Companies Must Step Carefully In Confidentiality Pacts for Internal Probes

Stay current on changes and developments in corporate law with a wide variety of resources and tools.

By Yin Wilczek

June 25 — The Securities and Exchange Commission's recent action against KBR Inc. serves as a warning that companies must step cautiously when trying to preserve the confidentiality of internal investigations, a senior enforcement official said June 25.

Stephanie Avakian, deputy director of the SEC Enforcement Division, noted that companies have to ask themselves: “Are the statements I’m making likely to leave someone feeling or likely to leave someone with the impression that they can't report wrongdoing to the commission?”

She noted that there are situations where employers may want to limit employees from discussing the facts with others for proper reasons. If the rationale is spelled out, the provisions wouldn't have the “feel of an action intended to impede someone from going to the commission,” she said.

“When you get in that gray area, you have to be really careful about the structure of what you’re saying and what the person's likely hearing,” Avakian added.

Avakian spoke at a Practising Law Institute conference on internal investigations. She said she voiced her own opinions and did not speak on behalf of the commission or other staff members.

Novel Action 

KBR Inc. April 1 agreed to settle a novel SEC administrative action that one of its confidentiality agreements infringed on federal whistle-blower protections.

Among other problems, the SEC faulted the company over the fact that KBR employees who internally reported potential wrongdoing had to sign a confidentiality agreement that prohibited them from “discussing any particulars” about the subsequent internal investigation without permission of the company's legal department.

‘Upjohn' Warnings 

Avakian told the audience that a “proper Upjohn warning” should not run afoul of 1934 Securities Exchange Act Rule 21F-17(a), which states that employers may not “take any action to impede” their workers from contacting the SEC about possible securities violations, “including enforcing, or threatening to enforce, a confidentiality agreement” with respect to the worker's communication with the agency.

However, where companies go beyond trying to protect privileged material, they have to include additional language stating that employees are not prohibited from reporting possible securities law violations to the SEC or other government regulators, Avakian said. She added that there is a “middle ground” where companies can spell out confidentiality requirements in appropriate language that doesn't impede employee communications with the commission.

Nancy Kestenbaum, a New York-based partner at Covington & Burling LLP, noted that there are “tricky” situations where companies don't want employees who are witnesses in internal investigations discussing underlying facts because they want the employees to retain their independent recollection of the events.

Kestenbaum also suggested that corporate counsel and attorneys script out their Upjohn warnings ahead of time. “At least until there’s more settled authority about where some of these lines are, I think you’ll have to be very, very precise,” she said.

To contact the reporter on this story: Yin Wilczek in Washington at

To contact the editor responsible for this story: Ryan Tuck at


Request Corporate on Bloomberg Law