For a Florida bank, credit union, broker-dealer, or other financial institution, a harassment complaint is rarely just an HR problem. It is a regulatory event, a reputational event, and increasingly, a public disclosure event. The reflexive instinct, “settle it and seal it,” no longer works the way it once did.
This guide walks through that new reality from beginning to end. It starts with how the landscape changed, builds through the federal, state, and industry-specific rules that now govern NDAs in harassment settlements, and finishes with a practical playbook a Florida financial institution can actually use. By the end, a general counsel, HR director, or chief compliance officer should know what changed, why it matters for banks specifically, and what to do when a complaint lands on a Monday morning.
Part One: How the Landscape Changed
From a Tool of Closure to a Source of Risk
Ten years ago, a workplace harassment matter at a Florida bank typically ended the same way. The institution conducted an investigation, the parties negotiated a settlement, the employee signed a broad release with confidentiality and non-disparagement language, and the matter was closed.
That model has been steadily dismantled. Beginning with the federal Tax Cuts and Jobs Act of 2017 and continuing through the Speak Out Act of 2022, state law revisions, SEC enforcement of whistleblower rule 21F-17, and the Consumer Financial Protection Bureau’s 2024 guidance on Section 1057, the legal value of a broad confidentiality clause has dropped, and the legal risk of one has increased.
In short, the NDA went from a tool that closed a problem to an instrument that can create new ones.
Why Banks Cannot Rely on the Standard Playbook
A retailer, restaurant, or general business can still resolve many harassment claims with traditional confidentiality language and move on. A regulated financial institution often cannot. Three realities make banking different:
First, regulated employees have direct lines to government agencies that ordinary employees do not. SEC tipsters, CFPB whistleblowers, FINRA filers, and OCC complainants all enjoy federal protection that overrides private contract language.
Second, examinations, mergers, licensing reviews, and Form U5 disclosures routinely surface conduct that the parties tried to seal. An NDA that conceals supervisory misconduct can become an exam finding two years later.
Third, the federal regulators themselves are now actively policing NDA drafting in financial-services agreements. The SEC has issued multi-million-dollar penalties for confidentiality language that lacked proper whistleblower carveouts, and the CFPB has warned that broad agreements can themselves constitute retaliation under federal consumer financial law.
The result is that a settlement strategy built for a general employer is the wrong strategy for a bank. The rest of this guide explains what the right strategy looks like.
Part Two: The Rules That Now Apply
The legal framework breaks into three concentric layers: the federal floor, the Florida layer, and the financial-services overlay. Each constrains what a settlement NDA can lawfully say.
Layer One: The Federal Floor
Two federal provisions set a baseline that applies to every Florida employer, including financial institutions.
The Speak Out Act
Signed into law in December 2022, the Speak Out Act makes any predispute nondisclosure or non-disparagement clause judicially unenforceable in a dispute involving sexual assault or sexual harassment. As Jackson Lewis and other commentators have explained, the Act applies only to agreements signed before an allegation arises. A settlement agreement signed after the dispute is on the table is still enforceable. But that means form NDAs in offer letters, handbook acknowledgments, and arbitration policies cannot lawfully silence a future harassment claim.
For background on the kinds of agreements that must be rewritten in light of this rule, see our Florida Confidentiality and Non-Disclosure Agreements and Personnel Policies and Handbooks practice areas.
The 162(q) Tax Penalty
Buried in the 2017 Tax Cuts and Jobs Act, Internal Revenue Code Section 162(q) eliminates federal income tax deductibility for settlements (and related attorneys’ fees) “related to sexual harassment or sexual abuse” if the settlement is subject to a nondisclosure agreement. The IRS clarified that 162(q) does not prohibit NDAs. It simply prices them.
For a Florida bank, that pricing changes the calculus. A $250,000 settlement with confidentiality and $90,000 in legal fees can lose every dollar of federal tax deductibility, while the same settlement without confidentiality is generally deductible. Whether confidentiality is worth that cost depends on the facts, the optics, and what other claims (race, age, disability, retaliation) might be separately settled with deductible confidentiality. Bifurcating claims is delicate work, and it is one of the most expensive places to get the drafting wrong.
Layer Two: The Florida Layer
Florida is sometimes characterized as a light-touch state on NDA restrictions. That is accurate compared to California or New York, but it is not the whole picture.
Senate Bill 866 and Chapter 760
Florida Senate Bill 866 (2019), codified into the Florida Civil Rights Act framework at Chapter 760, prohibits an employer from requiring an employee, as a condition of employment, to sign an NDA that prevents the employee from disclosing or discussing sexual harassment or sexual assault occurring in the workplace. The statute expressly preserves the right to include confidentiality provisions in an actual settlement agreement with the employee alleging harassment. In Florida, the line is drawn at the employment contract, not the settlement contract. For broader context on the underlying claims, see our discussion of Hostile Work Environment Claims and Employer Liability Risks and our Title VII Compliance, Training or Litigation page.
