CFPB Warns That Confidentiality Agreements May Violate Employee Whistleblower Protections
On July 24, 2024, the Consumer Financial Protection Bureau (CFPB) issued a circular explaining that confidentiality or nondisclosure agreements may chill whistleblowing activity and therefore violate the CFPB’s whistleblower protection statute in certain circumstances – Section 1057 of the Consumer Financial Protection Act of 2010 (CFPA), 12 USC § 5567. While acknowledging that confidentiality agreements are commonplace and may be legitimately used to safeguard trade secrets and sensitive employee or customer information, the circular warns employers that these agreements can constitute impermissible threats against employees. The circular highlights risks of prohibited explicit and implicit threats against the employee on the basis of not only the verbiage in the agreement, but also the context of and manner in which the agreement is presented to the employee.
CFPB sees potential for violations in the content and context of confidentiality agreements
The CFPA prohibits providers of financial services and their service providers from discriminating against employees for engaging in whistleblower activity related to a violation or a suspected violation of a federal financial consumer law.
The statutory prohibition encompasses termination or discrimination against an employee for: “(1) providing or being about to provide information to the employer, the CFPB, or any other state, local, or federal government authority or law enforcement agency relating to a violation of, or any act or omission that the employee reasonably believes to be a violation of, a law subject to the CFPB’s jurisdiction or prescribed by the CFPB; (2) testifying or intending to testify about such a potential violation; (3) objecting to or refusing to participate in any activity, policy, practice, or assigned task that the employee reasonably believes to be such a violation; or (4) filing any lawsuit or instituting any other proceeding under any federal consumer financial law.”
According to the CFPB, broadly worded confidentiality agreements can violate the CFPA where they discriminate against employees for engaging in whistleblower activity. Specifically, the CFPB indicates an employee may perceive language in a confidentiality agreement as a threat where:
- An employee is required to sign an agreement broadly barring the sharing of information with outside parties without an express exception for whistleblowing or participating in an investigation.
- An agreement bars sharing information with outside parties “to the extent permitted by the law,” because the employee may not know the law forbids restrictions on whistleblowing and is only aware of the litigation threat for violating the agreement.
The CFPB also suggests that the circumstances in which an employee signs a confidentiality agreement can impact whether the agreement is permissible. Here, the CFPB posits that an employee’s perceived threat of litigation can be especially high when they are asked to sign a confidentiality agreement during an investigation or immediately after discovering or being made aware of possible misconduct. The CFPB claims that in these circumstances an employee will reasonably believe they are being threatened with a lawsuit or will face some other form of punishment for divulging what the employee knows about the suspected wrongdoing. Irrespective of whether the company intends to or does file suit against the employee for whistleblowing, according to the CFPB’s circular, this “threat” of litigation via the confidentiality agreement violates the CFPA.
CFPB joins other federal financial regulators in highlighting whistleblower protections
The CFPB’s circular is the latest in a collection of federal agencies’ efforts to strengthen whistleblower protections by scrutinizing confidentiality agreements. In 2017, the Commodity Futures Trading Commission (CFTC) promulgated Rule 165.19(b), which prevents confidentiality agreements from being enforced or employers threatening to enforce confidentiality agreements against employees who communicate with CFTC staff about possible violations of the Commodity Exchange Act. In June 2024, the CFTC issued an order in a first-of-its-kind enforcement action under the rule after a commodities merchant allegedly required employees to enter into confidentiality agreements that did not explicitly inform employees of their right to freely communicate with law enforcement and regulators.
In June 2023, the Federal Trade Commission (FTC) issued guidance clarifying how contractual provisions – including those requiring confidentiality – are unenforceable if the provision prevents an individual from speaking freely with FTC staff or requires the individual to disclose their communications with FTC staff to an investigation’s target.
Finally, the Securities and Exchange Commission (SEC) Rule 21F-17 prohibits any person from impeding another person from communicating with SEC staff about possible securities laws violations by enforcing or threatening to enforce a confidentiality agreement. In September 2023, the SEC settled charges for $10 million against an investment firm accused of violating Rule 21F-17 by requiring new employees to sign confidentiality agreements that prevented them from disclosing confidential information to anyone outside the firm unless authorized by the firm or required by law.
Looking ahead
In announcing the circular, CFPB Director Rohit Chopra noted that the law enforcement community relies on whistleblower tips to identify potential misconduct and cautioned industry against deploying nondisclosure agreements to deter whistleblowers from coming forward to law enforcement. Notably, the circular focuses as much on the intent behind the confidentiality agreement as it does the employee’s perception of it, and serves as a reminder that both the language and context of such agreements need to be analyzed. The CFPB previously encouraged technology workers at financial institutions to come forward with concerns about the deployment of advanced technologies in the industry, including with respect to the deployment of artificial intelligence. The CFPB and various other federal agencies have relied on whistleblowers and former employees over the years as key contributors and fact witnesses in their investigative processes, and this circular signals the continued view of the important role they play in identifying potential violations of law.
This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.