On June 22, 2022, the US Securities and Exchange Commission reached a settlement with the Brinks Company, a Virginia-based private security and protection provider, to resolve allegations that the company violated the protections for whistleblowers created by the Dodd-Frank Act and implementing rules.
In 2011, the SEC adopted Rule 21F-17 as part of the Securities and Exchange Act of 1934 in an effort to encourage whistleblowers to report possible violations of securities laws. The rule prohibits any action that would impede individuals from reporting securities violations directly to the SEC, including by “enforcing, or threatening to enforce, a confidentiality agreement” that would discourage such reports.
In its June 22, 2022 cease-and-desist order, the SEC stated that Brinks violated this rule by requiring new U.S. employees to sign a confidentiality agreement that prohibited them from divulging confidential information about the company to any third party without prior written approval. The agreements defined confidential information to include “financial information,” which the SEC described as information this is “often” a “component[] of whistleblower complaints.” Moreover, the agreements included a provision that imposed monetary penalties if the agreements were violated and, critically, did not include a “whistleblower protection carve-out.”
The SEC further criticized Brinks for not updating its confidentiality agreements in light of prior SEC enforcement actions. In particular, the order notes that in April 2015, the SEC issued its first Rule 21F-17 enforcement action and, at that time, Brinks’ outside counsel suggested that Brinks incorporate certain whistleblower carve-out language into the company’s employment agreements. According to the order, the company did not do so and, in April 2015, revised the agreements to include a $75,000 liquidated damages provision for violations of the agreement, as well as a requirement that the employee pay the company’s legal fees in the event of a breach of the agreement.
Without admitting or denying the SEC’s allegations, Brinks agreed to pay a $400,000 civil monetary penalty and cease-and-desist from further violations of the whistleblower rule. The company also agreed to include a detailed “protected rights” clause in all of its employment-related agreements for US employees that clearly states employees may file complaints with the SEC or other government regulatory authority. Brinks further agreed to contact employees who had signed confidentiality agreements during the relevant timeframe to make them aware of the SEC’s order and that Brinks permits current or former employees to provide information to the SEC and accept a whistleblower award from the SEC.
July 6, 2022