CFPB Warns Employee Confidentiality Agreements May Violate Whistleblower Protections

The Consumer Financial Protection Bureau (CFPB) recently issued Consumer Financial Protection Circular 2024-04 warning financial institutions that broad employee confidentiality agreements may violate the whistleblower protections under the federal Consumer Financial Protection Act (CFPA) (pdf).

The circular acknowledges that employee confidentiality agreements can serve legitimate purposes, such as protecting confidential trade secrets. But a confidentiality or non-disclosure agreement may be worded or presented in a way that could cause an employee to believe the employer may bring a lawsuit or pursue other adverse action if the employee reports a suspected violation of federal consumer financial law to a federal, state, or local law enforcement agency. This chilling effect is what may constitute a violation of the whistleblower statute, according to the CFPB.

The CFPA: Whistleblower Protection and Enforcement

The CFPA’s whistleblower statute makes it unlawful for a financial institution to terminate or otherwise discriminate against an employee for whistleblowing about a suspected violation of federal consumer financial law. The circular notes that confidentiality agreements may have the effect of making employees reasonably feel they are not free to communicate with government enforcement agencies and investigators about potential violations of federal consumer financial law. The CFPB contends that this frustrates the CFPB’s enforcement authority under the CFPA and its ability protect consumers.

Confidentiality Agreement Problems

The circular states that broadly worded confidentiality agreements risk violating the whistleblower statute based on language giving the employer the right to file a lawsuit or take other adverse employment action upon the employee’s violation of the agreement.

An employee may perceive language in a confidentiality agreement as a threat if:

1. the employee is prohibited from sharing information with outside third parties and there is no express whistleblower exception to this prohibition; or
2. the agreement prohibits the employee from sharing information with outside parties “to the extent permitted by law,” since the employee may not know about the whistleblower protections under the law.

An employee’s perceived threat of a lawsuit or other adverse action can be particularly high under certain circumstances, such as requiring the employee to execute a confidentiality agreement in connection with internal investigations or other scenarios involving the financial institution’s potential violation of law. Under these circumstances, it is reasonable for an employee to perceive entry into the confidentiality agreement as a threat.

Takeaways

The circular reminds regulators and the public that financial institutions that enter into confidentiality agreements that do not clearly permit communications and cooperation with government enforcement agencies risk violating the whistleblower statute.

Financial institutions should prepare for scrutiny of their confidentiality agreements by their regulators. To prepare for such scrutiny, and any potential claims that its confidentiality agreements violate the whistleblower statute, a financial institution should review its employee confidentiality agreements. If necessary, the institution should revise their agreements to include language that expressly permits the employee to engage in communications protected under the whistleblower statute without any threat of a lawsuit or other adverse action by the financial institution.

If you have questions about using confidentiality agreements or would like a review of your existing agreements, please contact Jay Spruill or a member of the Compliance & FinTech team.