CFPB Warns Against Intimidating Potential Whistleblowers with Broad NDAs

The Consumer Financial Protection Bureau (CFPB) has issued a warning to companies against using broad nondisclosure agreements (NDAs) to intimidate potential whistleblowers and prevent misconduct from being exposed. "Companies should not censor or muzzle employees through [NDAs] that deter whistleblowers from coming forward to law enforcement," said Rohit Chopra, CFPB director, in a press release on Wednesday.

In a related circular, the CFPB highlighted that while NDAs or confidentiality agreements often state they allow information sharing with third parties "to the extent permitted by law," they can still create a chilling effect. Employees may fear the repercussions of violating these NDAs, thereby deterring whistleblowing.

The CFPB referenced a recent lawsuit filed by the U.S. Department of Labor (DOL) in the U.S. District Court for the Eastern District of New York against Virginia-based IT staffing agency Smoothstack and its co-founder Boris Kuiper. The DOL alleges that Smoothstack exploited workers through practices resembling modern-day indentured servitude. According to a DOL press release on July 10, Smoothstack allegedly forced workers to stay in their jobs by imposing hefty financial penalties for leaving and used NDAs and confidentiality agreements to prohibit protected whistleblowing activities.

Kuiper, in an emailed statement, denied the lawsuit’s claims, asserting that the company "intends to vigorously defend itself in court." He added, "The company is fully compliant with all state and federal employment laws, and our employees are expected to record every hour they work. … Furthermore, we have never retaliated against an employee and reject that bald allegation."

The CFPB also cited a 2015 case involving Houston-based global technology and engineering firm KBR. The company agreed to a $130,000 settlement with the Securities and Exchange Commission (SEC) after allegedly stifling whistleblowers through confidentiality agreements. These agreements warned employees they could face disciplinary actions, including possible termination, if they discussed certain internal investigation matters with outside parties without the company's legal department’s prior approval.

More recently, the SEC has been intensifying its crackdown on companies with employee agreements containing illegally restrictive language. This includes an $18 million fine against JPMorgan Chase in January and a $10 million fine against investment firm D.E. Shaw & Co. in September.

Additionally, on July 1, anonymous employees of OpenAI sent a letter to SEC Chair Gary Gensler, alleging that the company’s NDAs "prohibited and discouraged" them from reporting securities law violations to federal regulators.

By fLEXI tEAM