Alston & Bird Consumer Finance Blog

#SEC

As Economic Winds Blow, So Do Whistleblowers: How to Protect Your Company Through Turbulent Times

A&B ABstract:

As recently reported by the Financial Times, banks are preparing for the “deepest job cuts since the financial crisis,” with firings to be “super brutal.” Already, nonbank lenders and service providers have been suffering with several rounds of layoffs and, potentially, more to come. Former employees, particularly disgruntled ones, may have information they want to share with the government.  An Insider article highlighted that remote work has resulted in a surge of whistleblower complaints.  If true, even current employees, including those whose complaints or grievances fall on deaf ears, also could be potential whistleblowers.

Alston & Bird Partners Nanci Weissgold, Joey Burby, and Cara Peterman (ably assisted by, and a special thanks to, Charlotte BohnAndrew Brown, and Melissa Malpass) addressed today’s challenging economic conditions, and how companies can protect themselves during an expected surge in whistleblowing by disgruntled current and former employees.  The webinar slides address:

  • What you need to know about government whistleblower reward programs and laws with whistleblower incentives and protections, including the False Claims Act, FIRREA, and the SEC’s Whistleblower program.
  • Recent trends, developments, major settlements, and awards in whistleblower-related settlements and litigation.
  • Best practices for companies when responding to, de-escalating, and defending against whistleblower complaints.

Best Practices for Responding to Whistleblower Complaints

#1: Keep complaints internal. It is critical to have procedures in place for employees (as well as contractors and other agents) to report compliance concerns internally.

  • Establish a compliance hotline or other means of anonymous
  • Have an anti-retaliation policy to protect employees who make a report.
  • Promote these policies and procedures, and train employees on them.

This is a required element of an effective compliance program under DOJ and SEC guidance, and factors into their charging decisions; also considered under U.S. Sentencing Guidelines in determining corporate penalties.

Additionally, internal complaints allow companies to investigate and remediate (if necessary) and to consider whether/how to self-disclose. The 2023 revisions to DOJ’s Corporate Enforcement Policy strongly encourage self-disclosure, offering significant incentives to companies who do.

#2: Maintain a strong Compliance Management System (CMS). A strong CMS is one that establishes compliance responsibilities, communicates those responsibilities to employees, ensures the responsibilities are carried out and met, takes corrective action, and updates tools, systems, and processes as needed.

Scaled to the size of the company’s operations, a CMS requires:

  • A strong board of directors and management oversight – “tone at the top.”
  • Comprehensive written policies and procedures to demonstrate an understanding of all applicable laws and regulations.
  • Training of all applicable laws to ensure that employees can perform their functions.
  • Monitoring and testing based on an assessment of risk carried out through three lines of defense:
    (1) functions that own and manage risk; (2) functions that oversee risk; and (3) functions that provide independent assurance.
  • Timely corrective action that remediates past issues and prevents reoccurrence prospectively.
  • Consumer complaint response, root cause analysis, and enterprise-wide action.

#3:  Time is of the essence. Whether you learn of a whistleblower complaint internally, or via contact from a government agency, you should initiate an internal investigation into the subject matter of the complaint immediately. DOJ takes the immediacy of self-disclosure into account in determining whether to file charges. If there is ongoing problematic conduct, you want to stop it and cut off potential liability.

  • What the investigation will involve, and how it will be conducted, will vary depending on the seriousness of the complaint and how credible it appears.
  • Inside or outside counsel should generally conduct the investigation to ensure communications and work product are protected by the attorney-client privilege.
  • Some basic steps are common to almost every internal investigation:
    • Ensure that all potentially relevant documents (including emails and IMs) are preserved.
    • Collect and review relevant documents.
    • Interview involved employees (using Upjohn warning).

Takeaway

Given that a surge in whistleblower complaints is likely, financial institutions should ensure that they are adequately prepared to address them.

Avoiding Pitfalls During Post-Pandemic Government Investigations

As the country begins to emerge from the COVID-19 pandemic and the U.S. economy gets back on track, banks nationwide should expect their activities to come under government scrutiny. The impacts of the coronavirus have touched every corner of the banking industry as institutions have striven to meet the evolving needs of their customers, continue operations in a remote working environment, and stand up new programs in response to government relief efforts, such as the Coronavirus Aid, Relief, and Economic Security (CARES) Act. With 2020 in the rearview mirror, banks’ efforts to balance these challenges during a year of unprecedented changes will be put under the microscope as their compliance with an ever-expanding list of laws and regulations is assessed by regulators. The conduct of banks’ management, service providers, and even customers will likewise be reviewed.

CSI: Confidential Supervisory Information is not a show many banks would enjoy watching, but in a recent advisory it’s one of three areas our Financial Services & Products Group notes banks should keep in mind if they become the subject of subpoenas, document requests, examinations, or investigations by government agencies.