SEC Rule 21F-17, spun out of Dodd-Frank, prohibits any person or entity under SEC jurisdiction from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” In 2015-16, the SEC brought several enforcement actions against investment adviser firms whose employment agreements (e.g., offer letters, confidentiality agreements, and severance agreements) either required the employee to waive his or her whistleblower rights or more subtlety impeded that ability, e.g., by stating that an employee must report a possible violation internally to compliance or management before reporting out to the SEC.

Since those actions, OCIE followed up with a risk alert stating that it will review advisers’ “compliance manuals, codes of ethics, employment agreements, and severance agreements to determine whether provisions in those documents pertaining to confidentiality of information and reporting of possible securities law violations may raise concerns under Rule 21F-17.” This means that no internal document is safe from  review for what the SEC may deem restrictive reporting language. Accordingly, advisers should take a second look at all employment agreements as well as internal policies (e.g., Code of Ethics) containing confidentiality language. Those sections should clearly provide that an employee may directly report out to the SEC (without prior notice to the firm) if the employee believes that there is a possible securities law violation.