Forcing workers to sign broad nondisclosure agreements could deter disclosure of misconduct
Source: Consumer Financial Protection Bureau
The Consumer Financial Protection Bureau (CFPB) today (July 24, 2024) issued a circular to law enforcement agencies and regulators explaining how companies may be breaking the law by requiring employees to sign broad nondisclosure agreements that could deter whistleblowing. The circular explains how imposing sweeping nondisclosure agreements that do not clearly permit communication with law enforcement may intimidate employees from disclosing misconduct or cooperating with investigations. This could impede investigations and potentially violate federal whistleblower protections.
“The law enforcement community uncovers serious wrongdoing by financial firms through whistleblower tips,” said CFPB Director Rohit Chopra. “Companies should not censor or muzzle employees through nondisclosure agreements that deter whistleblowers from coming forward to law enforcement.”
Whistleblowing plays an important role in addressing illegal and unethical misconduct. In the Consumer Financial Protection Act (CFPA), Congress included a provision specifically protecting whistleblowers from retaliation for reporting violations of consumer financial protection laws. Although nondisclosure agreements can be entered into for legitimate purposes, such as ensuring the protection of confidential trade secrets, such agreements, depending on how they are worded and the context, could lead employees to believe they would face lawsuits or other retaliation for reporting suspected misconduct to governmental authorities.
Today’s circular explains that financial institutions may violate the CFPA when they require employees in certain circumstances to sign broad nondisclosure agreements, or other types of agreements that contain confidentiality requirements, if the agreements do not clearly permit communications or cooperation with law enforcement. Confidentiality agreements often specify that the employer may file a lawsuit or terminate an employee for violating the terms of the agreement.
The circular highlights particularly egregious circumstances that would typically violate the law. One example is when an employer demands a confidentiality agreement during an internal investigation, warning employees not to discuss the relevant matters with any external parties and saying they may be subject to legal penalties for doing so. If an employee involved in or aware of an investigation must sign such an agreement, they may see it as a threat against whistleblowing. An employer can significantly reduce the risk of violating whistleblower protections by ensuring that its agreements expressly permit employees to communicate freely with government enforcement agencies and to cooperate in government investigations.
The CFPB’s action today builds on prior efforts to affirm whistleblower protections and collect reports of misconduct. For example, the CFPB previously streamlined how workers in the technology industry can submit tips about potential violations of federal consumer financial laws. The CFPB’s work also aligns with a broader federal effort to protect whistleblowers and ensure corporate accountability. For example, the Securities and Exchange Commission has pursued enforcement actions against companies that violated its whistleblower protection rules when those companies required their employees or clients to sign overly restrictive confidentiality agreements.
Employees of companies who they believe their company has violated federal consumer financial laws are encouraged to send information about what they know to whistleblower@cfpb.gov. To learn more about reporting potential industry misconduct, visit the CFPB’s website.
Consumers can submit complaints about financial products or services by visiting the CFPB’s website or by calling (855) 411-CFPB (2372).
Read the circular:
Consumer Financial Protection Circular 2024-04
Whistleblower protections under CFPA Section 1057
Question presented
Can requiring employees to sign broad confidentiality agreements violate Section 1057 of the Consumer Financial Protection Act (CFPA), the provision protecting the rights of whistleblower employees, and undermine the CFPB’s ability to enforce the law?
Response
Yes. Although confidentiality agreements can be entered into for legitimate purposes, such as to ensure the protection of confidential trade secrets, such agreements, depending on how they are worded and the context in which they are employed, could lead an employee to reasonably believe that they would be sued or subject to other adverse actions if they disclosed information related to suspected violations of federal consumer financial law to government investigators. Threats of this nature can lead to violations of Section 1057 and impede investigations into potential wrongdoing, including the CFPB’s efforts to uncover violations of the consumer financial protection laws it enforces.