The Sunshine in Litigation Act
Florida’s Sunshine in Litigation Act, § 69.081, Fla. Stat., forbids any order, judgment, or contract that conceals a “public hazard.” A confidentiality agreement that conceals a public hazard is itself void and unenforceable. The public-hazard analysis usually arises in products-liability cases, but its reach is contested in employment settings. The Florida Bar’s analysis of the statute is a useful primer. Where a financial institution faces repeated allegations against the same actor or systemic compliance failures, plaintiffs’ counsel will sometimes argue that broad confidentiality conceals a public hazard. The defensive answer is to draft narrowly.
Florida Restrictive Covenant Doctrine
Florida’s restrictive-covenant statute at § 542.335, Fla. Stat. governs noncompetes, but it also shapes how courts evaluate confidentiality clauses. A clause must protect a legitimate business interest and be reasonable in scope. Sweeping silence clauses are increasingly vulnerable on this reasoning alone.
Layer Three: The Financial-Services Overlay
This is where banks diverge sharply from general employers. Three federal regimes deserve particular attention.
SEC Rule 21F-17
This rule prohibits any action that would impede an employee from communicating directly with the SEC about a potential securities-law violation. Confidentiality agreements that fail to carve out whistleblower communications are themselves an enforcement risk. The SEC has imposed multi-million-dollar penalties on financial firms for that exact drafting failure, including an $18 million fine against J.P. Morgan Securities for language the SEC viewed as obstructive.
CFPB Circular 2024-04 and Section 1057
In Consumer Financial Protection Circular 2024-04, the CFPB warned that broadly worded confidentiality and non-disparagement agreements may themselves constitute unlawful retaliation against an employee for protected whistleblowing under Section 1057 of the Consumer Financial Protection Act. That is a meaningful shift. The agreement, not the enforcement of it, can be the violation.
FDIC and Prudential Oversight
Section 19 of the Federal Deposit Insurance Act and parallel prudential rules govern who can serve as an institution-affiliated party. Misconduct concealed by a private NDA can resurface during examinations, mergers, or background reviews, with consequences for both the institution and the individual.
For Florida banks, then, the central drafting truth is this: confidentiality language that would be permissible at a hotel is not permissible at a bank. The institution’s own regulators may be reading the same agreements the plaintiffs’ bar is. For broader context, see our Banking & Financial Services practice and our State and Federal Regulatory Compliance and Enforcement Defense overview.
Part Three: Putting It Into Practice
Knowing the rules is half the job. Applying them under pressure, with a complaint already in front of you, is the other half. The remainder of this guide is a sequential playbook for what to do when, and how to draft what comes out the other end.
Step One: The First 72 Hours After a Complaint
When a harassment complaint surfaces, the first three days largely determine the cost and trajectory of resolution. The disciplined sequence looks like this:
Preserve
Email, messaging platforms, security footage, badge logs, training records, and HR files should be placed under a litigation hold immediately. For sensitive matters, involve outside counsel through our External and Internal Investigations and Reports team early.
Segregate
Where appropriate, separate the accused from the complainant. Paid administrative leave is often the cleanest interim posture.
Investigate
A documented, prompt, and impartial investigation is the cornerstone of both employer defense and any settlement that follows. Skipping or rushing the investigation is the most common avoidable error.
Escalate Properly
Senior counsel, the audit committee, where appropriate, and the institution’s employment practices liability insurance carrier should be notified consistent with policy and contract. Some EPLI policies impose strict notice and consent deadlines that, if missed, will void coverage. See our Employment Discrimination Insurance practice for more on this point.
Resist the Urge to Solve It With Paper
A settlement reached before the investigation is complete is almost always more expensive, less defensible, and more likely to attract regulatory attention.
For more on the underlying policy infrastructure that makes this response possible, see our recent post on How Strong Internal Policies Reduce Legal and Compliance Risks.
Step Two: Building a Defensible Settlement NDA
If the investigation supports resolution and confidentiality is part of the package, the NDA itself must align with each of the three layers covered above. The following ten-point sequence reflects the drafting patterns most likely to hold up:
1. Make it post-dispute only. Never rely on a preemployment NDA to silence harassment claims. The Speak Out Act will void it.
2. Carve out government and regulator communications. Expressly preserve the employee’s right to file a charge or communicate with the EEOC, the Florida Commission on Human Relations, the SEC, the CFPB, FINRA, OSHA, and any other government or self-regulatory body. For a bank, this is the line between an enforceable contract and a regulatory enforcement action.
3. Carve out whistleblower awards. The SEC and CFPB have taken issue with clauses that limit an employee’s right to receive whistleblower awards. Award rights should never be waivable.
4. Decide whether to take the tax hit. If confidentiality is essential, model the cost of losing the Section 162(q) deduction before pricing the settlement.
5. Limit the scope. Cover the terms of the settlement and the amount paid. Do not try to muzzle the underlying facts in a way that could trigger the Sunshine in Litigation Act or look like obstruction.
6. Permit truthful response to compulsory process. Subpoenas, court orders, and regulatory inquiries must be honored. Saying so explicitly in the agreement avoids fights later.
