The US Securities and Exchange Commission’s recent censure and fine of Guggenheim Securities sent Wall Street a powerful reminder: Companies cannot prohibit or impede employees from contacting the SEC or any other regulator about potential securities law violations.
Whistleblowers with detailed information about significant financial fraud by their employers have become a crucial weapon in SEC’s enforcement arsenal, and any effort to constrain employees’ ability to contact federal regulators undermines enforcement in financial markets as well as an effective SEC whistleblower program.
The SEC has been vigilant about protecting whistleblowers and punishing companies that restrict the ability of whistleblowers to report securities law violations to the SEC through employment contracts, nondisclosure agreements, company policies or separation agreements.
Guggenheim, the SEC said, prohibited employees from initiating contact with regulators without prior approval from Guggenheim’s legal or compliance department. From at least 2016 to 2020, Guggenheim’s “core compliance” manual for employees warned that the “prohibition applies to any subject matter that might be discussed with a Regulator, including an individual’s registration status with FINRA. Any employee that violates this policy may be subject to disciplinary action by the Firm.”
The prohibition was reinforced in annual compliance training Guggenheim gave employees in 2018 and 2019, the SEC said.
The SEC censured Guggenheim and fined the brokerage $209,000 on June 23. Guggenheim also changed the language of its manual to bring it in line with the law.
The SEC’s enforcement action against Guggenheim was one of many the SEC has taken against publicly traded companies and other regulated entities for violating what’s known as Rule 21F-17.
The rule states, “No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”
The commission adopted Rule 21F-17 in 2011 as part of its implementation of the Dodd-Frank Act, which established the SEC whistleblower program as well as the Commodity Futures Trading Commission whistleblower program.
The first action the SEC took against a company for violating the restrictive-language rule was in 2015 against KBR Inc., a global defense contractor. The SEC said KBR required witnesses in certain internal investigations interviews to sign confidentiality statements that stated they could face discipline and even be fired if they discussed the matters with outside parties without the prior approval of KBR’s legal department.
KBR paid $130,000 to settle the charges and agreed to change the language of its confidentiality statements to eliminate the pre-approval requirement to speak to the SEC and other regulators.
After a spate of enforcement actions against companies for violating the rule, the SEC in 2016 issued a “risk alert” to let companies know that it was going to start reviewing their compliance manuals, ethics codes, employment agreements and severance agreements to determine whether the wording in those documents violated Rule 21F-17 and had the potential to impede employees from reporting concerns about securities law violations to the SEC.
Since the KBR case, the SEC has taken enforcement actions against at least 12 regulated entities for restrictive language in written policies, contracts and agreements that limits the ability of individuals to report securities law violations. Among the enforcement targets were Merrill Lynch, SandRidge Energy, Anheuser-Busch InBev and Blackrock.
The SEC also is bringing cases when investors – not just employees – are required to sign agreements that prohibit the investors from reporting securities law violations.
For instance, the SEC filed a complaint against Collectors Café and its owner, Mykalai Kontilai, in 2019 that alleged Collectors Café and Kontilai attempted to resolve investors’ allegations of wrongdoing against them by conditioning the return of their investment on agreements with signed confidentiality clauses that prohibited communications with law enforcement, including the SEC, about the alleged securities law violations.
Collectors Café and Kontilai had the audacity to sue one alleged victim for breach of the confidentiality provision by talking to the SEC. They sought punitive and compensatory damages, including repayment of the money used to settle the alleged victim’s case against them.
Importantly, the SEC is enforcing Rule 21-7F even when it hasn’t found evidence that the restrictive language actually stopped someone from reporting. That was the case with Guggenheim and earlier cases as well. However, it’s impossible to know how many instances there are when someone wants to report violations to the SEC but is scared off by the threat of retaliation.
The SEC has established a clear line for instances where companies might be impeding whistleblowers in any way. Companies would do well not to cross it.