Consumer Financial Protection Circular 2024-04: Whistleblower Protections Under CFPA Section 1057, 65170-65174 [2024-17539]
Download as PDF
<![CDATA[
65170
Federal Register / Vol. 89, No. 154 / Friday, August 9, 2024 / Rules and Regulations
U.S.C. 553(b). As discussed previously,
consistent with section 553(b)(B) of the
APA, the FDIC has determined for good
cause that notice and opportunity for
public comment prior to the rule’s
effective date is contrary to the public
interest, and therefore is not issuing a
notice of proposed rulemaking.
Accordingly, the FDIC has concluded
that the RFA’s requirements relating to
initial and final regulatory flexibility
analyses do not apply. Nevertheless, the
FDIC is interested in receiving feedback
on ways that it could reduce any
potential burden of the interim final
rule on small entities.
might make the proposal easier to
understand.
ACTION:
List of Subjects in 12 CFR Part 330
SUMMARY:
Bank deposit insurance, Reporting
and recordkeeping requirements,
Savings associations.
Authority and Issuance
For the reasons stated in the
preamble, the Board of Directors of the
Federal Deposit Insurance Corporation
amends part 330 of title 12 of the Code
of Federal Regulations as follows:
PART 330—DEPOSIT INSURANCE
COVERAGE
Congressional Review Act
For purposes of the Congressional
Review Act, the OMB makes a
determination as to whether a final rule
constitutes a ‘‘major’’ rule. If a rule is
deemed a ‘‘major rule’’ by the OMB, the
Congressional Review Act generally
provides that the rule may not take
effect until at least 60 days following its
publication.
The Congressional Review Act defines
a ‘‘major rule’’ as any rule that the
Administrator of the Office of
Information and Regulatory Affairs of
the OMB finds has resulted in or is
likely to result in (1) an annual effect on
the economy of $100,000,000 or more;
(2) a major increase in costs or prices for
consumers, individual industries,
Federal, State, or local government
agencies or geographic regions, or (3)
significant adverse effects on
competition, employment, investment,
productivity, innovation, or on the
ability of United States-based
enterprises to compete with foreignbased enterprises in domestic and
export markets.
The OMB has determined that the
interim final rule is not a major rule for
purposes of the Congressional Review
Act. The FDIC will submit the rule and
other appropriate reports to Congress
and the Government Accountability
Office for review.
ddrumheller on DSK120RN23PROD with RULES1
Plain Language
Section 722 of the Gramm-LeachBliley Act 30 requires the Federal
banking agencies to use plain language
in all proposed and final rules
published after January 1, 2000. The
FDIC has sought to present the interim
final rule in a simple and
straightforward manner. The FDIC
invites comments on whether the
interim final rule is clearly stated and
effectively organized and how the FDIC
30 Public Law 106–102, sec. 722, 113 Stat. 1338,
1471 (codified at 12 U.S.C. 4809)).
VerDate Sep<11>2014
16:41 Aug 08, 2024
Jkt 262001
1. The authority citation for part 330
continues to read as follows:
■
Authority: 12 U.S.C. 1813(l), 1813(m),
1817(i), 1818(q), 1819(a)(Tenth), 1820(f),
1820(g), 1821(a), 1821(d), 1822(c).
2. Amend § 330.3 by revising
paragraph (e)(3) to read as follows:
■
§ 330.3
General principles.
*
*
*
*
*
(e) * * *
(3) Rule of construction. For purposes
of this paragraph (e), the following are
not considered to be offices located
outside any State, as referred to in
paragraph (e)(1) of this section:
(i) Overseas Military Banking
Facilities operated under U.S.
Department of Defense regulations, 32
CFR parts 230 and 231; and
(ii) Legacy branches of U.S. insured
depository institutions in the Federated
States of Micronesia, the Republic of the
Marshall Islands, or the Republic of
Palau, which for purposes of this
paragraph means the number of
branches operated by each U.S. insured
depository institution as of August 9,
2024.
*
*
*
*
*
Federal Deposit Insurance Corporation.
By order of the Board of Directors.
Dated at Washington, DC, on July 30, 2024.
James P. Sheesley,
Assistant Executive Secretary.
[FR Doc. 2024–17351 Filed 8–8–24; 8:45 am]
BILLING CODE 6714–01–P
CONSUMER FINANCIAL PROTECTION
BUREAU
12 CFR Chapter X
Consumer Financial Protection
Circular 2024–04: Whistleblower
Protections Under CFPA Section 1057
AGENCY:
Consumer Financial Protection
Bureau.
PO 00000
Frm 00006
Fmt 4700
Sfmt 4700
Consumer financial protection
circular.
The Consumer Financial
Protection Bureau (CFPB) has issued
Consumer Financial Protection Circular
2024–04, titled, ‘‘Whistleblower
protections under CFPA section 1057.’’
In this circular, the CFPB responds to
the question, ‘‘Can requiring employees
to sign broad confidentiality agreements
violate section 1057 of the Consumer
Financial Protection Act (CFPA), the
provision protecting the rights of
whistleblower employees, and
undermine the CFPB’s ability to enforce
the law?’’
DATES: The CFPB released this circular
on its website on July 24, 2024.
ADDRESSES: Enforcers, and the broader
public, can provide feedback and
comments to Circulars@cfpb.gov.
FOR FURTHER INFORMATION CONTACT:
George Karithanom, Regulatory
Implementation & Guidance Program
Analyst, Office of Regulations, at 202–
435–7700 or at: https://
reginquiries.consumerfinance.gov/. If
you require this document in an
alternative electronic format, please
contact CFPB_Accessibility@cfpb.gov.
SUPPLEMENTARY INFORMATION:
Question Presented
Can requiring employees to sign broad
confidentiality agreements violate
section 1057 of the Consumer Financial
Protection Act (CFPA), the provision
protecting the rights of whistleblower
employees, and undermine the CFPB’s
ability to enforce the law?
Response
Yes. Although confidentiality
agreements can be entered into for
legitimate purposes, such as to ensure
the protection of confidential trade
secrets, such agreements, depending on
how they are worded and the context in
which they are employed, could lead an
employee to reasonably believe that
they would be sued or subject to other
adverse actions if they disclosed
information related to suspected
violations of Federal consumer financial
law to government investigators. Threats
of this nature can lead to violations of
section 1057 and impede investigations
into potential wrongdoing, including
the CFPB’s efforts to uncover violations
of the consumer financial protection
laws it enforces.
Background
Public policy in the United States
long has recognized the important role
that whistleblowing plays in preventing
and stopping illegal and unethical
E:\FR\FM\09AUR1.SGM
09AUR1
Federal Register / Vol. 89, No. 154 / Friday, August 9, 2024 / Rules and Regulations
misconduct. One of the first Federal
laws to provide protections to
employees who reported fraud against
the government was the False Claims
Act, originally passed in 1863 and since
amended. A majority of States since
have passed their own such statutes. As
Congress passed more legislation
providing protections for employees
against retaliation from their employers
for engaging in protected
whistleblowing activity, it empowered
the Occupational Safety and Health
Administration (OSHA), a regulatory
agency of the U.S. Department of Labor
(DOL), to adjudicate employees’
retaliation claims. Currently, OSHA’s
Whistleblower Protection Program
enforces the anti-retaliation provisions
of more than 20 Federal laws, including
the CFPA as discussed below.1
Many entities, including covered
persons and service providers under the
CFPA,2 require their employees to sign
nondisclosure agreements (NDAs) or
other types of agreements containing
confidentiality requirements. Such
agreements may indicate that employees
who violate the agreement’s terms may
be subject to lawsuits, including the
possibility of damages or other costs, as
well as other punishment, such as
termination. These types of agreements
can be entered into for legitimate
purposes—for example, to ensure the
protection of confidential trade secrets
or to safeguard the sensitive personal
information of employees or consumers.
However, depending on how they are
worded and the context in which they
are employed, confidentiality
agreements hold the potential to
frustrate the efforts of government
enforcement agencies—including the
CFPB—to investigate violations of law.