Background
Public policy in the United States long has recognized the important role that whistleblowing plays in preventing and stopping illegal and unethical misconduct. One of the first federal laws to provide protections to employees who reported fraud against the government was the False Claims Act, originally passed in 1863 and since amended. A majority of states since have passed their own such statutes. As Congress passed more legislation providing protections for employees against retaliation from their employers for engaging in protected whistleblowing activity, it empowered the Occupational Safety and Health Administration (OSHA), a regulatory agency of the U.S. Department of Labor (DOL), to adjudicate employees’ retaliation claims. Currently, OSHA’s Whistleblower Protection Program enforces the anti-retaliation provisions of more than 20 federal laws, including the CFPA as discussed below.1
Many entities, including covered persons and service providers under the CFPA,2 require their employees to sign nondisclosure agreements (NDAs) or other types of agreements containing confidentiality requirements. Such agreements may indicate that employees who violate the agreement’s terms may be subject to lawsuits, including the possibility of damages or other costs, as well as other punishment, such as termination. These types of agreements can be entered into for legitimate purposes—for example, to ensure the protection of confidential trade secrets or to safeguard the sensitive personal information of employees or consumers. However, depending on how they are worded and the context in which they are employed, confidentiality agreements hold the potential to frustrate the efforts of government enforcement agencies—including the CFPB—to investigate violations of law. In particular, confidentiality agreements entered into in certain circumstances may impede such efforts when they are so broadly worded as to forbid or otherwise dissuade employees from reporting suspected violations of law to the government or cooperating with a government investigation.
CFPA Section 1057
Section 1057 of the CFPA applies to covered persons. It provides anti-retaliation protections for covered employees3 and their representatives who provide information to the CFPB or any other federal, state, or local law enforcement agency regarding potential violations of laws and rules that are subject to the CFPB’s jurisdiction. Specifically, Section 1057(a) provides that “[n]o covered person or service provider shall terminate or in any other way discriminate against, or cause to be terminated or discriminated against, any covered employee or any authorized representative of covered employees” for: (1) providing or being about to provide information to the employer, the CFPB, or any other state, local, or federal government authority or law enforcement agency relating to a violation of, or any act or omission that the employee reasonably believes to be a violation of, a law subject to the CFPB’s jurisdiction or prescribed by the CFPB; (2) testifying or intending to testify about such a potential violation; (3) objecting to or refusing to participate in any activity, policy, practice, or assigned task that the employee reasonably believes to be such a violation; or (4) filing any lawsuit or instituting any other proceeding under any federal consumer financial law.4
Section 1057(c) provides procedures by which a person who believes they have been discharged or otherwise discriminated against in violation of Section 1057(a) may file a complaint with DOL, and a process by which DOL shall investigate and adjudicate such complaints.5 It further specifies the procedures for appealing DOL’s decisions in federal court. The CFPB also has independent authority to enforce Section 1057.6 Section 1057(d) provides that, outside of limited circumstances, contractual provisions that purport to waive the rights and remedies granted by Section 1057 are unenforceable.7
Accordingly, Section 1057 makes it unlawful for a covered person to discriminate against an employee for whistleblowing with respect to suspected violations of federal consumer financial law. As explained below, discrimination in this sense may include suing or threatening to sue or otherwise taking or threatening to take adverse action against employees for engaging in whistleblowing activity. And, in certain circumstances, requiring employees to sign confidentiality agreements that are so broad as to forbid or otherwise dissuade employees from sharing information about potential law violations with the government or cooperating with a government investigation can amount to a threat to punish.
Analysis
The CFPB is issuing this Circular to remind regulators and the public that covered persons who in certain circumstances require their employees to enter into broad confidentiality agreements that do not clearly permit communications with government enforcement agencies or cooperation with law enforcement investigations risk violating the CFPA’s prohibition on discrimination against whistleblowers and undermining the government’s ability to enforce the law.
