Little did we know that the timing of publishing this article on new guidance from the New York Sate Department of Financial Services related to whistleblowing would be such a hot topic in the press....
2. Background
On January 7, 2019, the New York State
Department of Financial Services (“NYDFS” or
“Department”) issued new guidance on
implementing and maintaining robust
whistleblowing programs for all entities
regulated by the Department1. The guidance
was published with an aim to help financial
institutions develop such programs in an effort
to remain compliant with the New York
Whistleblower Laws (New York Labor law
Sections 740 and 741).
The guidance coming out of the NYDFS builds
upon previous statutes that include
whistleblower protections, such as the
Sarbanes-Oxley Act of 2002 (“SOX”)2. In the
aftermath of the Enron scandal, one of the
nation’s largest financial accounting scandals at
the time, Congress sought to crack down on
public accounting at companies and more
carefully audit financial disclosures. Part of this
Act, SOX Section 806, includes protections for
employees of publicly traded companies who
provide evidence of fraud. Similarly, Section
922 of the Dodd-Frank Wall Street Reform and
Consumer Protection Act (“Dodd-Frank”) added
Section 21F to the Securities and Exchange Act
of 1934, establishing the Commission’s
whistleblower program3. Section 21F authorizes
the SEC to provide monetary rewards to eligible
individuals who come forward with information
that helps the Securities and Exchange
Commission (“SEC”) root out wrongdoing.
1
https://www.dfs.ny.gov/system/files/documents/2019/02/w
histleblower_guidance.pdf
2
https://www.sarbanes-oxley-101.com/sarbanes-oxley-
compliance.htm
Overview of Whistleblower
Policies
The recent guidance emanating from the
NYDFS aims to go beyond strengthening
reporting mechanisms to changing the culture
around whistleblowing. In order to comply with
New York Labor Laws governing whistleblower
violations, both firms and individuals should
adhere to the guidance published by the
Department. The guidance details a thoughtful
process for receiving, evaluating, and acting on
whistleblower concerns in an institution, while
emphasizing that no “one size fits all” model
exists for implementing an effective program4.
Each firm is unique, and as such design should
take into account factors such as the
institution’s size, geographical reach, and the
specific lines of business in which it engages.
The NYDFS guidance takes a holistic approach
to the whistleblowing function, and in doing so
seeks to proactively encourage a culture of
whistleblower compliance. The Department
defines ‘whistleblowing’ as “the reporting of
information or concerns by one or more
individuals or entities, that are reasonably
believed by such individual(s) or entity(s) to
constitute illegality, fraud, unfair or unethical
conduct, mismanagement, abuse of power,
unsafe or dangerous activity, or other wrongful
conduct, including, but not limited to, any
conduct that may affect the safety, soundness,
or reputation of the institution. A whistleblower
may be any person who has an opportunity to
observe improper conduct at a company,
including current or former employees, agents,
consultants, vendors or service providers,
outside counsel, customers, or shareholders.5”
An example of whistleblowing would be if an
employee at a bank reports to senior
management or authorities that the brokerage
unit at the bank is misusing customer funds by
holding money in a clearing account when it
should have been held in reserve. Furthermore,
a whistleblower violation would take place if that
employee were to face any sort of
repercussions from the employer, such as
dismissal or suspension, for reporting said
misconduct.
Violations of whistleblower statutes can become
costly for companies. The NYDFS guidance
3
https://www.sec.gov/about/offices/owb/dodd-frank-sec-
922.pdf
4
https://www.dfs.ny.gov/system/files/documents/2019/02/w
histleblower_guidance.pdf
5
Ibid
Regulatory scrutiny on whistleblowing
has been increasing since the financial
crisis of 2008. A recent NYDFS memo
seeks to provide guidance on
implementing effective whistleblower
policies. A robust whistleblower
compliance program can help your firm
continue to thrive despite regulatory
challenges presented by state and
federal whistleblower statutes.
3. 3
seeks to discourage firms from engaging in
behavior that would violate New York
whistleblower statues. On the federal level, the
SEC and the Department of Justice (“DOJ”) are
both responsible for enforcing and prosecuting
whistleblower regulations. In recent years
especially, these authorities have demonstrated
an aggressive posture in ensuring compliance
with the law.