In particular, confidentiality agreements
entered into in certain circumstances
may impede such efforts when they are
so broadly worded as to forbid or
otherwise dissuade employees from
reporting suspected violations of law to
the government or cooperating with a
government investigation.
ddrumheller on DSK120RN23PROD with RULES1
CFPA Section 1057
Section 1057 of the CFPA applies to
covered persons. It provides antiretaliation protections for covered
employees 3 and their representatives
1 See Occupational Safety and Health
Administration: Whistleblower Protection, https://
www.whistleblowers.gov/about-us.
2 Covered persons and service providers must
comply with the whistleblower protection
requirements of the CFPA. 12 U.S.C. 5481(6), (26);
12 U.S.C. 5567. For simplicity, the remainder of this
circular refers to covered persons and service
providers as ‘‘covered persons.’’
3 A ‘‘covered employee’’ is defined as ‘‘any
individual performing tasks related to the offering
VerDate Sep<11>2014
16:41 Aug 08, 2024
Jkt 262001
who provide information to the CFPB or
any other Federal, State, or local law
enforcement agency regarding potential
violations of laws and rules that are
subject to the CFPB’s jurisdiction.
Specifically, section 1057(a) provides
that ‘‘[n]o covered person or service
provider shall terminate or in any other
way discriminate against, or cause to be
terminated or discriminated against, any
covered employee or any authorized
representative of covered employees’’
for: (1) providing or being about to
provide information to the employer,
the CFPB, or any other State, local, or
Federal Government authority or law
enforcement agency relating to a
violation of, or any act or omission that
the employee reasonably believes to be
a violation of, a law subject to the
CFPB’s jurisdiction or prescribed by the
CFPB; (2) testifying or intending to
testify about such a potential violation;
(3) objecting to or refusing to participate
in any activity, policy, practice, or
assigned task that the employee
reasonably believes to be such a
violation; or (4) filing any lawsuit or
instituting any other proceeding under
any Federal consumer financial law.4
Section 1057(c) provides procedures
by which a person who believes they
have been discharged or otherwise
discriminated against in violation of
section 1057(a) may file a complaint
with DOL, and a process by which DOL
shall investigate and adjudicate such
complaints.5 It further specifies the
procedures for appealing DOL’s
decisions in Federal court. The CFPB
also has independent authority to
enforce section 1057.6 Section 1057(d)
provides that, outside of limited
circumstances, contractual provisions
that purport to waive the rights and
remedies granted by section 1057 are
unenforceable.7
Accordingly, section 1057 makes it
unlawful for a covered person to
discriminate against an employee for
whistleblowing with respect to
suspected violations of Federal
consumer financial law. As explained
below, discrimination in this sense may
include suing or threatening to sue or
otherwise taking or threatening to take
adverse action against employees for
engaging in whistleblowing activity.
And, in certain circumstances, requiring
or provision of a consumer financial product or
service.’’ 12 U.S.C. 5567(b).
4 12 U.S.C. 5567(a).
5 12 U.S.C. 5567(c).
6 12 U.S.C. 5563(a)(1), 5564(a).
7 12 U.S.C. 5567(d). This provision applies to predispute arbitration agreements, which it states are
not valid or enforceable to the extent they require
arbitration of disputes arising under section 1057.
12 U.S.C. 5567(d)(2).
PO 00000
Frm 00007
Fmt 4700
Sfmt 4700
65171
employees to sign confidentiality
agreements that are so broad as to forbid
or otherwise dissuade employees from
sharing information about potential law
violations with the government or
cooperating with a government
investigation can amount to a threat to
punish.
Analysis
The CFPB is issuing this circular to
remind regulators and the public that
covered persons who in certain
circumstances require their employees
to enter into broad confidentiality
agreements that do not clearly permit
communications with government
enforcement agencies or cooperation
with law enforcement investigations
risk violating the CFPA’s prohibition on
discrimination against whistleblowers
and undermining the government’s
ability to enforce the law.
As noted above, section 1057(a)
prohibits covered persons from
terminating or otherwise discriminating
against covered employees for engaging
in whistleblowing activity. The term
‘‘discriminate against’’ is broad and
encompasses a variety of adverse
actions that a covered person may take
against covered employees.8 The use of
the term in multiple whistleblower
protection statutes passed by Congress
reflects this understanding.
For example, section 23 of the
Commodity Exchange Act (CEA), which
Congress passed as part of the DoddFrank Wall Street Reform and Consumer
Protection Act (DFA, of which the CFPA
is a part), created a whistleblower
awards program and protection for
whistleblowers.9 Section 23, which is
administered by the Commodity Futures
Trading Commission (CFTC), states
‘‘[n]o employer may discharge, demote,
suspend, threaten, harass, directly or
indirectly, or in any other manner
discriminate against, a whistleblower in
the terms and conditions of employment
because of any lawful act done by the
whistleblower’’ in providing
8 At its essence, to ‘‘discriminate’’ means ‘‘to
make a distinction’’ or ‘‘to make a difference in
treatment or favor on a basis other than individual
merit.’’ Discriminate, Merriam-Webster.com,
https://www.merriam-webster.com/dictionary/
discriminate (last visited July 17, 2024); see also
Murray v. UBS Securities, LLC, 601 U.S. 23, 34
(2024) (explaining meaning of ‘‘discriminate’’ under
analogous anti-retaliation provision in the
Sarbanes-Oxley Act, 18 U.S.C. 1514A, and holding
that while the employee had to prove his protected
activity was a contributing factor in the unfavorable
personnel action, he did not also have to prove his
employer acted with retaliatory intent).
9 7 U.S.C. 26. See Commodity Futures Trading
Commission: Whistleblower Protections, https://
www.whistleblower.gov/protections.
E:\FR\FM\09AUR1.SGM
09AUR1
65172
Federal Register / Vol. 89, No. 154 / Friday, August 9, 2024 / Rules and Regulations
information to the CFTC.10 Likewise,
Congress created a whistleblower
awards program and related protections
when it passed section 21F of the
Securities Exchange Act of 1934, also
part of the DFA. Section 21F, which is
administered by the Securities and
Exchange Commission (SEC),
identically provides that ‘‘[n]o employer
may discharge, demote, suspend,
threaten, harass, directly or indirectly,
or in any other manner discriminate
against, a whistleblower in the terms
and conditions of employment because
of any lawful act done by the
whistleblower’’ in providing
information to the SEC.11 Congress thus
made clear that the term ‘‘discriminate
against’’ encompasses a variety of
adverse actions—including threatening
employees—listed in these statutes, in
addition to other actions that employers
may take to prevent or dissuade
employees from whistleblowing or to
punish them for whistleblowing.12
In addition to enforcing the antiretaliation provision of section 21F, the
SEC promulgated Rule 21F–17, which
provides that ‘‘[n]o person may take any
action to impede an individual from
10 7
U.S.C. 26(h)(1)(A) (emphasis added).
U.S.C. 78u–6(h)(1)(A) (emphasis added).
12 In addition to these examples, the Financial
Institutions Anti-Fraud Enforcement Act of 1990
(FIAFEA) allows whistleblowers to bring claims
related to suspected violations of the Financial
Institutions Reform, Recovery, and Enforcement Act
of 1989 (FIRREA)—passed in the wake of the
savings and loan crisis—by submitting confidential
declarations setting forth facts about alleged fraud.
12 U.S.C. 4201 et seq. As enacted, in addition to
providing for discretionary monetary awards from
the Attorney General, the FIAFEA granted certain
protections to whistleblowers against employer
retaliation for lawfully reporting such information
to the government. 12 U.S.C. 4212 (providing that
such declarants shall enjoy the protections afforded
under 18 U.S.C. 3059A(e)). Specifically, it provided
that a person who ‘‘is discharged, demoted,
suspended, threatened, harassed, or in any other
manner discriminated against in the terms or
conditions of employment by an employer because
of lawful acts done by the person . . . in
furtherance of a prosecution under [applicable
provisions] may, in a civil action, obtain all relief
necessary to make the person whole.’’ 18 U.S.C.
