- Do’s and Don’ts of Employee Confidentiality Agreements After the SEC’s Recent Enforcement Action
- Goodyear Settlement with SEC Highlights Reach of Parent-Subsidiary Liability Under the FCPA
- SEC Continues to Tout Benefits of FCPA Self-Reporting
- Targets Challenge Constitutionality of SEC’s In-House Court
Do’s and Don’ts of Employee Confidentiality Agreements After the SEC’s Recent Enforcement Action
By Conner G. Peretti
On April 1, 2015, the SEC penalized Houston-based KBR Inc. $130,000 for making employees sign confidentiality agreements warning them that discussing internal investigations with anyone outside the company without first getting approval from KBR could result in discipline, including termination. The SEC contended the practice violated a Dodd-Frank regulation prohibiting anyone from “imped[ing]” an individual from reporting securities law violations to the SEC, “including enforcing, or threatening to enforce, a confidentiality agreement.” 17 C.F.R. § 240.21F-17. After reviewing the SEC order, regulations and other sources, we present several Do’s and Don’ts:
Don’ts:
- Don’t prohibit or discourage employees from disclosing information concerning a possible securities law violation to the SEC. The KBR enforcement action applied to a written agreement, but the law is not restricted to written efforts to impede disclosure to the SEC.
- Don’t require preauthorization before an employee may go to the SEC with information, even if you think the information does not relate to a possible securities violation.
- Don’t enforce or threaten to enforce an unwritten policy or agreement that communicating possible securities law violations to the SEC will result in employee discipline. The SEC has promised to “vigorously enforce” the provision, which prohibits the threat of enforcement in violation of the regulation. For example, the SEC never found that KBR actually enforced the offending provision. Merely having it was enough.
- Don’t neglect past agreements or policies, even if current policies do not have a confidentiality provision that impedes reporting possible securities violations to the SEC. While the SEC has not reached a settlement with an entity for past confidentiality agreements or policies, the SEC’s press release implores employers to review “existing and historical agreements.”
Do’s:
- Do review your current and past confidentiality agreements for any provisions that could be construed to impede, in word or effect, an employee from reporting possible securities violations to the SEC. The SEC has not targeted general confidentiality agreements, as KBR’s agreement pertained to internal compliance investigations and not employment in general. However, the SEC’s line on this point is not clear.
- Do consider revising or amending past and present agreements to comply with the regulation at issue in KBR. In addition to excising possibly improper provisions, consider adding language that explicitly exempts reporting possible securities violations to the SEC. As part of KBR’s settlement, it included the following language in its confidentiality agreements:
“Nothing in this Confidentiality Statement prohibits me from reporting possible violations of federal law or regulation to any governmental agency or entity, including but not limited to the Department of Justice, the Securities and Exchange Commission, the Congress, and any agency Inspector General, or making other disclosures that are protected under the whistleblower provisions of federal law or regulation. I do not need the prior authorization of the Law Department
to make any such reports or disclosures and I am not required to notify the company that I have made such reports or disclosures.”
- Do pay attention to the letter of agreements as well as their effects. The regulation does not differentiate between policies or agreements and their effects. Thus, pointing to the language of an agreement as not strictly prohibiting disclosure to the SEC of possible securities law violations would not be a complete defense. In the SEC’s view, agreements that “in word or effect” impede reporting potential violations are improper.
Goodyear Settlement with SEC Highlights Reach of Parent-Subsidiary Liability Under the FCPA
By John A. Goldmark
The SEC’s recent settlement with Goodyear Tire & Rubber Co. underscores the risks of foreign acquisitions and parent-subsidiary liability under the FCPA. Under the settlement, Goodyear agreed to pay $16 million to settle the SEC’s charge that its subsidiaries in sub-Saharan Africa violated the FCPA by paying bribes to make tire sales.
According to the SEC’s order of settlement, Goodyear’s subsidiaries in Kenya and Angola paid more than $3.2 million in mostly cash bribes to government officials and private sector employees in order to obtain tire sales. The subsidiaries then falsely recorded the bribes as legitimate business expenses in their records, which were consolidated into Goodyear’s books and records.
Based on these alleged bribes by its subsidiaries, the SEC charged Goodyear with violating the FCPA’s accounting provisions, which require companies to (1) make and keep accurate books and records (2) implement and maintain internal controls to ensure management’s responsibility over company assets. The SEC alleged that Goodyear did not detect or prevent the bribes by its subsidiaries because it failed to implement adequate internal controls at its African-based subsidiaries and failed to conduct adequate due diligence before acquiring them.
The Goodyear settlement highlights several important lessons for companies doing business overseas. First, strong compliance programs are an important aspect of reducing FCPA liability. The SEC specifically cited the lack of any compliance training at Goodyear’s subsidiaries, and alleged that proper training could have prevented or deterred the bribes. Second, because the SEC will charge parent companies for bribes by subsidiaries, effective compliance programs should include corruption-related due diligence for acquisitions abroad. Third, taking a proactive and cooperative approach to tips of alleged FCPA violations can have benefits. The SEC stated the lower settlement amount, which did include a penalty, reflected “remedial steps” Goodyear took after receiving tips about the bribes, including conducting an internal investigation, taking disciplinary actions, increasing oversight, and self-reporting to the SEC.