Recent Examples of
Whistleblower Violations
In the decade following the financial crisis of
2008, regulatory authorities including the DOJ,
SEC, and NYDFS, have sought to dissuade
malign actors by bolstering whistleblower
protections and stringently enforcing laws that
pertain to whistleblower violations. With the
increase in regulatory focus there has been a
shift in internal culture as well. Whistleblower
tips are on the rise: in 2011 the SEC received
less than 500 tips regarding improprieties or
misconduct. By 2017, that number had risen to
almost 4,5006. As a result, the enhanced focus
on the whistleblower function has shifted the
approach by many firms from reactionary
measures to proactive approaches that
encourage a vibrant whistleblower compliance
culture. Firms that have failed to get ahead of
this change have faced severe fines and
reputational damage.
In March 2019, American financial institution,
JP Morgan Chase & Co., agreed to pay a total
of $50 million to two whistleblowers who
provided information to the SEC that helped
facilitate the agency’s winning a $267 million
settlement against the company over claims
that the bank failed to inform wealthy clients
about conflicts of interest in managing their
money7.
In September 2018, New York-based hedge
fund manager, Harbinger Capital Partners
Offshore Manager LLC agreed to pay $30
million to settle charges that it illicitly avoided
paying both New York State and City taxes. A
related company based in Alabama, Harbinger
Management Corporation, earlier settled for
$40 million, bringing a total of $70 million
recovered first filed under the New York False
6
https://fhnylaw.com/despite-successful-enforcement-
proceedings-many-believe-sec-cftc-whistleblower-
programs-need-improvement/
7
https://www.bloomberg.com/news/articles/2019-03-
26/two-whistleblowers-awarded-50-million-for-aiding-sec-
case
Claims Act8. The alleged fraud involved listing
an office in Alabama as the source of hundreds
of millions of dollars earned through fees from
successful trades, even though the trades had
been sourced in the New York office and were
therefore subject to New York taxes. The
anonymous whistleblower who brought the
impropriety to light received $15.4 million from
the case.
One of the more prominent examples of
whistleblower violations in recent memory
involved the American bank, Wells Fargo.
Testimony from whistleblowers brought to light
evidence that the bank had created at least 2
million potentially unauthorized checking and
credit card accounts between 2011 and 2015 to
bolster its sales figures. In an attempt to silence
the whistleblower, Wells Fargo fired her in
September of 2011 after she raised concerns
over the illegal account openings. The case
grabbed national attention in 2016, and Wells
Fargo ended up receiving a $185 million fine, as
well as more recently reaching a $142 million
settlement intended to pay out the scheme’s
victims. In 2017 a judge ordered Wells to give
the whistleblower her job back and awarded her
$577,000 in back pay and damages9.
Evidently, in an effort to increase accountability
from financial institutions and foster a positive
reporting culture, U.S. state and federal
authorities have ramped up their regulation of
whistleblower protections. Firms and individuals
that fail to properly educate themselves on
NYDFS and federal statutes risk criminal and
civil actions.
Source: Law 360 10
8
https://constantinecannon.com/2018/09/27/september-
27-2018-5/
9
https://money.cnn.com/2017/07/21/news/wells-fargo-
whistleblower-back-wages/index.html
10
https://www.law360.com/articles/986573/sec-
whistleblower-program-ain-t-broke-so-don-t-fix-it
4. 4
Whistleblower Compliance
Programs
While the NYDFS guidelines may be
suggestions today, they could become
requirements tomorrow. Companies that
conduct business in New York and the greater
United States should review, enhance where
necessary, and ensure compliance with, their
current whistleblowing policies. Moreover, there
are various whistleblowing protections included
in existing labor laws, and companies will likely
face more stringent regulations and heavy fines
in the near future.
The NYDFS guidance outlines the most
important elements of a whistleblower
compliance program11. The ten most important
aspects of an effective program, according to
the NYDFS, are as follows:
1. Reporting channels that are independent,
well-publicized, easy to access, and
consistent.
Entities should maintain dedicated
channels that employees,
customers, or other stakeholders
can use for whistleblowing.