3059A(e)(1), repealed by Public Law 107–273, 116
Stat. 1781 (Nov. 2, 2002) (emphasis added).
Congress repealed 18 U.S.C. 3059A in 2002 as it
considered it to be one of several ‘‘redundant
authorizations of payments for rewards.’’ Public
Law 107–273, 116 Stat. 1781 (Nov. 2, 2002).
Functionally equivalent award and anti-retaliation
provisions apply to employees of insured
depository institutions and credit unions pursuant
to the Federal Deposit Insurance Corporation Act
and Federal Credit Union Act, although those
provisions do not contain the same list of examples
of forms of employer discrimination that appeared
in the FIAFEA. See 12 U.S.C. 1831j, 1831k; 12
U.S.C. 1790b, 1790c. These provisions predated the
FIAFEA, however, and the fact that Congress
labeled the FIAFEA protections ‘‘redundant’’
supports the notion that it viewed the less
descriptive anti-discrimination provisions in these
acts as encompassing the broad definition of
discrimination articulated in the FIAFEA.
ddrumheller on DSK120RN23PROD with RULES1
11 15
VerDate Sep<11>2014
16:41 Aug 08, 2024
Jkt 262001
communicating directly with the
Commission staff about a possible
securities law violation, including
enforcing, or threatening to enforce, a
confidentiality agreement . . . with
respect to such communications.’’ 13 As
the SEC explained in its proposal, ‘‘the
Congressional purpose underlying
section 21F of the Exchange Act is to
encourage whistleblowers to report
potential violations of the securities
laws by providing financial incentives,
prohibiting employment-related
retaliation, and providing various
confidentiality guarantees. Efforts to
impede a whistleblower’s direct
communications with Commission staff
about a potential securities law
violation, however, would appear to
conflict with this purpose.’’ 14 The SEC
since has pursued enforcement actions
against companies that it alleged
violated Rule 21F–17 by requiring their
employees or clients to sign
confidentiality agreements that would
impede the ability of such individuals
to share freely information about
suspected wrongdoing with the SEC.15
The SEC is not alone in observing that
employer confidentiality agreements
may undermine the rights of
whistleblowers and impede government
enforcement efforts. In 2017, the CFTC
promulgated a rule that similarly bars
impeding an individual from
communicating with CFTC staff,
including by enforcing or threatening to
enforce confidentiality agreements.16
The CFTC explained when it proposed
13 17
CFR 240.21F–17(a).
FR 70488, 70510 (Nov. 17, 2010). See also
76 FR 34300, 34351–52 (June 13, 2011) (final rule
preamble reiterating congressional purpose).
15 See, e.g., Press Release, SEC, SEC: Companies
Cannot Stifle Whistleblowers in Confidentiality
Agreements (Apr. 1, 2015), https://www.sec.gov/
news/press-release/2015-54 (describing
administrative settlement in enforcement action
wherein SEC alleged that KBR Inc.’s practice
requiring employees to sign confidentiality
agreements in internal investigations created a
‘‘chilling effect’’ to discourage whistleblowing in
violation of Rule 21F–17); Press Release, SEC,
Company Paying Penalty for Violating Key
Whistleblower Protection Rule (Aug. 10, 2016),
https://www.sec.gov/news/press-release/2016-157
(describing SEC’s issuance of cease-and-desist order
and imposition of remedial sanctions against
publicly traded company BlueLinx Holdings, Inc.
for including language in its employee severance
agreements that required departing employees to
notify the company’s legal department prior to
disclosing any financial or business information to
any third parties); Press Release, SEC, J.P. Morgan
to Pay $18 Million for Violating Whistleblower
Protection Rule (Jan. 16, 2024), https://
www.sec.gov/news/press-release/2024-7
(announcing settled charges against J.P. Morgan
Securities LLC for violations of Rule 21F–17(a)
stemming from the company’s regularly asking
retail clients to sign confidential release agreements
that allowed them to respond to SEC inquiries but
did not permit them to voluntarily contact the SEC).
16 17 CFR 165.19(b).
14 75
PO 00000
Frm 00008
Fmt 4700
Sfmt 4700
the rule that it was doing so to
complement the prohibition on
employer retaliation against
whistleblowers found in CEA section
23(h)(1)(A) and to achieve consistency
with the SEC’s whistleblower rules.17 In
June 2024, the CFTC issued a settlement
order with Trafigura Trading LLC that
addressed, among other issues, the
company’s NDAs with employees that
impeded their ability to communicate
voluntarily with the CFTC.18 And last
year, the Federal Trade Commission’s
(FTC’s) Bureau of Competition issued
guidance explaining that certain types
of contractual provisions, including
confidentiality agreements, NDAs, and
notice-of-agency-contact provisions, are
‘‘contrary to public policy and therefore
void and unenforceable insofar as they
purport to (1) prevent, limit, or
otherwise hinder a contract party from
speaking freely with the FTC; or (2)
require a contract party to disclose
anything to an investigation target about
the FTC’s outreach or
communications.’’ 19
The same dynamic is true for the
CFPB. Confidentiality agreements that
limit the ability of employees to
communicate with government
enforcement agencies or speak freely
with investigators undermine the
CFPB’s ability to enforce the law.
Among the functions that Congress laid
out for the CFPB is ‘‘taking appropriate
enforcement action to address violations
of Federal consumer financial law.’’ 20
Subtitle E of the CFPA specifies the
CFPB’s enforcement powers, including
the authority to conduct investigations
of potential violations of law.21 In
addition to other actions, the CFPB may
issue demands for written or oral
testimony in pursuing such
investigations.22 If, due to a
confidentiality agreement, an employee
perceives that they could suffer adverse
consequences for cooperating in such
circumstances, then the CFPB’s ability
to carry out its statutory functions to
protect consumers is compromised.
Consistent with these observations,
covered persons that require employees
in certain circumstances to sign broadly
worded confidentiality agreements risk
violating section 1057 of the CFPA.
17 81
FR 55951, 55955 (Aug. 30, 2016).
re Trafigura Trading LLC, CFTC No. 24–08,
2024 WL 3225331 (June 17, 2024), available at
https://www.cftc.gov/media/10791/
enftrafiguratradingorder061724/download.
19 Bureau of Competition, FTC, Re: Contracts
That Impede Bureau of Competition Investigations
(June 15, 2023), available at https://www.ftc.gov/
system/files/ftc_gov/pdf/Formal-Analysis.pdf.
20 12 U.S.C. 5511(c)(4).
21 See 12 U.S.C. 5562.
22 See 12 U.S.C. 5562(c)(1).
18 In
E:\FR\FM\09AUR1.SGM
09AUR1
Federal Register / Vol. 89, No. 154 / Friday, August 9, 2024 / Rules and Regulations
ddrumheller on DSK120RN23PROD with RULES1
Confidentiality agreements sometimes
specify that the employer may file a
lawsuit or reserves the right to take
adverse employment action upon the
employee’s violation of the agreement.
Depending on the circumstances, an
employee may interpret such conditions
as threats to retaliate for engaging in
whistleblowing activity. The risk of a
violation of section 1057 is heightened
when covered persons impose such
agreements in situations that are
particularly likely to lead a reasonable
employee to perceive the required entry
into the agreement as a threat, such as
in the context of an internal
investigation or other scenario involving
potential violations of law—for
example, after the uncovering of
suspected or confirmed wrongdoing, or
in the aftermath of a potentially
embarrassing episode for a company.
