On January 7, NYDFS issued guidance providing principles and best practices that all NYDFS-regulated institutions “regardless of industry, size, or number of employees” should consider when designing and implementing a robust whistleblowing program, which the department considers to be an essential component of an institution’s comprehensive compliance program.
The guidance notes that the design of a whistleblowing program should be based on factors such as the institution’s size, geographical reach and business. However, it outlines ten elements that institutions should, at a minimum, consider how to account for when designing their programs:
- Independent, well-publicized, easy-to-access, and consistent reporting channels;
- Strong protections for whistleblower anonymity;
- Established procedures for identifying and managing the effects of possible conflicts of interest;
- Adequately trained staff members responsible for receiving a whistleblowing complaints, determining a course of action, and competently managing any investigation, referral, or escalation;
- Established procedures for appropriately investigating allegations of wrongdoing;
- Established procedures for ensuring appropriate follow-up to valid complaints;
- Protections against any form of retaliation;
- Confidential treatment, including safeguards to protect the confidentiality of the whistleblower and the whistleblowing matters themselves;
- Appropriate oversight by senior managers, internal and external auditors, and the Board of Directors; and
- A top-down culture of support for the whistleblowing function.
As previously covered by InfoBytes, last December NYDFS issued a consent order against an international bank and its New York branch to resolve allegations stemming from an investigation into the governance, controls, and corporate culture relating to the bank’s whistleblower program.