2. Strong protections for a whistleblower’s
anonymity.
The institution’s entire
whistleblowing process, from initial
submission through follow up
actions by the institution, should
include safeguards to protect the
anonymity of submitters who wish
to remain confidential or
anonymous.
3. Established procedures for identifying
and managing potential conflicts of
interest.
A foundationally solid
whistleblowing program should
recognize the possibility for
conflicts of interest and include
procedures to identify and minimize
the effects of conflicts..
4. Staff members adequately trained to
receive whistleblowing complaints,
determine a course of action; and
competently manage any investigation,
referral, or escalation.
Staff who manage the
whistleblower program must have
adequate resources, autonomy,
11
https://www.dfs.ny.gov/system/files/documents/2019/02/
whistleblower_guidance.pdf
independence, and access to
senior management in order to
ensure they can carry out their
duties effectively.
5. Established procedures for investigating
allegations of wrongdoing.
Procedures should be in place to
ensure whistleblowing complaints
are investigated appropriately by
qualified, independent staff.
6. Established procedures for ensuring
appropriate follow-up to valid
complaints.
Institutions should establish
protocols to govern the referral of
valid complaints to the appropriate
department and ensure the entity
takes appropriate action, such as
referring the matter to the legal
department or board of directors.
7. Protecting whistleblowers from
retaliation.
Institutions must take concrete
steps to ensure whistleblowers are
protected from any form of
retaliation, whether the report was
made anonymously or not.
8. Confidential treatment.
NYDFS emphasizes that
confidentiality serves several
purposes, including protecting the
integrity of in-progress
investigations, protecting the
subjects of allegations from the
consequences of as-yet-unverified
allegations, and protecting the
institution’s reputation until claims
are thoroughly investigated.
9. Appropriate oversight of the
whistleblowing function by senior
management, internal and external
auditors, and the Board of Directors.
This should include oversight from
senior members of the compliance
department, senior members of the
legal department, an independent
director, senior members of the
internal audit department, and
external auditors.
10. A top-down culture of support for the
whistleblowing function.
Institutions can best instill
confidence in potential
whistleblowers through genuine
and demonstrated support for the
5. 5
program from across management,
including the board of directors.
As a matter of doing business, inherent risk will
exist that a firm or individual could violate
whistleblower statutes. However, a robust
compliance function is a crucial tool in mitigating
that risk.
Board of Directors and Senior
Management Responsibilities
The Board of Directors, senior management,
and internal and external auditors play an
important role in promoting the effectiveness of
a whistleblower program. Essential to any
robust compliance program, the whistleblowing
function should receive significant attention and
oversight from the Board of Directors, as
applicable, from implementation through
periodic review. Ultimately, the Board of
Directors is accountable for compliance, and
can oversee compliance programs by: setting
the tone at the top, both internally and
externally, and promulgating a compliance
charter or values statement; focusing attention
on critical risk areas; owning the compliance
agenda and having a voice in the selection,
evaluation and termination of the CEO and chief
ethics and compliance officer; understanding
the whistleblower helpline process and taking
active control when appropriate; and, working
with management to incorporate leading
practices. Additionally, the Board should
maintain a view of the organization and its
culture through active observation and
consultation with management. In order to
influence culture, the Board can review metrics
and key performance indicators with respect to
the company’s compliance with law and policy,
maintain a deep understanding of compliance
monitoring, testing, and issue resolution
processes, and assess the adequacy of
management’s response to specific issues and
areas of internal control weakness12.
How Sia Partners Can Help
Develop Your Whistleblower
Function
Sia Partners offers compliance professionals
with extensive SEC and NYDFS experience.
Sia Partners can assist your company’s
Whistleblower Compliance Program with the
following:
12
https://www.dfs.ny.gov/system/files/documents/2019/02/
whistleblower_guidance.pdf
Policy Review – Sia Partners can
conduct a gap analysis and enhance or
create any NYDFS policies and
procedures to meet the current
regulatory requirements;
Risk Assessment – Sia Partners can
conduct a risk assessment of your
entity and opine on the areas of your
business most at risk for whistleblower
violations;
Whistleblower Compliance Function
Review – Sia Partners can review your
company’s existing Whistleblower
Compliance Program and ensure it is
tailor made for your business model;
Comprehensive Whistleblower Training
– Sia Partners can provide training
material, instructors and subject matter
experts to conduct a meaningful
whistleblower training.