When an employee participates in an
investigation or otherwise is made
aware of possible wrongdoing and
simultaneously is required to sign such
an agreement, there is a heightened risk
that the employee reasonably would
view the requirement to sign as a threat
by the employer to take adverse action
if the employee were to engage in
whistleblowing activity. Indeed, the
employee reasonably may not fathom
any other reason for why they are being
made to sign the agreement beyond that
the employer is threatening to sue or
otherwise punish the employee for
engaging in whistleblowing. In line with
the analysis above, such threats may
constitute discrimination within the
meaning of section 1057 and thus be
prohibited, regardless of whether or not
the employer acts upon them or a court
actually would enforce a confidentiality
agreement with respect to
whistleblowing.23
23 As noted above, section 1057(d) of the CFPA
renders unenforceable ‘‘any agreement, policy,
form, or condition of employment’’ that purports to
waive the rights and remedies provided for in
section 1057. 12 U.S.C. 5567(d)(1). And, the CFPB
has explained that including unenforceable terms in
a consumer contract may constitute a deceptive act
or practice in violation of the CFPA’s prohibition
on unfair, deceptive, or abusive acts or practices.
See CFPB, Consumer Financial Protection Circular
2024–03: Unlawful and unenforceable contract
terms and conditions (June 4, 2024), https://
www.consumerfinance.gov/compliance/circulars/
consumer-financial-protection-circular-2024-03/.
Similarly, requiring employees to enter into overly
broad confidentiality agreements that restrict or
waive the employees’ whistleblower rights could
constitute a deceptive act or practice in appropriate
circumstances. Although the CFPB typically has
found deceptive acts or practices with respect to
misrepresentations made to a consumer, deceptive
acts or practices targeting other parties—such as a
covered person’s employees—may also violate the
CFPA if the deception is in connection with the
offering or provision of consumer financial
products or services. See 12 U.S.C. 5531, 5536.
VerDate Sep<11>2014
16:41 Aug 08, 2024
Jkt 262001
For example, in 2015, the SEC found
that Houston-based global technology
and engineering firm KBR Inc. violated
Rule 21F–17 by requiring witnesses in
certain internal investigations to sign
confidentiality agreements containing
language warning they could face
discipline, including possible
termination, if they discussed the
matters with outside parties without the
prior approval of the company’s legal
department.24 The SEC’s order stated
that, although there were no apparent
instances in which the company
specifically prevented employees from
communicating with the SEC about
securities law violations, the company’s
blanket prohibition against witnesses
discussing the substance of their
interviews without prior approval under
penalty of disciplinary action had a
chilling effect that undermined the
purpose of section 21F and Rule 21F–
17, which is to encourage
whistleblowers to report illegal conduct
to the SEC. The company agreed as part
of the settlement to amend its
confidentiality statement to add
language making clear that employees
are free to report possible violations to
the SEC and other Federal agencies
without KBR approval or fear of
retaliation.
Confidentiality agreements that risk
leading to violations of whistleblower
protection statutes—including section
1057 of the CFPA—can be formulated in
different ways. Certainly, employers can
draft them in an express manner that
purports to forbid the sharing of
information with outside parties with
no acknowledgment of and exception
for the exercise of whistleblower rights.
The risk of a reasonable employee
interpreting their required entry into
such an agreement in circumstances
involving potential wrongdoing as a
threat against reporting information to
the government is relatively high. But
other confidentiality agreements that
undermine whistleblower protections
may reasonably be perceived by
employees as threats against them for
exercising their rights in such
circumstances. For example, an
agreement that forbids sharing
information with third parties ‘‘to the
extent permitted by law’’ may
technically permit whistleblowing.
However, an employee, who may not
know that the law forbids restrictions on
whistleblowing but understands that the
consequence of violating the agreement
is suffering adverse employment action,
may reasonably interpret the agreement
to bar providing information to a law
enforcement agency or voluntarily
24 Supra
PO 00000
n.15.
Frm 00009
Fmt 4700
Sfmt 4700
65173
cooperating in a government
investigation depending on the
circumstances in which the employer
asks the employee to enter into the
agreement. An employee reasonably
may feel threatened by such language in
certain circumstances, such as those
described above, and decline to report
suspected violations of law to the
government.25 An employer can
significantly reduce the risk of this kind
of perception—and thus of violating
section 1057—by ensuring that its
agreements expressly permit employees
to communicate freely with government
enforcement agencies and to cooperate
in government investigations.
As explained above, suing or
threatening to sue or otherwise punish
employees for engaging in
whistleblowing activity may constitute
discrimination against whistleblowers.
Accordingly, when covered persons
require employees to sign broadly
worded confidentiality agreements that
do not clearly permit communicating
with government enforcement agencies
or cooperating with law enforcement,
especially when circumstances bear
indicia of potential or suspected
wrongdoing, they may be threatening to
take adverse action against those
employees for reporting suspected
violations of Federal consumer financial
law to the CFPB or other regulators.
Thus, covered persons who impose
these types of agreements on their
employees risk violating the prohibition
on discrimination against
whistleblowers contained in section
1057 of the CFPA.
About Consumer Financial Protection
Circulars
Consumer Financial Protection
Circulars are issued to all parties with
authority to enforce Federal consumer
financial law. The CFPB is the principal
Federal regulator responsible for
administering Federal consumer
financial law, see 12 U.S.C. 5511,
including the Consumer Financial
25 In a recently filed complaint, DOL explained
how confidentiality provisions in employment
agreements that require employees not to share the
terms of the agreement except with the employee’s
immediate family or attorney or ‘‘as required by
law’’ could cause employees to ‘‘reasonably believe
that they cannot disclose the terms of the
agreements to [DOL] absent a subpoena or court
order,’’ and that these provisions, along with broad
non-disparagement and non-disclosure provisions
coupled with the threat of termination and
monetary damages, dissuade employees from
speaking freely with DOL investigators in violation
of section 15(a)(3) of the Fair Labor Standards Act,
29 U.S.C. 215(a)(3). Complaint, ¶¶ 95–106, 129–38,
160–65, Su v. Smoothstack, Inc., No. 1:24–cv–
04789 (E.D.N.Y. July 10, 2024), available at https://
www.dol.gov/sites/dolgov/files/OPA/newsreleases/
2024/07/SmoothstackInc-Complaint-24-1337NAT.pdf.
E:\FR\FM\09AUR1.SGM
09AUR1
ddrumheller on DSK120RN23PROD with RULES1
65174
Federal Register / Vol. 89, No. 154 / Friday, August 9, 2024 / Rules and Regulations
Protection Act’s prohibition on unfair,
deceptive, and abusive acts or practices,
12 U.S.C. 5536(a)(1)(B), and 18 other
‘‘enumerated consumer laws,’’ 12 U.S.C.
5481(12). However, these laws are also
enforced by State attorneys general and
State regulators, 12 U.S.C. 5552, and
prudential regulators including the
Federal Deposit Insurance Corporation,
the Office of the Comptroller of the
Currency, the Board of Governors of the
Federal Reserve System, and the
National Credit Union Administration.
See, e.g., 12 U.S.C. 5516(d), 5581(c)(2)
(exclusive enforcement authority for
banks and credit unions with $10
billion or less in assets). Some Federal
consumer financial laws are also
enforceable by other Federal agencies,
including the Department of Justice and
the Federal Trade Commission, the
Farm Credit Administration, the
Department of Transportation, and the
Department of Agriculture. In addition,
some of these laws provide for private
enforcement.
Consumer Financial Protection
Circulars are intended to promote
consistency in approach across the
various enforcement agencies and
parties, pursuant to the CFPB’s statutory
objective to ensure Federal consumer
financial law is enforced consistently.
12 U.S.C. 5511(b)(4).
Consumer Financial Protection
Circulars are also intended to provide
transparency to partner agencies
regarding the CFPB’s intended approach
when cooperating in enforcement
actions. See, e.g., 12 U.S.C. 5552(b)
(consultation with CFPB by State
attorneys general and regulators); 12
U.S.C. 5562(a) (joint investigatory work
between CFPB and other agencies).