As noted above, Section 1057(a) prohibits covered persons from terminating or otherwise discriminating against covered employees for engaging in whistleblowing activity. The term “discriminate against” is broad and encompasses a variety of adverse actions that a covered person may take against covered employees.8 The use of the term in multiple whistleblower protection statutes passed by Congress reflects this understanding.
For example, Section 23 of the Commodity Exchange Act (CEA), which Congress passed as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act (DFA, of which the CFPA is a part), created a whistleblower awards program and protection for whistleblowers.9Section 23, which is administered by the Commodity Futures Trading Commission (CFTC), states “[n]o employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower” in providing information to the CFTC.10 Likewise, Congress created a whistleblower awards program and related protections when it passed Section 21F of the Securities Exchange Act of 1934, also part of the DFA. Section 21F, which is administered by the Securities and Exchange Commission (SEC), identically provides that “[n]o employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower” in providing information to the SEC.11 Congress thus made clear that the term “discriminate against” encompasses a variety of adverse actions—including threatening employees—listed in these statutes, in addition to other actions that employers may take to prevent or dissuade employees from whistleblowing or to punish them for whistleblowing.12
In addition to enforcing the anti-retaliation provision of Section 21F, the SEC promulgated Rule 21F-17, which provides that “[n]o person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”13 As the SEC explained in its proposal, “the Congressional purpose underlying Section 21F of the Exchange Act is to encourage whistleblowers to report potential violations of the securities laws by providing financial incentives, prohibiting employment-related retaliation, and providing various confidentiality guarantees. Efforts to impede a whistleblower’s direct communications with Commission staff about a potential securities law violation, however, would appear to conflict with this purpose.”14 The SEC since has pursued enforcement actions against companies that it alleged violated Rule 21F-17 by requiring their employees or clients to sign confidentiality agreements that would impede the ability of such individuals to share freely information about suspected wrongdoing with the SEC.15
The SEC is not alone in observing that employer confidentiality agreements may undermine the rights of whistleblowers and impede government enforcement efforts. In 2017, the CFTC promulgated a rule that similarly bars impeding an individual from communicating with CFTC staff, including by enforcing or threatening to enforce confidentiality agreements.16 The CFTC explained when it proposed the rule that it was doing so to complement the prohibition on employer retaliation against whistleblowers found in CEA section 23(h)(1)(A) and to achieve consistency with the SEC’s whistleblower rules.17 In June 2024, the CFTC issued a settlement order with Trafigura Trading LLC that addressed, among other issues, the company’s NDAs with employees that impeded their ability to communicate voluntarily with the CFTC.18 And last year, the Federal Trade Commission’s (FTC’s) Bureau of Competition issued guidance explaining that certain types of contractual provisions, including confidentiality agreements, NDAs, and notice-of-agency-contact provisions, are “contrary to public policy and therefore void and unenforceable insofar as they purport to (1) prevent, limit, or otherwise hinder a contract party from speaking freely with the FTC; or (2) require a contract party to disclose anything to an investigation target about the FTC’s outreach or communications.”19
The same dynamic is true for the CFPB. Confidentiality agreements that limit the ability of employees to communicate with government enforcement agencies or speak freely with investigators undermine the CFPB’s ability to enforce the law. Among the functions that Congress laid out for the CFPB is “taking appropriate enforcement action to address violations of Federal consumer financial law.”20 Subtitle E of the CFPA specifies the CFPB’s enforcement powers, including the authority to conduct investigations of potential violations of law.21 In addition to other actions, the CFPB may issue demands for written or oral testimony in pursuing such investigations.22 If, due to a confidentiality agreement, an employee perceives that they could suffer adverse consequences for cooperating in such circumstances, then the CFPB’s ability to carry out its statutory functions to protect consumers is compromised.
