Last week, the UK's Financial Conduct Authority (FCA) announced its third largest fine ever levied on an individual when it fined Jes Staley, the CEO of Barclays, for attempting to reveal the identity of a whistleblower. The episode provides an important opportunity to remind companies and their executives of the myriad regulations that protect whistleblowers in the United States and overseas, which should not be taken lightly.
In 2016, an anonymous whistleblower submitted two letters to the Barclays board of directors. The letters raised concerns about a senior executive who had recently been recruited by Mr. Staley to join Barclays from a competitor bank where Mr. Staley had also recently worked. These concerns about the executive were "of a personal nature," and the letter highlighted the fact that even though Mr. Staley had known of the issues, he still recruited the individual. While the board of directors initiated an investigation into the matter, Mr. Staley attempted to use Barclays' Information Security team to determine the author of the two letters. Although it appears that Mr. Staley was told that doing so was inappropriate, months later Mr. Staley asked if the investigation had been cleared, and then restarted efforts to have the Information Security team identify the author. Ultimately, an internal investigation by Barclays determined that Mr. Staley had "honestly, but mistakenly believed" that his actions were lawful.
Nevertheless, the FCA fined Mr. Staley £642,000 ($870,000), and Barclays fined him £500,000 ($674,000) in compensation. Moreover, Barclays' whistleblower compliance program is now subject to additional oversight as a result of the incident. Despite the heavy fines, many thought that Mr. Staley was fortunate to keep his job.
The case is an important reminder of the multitude of ways a company can find itself running afoul of the strict protections afforded to whistleblowers, both in the United States and abroad.
In the United States, the most prominent protections are found in the False Claims Act and provisions of the Dodd-Frank Wall Street reform legislation. The False Claims Act prohibits companies from retaliating against a whistleblower. The Act ensures that whistleblowers will be restored to their employment or made "whole" if they are discharged or merely harassed for relating a potential False Claims Act violation. This is in addition to the requirement that False Claims Act complaints be filed under seal for at least sixty days to protect the whistleblower's identity. Pursuant to Dodd-Frank, the SEC established rules empowering the Commission to take action against employers that attempt to retaliate against whistleblower employees by creating a private right of action for employees who feel they have been targeted. This is to say nothing of the Whistleblower Protection Act, which protects employees of the federal government. In addition to these federal whistleblower protections, states have similar protections, such as those found in state analogues to the federal False Claims Act. And overseas, the FCA in the UK recently created rules that require companies to employ a "whistleblower champion" whose sole responsibility is to ensure that whistleblowers are not harassed.
The simple fact is that there are strict protections for whistleblowers and indeed significant potential penalties for running afoul of those protections, such as by trying to take action against a whistleblower. Companies must not only avoid conduct that can be seen as retaliatory -- today, companies are expected to have in place proactive internal compliance and monitoring measures to ensure such retaliation does not occur. Companies and their executives would do well not to make the same mistakes as Barclays' CEO.