Consumer Financial Protection
Circulars are general statements of
policy under the Administrative
Procedure Act. 5 U.S.C. 553(b). They
provide background information about
applicable law, articulate considerations
relevant to the Bureau’s exercise of its
authorities, and, in the interest of
maintaining consistency, advise other
parties with authority to enforce Federal
consumer financial law. They do not
restrict the Bureau’s exercise of its
authorities, impose any legal
requirements on external parties, or
create or confer any rights on external
parties that could be enforceable in any
administrative or civil proceeding. The
CFPB Director is instructing CFPB staff
as described herein, and the CFPB will
then make final decisions on individual
matters based on an assessment of the
factual record, applicable law, and
VerDate Sep<11>2014
16:41 Aug 08, 2024
Jkt 262001
factors relevant to prosecutorial
discretion.
Rohit Chopra,
Director, Consumer Financial Protection
Bureau.
[FR Doc. 2024–17539 Filed 8–8–24; 8:45 am]
BILLING CODE 4810–AM–P
SMALL BUSINESS ADMINISTRATION
13 CFR Part 120
RIN 3245–AH92
Small Business Lending Company
Application Process
U.S. Small Business
Administration.
ACTION: Notification.
AGENCY:
The purpose of this
notification is to announce that the U.S.
Small Business Administration’s (SBA)
Office of Capital Access (OCA) is
opening the application period for new
Small Business Lending Companies
(SBLC) licenses from September 2, 2024,
to October 15, 2024, and share the
process by which interested entities
may apply. SBA is similarly opening the
application period for Community
Advantage SBLCs (CA SBLCs) from
September 2, 2024, to December 20,
2024, and will be reviewing and
decisioning CA SBLC licenses on a
rolling basis.
DATES:
Applicability date: This notification is
applicable beginning August 1, 2024.
SBA will accept applications for:
—New SBLC licenses from September
2, 2024–October 15, 2024.
—New CA SBLC licenses from
September 2, 2024–December 20, 2024.
Comment date: Comments must be
received on or before September 9,
2024.
ADDRESSES: You may submit comments,
identified by SBA docket number SBA–
2024–0011, by any of the following
methods:
• Federal eRulemaking Portal:
https://www.regulations.gov/. Follow
the instructions for submitting
comments.
• Mail: Jihoon Kim, Office of
Financial Program Operations, U.S.
Small Business Administration, 409
Third Street SW, Washington, DC
20416.
• Hand Delivery/Courier: Darrel
Eddingfield, Office of Financial
Assistance, U.S. Small Business
Administration, 409 Third Street SW,
Washington, DC 20416.
SBA will post all comments on
https://www.regulations.gov.
SUMMARY:
PO 00000
Frm 00010
Fmt 4700
Sfmt 4700
If you wish to submit confidential
business information (‘‘CBI’’) as defined
in the User Notice at https://
www.regulations.gov, please submit the
information to Jihoon Kim, Office of
Financial Program Operations, U.S.
Small Business Administration, 409
Third Street SW, Washington, DC
20416; or send an email to SBLCApps@
sba.gov. Highlight the information that
you consider to be CBI and explain why
you believe SBA should hold this
information as confidential. SBA will
review the information and make the
final determination as to whether it will
publish the information.
FOR FURTHER INFORMATION CONTACT:
Jihoon Kim, Director, Office of Financial
Program Operations (OFPO), Office of
Capital Access, Small Business
Administration, at 202–205–6024 or
Jihoon.Kim@sba.gov. The phone number
above may also be reached by
individuals who are deaf or hard of
hearing, or who have speech
disabilities, through the Federal
Communications Commission’s TTYBased Telecommunications Relay
Service teletype service at 711.
SUPPLEMENTARY INFORMATION:
I. Background Information
Section 7(a)(17) of the Small Business
Act states that SBA shall authorize
lending institutions and other entities,
in addition to banks, to make 7(a) loans.
To this end, SBA has authorized Small
Business Lending Companies (SBLCs) as
defined in 13 CFR 120.10 to participate
in the 7(a) Loan Program. On April 12,
2023, SBA published the Final Rule on
Small Business Lending Company
(SBLC) Moratorium Rescission and
Removal of the Requirement for a Loan
Authorization (88 FR 21890, effective
May 12, 2023). Through that rule, SBA
lifted the self-imposed moratorium on
licensing new SBLCs and established
the plan to approve three SBLCs in the
first year following implementation. An
SBLC, as defined in 13 CFR 120.10, is
a non-depository lending institution
authorized by SBA to make loans
pursuant to section 7(a) of the Small
Business Act and loans to
Intermediaries in SBA’s Microloan
program. An SBLC is:
• Supervised and examined solely by
SBA at the federal level;
• Subject to additional SBA Loan
Program Requirements, as defined in 13
CFR 120.10, including but not limited to
regulations specific to SBLCs regarding
formation, capitalization, and
enforcement actions; and
• Subject to all other 7(a) Loan
Program Requirements specific to
origination, servicing, and liquidation.
E:\FR\FM\09AUR1.SGM
09AUR1
]]>Agencies
- CONSUMER FINANCIAL PROTECTION BUREAU
[Federal Register Volume 89, Number 154 (Friday, August 9, 2024)]
[Rules and Regulations]
[Pages 65170-65174]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2024-17539]
=======================================================================
-----------------------------------------------------------------------
CONSUMER FINANCIAL PROTECTION BUREAU
12 CFR Chapter X
Consumer Financial Protection Circular 2024-04: Whistleblower
Protections Under CFPA Section 1057
AGENCY: Consumer Financial Protection Bureau.
ACTION: Consumer financial protection circular.
-----------------------------------------------------------------------
SUMMARY: The Consumer Financial Protection Bureau (CFPB) has issued
Consumer Financial Protection Circular 2024-04, titled, ``Whistleblower
protections under CFPA section 1057.'' In this circular, the CFPB
responds to the question, ``Can requiring employees to sign broad
confidentiality agreements violate section 1057 of the Consumer
Financial Protection Act (CFPA), the provision protecting the rights of
whistleblower employees, and undermine the CFPB's ability to enforce
the law?''
DATES: The CFPB released this circular on its website on July 24, 2024.
ADDRESSES: Enforcers, and the broader public, can provide feedback and
comments to [email protected].
FOR FURTHER INFORMATION CONTACT: George Karithanom, Regulatory
Implementation & Guidance Program Analyst, Office of Regulations, at
202-435-7700 or at: https://reginquiries.consumerfinance.gov/. If you
require this document in an alternative electronic format, please
contact [email protected].
SUPPLEMENTARY INFORMATION:
Question Presented
Can requiring employees to sign broad confidentiality agreements
violate section 1057 of the Consumer Financial Protection Act (CFPA),
the provision protecting the rights of whistleblower employees, and
undermine the CFPB's ability to enforce the law?
Response
Yes. Although confidentiality agreements can be entered into for
legitimate purposes, such as to ensure the protection of confidential
trade secrets, such agreements, depending on how they are worded and
the context in which they are employed, could lead an employee to
reasonably believe that they would be sued or subject to other adverse
actions if they disclosed information related to suspected violations
of Federal consumer financial law to government investigators. Threats
of this nature can lead to violations of section 1057 and impede
investigations into potential wrongdoing, including the CFPB's efforts
to uncover violations of the consumer financial protection laws it
enforces.
Background
Public policy in the United States long has recognized the
important role that whistleblowing plays in preventing and stopping
illegal and unethical
[[Page 65171]]
misconduct. One of the first Federal laws to provide protections to
employees who reported fraud against the government was the False
Claims Act, originally passed in 1863 and since amended. A majority of
States since have passed their own such statutes. As Congress passed
more legislation providing protections for employees against
retaliation from their employers for engaging in protected
whistleblowing activity, it empowered the Occupational Safety and
Health Administration (OSHA), a regulatory agency of the U.S.
Department of Labor (DOL), to adjudicate employees' retaliation claims.
Currently, OSHA's Whistleblower Protection Program enforces the anti-
retaliation provisions of more than 20 Federal laws, including the CFPA
as discussed below.\1\
---------------------------------------------------------------------------
\1\ See Occupational Safety and Health Administration:
Whistleblower Protection, https://www.whistleblowers.gov/about-us.