SEC Continues to Tout Benefits of FCPA Self-Reporting
By Jeffrey B. Coopersmith
In a March 3, 2015 speech at a pharmaceutical conference, the SEC’s enforcement director, Andrew Ceresney, continued to tout the agency’s carrot and stick approach to FCPA self-reporting. Ceresney remarked that: “[t]here has been a lot of discussion recently about the advisability of self-reporting FCPA misconduct to the SEC. Let me be clear about my views – I think any company that does the calculus will realize that self-reporting is always in the company’s best interest.” On the other hand, Ceresney continued, the “risk of suffering adverse consequences from a failure to self-report is particularly acute in light of the continued success and expansion of our whistleblower program. The SEC’s whistleblower program has changed the calculus for companies considering whether to disclose misconduct to us, knowing that a whistleblower is likely to come forward. Companies that choose not to self-report are thus taking a huge gamble because if we learn of the misconduct through other means, including through a whistleblower, the result will be far worse.”
Ceresney pointed in particular to two recent FCPA cases, the Goodyear Tire & Rubber case and the Bio-Rad Laboratories case. In the Goodyear matter, the company settled an investigation concerning possible bribery at subsidiaries in Kenya and Angola. Although Goodyear agreed to disgorge $14.1 million in profits and $2.1 million of prejudgment interest, the SEC did not require the company to pay a civil penalty. In the Bio-Rad case, the company paid a total of $55 million to settle parallel SEC and DOJ allegations that over $7.5 million was improperly paid to Russian, Vietnamese, and Thai officials.
However, commentators and defense counsel continue to question the benefits of self-reporting. Although the fact that Goodyear paid no civil penalty suggests that the company benefitted from self-reporting the conduct, it is harder to gauge whether Bio-Rad would have had to pay more if it had not self-reported (or whether the conduct would have been detected at all). There is also the example of cases like the Ralph Lauren settlement in 2013, where it appeared that the company did everything right according to the government’s guidance but nevertheless had to pay $1.6 million to settle with the SEC and DOJ. Ralph Lauren’s conduct occurred over a relatively brief time period and was limited to one Argentine subsidiary. The company discovered the conduct while conducting routine FCPA compliance training. Although both the SEC and DOJ allowed Ralph Lauren to settle with non-prosecution agreements (such that no civil or criminal charges were filed), the facts of the case and the company’s cooperation suggest that if Ralph Lauren’s conduct warranted the payment of $1.6 million, going forward it may be that self-reporting will never result in no action being taken against a company.
In practice, companies make decisions about whether to self-report potential FCPA violations by weighing three factors. First, there are situations, such as in the case of companies regulated by FINRA, where self-reporting is required. See FINRA Rule 4530(b) (“Each member shall promptly report to FINRA, but in any event not later than 30 calendar days, after the member has concluded or reasonably should have concluded that an associated person of the member or the member itself has violated any securities-, insurance-, commodities-, financial- or investment-related laws, rules, regulations or standards of conduct of any domestic or foreign regulatory body or self-regulatory organization.”). Second, companies general decide to self-report when it is clear that the conduct will inevitably be detected by the government, such as where the company is aware of a whistleblower or ongoing civil discovery makes it likely. Third, companies also weigh the likely benefits of self-reporting compared to the additional adverse consequences if the government discovers the conduct on its own. These decisions have to rely on judgment and the experience of counsel, because there will never be perfect information. For example, even when the company has no knowledge of likely whistleblowers, employees may become or already be disgruntled such that they decide to report to the SEC or DOJ.
Targets Challenge Constitutionality of SEC’s In-House Court
By Candice M. Tewell
It used to be rare for the SEC to bring enforcement actions against unregulated entities or individuals in its in-house administrative court rather than in federal court. But as a result of the Dodd-Frank Act (and possibly due to the SEC’s recent string of high profile court losses, the SEC is now bringing many more administrative proceedings against individuals against whom it would previously have filed suit in federal court. The constitutionality of these proceedings remains in question and several targets of these SEC administrative proceedings have filed federal suits challenging the constitutionality of these in-house proceedings.
The SEC has essentially unfettered discretion to bring a case in either federal court or in-house and does not have to explain its decision in any particular case. Because the SEC may bring only civil cases, when those cases are filed in federal court defendants may engage in extensive discovery and request trial by jury. In contrast, an administrative case allows much less discovery and is decided by the SEC’s own administrative judge, not a jury, making in-house cases attractive to the SEC.
The constitutional challenges brought by the SEC’s recent in-house targets assert two general theories: First, administrative proceedings violate the defendants’ Seventh Amendment and due process rights because there’s no jury and the evidentiary rules favor the SEC. Second, the entire administrative law judge system violates the separation-of-powers doctrine under the U.S. Supreme Court’s 2010 decision in Free Enterprise Fund v. Public Company Accounting Oversight Board, 561 U.S. 477 (2010). Free Enterprise Fund held that the dual for-cause removal protections afforded members of the Public Company Accounting Oversight Board violated the Constitution’s requirement of the separation of powers, because the board members could not be held accountable by the president. See id. at 492.
But the SEC’s in-house defendants face a preliminary hurdle to their constitutional challenges that has caused several to stumble already: the question whether federal district courts have jurisdiction to hear cases challenging the constitutionality of the SEC’s administrative process. Several federal courts have already ruled that a defendant must raise his or her constitutional challenges to the SEC’s own administrative law judge, appeal any adverse decision to the Commission, and then appeal any adverse decision by the Commission to a federal court of appeals. See Bebo v. SEC, 2015 WL 905349 (E.D. Wisc. Mar. 3, 2015) (noting Bebo’s claims “are compelling and meritorious,” but the district court was the improper venue for those claims); Chau v. SEC, 2014 WL 6984236 (S.D.N.Y. Dec. 11, 2014); Jarkesy v. SEC, 48 F. Supp. 3d 32 (D.D.C. 2014).
Thus, it appears that we will have to wait for a defendant’s case to work its way through the administrative process to learn the fate of the SEC’s in-house court. But when that time comes, and if a court decides the SEC’s administrative law judges have too much protection from removal, the SEC’s push for more in-house cases could topple the entire administrative court system.