In January 2024, the SEC announced an $18 million settlement with J.P Morgan Securities for violations of Rule 21F-17(a), demonstrating its increased enforcement of the whistleblower rule, which prohibits any person from “tak[ing] any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement.” This follows a $10 million enforcement against D.E. Shaw, showing the SEC’s new stance of Rule 21F-17(a): sanctions that are actually large enough to deter illegal NDAs.
The SEC Enforcement Order found that J.P. Morgan Securities (JPMS) typically requested certain clients sign a Release if they received a credit or settlement of over $1,000, regardless of whether JPMS admitted or denied any error or wrongdoing in connection with the credit or settlement.
According to the SEC, this Release, implemented from March 2020 through July 2023, contained a clause stating that the client must “…keep this Agreement confidential and not use or disclose (including but not limited to, media statements, social media, or otherwise) the allegations, facts, contentions, liability, damages, or other information relating in any way to the Account, including but not limited to, the existence or terms of this Agreement.” The client and their attorneys were neither “prohibited nor restricted” from responding to any inquiry about this settlement or its underlying facts by any government entity, self- regulatory organization, or as required by law.
The SEC found that these terms prohibited clients from affirmatively reporting to the Commission staff in violation of Rule 21F-17(a). The rule, instituted after the creation of the SEC Whistleblower Program following the passage of the Dodd-Frank Act, is intended to ensure individuals can report to the Commission.
The SEC enforcement against J.P. Morgan has two notable features: First, affected parties of the illegally restrictive clauses are “advisory clients and brokerage customers” of J.P. Morgan that received credits or settlements. Second, the language in the violating clause prevents the client from initiating contact with the SEC and other regulators but does not prevent them from responding to inquiries.
This is not the first time that either of these features has been included in SEC in Rule 21F-17(a) enforcements, however, this $18 million enforcement brings them to a higher profile and reiterates the scope of enforcement for Rule 21F-17(a) with much larger penalties.
The SEC previously obtained a judgment in June 2023 against Leon Vaccarelli and his investment firm Lux Financial Services, LLC for requiring a client “to sign a release in favor of Vaccarelli and [Lux Financial Services] that she would not discuss the matter with ‘FINRA, The [sic] SEC or anyone else’” in order for the customer to have their money returned to them. This is substantially similar to the affected parties in the J.P. Morgan enforcement, who were investment customers of J.P. Morgan seeking to have credit and settlements paid to them. This was a minor case that only required the Vaccarelli to pay $62,309 to the SEC, for the Rule 21F-17(a) violation and others.
Such language has also been applied to employees: the SEC’s enforcement action against Guggenheim Securities in 2021 found that their employee manual and compliance training materials had language to prevent employees from initiating contact with SEC, similar to the illegal language that J.P. Morgan has now been charged for in the recent enforcement. According to the SEC, Guggenheim Securities included in their Employee Manual that “Employees are also strictly prohibited from initiating contact with any Regulator without prior approval from the Legal or Compliance Department.” A slide of the annual compliance training materials similarly stated, “Employees are prohibited from initiating contact with any regulator without prior approval from Legal or Compliance, including conversation[s] regarding an individual’s registration status with FINRA.” This resulted in only a small sanction against Guggenheim Securities of $208,912 paid to the SEC.
Another ongoing case with similar illegal language came to the SEC via a Complaint alleging that Collector’s Coffee had a proposed settlement agreement with investors that included the clause: “The Shareholders, for themselves and their counsel and advisors, confirm that they are not aware of, and have not had to date, and will not initiate on a going forward basis, any communications with any regulatory agencies such as the United States Securities and Exchange Commission or any other Federal, State, or Local governmental agency concerning the matters related to this Agreement. Nothing herein would prevent the parties from responding to, and/or fully complying with, a subpoena or other governmental and or regulatory compulsory process.”
The $18 million enforcement against J.P. Morgan aligns with the SEC’s increased diligence sanctioning Rule 21F-17(a) violations. The agency is sending a clear message that illegal NDAs cannot be used to prevent investment clients from providing information to the SEC to receive their payments from the investment company. It also makes clear to companies that including such language in a contract preventing an individual from initiating contact with government agencies is sufficient to violate Rule 21F-17(a), including clauses in agreements made with their investment clients.
The SEC is finally taking corrective action by issuing sanctions that should make companies using contracts to muffle potential whistleblowers, be they investors, contractors, compliance officials, or employees, reevaluate the risks of such restrictions.
Corporations should be looking at the SEC’s recent 21F-17 rulings as a sign that the age of blocking whistleblowers from disclosing in contractual agreements is over — it is now more expensive for a corporation to try to cover up fraud and corruption by silencing whistleblowers than it is for them to do the right thing.
The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).