Conclusion
The guidance provided by the NYDFS ought to
be studied and implemented by all companies
that conduct business in New York and the
greater United States. Financial penalties,
reputational damage, and other punitive
measures threaten companies that fail to
implement effective whistleblower compliance
programs. Strong protections, safe and
streamlined reporting mechanisms, and active
involvement from upper management and the
board of directors are all crucial factors in the
success of any whistleblower program. U.S.
regulatory bodies have shown an increasing
appetite in recent years to root out
whistleblowing violations and strengthen
protections in this area. In fact, recently in June
2018 the SEC proposed rule changes that
would both provide the Office of the
Whistleblower with more tools to make
whistleblower awards and clarify the
requirements for anti-retaliation protection
under the whistleblower statute13. As some of
the largest financial rewards have been granted
in the past two years alone for whistleblowing
related matters, firms and individuals need to
take an active approach in complying with such
regulations. All stakeholders should expect to
see even more scrutiny on financial
improprieties regarding whistleblowing in the
coming years.
Key Takeaways
13
https://www.sec.gov/news/press-release/2018-120
6. 6
Firms supervised by the NYDFS should
review and implement the
Department’s guidance on
Whistleblower Programs
Both state and federal authorities have
been ramping up enforcement of
Whistleblower Protections
Whistleblowing tips are on the rise, and
so are resulting monetary penalties
The Board of Directors and Senior
Management should play an integral
role in developing and supporting an
effective whistleblower compliance
program, fostering a “top down” culture
of support
A comprehensive Whistleblower
compliance program can mitigate the
risk of whistleblower violations
Sources
1. https://www.bloomberg.com/news/articles/
2019-03-26/two-whistleblowers-awarded-
50-million-for-aiding-sec-case
2. https://constantinecannon.com/2018/09/27/
september-27-2018-5/
3. https://money.cnn.com/2017/07/21/news/w
ells-fargo-whistleblower-back-
wages/index.html
4. https://www.dfs.ny.gov/system/files/docum
ents/2019/02/whistleblower_guidance.pdf
5. https://www.sarbanes-oxley-
101.com/sarbanes-oxley-compliance.htm
6. https://www.sec.gov/news/press-
release/2018-120
7. https://www.sec.gov/about/offices/owb/dod
d-frank-sec-922.pdf
8. https://www.law.com/newyorklawjournal/20
19/03/13/dfs-whistleblower-guidance-
advice-and-a-warning-shot/
9. https://constantinecannon.com/2019/01/25/
top-ten-whistleblower-awards-of-2018/
7. YOUR CONTACTS
ABOUT SIA PARTNERS
Sia Partners is a next generation consulting firm focused on delivering superior value and tangible
results to its clients as they navigate the digital revolution. Our global footprint and our expertise in more
than 30 sectors and services allow us to enhance our clients' businesses worldwide. We guide their
projects and initiatives in strategy, business transformation, IT & digital strategy, and Data Science. As
the pioneer of Consulting 4.0, we develop consulting bots and integrate AI in our solutions.
Abu Dhabi | Amsterdam | Brussels | Casablanca | Charlotte | Denver | Doha | Dubai | Frankfurt |
Hamburg | Hong Kong | Houston | London | Luxembourg | Lyon | Milan | Montreal | Riyadh |
Rome | Seattle | Singapore | Tokyo | Toronto |
Suivez nous sur LinkedIn et Twitter @SiaPartners
For more information: www.sia-partners.com
DANIEL H. CONNOR
Managing Director
+ 1 (862) 596 – 0649
daniel.connor@sia-partners.com
JONATHAN GOLD
Manager
+ 1 (914) 320-4039
Jonathan.Gold@sia-partners.com
GABRIEL SIPIORA
Junior Consultant
+ 1 (914) 255 - 6085
Gabriel.Sipiora@sia-partners.com