---------------------------------------------------------------------------
Many entities, including covered persons and service providers
under the CFPA,\2\ require their employees to sign nondisclosure
agreements (NDAs) or other types of agreements containing
confidentiality requirements. Such agreements may indicate that
employees who violate the agreement's terms may be subject to lawsuits,
including the possibility of damages or other costs, as well as other
punishment, such as termination. These types of agreements can be
entered into for legitimate purposes--for example, to ensure the
protection of confidential trade secrets or to safeguard the sensitive
personal information of employees or consumers. However, depending on
how they are worded and the context in which they are employed,
confidentiality agreements hold the potential to frustrate the efforts
of government enforcement agencies--including the CFPB--to investigate
violations of law. In particular, confidentiality agreements entered
into in certain circumstances may impede such efforts when they are so
broadly worded as to forbid or otherwise dissuade employees from
reporting suspected violations of law to the government or cooperating
with a government investigation.
---------------------------------------------------------------------------
\2\ Covered persons and service providers must comply with the
whistleblower protection requirements of the CFPA. 12 U.S.C.
5481(6), (26); 12 U.S.C. 5567. For simplicity, the remainder of this
circular refers to covered persons and service providers as
``covered persons.''
---------------------------------------------------------------------------
CFPA Section 1057
Section 1057 of the CFPA applies to covered persons. It provides
anti-retaliation protections for covered employees \3\ and their
representatives who provide information to the CFPB or any other
Federal, State, or local law enforcement agency regarding potential
violations of laws and rules that are subject to the CFPB's
jurisdiction. Specifically, section 1057(a) provides that ``[n]o
covered person or service provider shall terminate or in any other way
discriminate against, or cause to be terminated or discriminated
against, any covered employee or any authorized representative of
covered employees'' for: (1) providing or being about to provide
information to the employer, the CFPB, or any other State, local, or
Federal Government authority or law enforcement agency relating to a
violation of, or any act or omission that the employee reasonably
believes to be a violation of, a law subject to the CFPB's jurisdiction
or prescribed by the CFPB; (2) testifying or intending to testify about
such a potential violation; (3) objecting to or refusing to participate
in any activity, policy, practice, or assigned task that the employee
reasonably believes to be such a violation; or (4) filing any lawsuit
or instituting any other proceeding under any Federal consumer
financial law.\4\
---------------------------------------------------------------------------
\3\ A ``covered employee'' is defined as ``any individual
performing tasks related to the offering or provision of a consumer
financial product or service.'' 12 U.S.C. 5567(b).
\4\ 12 U.S.C. 5567(a).
---------------------------------------------------------------------------
Section 1057(c) provides procedures by which a person who believes
they have been discharged or otherwise discriminated against in
violation of section 1057(a) may file a complaint with DOL, and a
process by which DOL shall investigate and adjudicate such
complaints.\5\ It further specifies the procedures for appealing DOL's
decisions in Federal court. The CFPB also has independent authority to
enforce section 1057.\6\ Section 1057(d) provides that, outside of
limited circumstances, contractual provisions that purport to waive the
rights and remedies granted by section 1057 are unenforceable.\7\
---------------------------------------------------------------------------
\5\ 12 U.S.C. 5567(c).
\6\ 12 U.S.C. 5563(a)(1), 5564(a).
\7\ 12 U.S.C. 5567(d). This provision applies to pre-dispute
arbitration agreements, which it states are not valid or enforceable
to the extent they require arbitration of disputes arising under
section 1057. 12 U.S.C. 5567(d)(2).
---------------------------------------------------------------------------
Accordingly, section 1057 makes it unlawful for a covered person to
discriminate against an employee for whistleblowing with respect to
suspected violations of Federal consumer financial law. As explained
below, discrimination in this sense may include suing or threatening to
sue or otherwise taking or threatening to take adverse action against
employees for engaging in whistleblowing activity. And, in certain
circumstances, requiring employees to sign confidentiality agreements
that are so broad as to forbid or otherwise dissuade employees from
sharing information about potential law violations with the government
or cooperating with a government investigation can amount to a threat
to punish.
Analysis
The CFPB is issuing this circular to remind regulators and the
public that covered persons who in certain circumstances require their
employees to enter into broad confidentiality agreements that do not
clearly permit communications with government enforcement agencies or
cooperation with law enforcement investigations risk violating the
CFPA's prohibition on discrimination against whistleblowers and
undermining the government's ability to enforce the law.
As noted above, section 1057(a) prohibits covered persons from
terminating or otherwise discriminating against covered employees for
engaging in whistleblowing activity. The term ``discriminate against''
is broad and encompasses a variety of adverse actions that a covered
person may take against covered employees.\8\ The use of the term in
multiple whistleblower protection statutes passed by Congress reflects
this understanding.
---------------------------------------------------------------------------
\8\ At its essence, to ``discriminate'' means ``to make a
distinction'' or ``to make a difference in treatment or favor on a
basis other than individual merit.'' Discriminate, Merriam-Webster.com, https://www.merriam-webster.com/dictionary/discriminate
(last visited July 17, 2024); see also Murray v. UBS Securities,
LLC, 601 U.S. 23, 34 (2024) (explaining meaning of ``discriminate''
under analogous anti-retaliation provision in the Sarbanes-Oxley
Act, 18 U.S.C. 1514A, and holding that while the employee had to
prove his protected activity was a contributing factor in the
unfavorable personnel action, he did not also have to prove his
employer acted with retaliatory intent).
---------------------------------------------------------------------------
For example, section 23 of the Commodity Exchange Act (CEA), which
Congress passed as part of the Dodd-Frank Wall Street Reform and
Consumer Protection Act (DFA, of which the CFPA is a part), created a
whistleblower awards program and protection for whistleblowers.\9\
Section 23, which is administered by the Commodity Futures Trading
Commission (CFTC), states ``[n]o employer may discharge, demote,
suspend, threaten, harass, directly or indirectly, or in any other
manner discriminate against, a whistleblower in the terms and
conditions of employment because of any lawful act done by the
whistleblower'' in providing
[[Page 65172]]
information to the CFTC.\10\ Likewise, Congress created a whistleblower
awards program and related protections when it passed section 21F of
the Securities Exchange Act of 1934, also part of the DFA. Section 21F,
which is administered by the Securities and Exchange Commission (SEC),
identically provides that ``[n]o employer may discharge, demote,
suspend, threaten, harass, directly or indirectly, or in any other
manner discriminate against, a whistleblower in the terms and
conditions of employment because of any lawful act done by the
whistleblower'' in providing information to the SEC.\11\ Congress thus
made clear that the term ``discriminate against'' encompasses a variety
of adverse actions--including threatening employees--listed in these
statutes, in addition to other actions that employers may take to
prevent or dissuade employees from whistleblowing or to punish them for
whistleblowing.\12\
---------------------------------------------------------------------------
\9\ 7 U.S.C. 26. See Commodity Futures Trading Commission:
Whistleblower Protections, https://www.whistleblower.gov/protections.
\10\ 7 U.S.C. 26(h)(1)(A) (emphasis added).
\11\ 15 U.S.C. 78u-6(h)(1)(A) (emphasis added).
\12\ In addition to these examples, the Financial Institutions
Anti-Fraud Enforcement Act of 1990 (FIAFEA) allows whistleblowers to
bring claims related to suspected violations of the Financial
Institutions Reform, Recovery, and Enforcement Act of 1989
(FIRREA)--passed in the wake of the savings and loan crisis--by
submitting confidential declarations setting forth facts about
alleged fraud. 12 U.S.C. 4201 et seq. As enacted, in addition to
providing for discretionary monetary awards from the Attorney
General, the FIAFEA granted certain protections to whistleblowers
against employer retaliation for lawfully reporting such information
to the government. 12 U.S.C. 4212 (providing that such declarants
shall enjoy the protections afforded under 18 U.S.C. 3059A(e)).
