Today marks World Whistleblowers Day. Now in its fifth year, its purpose is to raise public and organizational awareness about the important role whistleblowers have in combating corruption and maintaining national security.
Whistleblowing is not new, but the existence of formal rules that support it is still in relative infancy. The US SEC program is only 10 years old, the UK’s FCA has had its policy in place for just five, and the Anti Money Laundering Act of 2020 was updated to include an awards program for whistleblowers in January.
Many industry sectors can, and do, experience incidents of whistleblowing. Nevertheless, with financial regulators fine-tuning their approach, firms need to ensure adequate frameworks are in place to identify and manage numerous risks should any reports of wrongdoing occur.
A growth trend?
Last month the former Head of the SEC Whistleblowing Program said that 2020 had been its busiest for tips, triggering an escalation of investigations and enforcement activity. The SEC also revealed then that in recent weeks alone it had issued $85 million in awards to whistleblowers.
FINRA also has an active and successful whistleblower program. It is different from the SEC’s in that it does not pay out awards for successful tips. Despite this, FINRA’s program has been successful; receiving tips from individuals who are aware of potentially fraudulent or unethical activity.
The ‘dollars awarded for tips received’ approach is also not replicated in UK regulation. While some commentators have suggested financial reward would help the FCA encourage more whistleblowers, there is equally the argument that a fear of reproach is more of a barrier than the presence of any financial award.
What should firms do?
Whistleblowers are a necessary part of the enforcement system - they must be recognized and firms need systems in place that help protect those who are genuinely speaking out. That said, a firm’s protection against someone who would wish to cause unnecessary harm is also key.
The unfortunate truth is that whistleblowing – or the threat of it – can raise its head at any time. For regulated services especially there is a more recent emphasis on firm accountability (including for whistleblower protection) so a resilient approach is key to keeping order, and maintaining a balanced and ‘hands-on’ approach to compliance and risk management.
1. Be proactive – prevention is better than cure
Many successful cases – or investigations at least – are triggered after an inadequate response to the whistleblower by their employer.
It’s an uncomfortable situation to confront, but forewarned is forearmed.
So, ensure that a process exists, and is correctly observed, for concerns to be reported. This can start at line management with points of escalation right through to C-suite if necessary – with any report investigated properly.
2. Unify the recordkeeping approach
A centralized system to capture, preserve, and interrogate eComms - and all other relevant data – in one central archive, makes the process of internal investigation and search quicker and easier. Many firms may expect data sources to be retained that are not – or vice versa. Companies that don't have a single repository for all their communications could be missing the full picture, creating vulnerability should they need to respond to the regulator.
3. Walk the talk on compliance
Make sure that all employees know that there is a proper process and policy in place for raising any concerns they may have and that they will be protected. Make it part of generic compliance training for all employees so that they know the right way to treat the process for reporting any alleged misconduct – financial or non-financial.
Be aware of the influence of certain data policies that might impact data retrieval. For instance in Europe the ‘right to be forgotten’ through GDPR can create complications when it comes to historical data. Talk to the archiving partner to discuss how they can help in such situations.
Whistleblowing is now part of the fabric, and regulators and lawmakers are taking steps to enable genuine tips. But firms can still take “a prevention is better than cure” approach without ‘attracting’ regulatory or media attention.
In the meantime, the evolving role of technology in compliance – such as utilization of AI-led sentiment analysis and machine-learning capabilities – can help any organization more proactively monitor issues and risk before a whistleblowing event even occurs. This enables a proactive approach to risk management which can save individuals and employers significantly in terms of legal, reputational and social cost.
To find out more about Global Relay’s archiving capabilities click here.