On June 22, 2022, the Securities and Exchange Commission (“SEC”) announced a settlement with The Brink’s Company (“Brinks”), a publicly-traded company that provides cash transit and money processing services, for violations of Rule 21F-17, which implements whistleblower protections included in the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”).1 The enforcement action is noteworthy both because the misconduct identified by the SEC relates to otherwise ordinary confidentiality and non-competition agreements Brinks required new U.S. employees to execute as part of its onboarding process, and because Brinks was punished for not revising these agreements in light of prior SEC enforcement actions against other companies. The Brinks enforcement action is a reminder that publicly-traded companies should review their confidentiality agreements, employment agreements, severance and termination agreements, and other, similar contracts to ensure that they do not contain provisions that would be viewed by the SEC as contrary to SEC rules regarding protections for whistleblowers.
Dodd-Frank Whistleblower Protections
Dodd-Frank prohibits companies from punishing employees who provide information to the SEC, and it gives the SEC the authority to implement rules to enforce this protection. One such rule, Rule 21F-17(a), prohibits “any action to impede an individual from communicating directly with the [SEC] staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . with respect to such communications.”2 Thus, the rule specifically identifies confidentiality agreements as a potential way whistleblowers could be improperly silenced.
Brinks Enforcement Action
According to the SEC’s order, from at least 2015 through April 2019, new Brink’s U.S.3 employees were required to execute a Confidentiality and Non-Competition Agreement (“Confidentiality Agreement”) as part of their onboarding process.4 The Confidentiality Agreement prohibited employees from disclosing confidential information about the company to any third party without the prior written authorization of an executive officer of the company. The agreement defined “Confidential Information” broadly to include information about “current and potential customers, . . . prices, costs, business plans, market research, sales, marketing, . . . operational processes and techniques, [and] financial information including financial information set forth in internal records, files and ledgers or incorporated in profit and loss statements, financial reports and business plans. . . .”5 The SEC described this type of information as a frequent component of whistleblower complaints, meaning that any restriction on the disclosure of such information needed to allow for carve-outs for reports to enforcement authorities, which the Confidentiality Agreements did not. The SEC further noted that similar language relating to confidentiality appeared in other agreements used by Brinks, such as in settlement agreements with employees regarding employment matters.
In April 2015, the SEC brought its first enforcement action penalizing a company (KBR, Inc.) for violating whistleblower protections by having overly restrictive language in a confidentiality agreement. Specifically, the SEC alleged that KBR, Inc. violated Rule 21F-17 through the confidentiality agreements KBR, Inc. routinely required witnesses in internal investigations to sign. Following that action, between 2015 and 2017, the SEC brought eight other enforcement actions charging violations of Rule 21F-17.
In its order in the Brinks matter, the SEC highlighted that these prior enforcement actions had been reported in the media. The SEC specifically noted that Brinks received a “Client Memo” from its outside counsel on April 3, 2015 that recommended that public companies review their employment-related agreements and consider whistleblower carve-out language to ensure such agreements did not run afoul of Rule 21F-17. However, Brinks did not make any such revisions. Instead, around April 10, 2015, Brinks amended its Confidentiality Agreement to add a $75,000 liquidated damages penalty for violations of the agreement. This version of the Confidentiality Agreement was used for about four years for the approximately 2,000 to 3,000 new employees hired by Brink’s U.S. annually.
The SEC order further noted that following the KBR, Inc. decision and Brinks’ modification of its Confidentiality Agreement, attorneys at Brinks received additional notices about the requirements of Rule 21F-17. For example, in August 2016, a Brinks attorney sent herself a Wall Street Journal article about a Rule 21F-17 enforcement action by the SEC, but still Brinks did not modify its Confidentiality Agreement. In December 2016, a Brinks attorney received a “law firm’s client advisory bulletin” that discussed two Rule 21F-17 enforcement actions.6 This attorney sent that bulletin to other Brinks attorneys and the company’s outside counsel, and, as a result of that discussion, Brinks modified its “corporate-level severance agreement template” to include a carve-out from confidentiality requirements for whistleblowing.7 A few months later, Brinks added similar language to “several employee litigation settlement agreements.” However, at no time prior to April 2019 did the company update the Confidentiality Agreement or “any other employee agreements.”8
The SEC found that by requiring current and former employees “to notify the company prior to disclosing any financial or business information to any third parties, and threatening them with liquidated damages and legal fees if they did not do so,” Brinks obstructed potential whistleblowers, thereby violating Rule 21F-17.9 Without admitting or denying the SEC’s findings, Brinks agreed to pay a monetary penalty of $400,000. The company also agreed to include in all “employment-related agreements involving U.S.-based employees” a specific contractual provision defined by the order that makes clear employees may file whistleblower complaints. The specific contractual language included in the order is as follows:
Protected Rights. Employee understands that nothing contained in this Agreement limits Employee’s ability to file a charge or complaint with the Securities and Exchange Commission, or any other federal, state, or local governmental regulatory or law enforcement agency (“Government Agencies”). Employee further understands that nothing in this Agreement limits Employee’s ability to communicate with any Government Agencies or otherwise participate in or fully cooperate with any investigation or proceeding that may be conducted by any Government Agency, including providing documents or other information, without notice to or approval from the Company. Employee can provide confidential information to Government Agencies without risk of being held liable by Brinks for liquidated damages or other financial penalties. This Agreement also does not limit Employee’s right to receive an award for information provided to any Government Agencies.10
In addition, Brinks agreed to contact current and former U.S.-based Brinks employees who signed the prior Confidentiality Agreement and provide those individuals with a copy of the SEC order and a statement that Brinks permits current or former employees to: “(1) provide information and/or documents to, and/or communicate with, [SEC] staff without notice to or approval from the Company; and (2) accept a whistleblower award from the [SEC] pursuant to Section 21F of the Exchange Act.”11 Finally, Brinks agreed to submit to the SEC a written certification describing the steps taken to satisfy the above-described requirements, and attaching exhibits sufficient to demonstrate compliance with the SEC’s order.
This enforcement action provides a reminder that companies should monitor recent enforcement actions and undertake any appropriate remediation based upon the lessons learned from those actions. More specifically, companies should review their confidentiality agreements, employment agreements, severance and termination agreements, and other similar contracts to ensure they are in compliance with the Dodd-Frank whistleblower protections. The Brinks enforcement action makes clear that the SEC continues to actively monitor companies’ compliance with required protections for whistleblowers, and considers public companies to be on notice of the requirements.
1 In the Matter of The Brink’s Company, Exchange Act Rel. No. 95138 (June 22, 2022).
2 17 C.F.R. § 240.21F-17(a).
3 Brink’s U.S. is a division of Brink’s, Inc., which is a wholly-owned subsidiary of Brinks.
4 In the Matter of The Brink’s Company, Exchange Act Rel. No. 95138 (June 22, 2022).