7. Use mutual, balanced non-disparagement. A balanced clause that exempts truthful statements to government agencies, in legal proceedings, or to the employee’s immediate family and professional advisors usually survives scrutiny. A one-sided gag does not.
8. Address the harasser, not just the institution. A clause that protects the bank while leaving the alleged harasser free to move to another regulated institution is the kind of optics that attracts regulator attention. Consider conditions on continued employment, separation, or referral to licensing bodies as part of the resolution.
9. Document the consideration. Florida courts require adequate consideration for restrictive covenants. Severance, additional payment, or other distinct value should be tied to the confidentiality and release. For drafting guidance, see Severance Agreements: Tips for Ensuring They Are Enforceable and our Severance Agreements service page.
10. Coordinate with insurance. Many EPLI policies require notice and consent before settlement. Settling in violation of the policy can void coverage.
Step Three: Avoiding the Mistakes That Most Often Turn a Private Dispute Into a Public Problem
The errors that most commonly escalate harassment matters at financial institutions are not exotic. They are repetitive:
Recycled preemployment NDAs. Forms drafted before 2022 frequently include unqualified confidentiality of “all disputes.” After the Speak Out Act, those clauses are unenforceable as applied to harassment.
Missing whistleblower carveouts. Banks have learned the hard way that the absence of a carveout is itself a violation. The SEC has reasoned that the chilling effect, not the actual chilling, is the legal injury.
Aggressive non-disparagement. Clauses that prohibit “any negative statement about the company” are increasingly read by regulators, the NLRB, and plaintiffs’ counsel as unlawful gags. Truthful statements to government bodies must be preserved.
Treating the NDA as severable. If the confidentiality clause is unlawful, courts will not always rescue the broader release. Severability provisions help, but they are not bulletproof.
Forgetting about defamation. Institutions sometimes assume that an NDA solves the reputational problem. It does not. A robust defamation strategy is often a better lever than ever-more-aggressive confidentiality.
Ignoring industry-specific disclosure obligations. Form U5 termination disclosures for broker-dealers, fit-and-proper reviews for incoming senior bankers, and SEC public-company disclosure obligations cannot be sidestepped through a private NDA. Drafting around them is, ultimately, drafting against the institution’s own interest.
Step Four: Anticipating Where the Law Is Heading
Two near-term developments should shape every Florida financial institution’s 2026 planning.
First, in January 2026, the EEOC rescinded its Enforcement Guidance on Harassment in the Workplace. The underlying federal antidiscrimination laws are unchanged, and the EEOC has stated that harassment enforcement remains a priority. But the absence of interpretive guidance pushes more disputes into the courts, where outcomes are less predictable. Institutions should not interpret the rescission as a green light to weaken policies, investigations, or training. Our Discrimination and Sexual Harassment Compliance, Awareness, and Training program is designed for precisely this environment, building the institutional record that survives the loss of agency guidance.
Second, the federal regulators policing whistleblower-impeding NDAs (SEC, CFPB, OSHA) are not slowing down. Expect more enforcement, larger penalties, and earlier focus on agreement drafting during examinations. The institutions best positioned for this will be the ones whose templates were rewritten in 2024 and 2025 rather than the ones still relying on pre-2022 forms.
The broader trajectory is steady. The federal floor on NDA restrictions in harassment cases is rising. The tax code disincentivizes confidentiality. The financial-services regulators are pricing aggressive drafting at multi-million-dollar levels. Florida has not gone as far as some states, but it has gone further than is widely appreciated. A settlement agreement that ignores any one of these layers is an agreement waiting to be challenged.
How Jimerson Birr Helps Florida Financial Institutions
For a Florida financial institution, getting NDAs right in 2026 is no longer a paperwork exercise. It is a regulated drafting discipline that crosses Employment Law and Banking & Financial Services lines, and it has to be done before a complaint arrives, not after.
Jimerson Birr advises Florida banks, credit unions, broker-dealers, investment advisers, and other financial institutions on every stage of this work, including:
- Rewriting offer letters, handbooks, arbitration agreements, separation forms, and settlement templates for post-2022 enforceability.
- Conducting and documenting internal investigations through our external and internal investigations practice.
- Negotiating individual settlement agreements with the right whistleblower, regulatory, and tax-aware carveouts.
- Defending the institution in wrongful termination, whistleblower and retaliation, and related claims.
- Coordinating with EPLI carriers, regulators, and law enforcement when escalation becomes necessary.
If your institution has not reviewed its NDA, severance, and settlement templates against the 2026 federal and Florida framework, now is the time. If you are facing a live harassment complaint, the next move matters more than the last one.
Contact Jimerson Birr today to schedule a confidential consultation with an attorney who advises Florida financial institutions on these matters every day. A focused review now is dramatically less expensive than a regulatory action or public lawsuit later.
This article is for general informational purposes only and does not constitute legal advice. Readers should not act or refrain from acting on the basis of this content without consulting a qualified Florida attorney about their specific circumstances.