James Staley, chief executive officer of Barclays Group, agreed to pay a fine of GB £642,430 (approximately US $870,000) to the United Kingdom’s Prudential Regulation Authority and the Financial Conduct Authority as a result of his poor handling of an anonymous letter received by a member of the Group’s board of directors on June 21, 2016, that the Group’s compliance department regarded as a whistleblower matter. The regulators claimed that Mr. Staley failed to apply appropriate care when dealing with this letter in light of his own potential conflict of interest, and as a result, may have appeared to undercut the Group’s whistleblower process.

According to the regulators, the anonymous letter raised issues regarding the Group’s hiring of a certain, unnamed employee, including concerns of a “personal nature” about the employee, Mr. Staley’s knowledge and role in addressing these issues at a prior employer, and the “appropriateness” of the Group’s hiring process regarding the employee.

When Mr. Staley was subsequently told about the anonymous letter, he did not regard it as a whistleblower matter, said the regulators. This is because he believed the correspondence principally concerned events that did not occur at Barclays and that the source of the letter was likely someone who had worked with him and the unnamed employee at the former employer.

Barclays received a second letter on June 24 expressing similar concerns regarding the Group’s hiring of the unnamed employee as contained in the first letter. Although Mr. Staley regarded the second letter as likely subject to Barclay’s whistleblower policy because it appeared to be possibly drafted by Barclays’ employees, he considered that both letters were likely drafted by someone outside the Group, and determined to learn the identity of the author of the first anonymous letter, alleged the regulators.

On June 29, 2016, during a meeting with, among other persons, the Group’s head of compliance, general counsel and human resources director, Mr. Staley was expressly advised not to seek out the identity of the authors of the two letters, as both were being handled as whistleblower matters and being investigated pursuant to the firm’s whistleblower policies.

Later, on July 8, Mr. Staley was orally advised by the Group’s compliance department that the allegations in the letters appeared to be unsubstantiated. In response, Mr. Staley engaged the Group’s security department to try to identify the author of the first letter without consulting the Group’s board, or the compliance, legal or human resource departments. He mistakenly believed, said the regulators, that he had been told that the first letter was no longer regarded as a whistleblower matter, and he had authority as CEO to deal with it as he wanted. In response, Group security took affirmative steps to try to unmask the identity of the author of the first anonymous letter, but was unsuccessful.

In early 2017, the Group’s board became aware of Mr. Staley’s activities to identify the first letter’s writer and self-reported the matter to the PRA and FCA.

According to the regulators, Mr. Staley had a conflict of interest related to the first letter and “should have taken particular care to maintain an appropriate distance from the investigation into it,” including not looking into it personally. Moreover, beginning June 29, Mr. Staley was on notice that the first letter was being handled as a whistleblower matter, and he should have obtained express confirmation on July 8 or afterwards that this treatment had been ended before proceeding with his own inquiry. As a result, alleged the regulators, “Mr. Staley acted unreasonably in proceeding …and, in so doing, risked undermining confidence in Barclays’ whistleblowing policy and the protections its afforded whistleblowers.”

In response to this incident involving Mr. Staley, the PRA and FCA also imposed annual reporting requirements on Barclays related to its whistleblower program.

Separately, Barclays Group announced that, in light of this incident, it had determined to claw back GB £500,000 (approximately US $677,000) from Mr. Staley’s 2016 compensation. In a press release issued by Barclays, Mr. Staley said, “I have consistently acknowledged that my personal involvement in this matter was inappropriate, and I have apologised for mistakes which I made. I accept the conclusions of the Board, the FCA, and the PRA, following their respective investigations, and the sanctions which they have each applied.” (Click here to access the relevant Barclays’ press release.)

In fining Mr. Staley, neither the PRA nor FCA found that he acted without integrity or that he lacked the fitness to continue as CEO.

Legal Weeds: Earlier this year, the United States Supreme Court held that employee whistleblowers reporting potential securities law violations by their employers must expressly report such incidents to the Securities and Exchange Commission in order to benefit from a key anti-retaliation protection under the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. Solely reporting securities law violations to an employee’s employer is not enough. This key benefit is the right of a whistleblower claiming retaliation to sue an employer directly in a federal court at any time within six years.

This Supreme Court decision was not a favorable outcome for companies. No longer can an individual raise a concern with his/her employer regarding a potential securities law violation, knowing he/she has six years to file a lawsuit in a federal court if he/she subsequently believes that retaliatory measures were taken. Instead such potential violation must be identified to the SEC. This could discourage an employee from raising concerns exclusively with his/her employer. As a result, companies should consider this when adopting whistleblowing policies in order to encourage employees, notwithstanding the Supreme Court’s ruling, to raise potential securities law issues internally – although they must be careful not to engage in any activity or require the execution of any agreement – that limits employees’ federal law rights.

(Click here for further information and analysis regarding the Supreme Court’s decision in the article “Supreme Court Narrows Key Whistleblowing Protection” in the February 25, 2018 edition of Bridging the Week, including a discussion of whistleblower protections required by the Commodity Futures Trading Commission and the Securities and Exchange Commission.)

Culture and Ethics: The compliance culture of every company is set at the top by its most senior officers. As a result, senior officers must lead by example. It is in a company’s best interest that employees feel comfortable reporting all potential wrongdoing without fear of retaliation. If employees do not feel that level of comfort, it is more likely than not they will report incidents of wrongdoing in the first instance to government agencies where they can potentially be lucratively rewarded for their information. How firms sanction senior level wrongdoing also sends a critical message to employees. It is important for firms to apply the same standards and commensurable penalties in addressing wrongdoing by the most senior level officers as by the most junior staff.