Will Your Whistleblower Program Pass NYDFS Scrutiny?
February 5, 2019
The NYDFS Recently Issued Guidance Outlining Principles and Best Practice For Businesses When Designing Their Whistleblower Programs
The New York Division of Financial Services (NYDFS) issued guidance outlining principles and best practices that all entities regulated by the agency should take under consideration when designing and implementing their whistleblower programs. The guidance comes after the NYDFS fined Barclays Bank PLC and its New York branch $15 million for violations of New York Banking Law related to the bank’s whistleblower program.
NYDFS Whistleblower Guidance: Essential Elements of Effective Whistleblower Program
On January 7, 2019, the principles and best practices outlined in the Guidance apply to all NYDFS-regulated institutions “regardless of industry, size, or number of employees.”
The NYDFS notes that there is no “one size fits all” approach to whistleblower programs. Instead, policies and procedures should be tailored to the entity’s size, geographical reach, and line of business, among other factors. The NYDFS advises that the following principles are integral to an effective whistleblower program:
- Independent, well-publicized, easy-to-access, and consistent reporting channels: Entities should have dedicated channels that employees, customers, or other stakeholders can use for whistleblowing. Examples include a toll-free number, dedicated email address, or special mailing address. The guidance also highlights that companies should consider third-party reporting services given that whistleblowers may have more confidence reporting to an outside enity .
- Strong protections for whistleblower anonymity: Entities’ entire whistleblowing process, from the initial whistleblower submission through follow-up actions, should include safeguards to protect the anonymity of submitters who wish to remain anonymous.
- Established procedures for identifying and managing the effects of possible conflicts of interest: NYDFS notes that conflicts may arise when an employee who manages a whistleblower matter, or works on the investigation, is the subject of the complaint; is a potential witness or source of information; or supervises, reports to, or has some other close relationship with the subject of the complaint.
- Adequately trained staff members responsible for receiving a whistleblowing complaints, determining a course of action, and competently managing any investigation, referral, or escalation: Staff who manage the whistleblower program must have adequate resources, autonomy, independence, and access to senior management in order to ensure they can carry out their duties effectively.
- Established procedures for appropriately investigating allegations of wrongdoing: Procedures should be in place to ensure whistleblowing complaints are investigated appropriately by qualified, independent staff. Investigative procedures should also include objective standards for evaluating the risk presented by each allegation and ensure that more serious allegation are escalated appropriately.
- Established procedures for ensuring appropriate follow-up to valid complaints: Institutions should establish protocols to govern the referral of valid complaints to the appropriate department and ensure the entity takes appropriate action, such as referring the matter to the legal department or board of directors.
- Protections against any form of retaliation: Institutions must take concrete steps to ensure whistleblowers are protected from any form of retaliation, whether the report was made anonymously or not.
- Confidential treatment, including safeguards to protect the confidentiality of the whistleblower and the whistleblowing matters themselves: NYDFS emphasizes that confidentiality serves several purposes, including protecting the integrity of in-progress investigations, protecting the subjects of allegations from the consequences of as-yet-unverified allegations, and protecting the institution’s reputation until claims are thoroughly investigated.
- Appropriate oversight by senior managers, internal and external auditors, and the Board of Directors: This should include oversight from senior members of the compliance department, senior members of the legal department, an independent director, senior members of the internal audit department, and external auditors.
- A top-down culture of support for the whistleblowing function: Institutions can best instill confidence in potential whistleblowers through genuine and demonstrated support for the program from across management, including the board of directors.
Key Takeaways for NY (and other) Businesses
Businesses under the purview of the NYDFS should review the guidance in its entirety. The failure to implement and enforce a robust whistleblower program can not only lead to a whistleblower suit but also costly regulatory fines. Additionally, businesses should perform a risk analysis by reviewing existing whistleblower policies and procedures, all instances of whistleblowing reporting, and the Company’s responsive performance.
If you have questions, please contact us
If you have any questions or if you would like to discuss the matter further, please contact me, Paul Lieberman, or the Scarinci Hollenbeck attorney with whom you work, at 201-806-3364.
 According to the NYDFS investigation, Barclay’s CEO attempted to identify the author(s) of two whistleblowing letters, which violated Barclays’ established whistleblowing policies and procedures. According to the NYDFS press statement announcing the fines, “shortcomings in governance, controls and corporate culture relating to Barclays’ whistleblowing function permitted a sequence of events that potentially could have had a detrimental impact on the efficacy of Barclays’ whistleblowing program.”