The Securities and Exchange Commission has opened a new front in the war against pre-taliation clauses in corporate contracts, imposing an $18 million penalty on JP Morgan Securities for including pre-taliation clauses in confidential settlements with customers.
The SEC announced the enforcement action on Monday, faulting JPMorgan for asking clients to sign confidential release agreements if they had been issued a credit or settlement from the firm of more than $1,000. Even though the agreements allowed clients to respond to SEC inquiries, they did not permit clients to contact the SEC voluntarily.
That, the SEC said, qualifies as pre-taliation.
“Investors, whether retail or otherwise, must be free to report complaints to the SEC without any interference,” Corey Schuster, co-chief of the Asset Management Unit in the SEC Division of Enforcement, said in a press release. “Those drafting or using confidentiality agreements need to ensure that they do not include provisions that impede potential whistleblowers.”
SEC enforcement against pre-taliation is not exactly news, since the agency has been filing such cases since 2016 — but until now, those enforcement actions have always been about companies using pre-taliation clauses in contracts with employees . Now we have our first case over pre-taliation against customers — and it came with the biggest pre-taliation fine we’ve ever seen, to boot.
“Whether it’s in your employment contracts, settlement agreements or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing,” said Gurbir Grewal, director of the Enforcement Division.
Without admitting or denying the SEC’s findings, JPMorgan agreed to be censured, to cease and desist from violating the whistleblower protection rule, and to pay the $18 million civil penalty.
Pre-taliation as Recently as Last July
As described in the SEC settlement order, the problematic language was used in confidential releases from 2020 until July 2023. Some of the language was standard fare, such as the customer promising not to sue JP Morgan for the dispute being settled, and JPMorgan warning that it retained the right to sue the customer if that customer violated the terms of the release.
OK, so far, so boring. Then came the part that got the SEC enforcement attorneys riled up:
The customer “shall keep this agreement confidential and not use or disclose (including but not limited to, media statements, social media, or otherwise) the allegations, facts, contentions, liability, damages, or other information relating in any way to the account, including but not limited to, the existence or terms of this Agreement … Notwithstanding, [the customer and his or her counsel] are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization, or as required by law.”
That language, without any suggestion that the customer could approach the SEC voluntarily, qualifies as a violation of Rule 21F-17(a), which prohibits companies from taking any action to impede a person from communicating directly with SEC about possible securities law violations.
The SEC says that from 2020 to July 2023, at least 362 JPMS clients signed one of those confidential releases, in exchange for payments ranging from $1,000 to $165,000. It’s not clear that JPMorgan ever actually enforced any of the pre-taliation agreements, and in at least a few cases JPMorgan even voluntarily self-reported its disputes with customers to FINRA (the regulator for broker-dealers) anyway.
Once the SEC began investigating the pre-taliation agreements, JPMorgan added language to clarify that customers could always report to the SEC if they so choose, and sent communications to all customers who had already signed the releases emphasizing that same point.
Lessons for the Rest of Us
I mean, the lesson here is pretty simple: the SEC views pre-taliation risk as expansively as possible, so companies need to think hard about how pre-taliation might exist within your business contracts and then fix those problematic clauses, pronto.
A good example of what that remediation might look like comes from real estate firm CBRE, which settled its own pre-taliation case last year with a $1.4 million fine. That case did involve employee severance agreements rather than settlements with customers, but consider the remediation CBRE undertook and which was praised by the SEC:
- Within one month of learning about the SEC investigation, revising all its U.S. severance agreement templates to assure compliance; followed by an audit of similar agreements worldwide, reviewing some 300 templates used by CBRE affiliates in 54 countries.
- Updating the CBRE Code of Conduct to add new language against pre-taliation.
- Training more than 50 members of the compliance team globally on the Rule 21F-17 language added to all relevant templates;
- Undertaking a mandatory re-certification process, where more than 100,000 employees worldwide certified that they had reviewed the updated Code of Conduct, and attested to their understanding that they were always free to bring concerns to regulators without any advanced notice to CBRE.
The first three of those four bullet points could fit just as easily to contracts with customers as to contracts with employees. Audits, standardized templates, training, policy language — those are good, effective steps regardless of the contract’s counter-party.
The other notable point here is that $18 million penalty, easily the largest pre-taliation penalty we’ve ever seen. Last October the SEC had imposed a $10 million penalty against financial firm D.E. Shaw for pre-taliation language it used in employee severance agreements as recently as 2023; until then, all prior pre-taliation enforcement actions had penalties ranging from a few hundred thousand to just above $1 million.
All those prior cases, however, were for old cases, where the pre-taliation clauses were used in the 2010s or earlier. D.E. Shaw and JPMorgan both had pre-taliation trouble as recently as 2023 — when every large company should already have known that pre-taliation clauses were a real sore point with the agency, and should already have implemented relatively straightforward fixes to end the problem.