CFPB Issues Guidance on Whistleblower Rights Under the Consumer Financial Protection Act

The Consumer Financial Protection Bureau recently released guidance warning that overly broad confidentiality agreements with employees may violate Section 1057 of the Consumer Financial Protection Act, because the use of such agreements may constitute prohibited discrimination against employees who have, or could, engage in whistleblowing.

* * *

On July 24, 2024, the Consumer Financial Protection Bureau ("CFPB") issued Circular 2024-04, which provides that confidentiality agreements issued by "covered persons" should not:

• "[L]imit the ability of employees to communicate with government enforcement agencies or speak freely with investigators";
• Imply "that the employer may file a lawsuit or reserve[] the right to take adverse employment action upon the employee's violation of the agreement," such that "an employee may interpret such conditions as threats to retaliate for engaging in whistleblowing activity"; or
• Impose confidentiality terms "in situations that are particularly likely to lead a reasonable employee to perceive the required entry into the agreement as a threat, such as in the context of an internal investigation or other scenario involving potential violations of law-for example, after the uncovering of suspected or confirmed wrongdoing, or in the aftermath of a potentially embarrassing episode for a company."

The Consumer Financial Protection Act defines "covered persons" as those who offer or provide a consumer financial product or service, and certain of their affiliates.

In support of this directive, the CFPB relied on Section 1057, an anti-retaliation statute that prohibits "terminat[ing] or in any other way discriminat[ing] against" covered employees who have (i) provided, or will provide, "information to the employer, the [CFPB], or any other State, local, or Federal, government authority or law enforcement agency relating to any violation of, or any act or omission that the employee reasonably believes to be a violation of" the laws subject to the CFPB's jurisdiction; (ii) testified, or will testify, "in any proceeding" related to alleged violations of the Consumer Financial Protection Act or the CFPB's rules; (iii) initiated a proceeding "under any Federal consumer financial law"; or (iv) objected to or refused to participate in an activity the employee "reasonably believed to be in violation of any law, rule, order, standard, or prohibition" enforceable by the CFPB.

In relying on this statute, the CFPB reasoned in part that the use of the term "discriminate" in the statute "is broad and encompasses a variety of adverse actions that a covered person may take against covered employees." Notably, the Circular states that an agreement that permits the sharing of information "to the extent permitted by law" may technically permit whistleblowing, but still may "threaten[]" an employee "who may not know that the law forbids restrictions on whistleblowing." The Circular advises employers that they "can significantly reduce the risk of this kind of perception-and thus of violating Section 1057-by ensuring that [their] agreements expressly permit employees to communicate freely with government enforcement agencies and to cooperate in government investigations."

The Circular follows increased enforcement activity by the CFTC and SEC in connection with employment agreements that impeded whistleblowing. Our blog post addressing the first CFTC enforcement action under the CFTC whistleblower protection rule is available here, and our recent discussion of SEC enforcement activity under its whistleblower protection rule is available here.