Thanks to Gary Brown of Nelson Mullins for this post!

On June 22, 2022, the SEC announced a settled enforcement case against The Brink’s Company.  The case is based on provisions in Brink’s employee confidentiality agreements that all new employees were required to sign that prohibited disclosing confidential information without prior written approval from the company.  The prohibition was expansive enough to include bringing financial data and other internal records to regulators, which is exactly the sort of information one is likely to include in a whistleblower complaint. The allegations set forth in the SEC’s Order pointed out that despite its knowledge that the SEC was stepping up enforcement in this area, in 2015, the legal team for Brink’s rank and file employees actually made its confidentiality agreements even more restrictive.  These 2015 additions included provisions for liquidated damages ($75,000) and payment of legal fees for any employee.

This case is the latest in a series focused on the whistleblower protection provisions in the Dodd-Frank Act, and specifically Rule 21F-17, which states in part:

(a) No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.

Brink’s confidentiality agreements did not include an exception for disclosing information to the SEC via its whistleblower program.  As discussed in the SEC’s Order, Brinks will pay a $400,000 civil penalty and must take steps to notify employees that they may provide confidential information to the SEC (and other government agencies) despite the terms of their confidentiality agreements.

Earlier cases that send this same message include:

• KBR, Inc. – April 1, 2015 – $130,000 civil penalty
• BlueLinx Holdings – August 10, 2016 – $265,000 civil penalty
• HealthNet, Inc. – August 16, 2016 – $340,000 civil penalty
• Guggenheim Securities – June 23, 2021 – $208,912 civil penalty

Pre-taliation clauses are one of the great unforced errors in corporate compliance. You are accountable even if you don’t enforce the agreement – inclusion of the offending language is enough to violate the rule.  So – do a keyword search in your policy manual and form agreements, find any offending examples, and then press the DELETE key. That’s your remediation.

As always, your thoughts and comments are welcome!