On January 16, the Securities and Exchange Commission (SEC) announced an $18 million settlement order (Order) with J.P. Morgan Securities LLC (JPMS) that finds that the language of release agreements JPMS entered into with clients violated the Securities and Exchange Act of 1934 (Exchange Act) Rule 21F-17(a)–a rule designed to protect potential whistleblowers. The Order serves as a reminder to investment advisers and broker-dealers to ensure client and employee agreements do not contain language that could be interpreted to impede a person’s ability to report matters to the SEC. Confidentiality provisions in client and employee agreements should explicitly exclude communications to governmental and/or regulatory authorities.  

Rule 21F-17(a)

The sole violation stated in the Order is for a violation of Exchange Act Rule 21F-17(a). The rule provides that: 

No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement (other than agreements dealing with information covered by § 240.21F–4(b)(4)(i) and § 240.21F–4(b)(4)(ii) of this chapter related to the legal representation of a client) with respect to such communications.

That rule is intended to “encourag[e] individuals to report to the Commission.” Securities Whistleblower Incentives and Protections Adopting Release, Release No. 34-63434 (June 13, 2011).  

JPMS’ Alleged Violations

JPMS is a New York-based dual registered investment adviser and broker-dealer. As part of its regular business, JPMS offers settlements and credits to client accounts. In paying out credits and/or settlements, JPMS typically requested that clients receiving over $1,000 sign a release. Between 2020 and 2023, at least 362 clients signed a release with JPMS. 

The language of the release that JPMS used during this time included a confidentiality provision that permitted enforcement through “injunctive relief and monetary damages.” In addition, the release included the following language:

[JPMS client] shall keep this Agreement confidential and not use or disclose (including but not limited to, media statements, social media, or otherwise) the allegations, facts, contentions, liability, damages, or other information relating in any way to the Account, including but not limited to, the existence or terms of this Agreement . . . . Notwithstanding, [JPMS client] and [JPMS client’s] attorneys are neither prohibited nor restricted from responding to any inquiry about this settlement or its underlying facts by FINRA, the SEC, or any other government entity or self-regulatory organization, or as required by law.

The SEC found that this language “prohibited clients from affirmatively reporting to the Commission staff in violation of Rule 21F-17(a).” The SEC also held that JPMS’ separate reporting of some of the disputes covered by the releases to the Financial Industry Regulatory Authority (FINRA) did “not in any way mitigate the language in the Release that impeded clients from reporting potential securities law violations to the Commission.”  


There are four points from the Order that bear emphasis. 

First, an investment adviser/broker-dealer need not seek to enforce a confidentiality agreement to be subject to liability under Rule 21F-17(a). In the JPMS matter, the Order did not indicate that JPMS ever tried to enforce the language of its client releases to prevent a client from reporting a matter to the SEC. Instead, the SEC deemed JPMS in violation of Rule 21F-17(a) simply because it asked its clients to enter into a release that contained an (ordinarily) unremarkable confidentiality provision. 

Second, it did not matter that JPMS’ release was neutral with respect to reporting securities laws violations. As discussed, the language of Rule 21F-17(a) prevents “a person” from taking any action to “impede an individual from communicating directly with the Commission staff about a possible securities law violation.” Here, however, the language of the releases that JPMS asked clients to enter into appears to have been generic and the Order does not say that the settlements/credits JPMS offered to clients were actually related to securities laws violations by JPMS. The SEC’s view therefore appears to be that generic confidentiality restrictions alone are enough to subject a regulated entity to a violation of Rule 21F-17(a). 

Third, the exception in JPMS’ client releases that permitted clients to respond to any inquiry “by FINRA, the SEC, or any other government entity or self-regulatory organization, or as required by law” did not save the confidentiality provision from violating Rule 21F-17(a). The SEC’s view, as set forth in the Order, is that Rule 21F-17(a) requires that individuals be free to report directly to the SEC (and other regulators) without having to first be contacted by the regulator. 

Fourth, and most important, the Order itself provides a practical solution that allows investment advisers and broker-dealers to preserve confidentiality while ensuring compliance with Rule 21F-17(a). In the Order, the SEC acknowledged JPMS’ remedial efforts, which included revising its releases to include language “affirmatively advising clients that they are not prohibited from disclosing information to any government or regulatory authority.” Thus, the inclusion of similar language in client and employee agreements should bring such agreements into compliance with Rule 21F-17(a)  

Next Steps

For further information, guidance, and clarity on how advisers and broker-dealers can approach and tailor their client and employee agreements related to Rule 21F-17(a), please contact the authors or reach out directly to your regular Lowenstein Sandler contact.