Skip to content

The Integrity Agenda: Pretaliation or 'the risk that isn't going away'

The U.S. Securities and Exchange Commission has been taking enforcement action against “pretaliation” clauses in companies’ employment contracts for years, and by now corporate compliance officers should have a good sense of how to address that risk.

At least, that was the thinking about pretaliation clauses until January, when the SEC opened a new front in its war against pretaliation. Now corporate compliance officers might need to revisit the pretaliation problem all over again.

What happened? On Jan. 16 the SEC imposed an $18 million penalty on JP Morgan Securities for including pretaliation clauses in contracts with customers. It was the agency’s first pretaliation enforcement action for a company’s contracts with a group other than employees — but, given the SEC’s expansive views on the issue, not likely to be the last.


The Integrity Platform

Drive tangible impact with the Integrity Platform, making your people active participants in a journey toward ethical business transformation by engaging them with ethical experiences at all touchpoints.

Learn more

Pretaliation: A Refresher Course

Let’s first review what pretaliation is. The SEC began enforcing against pretaliation in 2016, arguing that whistleblower protection rules under the Dodd-Frank Act prohibited companies from imposing any restrictions on when employees might approach regulators with suspicions of misconduct.

Typically this would be something like a clause in an employment or severance contract, where the company says that as a condition of employment or receiving a severance package, the employee isn’t allowed to make any disparaging comments to any party — including regulators — without first seeking company approval.

That language restricts an employee’s ability to report misconduct to regulators, and hence pretaliation enforcement was born.

From 2016 into the early 2020s, the SEC announced a small but steady string of pretaliation enforcement actions. Usually the fines ranged from several hundred thousand dollars to $1 million, and almost never did the SEC document any instances of a company actually using its pretaliation clauses to punish an employee for speaking up.

In late 2023, things began to change. First the SEC imposed a $10 million penalty against financial firm D.E. Shaw for its use of pretaliation clauses, an amount far larger than anything we’d seen before. Then came the even larger $18 million penalty against JPMorgan, for pretaliation clauses used in settlements with customers.

In the JPMorgan case, JPMorgan routinely asked clients — as recently as mid-2023, years after the SEC began its pretaliation campaign — to sign confidential release agreements if they had been issued a credit or settlement from the firm of more than $1,000. The agreements allowed clients to respond to SEC inquiries, but did not permit clients to contact the SEC voluntarily.

When the JPMorgan sanction was announced, SEC enforcement chief Gurbir Grewal gave this sweeping warning: “Whether it’s in your employment contracts, settlement agreements or elsewhere, you simply cannot include provisions that prevent individuals from contacting the SEC with evidence of wrongdoing.”

So what remediation steps should compliance officers take, given that expansive pretaliation risk?

Training, Policy, and Documentation

The mechanics of remediating your company’s pretaliation risk are rather straightforward:

  1. Search through all the company’s contracts to identify those with problematic language;
  2. Amend that language with some addendum like, “except for reporting misconduct concerns to regulators, of course you can do that whenever you like;” and
  3. Notify anyone who had signed those pretaliatory contracts of the new language and their new freedom.

At an abstract level, that’s all there is to it. In every pretaliation enforcement action the SEC has taken, those were the fundamental steps the offending company undertook.

What the sanction against JPMorgan tells us is that compliance officers must think expansively about pretaliation. The risk is not just with employees; as enforcement chief Grewal said, the risk is with any contract your company strikes with any group.

So compliance officers must work closely with the legal team (and perhaps other groups in the enterprise) to scour your business for any agreements that might include pretaliation language. Then comes the painstaking work of updating those documents and alerting the parties that signed the contracts of the new terms. Update your Code of Conduct and policies to emphasize the freedom to report to regulators. Update training (especially for managers who might draft and sign contracts) that pretaliation isn’t allowed.

There’s also an urgency here. Notice that for years, the penalties for pretaliation enforcement barely scraped $1 million. Then in a matter of months, the penalties jumped to $10 million (D.E. Shaw) and $18 million (JPMorgan). Why?

One telling detail is that in both cases, the companies in question kept using problematic language as recently as 2023 — years after the SEC first put pretaliation risk on everyone’s radar.

So pretaliation risk is not an issue companies can ignore or dismiss as a minor nuisance with small penalties. The SEC wants companies to take pretaliation seriously, and to take it seriously today.

Given the straightforward remediation steps to solve pretaliation, the challenge really is one of imagination and commitment. Compliance officers just need to think as expansively as possible about where and how pretaliation might exist at your enterprise, and then summon the management will to eradicate the risk once and for all.

And the time to do that is now.

Matt Kelly

Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.

Implement a tailored Third-Party Risk Management solution