that the unauthorized disclosure of information may be grounds for action up to and including termination of employment.
The OIP did not assert that any KBR employee was, in fact, prevented from communicating with SEC staff about potential violations. Regardless, the SEC viewed the cited language in the firm's confidentiality statement as impeding communication from employees to the federal regulator and undermining the spirit of the Dodd-Frank by:
prohibiting employees from discussing the substance of their interview without clearance from KBR's law department under penalty of disciplinary action including termination of employment . . .
The SEC acknowledged that KBR had amended its confidentiality statement to include the following:
Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.
In consideration of KBR's remedial measures and in accordance with the terms of the settlement, the SEC ordered that KBR cease and desist from committing or causing any violations of Rule 21F-17; and that the firm pay a $130,000 monetary penalty within 30 days of the entry of the OIP.
By way of remedial measures, KBR agreed to make reasonable efforts to contact United States-based employees who had signed the confidentiality statement from August 21, 2011 to the present. Pursuant to such contact, the firm agreed to provide the employee with a copy of the OIP and a statement clarifying that the firm does not require the employee to see prior permission from its General Counsel before communicating with any governmental agency or entity regarding possible violations of federal law or regulation.