Consistent with these observations, covered persons that require employees in certain circumstances to sign broadly worded confidentiality agreements risk violating Section 1057 of the CFPA. Confidentiality agreements sometimes specify that the employer may file a lawsuit or reserves the right to take adverse employment action upon the employee’s violation of the agreement. Depending on the circumstances, an employee may interpret such conditions as threats to retaliate for engaging in whistleblowing activity. The risk of a violation of Section 1057 is heightened when covered persons impose such agreements in situations that are particularly likely to lead a reasonable employee to perceive the required entry into the agreement as a threat, such as in the context of an internal investigation or other scenario involving potential violations of law—for example, after the uncovering of suspected or confirmed wrongdoing, or in the aftermath of a potentially embarrassing episode for a company. When an employee participates in an investigation or otherwise is made aware of possible wrongdoing and simultaneously is required to sign such an agreement, there is a heightened risk that the employee reasonably would view the requirement to sign as a threat by the employer to take adverse action if the employee were to engage in whistleblowing activity. Indeed, the employee reasonably may not fathom any other reason for why they are being made to sign the agreement beyond that the employer is threatening to sue or otherwise punish the employee for engaging in whistleblowing. In line with the analysis above, such threats may constitute discrimination within the meaning of Section 1057 and thus be prohibited, regardless of whether or not the employer acts upon them or a court actually would enforce a confidentiality agreement with respect to whistleblowing.23
For example, in 2015, the SEC found that Houston-based global technology and engineering firm KBR Inc. violated Rule 21F-17 by requiring witnesses in certain internal investigations to sign confidentiality agreements containing language warning they could face discipline, including possible termination, if they discussed the matters with outside parties without the prior approval of the company’s legal department.24 The SEC’s order stated that, although there were no apparent instances in which the company specifically prevented employees from communicating with the SEC about securities law violations, the company’s blanket prohibition against witnesses discussing the substance of their interviews without prior approval under penalty of disciplinary action had a chilling effect that undermined the purpose of Section 21F and Rule 21F-17, which is to encourage whistleblowers to report illegal conduct to the SEC. The company agreed as part of the settlement to amend its confidentiality statement to add language making clear that employees are free to report possible violations to the SEC and other federal agencies without KBR approval or fear of retaliation.
Confidentiality agreements that risk leading to violations of whistleblower protection statutes—including Section 1057 of the CFPA—can be formulated in different ways. Certainly, employers can draft them in an express manner that purports to forbid the sharing of information with outside parties with no acknowledgment of and exception for the exercise of whistleblower rights. The risk of a reasonable employee interpreting their required entry into such an agreement in circumstances involving potential wrongdoing as a threat against reporting information to the government is relatively high. But other confidentiality agreements that undermine whistleblower protections may reasonably be perceived by employees as threats against them for exercising their rights in such circumstances. For example, an agreement that forbids sharing information with third parties “to the extent permitted by law” may technically permit whistleblowing. However, an employee, who may not know that the law forbids restrictions on whistleblowing but understands that the consequence of violating the agreement is suffering adverse employment action, may reasonably interpret the agreement to bar providing information to a law enforcement agency or voluntarily cooperating in a government investigation depending on the circumstances in which the employer asks the employee to enter into the agreement. An employee reasonably may feel threatened by such language in certain circumstances, such as those described above, and decline to report suspected violations of law to the government.25 An employer can significantly reduce the risk of this kind of perception—and thus of violating Section 1057—by ensuring that its agreements expressly permit employees to communicate freely with government enforcement agencies and to cooperate in government investigations.
As explained above, suing or threatening to sue or otherwise punish employees for engaging in whistleblowing activity may constitute discrimination against whistleblowers. Accordingly, when covered persons require employees to sign broadly worded confidentiality agreements that do not clearly permit communicating with government enforcement agencies or cooperating with law enforcement, especially when circumstances bear indicia of potential or suspected wrongdoing, they may be threatening to take adverse action against those employees for reporting suspected violations of federal consumer financial law to the CFPB or other regulators. Thus, covered persons who impose these types of agreements on their employees risk violating the prohibition on discrimination against whistleblowers contained in Section 1057 of the CFPA.