Specifically, it provided that a person who ``is discharged,
demoted, suspended, threatened, harassed, or in any other manner
discriminated against in the terms or conditions of employment by an
employer because of lawful acts done by the person . . . in
furtherance of a prosecution under [applicable provisions] may, in a
civil action, obtain all relief necessary to make the person
whole.'' 18 U.S.C. 3059A(e)(1), repealed by Public Law 107-273, 116
Stat. 1781 (Nov. 2, 2002) (emphasis added). Congress repealed 18
U.S.C. 3059A in 2002 as it considered it to be one of several
``redundant authorizations of payments for rewards.'' Public Law
107-273, 116 Stat. 1781 (Nov. 2, 2002). Functionally equivalent
award and anti-retaliation provisions apply to employees of insured
depository institutions and credit unions pursuant to the Federal
Deposit Insurance Corporation Act and Federal Credit Union Act,
although those provisions do not contain the same list of examples
of forms of employer discrimination that appeared in the FIAFEA. See
12 U.S.C. 1831j, 1831k; 12 U.S.C. 1790b, 1790c. These provisions
predated the FIAFEA, however, and the fact that Congress labeled the
FIAFEA protections ``redundant'' supports the notion that it viewed
the less descriptive anti-discrimination provisions in these acts as
encompassing the broad definition of discrimination articulated in
the FIAFEA.
---------------------------------------------------------------------------
In addition to enforcing the anti-retaliation provision of section
21F, the SEC promulgated Rule 21F-17, which provides that ``[n]o person
may take any action to impede an individual from communicating directly
with the Commission staff about a possible securities law violation,
including enforcing, or threatening to enforce, a confidentiality
agreement . . . with respect to such communications.'' \13\ As the SEC
explained in its proposal, ``the Congressional purpose underlying
section 21F of the Exchange Act is to encourage whistleblowers to
report potential violations of the securities laws by providing
financial incentives, prohibiting employment-related retaliation, and
providing various confidentiality guarantees. Efforts to impede a
whistleblower's direct communications with Commission staff about a
potential securities law violation, however, would appear to conflict
with this purpose.'' \14\ The SEC since has pursued enforcement actions
against companies that it alleged violated Rule 21F-17 by requiring
their employees or clients to sign confidentiality agreements that
would impede the ability of such individuals to share freely
information about suspected wrongdoing with the SEC.\15\
---------------------------------------------------------------------------
\13\ 17 CFR 240.21F-17(a).
\14\ 75 FR 70488, 70510 (Nov. 17, 2010). See also 76 FR 34300,
34351-52 (June 13, 2011) (final rule preamble reiterating
congressional purpose).
\15\ See, e.g., Press Release, SEC, SEC: Companies Cannot Stifle
Whistleblowers in Confidentiality Agreements (Apr. 1, 2015), https://www.sec.gov/news/press-release/2015-54 (describing administrative
settlement in enforcement action wherein SEC alleged that KBR Inc.'s
practice requiring employees to sign confidentiality agreements in
internal investigations created a ``chilling effect'' to discourage
whistleblowing in violation of Rule 21F-17); Press Release, SEC,
Company Paying Penalty for Violating Key Whistleblower Protection
Rule (Aug. 10, 2016), https://www.sec.gov/news/press-release/2016-157 (describing SEC's issuance of cease-and-desist order and
imposition of remedial sanctions against publicly traded company
BlueLinx Holdings, Inc. for including language in its employee
severance agreements that required departing employees to notify the
company's legal department prior to disclosing any financial or
business information to any third parties); Press Release, SEC, J.P.
Morgan to Pay $18 Million for Violating Whistleblower Protection
Rule (Jan. 16, 2024), https://www.sec.gov/news/press-release/2024-7
(announcing settled charges against J.P. Morgan Securities LLC for
violations of Rule 21F-17(a) stemming from the company's regularly
asking retail clients to sign confidential release agreements that
allowed them to respond to SEC inquiries but did not permit them to
voluntarily contact the SEC).
---------------------------------------------------------------------------
The SEC is not alone in observing that employer confidentiality
agreements may undermine the rights of whistleblowers and impede
government enforcement efforts. In 2017, the CFTC promulgated a rule
that similarly bars impeding an individual from communicating with CFTC
staff, including by enforcing or threatening to enforce confidentiality
agreements.\16\ The CFTC explained when it proposed the rule that it
was doing so to complement the prohibition on employer retaliation
against whistleblowers found in CEA section 23(h)(1)(A) and to achieve
consistency with the SEC's whistleblower rules.\17\ In June 2024, the
CFTC issued a settlement order with Trafigura Trading LLC that
addressed, among other issues, the company's NDAs with employees that
impeded their ability to communicate voluntarily with the CFTC.\18\ And
last year, the Federal Trade Commission's (FTC's) Bureau of Competition
issued guidance explaining that certain types of contractual
provisions, including confidentiality agreements, NDAs, and notice-of-
agency-contact provisions, are ``contrary to public policy and
therefore void and unenforceable insofar as they purport to (1)
prevent, limit, or otherwise hinder a contract party from speaking
freely with the FTC; or (2) require a contract party to disclose
anything to an investigation target about the FTC's outreach or
communications.'' \19\
---------------------------------------------------------------------------
\16\ 17 CFR 165.19(b).
\17\ 81 FR 55951, 55955 (Aug. 30, 2016).
\18\ In re Trafigura Trading LLC, CFTC No. 24-08, 2024 WL
3225331 (June 17, 2024), available at https://www.cftc.gov/media/10791/enftrafiguratradingorder061724/download.
\19\ Bureau of Competition, FTC, Re: Contracts That Impede
Bureau of Competition Investigations (June 15, 2023), available at
https://www.ftc.gov/system/files/ftc_gov/pdf/Formal-Analysis.pdf.
---------------------------------------------------------------------------
The same dynamic is true for the CFPB. Confidentiality agreements
that limit the ability of employees to communicate with government
enforcement agencies or speak freely with investigators undermine the
CFPB's ability to enforce the law. Among the functions that Congress
laid out for the CFPB is ``taking appropriate enforcement action to
address violations of Federal consumer financial law.'' \20\ Subtitle E
of the CFPA specifies the CFPB's enforcement powers, including the
authority to conduct investigations of potential violations of law.\21\
In addition to other actions, the CFPB may issue demands for written or
oral testimony in pursuing such investigations.\22\ If, due to a
confidentiality agreement, an employee perceives that they could suffer
adverse consequences for cooperating in such circumstances, then the
CFPB's ability to carry out its statutory functions to protect
consumers is compromised.
---------------------------------------------------------------------------
\20\ 12 U.S.C. 5511(c)(4).
\21\ See 12 U.S.C. 5562.
\22\ See 12 U.S.C. 5562(c)(1).
---------------------------------------------------------------------------
Consistent with these observations, covered persons that require
employees in certain circumstances to sign broadly worded
confidentiality agreements risk violating section 1057 of the CFPA.
