For whistleblowers and their past or present employers, one of the more important features of the SEC’s new whistleblower program regulations is Rule 21F-17, copied in part below. Over the years, targets of whistleblower claims have employed increasingly aggressive and sophisticated tactics — including “gag orders,” TROs, and breach of confidentiality agreement or even trade-secret-theft claims — to intimidate whistleblowers and prevent them from alerting regulators and law enforcement about wrongdoing. Rule 21F-17 is a significant step toward ending such shenanigans and should encourage more SEC whistleblowers to come forward.
Among other things, Rule 21F-17 clearly prohibits any “person” from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce” most confidentiality agreements. (Emphasis added.) Confidentiality agreements covering attorney-client privileged information are generally excepted from this ban under Rule 21F-4(b)(4). But even the 21F-4(b)(4) exceptions have exceptions outlined in 21F-4(b)(4)(v).
The bottom line: Attempting to silence a would-be SEC whistleblower is more dangerous now than ever before. Employers would do well to carefully analyze the extent to which their “investigative” activities — which far too often include firing and suing the very whistleblowers who prompt such investigations — are themselves an additional violation of SEC Rule 21F-17.
§ 240.21F-17 Staff communications with individuals reporting possible securities law violations.
(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by § 240.21F-4(b)(4)(i) and § 240.21F-4(b)(4)(ii) of this chapter related to the legal representation of a client) with respect to such communications.
(b) If you are a director, officer, member, agent, or employee of an entity that has counsel, and you have initiated communication with the Commission relating to a possible securities law violation, the staff is authorized to communicate directly with you regarding the possible securities law violation without seeking the consent of the entity’s counsel.
240.21F-4(b)(4) The Commission will not consider information to be derived from your independent knowledge or independent analysis in any of the following circumstances:
(i) If you obtained the information through a communication that was subject to the attorney-client privilege, unless disclosure of that information would otherwise be permitted by an attorney pursuant to § 205.3(d)(2) of this chapter, the applicable state attorney conduct rules, or otherwise;
(ii) If you obtained the information in connection with the legal representation of a client on whose behalf you or your employer or firm are providing services, and you seek to use the information to make a whistleblower submission for your own benefit, unless disclosure would otherwise be permitted by an attorney pursuant to § 205.3(d)(2) of this chapter, the applicable state attorney conduct rules, or otherwise; or …
(iii) In circumstances not covered by paragraphs (b)(4)(i) or (b)(4)(ii) of this section, if you obtained the information because you were:
(A) An officer, director, trustee, or partner of an entity and another person informed you of allegations of misconduct, or you learned the information in connection with the entity’s processes for identifying, reporting, and addressing possible violations of law;
(B) An employee whose principal duties involve compliance or internal audit responsibilities, or you were employed by or otherwise associated with a firm retained to perform compliance or internal audit functions for an entity;
(C) Employed by or otherwise associated with a firm retained to conduct an inquiry or investigation into possible violations of law; or
(D) An employee of, or other person associated with, a public accounting firm, if you obtained the information through the performance of an engagement required of an independent public accountant under the federal securities laws (other than an audit subject to §240.21F-8(c)(4) of this chapter), and that information related to a violation by the engagement client or the client’s directors, officers or other employees.
(iv) If you obtained the information by a means or in a manner that is determined by a United States court to violate applicable federal or state criminal law;
(v) Exceptions. Paragraph (b)(4)(iii) of this section shall not apply if:
(A) You have a reasonable basis to believe that disclosure of the information to the Commission is necessary to prevent the relevant entity from engaging in conduct that is likely to cause substantial injury to the financial interest or property of the entity or investors;
(B) You have a reasonable basis to believe that the relevant entity is engaging in conduct that will impede an investigation of the misconduct; or
(C) At least 120 days have elapsed since you provided the information to the relevant entity’s audit committee, chief legal officer, chief compliance officer (or their equivalents), or your supervisor, or since you received the information, if you received it under circumstances indicating that the entity’s audit committee, chief legal officer, chief compliance officer (or their equivalents), or your supervisor was already aware of the information.