Blogs > Biz Law Blog

Armored to the Brink: SEC Finds Security Company’s Confidentiality Agreement Illegal

On Wednesday, June 22, 2022, the U.S. Securities and Exchange Commission (“SEC”) issued an Order Instituting Cease-And-Desist Proceedings against the Brinks Company, a Virginia corporation headquartered in Richmond, Virginia, which (the Order recites) “provides cash transit and money processing services worldwide,” and whose shares are traded on the New York Stock Exchange. By 2015, and continuing through April 2019, Brinks required new employees to sign a Confidentiality Agreement that prohibited them from disclosing “Confidential Information,” as broadly defined in the Agreement, to “any third party without the prior written authorization of a Brinks, Inc., executive officer.” Indeed, on April 10, 2015, the other “Main Office” of Brinks, in Dallas, Texas, which dealt with employment matters for rank-and-file employees, adopted an amended Confidentiality Agreement adding a “provision imposing a $75,000 liquidated damages liability, together with payment of Brinks’ attorney’s fees and costs, on any employee found to have violated the Confidentiality Agreement.”

On Aug. 12, 2011, the SEC promulgated Rule 21F-17 under the Securities Exchange Act of 1934, as amended, to implement the mandate in the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 that required the SEC to adopt rules to facilitate whistleblowers in reporting possible violations of the securities laws to the SEC. Rule 21F-17 “prohibits any person from taking any action to impede an individual from communicating directly with the Commission.” Beginning in April 2015, the SEC brought enforcement actions against public companies for use of restrictions in confidentiality agreements that might impede communication to the Commission. After its first enforcement action for violating the Rule, the SEC, from 2016 through early 2017, brought eight other enforcement actions for violation of Rule 21F-17.

The Order notes that Brinks regularly received updates, from 2015, from its outside counsel pointing to the possible legal liability exposure for having a Confidentiality Agreement in violation of Rule 21F-17. In fact, in January 2017, the Richmond, Virginia Headquarters, having received a memorandum from outside counsel about two of the SEC Rule 21F-17 enforcement procedures, modified the Confidentiality Agreement that Brinks executives were required to sign, adding a whistleblower exemption provision. Headquarters promptly informed the Texas “Main Office” of the change, but that office failed to revise the 2015 version of the Confidentiality Agreement which required new rank-and-file employees to sign.   

In April 2019, after becoming aware of the SEC Staff’s investigation of the Brinks Confidentiality Agreement, Brinks finally added a so-called whistleblower carve-out to the confidentiality obligations under the Brinks Agreement. The Order notes that from 2015 to 2019, Brinks hired approximately 2000 to 3000 employees a year, all of whom were required to sign the faulty Confidentiality Agreement. At the very least, Brinks’ management can be characterized as almost willfully blind to legal obligations, although, as the Order makes clear, some of the intransigence seems to have stemmed from Brinks having two “Main Offices” (one in Richmond and the other in Dallas) Each of these had its own General Counsel and in-house legal staff.

In any event, Brinks agreed to cease and desist violating SEC rules and to pay a civil penalty of $400,000. Further, within 60 days EVERY employee or former employee who signed either of the violative Confidentiality Agreements (the pre-2017 version in Richmond or the pre-April 2019 version in Dallas) would be provided with a copy of the SEC Order together with an explanatory statement that the current or former employee is permitted to communicate with the SEC without Brinks’ notice to or approval, and that the employee was permitted to accept a whistleblower award if the SEC issued it. Further, Brinks must submit certification of compliance, including “written evidence of compliance in the form of a narrative, supported by exhibits sufficient to demonstrate compliance.”

It is noteworthy that the Order includes, as a required Brinks undertaking, the full text of the whistleblower exemption used by Brinks after May 2019. The Brinks settlement evoked from Commissioner Hester Peirce a separate June 22 Statement. Although she concurred in the Brinks settlement, she renewed her warning about the scope of the SEC’s authority under Rule 21F-17.  As she had noted in an April 12, 2022, Statement involving NS8, Inc., the Commission’s authority applies only to efforts to interfere with communications with the SEC concerning possible securities law violations. As in NS8, Inc., Brinks amended its Confidentiality Agreement to bar the company from interfering with an employee’s ability to “file a charge or complaint with the Securities Exchange Commission or any other federal, state, or local governmental regulatory or law enforcement agency.” One suspects that a company in a position like Brinks’ strove in its corrective action to be, as the old detergent commercial claimed, “whiter than white.” As Commissioner Peirce points out, the SEC does NOT have the power to require that broad a “whistleblower” exemption.

Probably the most important lesson to be gleaned from this matter is the importance of paying attention to legal counsel’s guidance.

If you have any questions concerning this post or any related matter, please feel free to contact me at