[[Page 65173]]
Confidentiality agreements sometimes specify that the employer may file
a lawsuit or reserves the right to take adverse employment action upon
the employee's violation of the agreement. Depending on the
circumstances, an employee may interpret such conditions as threats to
retaliate for engaging in whistleblowing activity. The risk of a
violation of section 1057 is heightened when covered persons impose
such agreements in situations that are particularly likely to lead a
reasonable employee to perceive the required entry into the agreement
as a threat, such as in the context of an internal investigation or
other scenario involving potential violations of law--for example,
after the uncovering of suspected or confirmed wrongdoing, or in the
aftermath of a potentially embarrassing episode for a company. When an
employee participates in an investigation or otherwise is made aware of
possible wrongdoing and simultaneously is required to sign such an
agreement, there is a heightened risk that the employee reasonably
would view the requirement to sign as a threat by the employer to take
adverse action if the employee were to engage in whistleblowing
activity. Indeed, the employee reasonably may not fathom any other
reason for why they are being made to sign the agreement beyond that
the employer is threatening to sue or otherwise punish the employee for
engaging in whistleblowing. In line with the analysis above, such
threats may constitute discrimination within the meaning of section
1057 and thus be prohibited, regardless of whether or not the employer
acts upon them or a court actually would enforce a confidentiality
agreement with respect to whistleblowing.\23\
---------------------------------------------------------------------------
\23\ As noted above, section 1057(d) of the CFPA renders
unenforceable ``any agreement, policy, form, or condition of
employment'' that purports to waive the rights and remedies provided
for in section 1057. 12 U.S.C. 5567(d)(1). And, the CFPB has
explained that including unenforceable terms in a consumer contract
may constitute a deceptive act or practice in violation of the
CFPA's prohibition on unfair, deceptive, or abusive acts or
practices. See CFPB, Consumer Financial Protection Circular 2024-03:
Unlawful and unenforceable contract terms and conditions (June 4,
2024), https://www.consumerfinance.gov/compliance/circulars/consumer-financial-protection-circular-2024-03/. Similarly,
requiring employees to enter into overly broad confidentiality
agreements that restrict or waive the employees' whistleblower
rights could constitute a deceptive act or practice in appropriate
circumstances. Although the CFPB typically has found deceptive acts
or practices with respect to misrepresentations made to a consumer,
deceptive acts or practices targeting other parties--such as a
covered person's employees--may also violate the CFPA if the
deception is in connection with the offering or provision of
consumer financial products or services. See 12 U.S.C. 5531, 5536.
---------------------------------------------------------------------------
For example, in 2015, the SEC found that Houston-based global
technology and engineering firm KBR Inc. violated Rule 21F-17 by
requiring witnesses in certain internal investigations to sign
confidentiality agreements containing language warning they could face
discipline, including possible termination, if they discussed the
matters with outside parties without the prior approval of the
company's legal department.\24\ The SEC's order stated that, although
there were no apparent instances in which the company specifically
prevented employees from communicating with the SEC about securities
law violations, the company's blanket prohibition against witnesses
discussing the substance of their interviews without prior approval
under penalty of disciplinary action had a chilling effect that
undermined the purpose of section 21F and Rule 21F-17, which is to
encourage whistleblowers to report illegal conduct to the SEC. The
company agreed as part of the settlement to amend its confidentiality
statement to add language making clear that employees are free to
report possible violations to the SEC and other Federal agencies
without KBR approval or fear of retaliation.
---------------------------------------------------------------------------
\24\ Supra n.15.
---------------------------------------------------------------------------
Confidentiality agreements that risk leading to violations of
whistleblower protection statutes--including section 1057 of the CFPA--
can be formulated in different ways. Certainly, employers can draft
them in an express manner that purports to forbid the sharing of
information with outside parties with no acknowledgment of and
exception for the exercise of whistleblower rights. The risk of a
reasonable employee interpreting their required entry into such an
agreement in circumstances involving potential wrongdoing as a threat
against reporting information to the government is relatively high. But
other confidentiality agreements that undermine whistleblower
protections may reasonably be perceived by employees as threats against
them for exercising their rights in such circumstances. For example, an
agreement that forbids sharing information with third parties ``to the
extent permitted by law'' may technically permit whistleblowing.
However, an employee, who may not know that the law forbids
restrictions on whistleblowing but understands that the consequence of
violating the agreement is suffering adverse employment action, may
reasonably interpret the agreement to bar providing information to a
law enforcement agency or voluntarily cooperating in a government
investigation depending on the circumstances in which the employer asks
the employee to enter into the agreement. An employee reasonably may
feel threatened by such language in certain circumstances, such as
those described above, and decline to report suspected violations of
law to the government.\25\ An employer can significantly reduce the
risk of this kind of perception--and thus of violating section 1057--by
ensuring that its agreements expressly permit employees to communicate
freely with government enforcement agencies and to cooperate in
government investigations.
---------------------------------------------------------------------------
\25\ In a recently filed complaint, DOL explained how
confidentiality provisions in employment agreements that require
employees not to share the terms of the agreement except with the
employee's immediate family or attorney or ``as required by law''
could cause employees to ``reasonably believe that they cannot
disclose the terms of the agreements to [DOL] absent a subpoena or
court order,'' and that these provisions, along with broad non-
disparagement and non-disclosure provisions coupled with the threat
of termination and monetary damages, dissuade employees from
speaking freely with DOL investigators in violation of section
15(a)(3) of the Fair Labor Standards Act, 29 U.S.C. 215(a)(3).
Complaint, ]] 95-106, 129-38, 160-65, Su v. Smoothstack, Inc., No.
1:24-cv-04789 (E.D.N.Y. July 10, 2024), available at https://www.dol.gov/sites/dolgov/files/OPA/newsreleases/2024/07/SmoothstackInc-Complaint-24-1337-NAT.pdf.
---------------------------------------------------------------------------
As explained above, suing or threatening to sue or otherwise punish
employees for engaging in whistleblowing activity may constitute
discrimination against whistleblowers. Accordingly, when covered
persons require employees to sign broadly worded confidentiality
agreements that do not clearly permit communicating with government
enforcement agencies or cooperating with law enforcement, especially
when circumstances bear indicia of potential or suspected wrongdoing,
they may be threatening to take adverse action against those employees
for reporting suspected violations of Federal consumer financial law to
the CFPB or other regulators. Thus, covered persons who impose these
types of agreements on their employees risk violating the prohibition
on discrimination against whistleblowers contained in section 1057 of
the CFPA.
About Consumer Financial Protection Circulars
Consumer Financial Protection Circulars are issued to all parties
with authority to enforce Federal consumer financial law. The CFPB is
the principal Federal regulator responsible for administering Federal
consumer financial law, see 12 U.S.C. 5511, including the Consumer
Financial
[[Page 65174]]
Protection Act's prohibition on unfair, deceptive, and abusive acts or
practices, 12 U.S.C. 5536(a)(1)(B), and 18 other ``enumerated consumer
laws,'' 12 U.S.C. 5481(12). However, these laws are also enforced by
State attorneys general and State regulators, 12 U.S.C. 5552, and
prudential regulators including the Federal Deposit Insurance
Corporation, the Office of the Comptroller of the Currency, the Board
of Governors of the Federal Reserve System, and the National Credit
Union Administration. See, e.g., 12 U.S.C. 5516(d), 5581(c)(2)
(exclusive enforcement authority for banks and credit unions with $10
billion or less in assets). Some Federal consumer financial laws are
also enforceable by other Federal agencies, including the Department of
Justice and the Federal Trade Commission, the Farm Credit
Administration, the Department of Transportation, and the Department of
Agriculture. In addition, some of these laws provide for private
enforcement.
Consumer Financial Protection Circulars are intended to promote
consistency in approach across the various enforcement agencies and
parties, pursuant to the CFPB's statutory objective to ensure Federal
consumer financial law is enforced consistently. 12 U.S.C. 5511(b)(4).
Consumer Financial Protection Circulars are also intended to
provide transparency to partner agencies regarding the CFPB's intended
approach when cooperating in enforcement actions. See, e.g., 12 U.S.C.
5552(b) (consultation with CFPB by State attorneys general and
regulators); 12 U.S.C. 5562(a) (joint investigatory work between CFPB
and other agencies).
Consumer Financial Protection Circulars are general statements of
policy under the Administrative Procedure Act. 5 U.S.C. 553(b). They
provide background information about applicable law, articulate
considerations relevant to the Bureau's exercise of its authorities,
and, in the interest of maintaining consistency, advise other parties
with authority to enforce Federal consumer financial law. They do not
restrict the Bureau's exercise of its authorities, impose any legal
requirements on external parties, or create or confer any rights on
external parties that could be enforceable in any administrative or
civil proceeding. The CFPB Director is instructing CFPB staff as
described herein, and the CFPB will then make final decisions on
individual matters based on an assessment of the factual record,
applicable law, and factors relevant to prosecutorial discretion.
Rohit Chopra,
Director, Consumer Financial Protection Bureau.
[FR Doc. 2024-17539 Filed 8-8-24; 8:45 am]
BILLING CODE 4810-AM-P
