Exchange Act Rule 21F-17, adopted in 2011 under the auspices of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, prohibits any person from taking any action to impede an individual from communicating directly with the SEC, including by “enforcing, or threatening to enforce, a confidentiality agreement . . . .”  The SEC has prioritized enforcing this rule expansively, by requiring employers to provide SEC-specific carveouts to policies and agreements governing confidentiality.  According to an Order issued last week against The Brink’s Company ( “Brink’s” or “Brinks”), the SEC seems to suggest that employers must provide a specific carveout in restrictive covenant agreements permitting employees and former employees to report information to the SEC in addition to the statutory disclosure provided for in the federal Defend Trade Secrets Act (DTSA).

The DTSA requires employers to provide notice of whistleblower immunity “in any contract or agreement with an employee that governs the use of a trade secret or other confidential information.” The notice must inform employees that:

An individual shall not be held criminally or civilly liable under any Federal or State trade secret law for the disclosure of a trade secret that—(A) is made—(i) in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal.

The penalty for noncompliance with this requirement is that an employer will not be entitled to recover multiple damages and attorneys’ fees under the DTSA in the event of misappropriation by an employee who is not so notified.  As a result, most employers now provide this language in restrictive covenant agreements that contain confidentiality requirements. Those that do not do so will not be entitled to multiple damages and attorneys’ fees under the DTSA, but there are no civil penalties for failing to include this notice.

The SEC’s Order issued against Brink’s finds the above DTSA language insufficient and requires Brink’s to include additional language in its confidentiality agreements with employees that specifically references the SEC.  Specifically, in its June 22, 2022 Order, the SEC announced that, without admitting or denying any wrongdoing, Brink’s had agreed to pay $400,000, consented to the issuance of a cease and desist order finding that it violated Rule 21F-17(a), and amended its agreements with U.S.-based employees to include the following new provision that outlines the employees’ rights under Rule 21F-17(a):

Protected Rights. Employee understands that nothing contained in this Agreement limits Employee’s ability to file a charge or complaint with the Securities and Exchange Commission, or any other federal, state, or local governmental regulatory or law enforcement agency (“Government Agencies”). Employee further understands that nothing in this Agreement limits Employee’s ability to communicate with any Government Agencies or otherwise participate in or fully cooperate with any investigation or proceeding that may be conducted by any Government Agency [sic], including providing documents or other information, without notice to or approval from the Company. Employee can provide confidential information to Government Agencies without risk of being held liable by Brinks for liquidated damages or other financial penalties. This Agreement does not limit Employee’s right to receive an award for information provided to any Government Agencies.

In addition, Brink’s agreed to contact all current and former employees who signed the noncompliant agreements and provide them with a copy of the SEC’s Order and a statement outlining their legal rights.

This came in response to findings by the SEC that from at least 2015 to 2019, Brink’s required its employees to sign restrictive covenant agreements that included noncompetes and confidentiality provisions that prohibited employees from disclosing any financial or business information to third parties, but did not include any carveouts for potential SEC whistleblowers. Rather, Brink’s required prior approval before disclosing such information to any third parties, and any employee who failed to comply with this requirement could be subject to $75,000 in liquidated damages, plus attorneys’ fees. According to the SEC:

By requiring current and former employees to notify the company prior to disclosing any financial or business information to any third parties, and threatening them with liquidated damages and legal fees if they did not do so, Brinks took action to impede potential whistleblowers by forcing those employees to choose between identifying themselves to the company as whistleblowers or potentially having to pay $75,000 and the company's legal fees.

Not all SEC Commissioners agreed with the breadth of the Order, however. Following its issuance, Commissioner Hester M. Peirce issued a statement on the SEC’s website in which she agreed with the finding that Brink’s violated Rule 21F-17(a), but disagreed with the remedies that go beyond the “limited scope” of the SEC’s authority. Specifically, Commissioner Peirce took issue with the breadth of the new provision Brink’s was required to include in all new agreements with U.S.-based employees because it not only references an employee’s right to file a charge or complaint with the SEC, but also with “any other federal, state, or local governmental regulatory or law enforcement agency.” According to Commissioner Peirce:

The Commission plainly lacks statutory authority to impose such a broad requirement, and Rule 21F-17 does not purport to assert such authority. I recognize that the Order states that Brinks’ agreement to this undertaking was merely a consideration when determining whether to accept the company’s offer of settlement. The Commission, however, must be cautious about using the settlement process to obtain voluntary compliance with requirements that it lacks statutory authority to impose.

Commissioner Peirce went on, however, to make clear that the fact Brink’s had “agreed to particularly broad language as part of a settlement should not be misconstrued as an indication that other companies are under any obligation to use the same or similar language to avoid running afoul of Rule 21F-17.” Further, the Order itself states: “The findings herein are made pursuant to Respondent’s Offer of Settlement and are not binding on any other person or entity in this or any other proceeding.”

Despite Commissioner Peirce’s misgivings, the Order follows a long line of SEC enforcement actions requiring confidentiality agreements and policies to provide SEC-specific carveouts.  In 2015, the SEC brought an enforcement action against KBR alleging that language in KBR confidentiality agreements provided to employees in connection with internal investigations stifled whistleblowing.  Then in 2016, BlueLinx Holdings Inc. agreed to pay a penalty to the SEC in connection with confidentiality language in its severance agreements.  In June 2021, the SEC fined Guggenheim Securities, LLC for maintaining a policy that it contended impeded potential whistleblowers from communicating with the SEC by requiring employees to obtain permission before reporting securities violations.  The SEC’s Order issued against Brink’s represents the latest development in this trend, this time finding for the very first time that a failure to include carveout language expressly referencing the SEC in a post-employment restrictive covenant agreement constitutes a violation of Rule 21F-17.

Employers should take heed of the SEC’s position that a failure to include a specific carveout in a confidentiality provision referencing an employee’s right to disclose information to the SEC is a violation of Rule 21F-17 and could subject employers to substantial fines and penalties. And as we have previously reported, states are beginning to require similar carveouts for claims of discrimination, sexual harassment, and the like.

Please reach out to any member of EBG’s Trade Secret & Employee Mobility and/or Whistleblowing and Compliance practice groups, or your EBG relationship partner, to review existing agreements and policies, and to provide updates that comply not only with this SEC Order, but also numerous recent changes in state law concerning noncompetes and other post-employment restrictive covenants.

Back to Trade Secrets & Employee Mobility Blog

Search This Blog

Blog Editors


Related Services



Jump to Page


Sign up to receive an email notification when new Trade Secrets & Employee Mobility posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.