The United Kingdom’s Accountability and Whistleblowing Instrument of 2015 established a robust regime of whistleblower protections that went into effect in 2016. Last month, the Financial Conduct Authority and the Prudential Regulatory Authority decided the first test case under those provisions in a matter involving Barclays Investment Bank’s chief executive officer, Jes Staley, and his crusade to unmask a whistleblower. The regulators’ decision to levy a financial penalty against Staley and no punishment against Barclays called into question the extent to which the FCA and PRA will give teeth to the protections.
Pursuant to the new regulations, covered firms, including deposit takers with assets of £250 million or greater and designated investment firms, must develop, impose and maintain procedures for whistleblowers to disclose their reportable concerns. The instrument requires firms to implement internal procedures capable of handling reports for which whistleblowers request confidentiality and providing reasonable measures to ensure that “no person under the control of the firm engages in
Further, the instrument obligates firms to appoint a “whistleblowers’ champion,” who bears responsibility for “ensuring and overseeing the integrity, independence
A few months after the instrument became effective, in June 2016, Barclays received two anonymous whistleblower letters from the United States. Both raised issues as to Tim Main, Barclays’ chairman of the global financial
After Oerting got involved, the National Cyber-Forensics & Training Alliance, a nonprofit entity that seeks to identify and neutralize global cybercrime threats, contacted the U.S. Postal Inspection Service at Staley’s direction. Apparently, the NCFTA told an inspector that it sought to identify the author of the letters because they contained “inside information [that] was potentially compromised and leaked,” which constituted “a threat to the bank and [which] involved criminal activity.” The employee understood that the NCFTA was investigating insider trading and directed it to point of sale information, which identified the post office at which the letters were mailed. Although the NCFTA tried to obtain video footage of the transaction, none was available, and the inspector was unable to identify the whistleblower.
After a Barclays employee reported Staley’s whistleblower hunt, the board of directors hired Simmons & Simmons to perform an internal investigation and notified the FCA and PRA of the allegations. The internal investigation concluded that Staley “honestly, but mistakenly, believed it was permissible to identify the author of the letter.” Following the internal investigation, Barclays reprimanded Staley and announced that it would cut his bonus due to his role in the scandal, pending the outcome of the FCA and PRA investigation. Despite calls to hold Staley accountable at the organizational level, Barclays recently declared its “unanimous confidence” in Staley. Interestingly, however, Barclays asked Oerting to leave the bank after its internal investigation, purportedly because he billed personal expenses as company expenses. Jonathan Cox, who bore responsibility for Barclays’ whistleblower program in 2016, also left Barclays in the fall of 2017, following a settlement he reached with the bank.
Around the same time, the U.S. Postal Service’s Office of Inspector General commenced an internal investigation pursuant to a complaint that its employees used their official positions to aid Barclays’ quest. Ultimately, it found no misconduct and concluded that its employees would not have used their positions to assist Staley had they known the allegations of criminal conduct were false.
Last year, the U.S. Department of Justice also undertook an investigation of whether Barclays’ or the USPS inspector’s conduct violated Section 922 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which protects whistleblowers from retaliation, or the applicable criminal laws. Further, the New York Department of Financial Services began interviewing Barclays executives from London and New York at the end of 2017. Those investigations remain pending.
FCA and PRA Report
The FCA and PRA’s investigation of the Barclays debacle was viewed as an important test case. Although the instrument gave lip service to the promise of whistleblower protection, it remained to be seen whether and how regulators would enforce the whistleblower protection provisions. Last month, the authorities concluded their highly anticipated year-long investigation. They determined that Staley failed to act with due skill, care
Given that the FCA and PRA decision is their first under the new whistleblower protection regime, it delivered a clear message to the industry about the fervor with which the regulators will bring future enforcement actions. The regulators’ decision was unprecedented in that they never have fined a sitting CEO, but it fell short of whistleblowers’ hope for mandated top-down change in corporate culture. The regulatory fine of £642,430 provides
More troubling, though, is the regulators’ decision not to take enforcement action against Barclays. The FCA and PRA created the 2015 instrument to clean up the financial industry following a series of fraudulent actions, such as the Libor-rigging scandal. As the instrument
It is difficult to imagine a more elaborate scheme to identify a whistleblower than the one that occurred at Staley’s direction. Multiple security services in countries on both sides of the Atlantic were engaged to hunt down the tipster. In the process, misrepresentations were made to foreign government officials, which triggered multiple foreign and domestic regulatory and criminal investigations and needlessly consumed law enforcement resources. Barclays’ own leader engaged in the quintessential whistleblower witch hunt, and with all eyes on them, the regulators kept him in place. Even if Staley did learn a lesson from his failure, as he claims, the rest of the world learned a very different one.