Protecting Whistleblowers: The Dodd-Frank Act

In an unprecedented action, the Security and Exchange Commission raised the bar when it comes to protecting whistleblowers.  Houston-based engineering and tech firm Kellog Brown & Root, Inc. (KBR) received a cease and desist order and a $130,000 penalty for language in a confidentiality agreement employees were required to sign in 2015.

KBR is one of the largest government contractors with over 25,000 employees across 40 countries.  Between 2002-2011, they won nearly $40 billion in federal work in Afghanistan and Iraq.  A former employee brought about allegations that KBR and Halliburton (KBR’s former parent company and one of the world’s largest corporations in the energy industry) inflated financial costs in a military supply contract for building US bases in Iraq.  The issue of confidentiality agreements came to light during depositions for this case.

Before the SEC findings, KBR required employees to sign confidentiality agreements stating they would not discuss or disclose any information about suspected company wrongdoing or unethical or illegal employee conduct to anyone outside of the company.  An employee could face disciplinary action or even termination if found violating this agreement.  Essentially, this means no whistleblowing to the SEC or US Department of Justice.  Unfortunately for KBR, these provisions directly violate the Securities and Exchange Act and particularly the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.


Dodd-Frank Act

The Dodd-Frank Wall Street Reform and Consumer Protection Act provides for several regulations on the financial industry:

  • Regulates banks and prevent financial institutions deemed “too big to fail”
  • Prohibits banks from investing or sponsoring hedge funds or equity funds for their own profit
  •  Regulates the credit rating agencies to prevent misleading ratings to consumers
  • Stops risky lending practices
  • Provides consumers with “plain English” information about their mortgages and credit scores
  • Financial rewards for whistleblowers who provide information to the SEC about corporate corruption

SEC Division of Enforcement Director Andrew Ceresney said KBR’s confidentially agreement violated the Dodd-Frank Act by stifling potential whistleblowers.  He stated, “By requiring its employees and former employees to sign confidentiality agreements imposing pre­notification requirements before contacting the SEC, KBR potentially discouraged employees from reporting securities violations to us.  SEC rules prohibit employers from taking measures through confidentiality, employment, severance or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC. We will vigorously enforce this provision.”

It should be noted that these agreements had been in place for years at KBR, and there were no allegations KBR actually prevented any employees from speaking out.  As part of the agreement, KBR rewrote its corporate confidentiality agreements and did not admit to any wrongdoing.

Since the SEC’s whistleblowing rules went into effect in 2011, 22 whistleblowers have received more than $54 million in awards.  The SEC’s Office of the Whistleblower received a 30% jump in claims in 2015.  In 2014, one whistleblower received between $30-$35 million; the largest to date under the Dodd-Frank Act.  Some industry insiders see the KBR case as a clear message from the SEC:  the Commission will not tolerate any “pre-taliation” efforts in stifling whistleblowers.



The Security and Exchange Commission investigates and enforces corporate wrongdoing with the aid of whistleblowers under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010.  Whistleblowers remain anonymous and shall not receive any retaliation by their employer for their role in reporting to the SEC. Engineering and tech firm KBR violated this rule by requiring employees to sign confidentiality agreements promising not to contact anyone about any alleged corporate wrongdoing.


CIPP Exam Preparation

In preparation for the Certification Information Privacy Professional/United States (CIPP/US) exam, a privacy professional should be comfortable with topics related to this post, including:

Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (II.C.e.)


Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>