Fiscal Year 2023 was a record-breaking year for the Securities Exchange Commission (“SEC”) Whistleblower Program. The SEC received more than 18,000 whistleblower tips and awarded almost $600 million to 68 individual whistleblowers, including an award of $279 million to a single whistleblower.

LEARN MORE: Here are the finalists for the 2024 Arizona Corporate Counsel Awards

MORE NEWS: The Top 100 Lawyers in Arizona for 2024

The SEC relies in part on whistleblower tips for its enforcement actions. Rule 21F-17(a) (17 C.F.R. § 240.21F-17(a)) states that “[n]o person may take any action to impede an individual from communicating directly with Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement…with respect to such communications.”

In the last year or so, the Enforcement Division has been more aggressively pursuing actions against companies it believes illegally restricted whistleblowers from contacting the SEC through the improper use of non-disclosure agreements (“NDAs”), employment agreements, separation agreements, and other commercial agreements. The Division has imposed large fines on companies for such violations.

As the s SEC broadens whistleblower protections, companies should be mindful and consider auditing their agreements for any language that could be read to prohibit or hinder the ability of counterparties to those agreements to report alleged wrongdoing to the SEC.

Recent Noteworthy Enforcement Actions

Guillaume Aimé is a senior associate at Gallagher & Kennedy.

Now more than ever, individuals are incentivized to contact the SEC with allegations of wrongdoing, although many of those may not result in an enforcement action by the SEC. Tips may not only come from insiders of the company, such as employees, directors, and officers, they may also come from competitors.

Here are a few of the most recent high-profile enforcement actions by the SEC:

  • J.P. Morgan Securities LLC: the SEC charged the brokerage firm, which from March 2020 through July 2023, routinely asked retail clients to sign confidential release agreements if the firm had issued them a credit or settlement of more than $1,000 which required the clients to keep such agreement confidential, including all information related to the underlying matter, and prevented clients from voluntarily contacting the SEC. The agreements permitted clients to respond to the SEC if they did not initiate contact themselves. J.P. Morgan settled with the SEC, agreed to a cease-and-desist order, and was ordered to pay an $18 million civil penalty.
  • Activision Blizzard, Inc: the SEC charged the video game developer for using a separation agreement template which required former employees to provide notice to the company if they received a request for information from the SEC. Activision settled with the SEC, agreed to a cease-and-desist order, and to pay a $35 million penalty (including to settle charges that the company had inadequate internal disclosure controls).
  • CBRE, Inc.: the SEC charged the real estate services and investment firm for using an employee release as a condition to receive their separation pay which required employees to attest that they had not filed a complaint against CBRE with any federal agency. The SEC had charged that the language prevented employees from submitting whistleblower tips although there had been no instance where CBRE had acted against a former employee based on such a requirement or where an employee had been prevented from communicating with the SEC. CBRE settled with the SEC, agreed to a cease-and-desist order, and was ordered to pay a $375,000 civil penalty (the SEC considered CBRE’s cooperation and remediation in accepting CBRE’s offer of settlement).
  • D. E. Shaw & Co., L.P.: the SEC charged the registered investment adviser firm for using employment agreements prohibiting the disclosure of confidential corporate information to third parties, without an exception for potential SEC whistleblowers, and by requiring departing employees to sign releases affirming that they had not filed any complaints with any government agency in order for the employees to receive deferred compensation. One fact that supported the charges was that in 2017, D. E. Shaw circulated a firm-wide email notifying employees that they were not prohibited from communicating with regulators regarding possible violations of law and that notice to D. E. Shaw was not required. However, according to the order, D. E. Shaw did not include similar whistleblower protection language in its employment agreements until 2019 and in its releases until 2023—after the SEC’s investigation commenced. D. E. Shaw agreed to be censured, cease and desist from violating the whistleblower protection rule, and pay a $10 million civil penalty.
  • Monolith Resources LLC: the SEC charged the privately-held energy and technology company with using separation agreements that required certain departing employees to waive their rights to monetary whistleblower awards in connection with filing claims with or participating in investigations by government agencies.

How Companies Can Avoid Those Pitfalls

The SEC has made clear that both private and public companies are under the microscope for illegal restrictions on whistleblower activities. Additionally, the SEC went beyond prohibiting NDAs against employees and found and held that companies can be sanctioned if they have their clients sign restrictive NDAs.

Companies should be attuned to the enforcement actions and related orders issued by the SEC,  as it has clearly explained the type of language it considers illegal under Rule 21F-17(a) and provided alternative language in its orders.

To avoid any wrongdoing that could trigger an SEC investigation, employers should consider allocating time and resources for an audit of their employment agreements, NDAs, and other corporate and commercial agreements that apply to its employees. Those agreements should not deter individuals from engaging in whistleblower activities nor be so vague that they may appear to prohibit such activities.

In the event that problematic language is uncovered, the employer’s first step should be to revise such forms on a going-forward basis to remove such language, clarify that whistleblower activities are not prohibited, and note that old forms should no longer be used. In the case of existing agreements that have already been executed, the decision of whether to notify the counterparty to such agreements is more nuanced and depends on the number of such agreements and whether they involve employees. One approach can be to send a broader communication to affected individuals to clarify that nothing contained in the agreement prohibits them from contacting the SEC. As is learned from the D.E. Shaw order, however, such communication alone without any other compliance efforts will not be enough.

Any audit and remedial actions should be conducted with the assistance of your securities and employment attorneys, specifically for remedial actions involving employees.

We encourage employers who have specific questions about the SEC’s broadening of whistleblower protections, its impact on employment and other agreements, or about any securities and employment law topics, to contact Guillaume “G” Aimé at (602) 530‑8384 or

Author: Guillaume Aimé is a senior associate at Gallagher & Kennedy and focuses his practice in the areas of securities and business transactions, including SEC reporting, public and private mergers and acquisitions, and entity formation.