Contact Us






* Required Fields. Please note that by submitting your contact information, you are choosing to receive future promotional material from Guidepost Solutions.

Contact Us

Guidepost Solutions Insights

A Robust Whistleblowing Program is an Essential Component of a Comprehensive Compliance Program

Whistleblowing is in the news.   Current events are a timely reminder of the importance of having in place sound and up-to-date policies, procedures and programs for whistleblowing.  A number of prudential regulators, such as federal and state bank regulators, and the Securities and Exchange Commission, all include review of a company’s whistleblowing program as standard in periodic examinations or inspections.

A robust whistleblowing program is an essential component of a comprehensive compliance program for financial institutions and other large corporations.  Individual employees, consultants, vendors, customers, and other stakeholders are often well­-situated to observe instances of wrongdoing at a company and bring it to management’s attention.  Whistleblowing is most useful and effective when a company has instituted a thorough and thoughtful process for receiving, evaluating, and acting on whistleblower concerns.

The recent regulatory guidance on whistleblowing issued by the New York Department of Financial Services contains important suggestions for a sound whistleblowing program.  The NY DFS guidance highlights key pillars of a strong whistleblowing program, including the following elements:

  • Reporting channels that are independent, well-publicized and easy to access. These may include internal and external reporting channels, such as a dedicated and anonymous e-mail address, and a toll-free number operated by an outside vendor.
  • Strong protections for a whistleblower’s anonymity, including the availability of end-to-end anonymity in reporting channels, robust policies against retaliation, and adequate protections if a whistleblower decides to identify him- or herself to investigators.
  • Compliance and investigative personnel that are adequately trained to receive whistleblowing complaints; determine a course of action; and competently manage any investigation, referral, or escalation.
  • Investigation procedures that include objective standards for evaluating the risk presented by each allegation and ensure that more serious allegations, such as those involving possible fraud or criminal conduct, carrying material reputational risk, or implicating senior management, are subject to appropriate scrutiny, escalation, and follow-up where complaints are deemed valid.
  • Significant oversight by and attention from appropriate senior managers, internal auditors and the Board of Directors, as appropriate. While what constitutes adequate oversight will vary from institution to institution, suitable direct and indirect oversight may include senior members of the compliance division or the legal department, a senior member of the internal audit division, and/or an independent director.
  • Established procedures for identifying and managing potential conflicts of interest. A well-constituted whistleblowing program should recognize the possibility for conflicts of interest and include procedures to identify and minimize the effects of conflicts.
  • Perhaps most importantly, a top-down culture of support of the company’s whistleblowing function. Senior management and the Board of Directors must consistently support the whistleblowing function, such as by allocating appropriate resources to the whistleblowing function, and demonstrate their support through strong internal and external messaging, and corporate conduct consistent with such messaging.

Other sources to consult concerning whistleblowing programs include the SEC’s 2018 Whistleblower Program report, the National Council of Nonprofits, and the U.K. Financial Conduct Authority.

In the long run, a robust and effective whistleblowing program will inure to the benefit of the corporation and its stakeholders, as it will ensure that any wrongdoing is identified and remedied in an adequate fashion; and that it is self-disclosed to government or self-regulatory authorities, as appropriate, which is typically preferable to having the misconduct brought to light by the government, regulator, or media.

 


About the Author:

Matthew Levine
President, Financial & Regulatory Compliance Services

Matt Levine served until recently as Executive Deputy Superintendent for Enforcement for the New York State Department of Financial Services. In this role, he supervised investigations and enforcement actions, including matters involving money laundering, terrorist financing, cybercrime and cybersecurity, virtual currency fraud, market manipulation, and consumer fraud, as well as monitorships implemented by DFS. Mr. Levine is a former federal prosecutor and trial lawyer with significant experience involving financial markets and regulatory matters. For nearly a decade, he served as an Assistant U.S. Attorney, first in the District of Columbia and later in the Eastern District of New York. There, he served as Acting Chief of the Business & Securities Fraud Section, supervising federal prosecutors conducting securities fraud, money laundering, cybercrime and other white-collar prosecutions.

 

News

Please enter your email to subscribe. By doing so, you are opting-in to receive news from Guidepost Solutions LLC.