On July 24, 2024, the Consumer Financial Protection Bureau (CFPB) issued guidance putting financial regulators and employers on notice that requiring employees to sign broad confidentiality or nondisclosure agreements that arguably deter employees from reporting alleged misconduct to federal watchdogs or from engaging in other whistleblower activity may violate federal whistleblower protections.

Quick Hits

• The CFPB published a circular warning employers that the use of broadly worded confidentiality and nondisclosure agreements carries the risk of violating federal whistleblower laws.
• The CFPB noted that confidentiality and nondisclosure agreements may have “legitimate purposes” but may also contain verbiage that unlawfully deters employees from reporting misconduct to authorities or cooperating with investigations.
• The CFPB is the latest federal agency to indicate concerns with confidentiality and nondisclosure agreements and whistleblower protections.

In a news release accompanying Consumer Financial Protection Circular 2024-04, the CFPB clarified its view that confidentiality agreements or restrictive covenants “may intimidate employees from disclosing misconduct or cooperating with investigations” and thereby “impede investigations and potentially violate federal whistleblower protections.”

The circular, which is meant to promote consistent enforcement of federal financial laws, comes as several federal agencies, including the U.S. Department of Justice (DOJ), the U.S. Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC), have stepped up enforcement of their whistleblower programs, many established by the Dodd-Frank Wall Street Reform and Consumer Protection Act in the wake of the 2008 financial crisis.

“The law enforcement community uncovers serious wrongdoing by financial firms through whistleblower tips,” CFPB Director Rohit Chopra said in the news release. “Companies should not censor or muzzle employees through nondisclosure agreements that deter whistleblowers from coming forward to law enforcement.”

Whistleblower Protections

Federal agencies have brought several enforcement actions against the use of confidentiality and nondisclosure agreements (NDAs) in recent years. Recently, in June 2024, the CFTC fined a commodities trader $55 million in its first-ever enforcement action under its seven-year-old rule prohibiting companies from impeding employees from reporting potential violations of the Commodity Exchange Act (CEA) and CFTC regulations. Similarly, the SEC, in January 2024, fined an investment firm $10 million, alleging it violated whistleblower protections in Section 21F-17(a) of the Securities Exchange Act of 1934 by making employees sign agreements with confidentiality and nondisclosure provisions that did not include express exceptions allowing the reporting of potential securities violations to the SEC.

In its recent circular, the CFPB stated that confidentiality agreements or NDAs may violate Section 1057 of the Consumer Financial Protection Act (CFPA), which establishes a whistleblower program prohibiting employers from suing, threatening to sue, or threatening to take some adverse action against employees for engaging in whistleblower activity.

Specifically, Section 1057 prohibits employers from discharging or otherwise discriminating against covered employees for (1) providing information to the CFPB related to a potential violation of federal law under the CFPB’s jurisdiction, (2) testifying about a potential violation, (3) refusing to participate in activity that the employee reasonably believes to be a violation, or (4) filing a lawsuit or legal proceeding under federal consumer financial laws.

Confidentiality Agreements

The CFPB noted that confidentiality agreements may have “legitimate purposes,” such as protecting employer confidential trade secrets. However, the CFPB warned that the way in which such agreements “are worded and the context in which they are employed could lead an employee to reasonably believe that they would be sued or subject to other adverse actions if they disclosed information related to suspected violations of federal consumer financial law to government investigators.” According to the CFPB, employer use of such agreements may violate the whistleblower protections of Section 1057.

Lawsuit Threats

Specifically, the CFPB stated agreements providing “that the employer may file a lawsuit or reserve[] the right to take adverse employment action” upon violation of the agreement create a “heightened” risk that reasonable employees will interpret the agreement as a threat. “Depending on the circumstances, an employee may interpret such conditions as threats to retaliate for engaging in whistleblowing activity,” the CFPB said.

Circumstances of Intimidation

The CFPB further noted that the circumstances or context under which employees are required to sign confidentiality agreements may further create an additional risk of violating Section 1057. An employee who is asked to sign an agreement during an internal investigation or after being made aware of potential misconduct is “particularly likely … to perceive the required entry into the agreement as a threat,” the CFPB stated. “Indeed, the employee reasonably may not fathom any other reason for why they are being made to sign the agreement beyond that the employer is threatening to sue or otherwise punish the employee for engaging in whistleblowing,” the CFPB stated.

Express Exceptions

The CFPB said agreements “with no acknowledgment of and exception for the exercise of whistleblower rights” risk violating Section 1057. Moreover, the CFPB stated that even agreements that forbid the sharing of information only “to the extent permitted by law” (emphasis added) may still unlawfully impede whistleblower activity. The agency reasoned that employees may not understand federal whistleblower protections and may therefore interpret the potential consequences of an adverse employment action “to bar” providing information to law enforcement agencies or cooperating with government investigations. “An employer can significantly reduce the risk of this kind of perception … by ensuring that its agreements expressly permit employees to communicate freely with government enforcement agencies and to cooperate in government investigations,” the CFPB said in the circular.

Next Steps

The CFPB circular puts employers on notice of the agency’s interpretation of whistleblower protections and enforcement priorities and suggests that regulators scrutinize whether employment confidentiality agreements and NDAs arguably dissuade or impede employees from reporting misconduct to authorities or cooperating with investigations. Employers, particularly regulated financial firms, may want to consider reviewing the wording of their confidentiality agreements and NDAs and the context in which they are signed, utilized, and enforced.