Running a legal department at a financial services company has been a lot like the popular game Whac-A-Mole—as soon as one of those pesky complaint letters rears its head, whack it as hard as possible, perhaps with a small amount of money, and make sure the mole never appears again. However, an important part of that strategy now may be forced out of the financial services playbook.

If a financial services company happens to be a member of the Financial Industry Regulatory Authority, or FINRA, it simply has been able to insert a confidentiality clause in a settlement agreement with a wronged client. The confidentiality clause is designed to buy peace and quiet, keeping the client silenced. The traditional confidentiality agreement even enjoys FINRA’s blessing.

That blessing was a 2004 notice from FINRA to its members, advising that confidentiality agreements are acceptable, provided that clients are allowed to speak with the Securities Exchange Commission or other regulators, but only upon inquiry. In other words, confidentiality agreements are intended to preclude the wronged client from initiating communications with regulators. The only way the client can speak with the regulators is if the regulators come knocking first. Well, that world may soon be changing.

On July 21, 2010, President Obama signed into law the Dodd-Frank Wall Street Reform and Consumer Protection Act. One of the main purposes of the act was “to protect consumers from abusive financial services practices.” One feature of the act, section 922, is the SEC’s whistleblower program. Pursuant to the program, when an individual brings to the SEC’s attention a matter that results in sanctions in excess of $1 million, the individual can receive an award.

On Oct. 1, 2013, the SEC announced that it would be paying more than $14 million to a single whistleblower. In 2013 alone, the SEC received more than 3,000 whistleblower claims. For that same fiscal year, there were 118 “covered actions,” meaning actions in which sanctions exceeding $1 million were assessed, and whistleblowers were potentially entitled to awards. For fiscal year 2013, the SEC issued awards to four whistleblowers, paying out a total exceeding $14.8 million.

The SEC’s whistleblower program spells the potential demise or limitation of confidentiality clauses contained in settlement agreements between FINRA member firms and their clients. Section 922 of the Dodd-Frank Act gave the SEC the authority to issue rules governing the whistleblower program. One of those rules, Section 240.21F-17, is titled, “Staff Communications with Individuals Reporting Possible Securities Law Violations.”

This rule provides:

“No person may take any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications.”

The mere insertion of a broad confidentiality provision in a settlement agreement may alone constitute an “action to impede” one from reporting a violation. As the result of SEC Rule 21F-17, any confidentiality agreement between a FINRA member firm and a client may be void if it does not expressly allow the client to report a whistleblower claim to the SEC. Clients of FINRA member firms should feel free, notwithstanding having signed confidentiality agreements, to contact the SEC as potential whistleblowers. The wronged client can no longer be silenced.

In order for the SEC to protect consumers from abusive financial services practices, the SEC must have access to the information in the control of the putative victim. The client, or victim, must feel free to bring to the SEC’s attention any evidence that the client believes reflects a securities law violation.