Hold everything, compliance officers. The Securities and Exchange Commission just dropped its biggest pre-taliation enforcement action ever, a $10 million punch to financial services firm D.E. Shaw for problematic language in employment agreements that the company used all the way into this year.
The enforcement action, announced Friday, is far, far larger than any other pre-taliation case we’ve ever seen. Either D.E. Shaw did something particularly egregious to draw the SEC’s wrath, or the SEC has stepped up its attention to pre-taliation, or both — and since whistleblowing policies are a core responsibility for ethics and compliance officers, this case demands a close look.
Let’s begin with the findings spelled out in the SEC’s settlement order, which (as usual) D.E. Shaw neither confirms nor denies.
The problematic employee agreements existed at least as far back as 2011, and came in two forms. First were standard employment contracts given to all new hires. Those contracts barred employees from disclosing confidential information to any outside party without prior authorization, “except as may be required by any applicable law or by order of a court of competent jurisdiction, a regulatory or self-regulatory body, or a governmental body.”
Let’s pause right there. That language does not get D.E. Shaw off the pre-taliation hook, because the crucial words in that exception clause are “as may be required” and “by order” of a court or regulatory body. In other words, an employee could only breach the confidentiality clause when ordered to do so; he or she could not voluntarily report confidential information to regulators, which is the essence of whistleblowing.
In addition to those problematic employment contracts, D.E. Shaw also had problematic severance agreements. Those agreements only covered a smaller number of employees, but the employee had to certify that:
The employee has not made, filed or lodged any complaints, charges, or lawsuits or otherwise directly or indirectly commenced any proceeding against any member of the D. E. Shaw Group and/or any covered persons and entities with any governmental agency, department, or official…
So if the employee wanted to collect any deferred compensation or other severance awards, he or she had to certify that they never brought any whistleblower complaints to regulators. In some instances, the deferred compensation in question was worth millions of dollars.
Clean-Up Actions, Kinda Sorta
In 2017, after the SEC launched its first pre-taliation enforcement wave and companies suddenly realized this was a thing, D.E. Shaw did circulate an email to all employees clarifying that oh, hey, of course you can always bring issues directly to regulators without telling us. The relevant text:
Nothing in any D. E. Shaw group employment agreement, confidentiality agreement, or any other firm policy or agreement shall prohibit an employee from communicating directly with … any regulator or any other national, federal, state or local governmental agencies or commissions regarding possible violations of law or regulation, without disclosure to the D. E. Shaw group.
At the same time, the company also amended its internal reporting policy, Code of Ethics, and employee handbook to include substantially similar language; and employees had to acknowledge receiving and reading the internal reporting policy and Code of Ethics every year.
The problem? D.E. Shaw never amended the problematic language in its employment contracts. The pre-taliatory language in the standard employment contracts wasn’t dropped until 2019, and the language in the severance agreements wasn’t dropped until June 2023 (yes, four months ago), after the SEC had already begun investigating the company.
We also have one cryptic line in the settlement order that the SEC “is aware of one former employee who was initially discouraged from communicating with Commission staff about potential violations of securities law” due to the pre-taliatory language in the employee’s severance agreement.
We don’t know whether that means a D.E. Shaw supervisor expressly warned the departing employee not to speak up; or whether the SEC found the former employee by some other means and that person at first worried that talking might jeopardize his severance pay; or whether some other circumstance was at work here.
Regardless, SEC pre-taliation cases almost never mention that those clauses ended up intimidating a whistleblower. That was, however, the case here; and it includes a huge (by pre-taliation standards, at least) monetary penalty. Hmmm.
D.E. Shaw finally excised the pre-taliatory clauses from its employment contracts in 2019. It didn’t do the same for the severance agreements until this June, when it was already under SEC investigation; although the company did start reaching out to former employees in September to notify them that the pre-taliation clauses were now void.
Other Pre-taliation Analysis
Compliance officers have two issues to consider here.
First, as we’ve seen several times in this new wave of pre-taliation enforcement, is a challenge of policy management.
That is, after the first wave of pre-taliation enforcement circa 2017, companies everywhere scrambled to publish an email or adopt a new policy to clarify that employees could always approach regulators without pre-authorization — but those same companies didn’t assure that the new policy was reflected in all relevant documents across the rest of the enterprise. They forgot to update template employee agreements, or updated some templates but not others.
Clearly the SEC is telling us that’s not good enough. Companies need a process to go through all template employment agreements with a fine-tooth comb and update those templates to reflect the whistleblower-supportive language required by the Dodd-Frank Act. You also need a system to find former employees who might have signed problematic agreements in the past, and clarify the speak-up freedoms they have.
Second, even if you have a great policy management system in place, compliance officers need to work more closely with legal and HR teams to disentangle whistleblower rights, confidential information, and non-compete clauses.
That was the problem for D.E. Shaw, really. It defined “confidential information” broadly, and whistleblower protections were caught in a contractual straitjacket.
Specifically, the company defined confidential information as:
…any information that would typically be included in the D.E. Shaw Group’s income statements, including, but not limited to the amount of the D.E. Shaw Group’s revenues, expenses, or net income; [and] information gained in the course of the employee’s employment with the company that could reasonably be expected to [be] deleterious to D.E. Shaw Group if disclosed to third parties.
You can see where that broad definition might make some sense. For example, the company wanted to prevent employees from sharing confidential information with competitors and the media, or using that confidential information to set up their own rival business. It’s reasonable for a company to protect its interests against such threats.
A compliance officer, however, still needs to step into that conversation to assure that whistleblower protection obligations are respected. If you don’t have the authority to participate as those policies are being drafted — well, that’s a speak-up problem unto itself.
Either way, we also have this $10 million penalty. The second-largest penalty in the annals of pre-taliation enforcement happened in 2016, against a company that did use the threat of lost severance pay to keep employees quiet in SEC probes or otherwise hold whistleblowers at bay.
Something about D.E. Shaw irritated the SEC enough for a massive increase in fines. Other compliance officers should take note, and check your employment agreements one more time.