Recent developments such as the fine issued to Barclays CEO Jes Staley by the United Kingdom’s financial regulators place a spotlight on the role of GCs in incidents concerning whistleblowing. Jonathan Watson takes stock of how the whistleblowing revolution is gaining momentum and argues that general counsel need to play their part.
In May 2018, Barclays CEO Jes Staley was fined £642,430 (US$870,428) by the UK’s financial regulators for trying to uncover the identity of an anonymous whistleblower. Announcing the fine, the Financial Conduct Authority (FCA) said that ‘Mr Staley failed to act with due skill, care and diligence in the way he acted in response to an anonymous letter received by Barclays in June 2016’. The FCA’s report on the affair reveals that general counsel (GC) had a significant part to play in Barclays’ whistleblowing procedures. The report notes that a meeting took place on 29 June 2016 at which Staley was told that ‘it was generally not a good idea to try to identify the author of an anonymous letter’. The meeting involved the firm’s GC, head of compliance, director of human resources (HR) and Staley’s chief of staff.
How the GC fits into the whistleblowing process
The presence of executives from different functions within Barclays at such a meeting underlines the fact that in many organisations, dealing with whistleblowing claims is a collaborative process. ‘It is now quite common to see a whistleblowing committee within an organisation which is responsible for triaging any complaints that come in to the right place,’ says Caroline Stroud, a commercial litigator and head of the people and reward practice at Freshfields. ‘There may be a very wide range of concerns raised, ranging from personal grievances to claims that a criminal offence has been committed, and organisations are adopting processes that mean those all come through to the whistleblowing committee.’
There will generally be legal representation on that committee, along with representatives from the compliance and HR departments. ‘It’s important to have that overall view on the whistleblowing committee, which can be provided by people who have different perspectives,’ Stroud says.
That said, there are many ways to structure internal whistleblowing mechanisms, and some jurisdictions offer more legislative prescription than others, says Kieran Pender, a legal adviser in the IBA’s Legal Policy & Research Unit (LPRU) and project lead on the LPRU’s whistleblower protections initiative. ‘The European Commission’s proposal for whistleblower protections, for example, will require all medium size companies and above, all public organisations and any company associated with the financial sector to establish internal reporting channels, and details the minimum requirements for such schemes.’
Other jurisdictions do not mandate internal structures, but courts may take a dim view of organisations that fail to establish reporting pathways if whistleblower-related disputes are litigated.
Philip Berkowitz, US practice co-chair of Littler’s international employment law practice group and co-chair of the financial services industry group, also believes that a system of triage is important. ‘This will enable the company to understand the steps it should be taking – coordinating different approaches to the investigation, reporting between different stakeholders and communicating with third parties, whether it’s the media or other people who have an interest, such as customers and suppliers.’
General counsel has ‘a fairly enormous level of responsibility in trying to take account of everyone’s interests and being sure that they are being properly considered and acted upon,’ adds Berkowitz, who is also Vice-Chair of a joint working group of the IBA Legal Practice Division and LPRU that recently compiled a guide to whistleblower protections.
‘Faced with a whistleblower complaint, the GC has to worry about a number of issues, like whether the company is going to receive adverse publicity,’ he says. ‘They need to think about whether this is going to hit the papers somehow, or the internet – maybe it already has. The GC needs to be thinking about the company’s profile and whether it should be taking affirmative steps to get ahead of the story and make clear that it is doing everything appropriate to address the issue seriously.’
In addition, the HR and compliance departments may each want to retain the legal teams that they are used to working with. This may or may not create conflicts, and someone will have to be responsible for coordinating these activities.
The general counsel has to consider the issue of whether the organisation or a specific person within it is likely to face criminal liability. ‘Does somebody need their own lawyer? Do we need to be thinking about getting counsel for any particular individual? If so, how if at all can we work with that lawyer – do we need a joint defence agreement?’ says Berkowitz.
The precise role played by GCs will vary according to the size of the organisation they work for, says Cathy James, senior legal consultant at whistleblowing charity Public Concern at Work (PCaW). ‘In some organisations, the general counsel does everything, and in some, there is the chance to have a separation of duties and powers,’ she says. ‘With a big legal department – and in an ideal world – there would be different individuals assigned to different parts of the whistleblowing process.’
There is a lot that can land on a GC’s desk as part of that process, so they can really help to make the difference between whistleblowing arrangements that work and really function well and those that don’t, James adds. ‘GCs can set the tone of how these things work,’ she says. ‘They can ensure that the process is independent. They can train staff and ensure that those cases that need senior oversight and those that may need an external process are dealt with properly. If there are too many conflicts involved in the internal process, then independent investigators might need to be involved.’
Later this year, PCaW will launch a benchmarking tool designed to help organisations assess their current whistleblowing arrangements and consider whether they need to be improved. It looks at three core areas: governance, engagement, and operations. Initially it can be used as a self-assessment tool, though organisations can choose to have their score independently verified at a later stage through PCaW.
What should happen if the GC is approached directly by a whistleblower
In some cases, an employee may seek to disclose an issue directly to the GC. According to Pender, the GC should respond in a structured way. ‘Firstly, they could ascertain whether they are an authorised reporting channel – consistent with any internal policies or regulatory obligations – or whether the disclosure needs to be made via another channel,’ he says. ‘Secondly, they could document the disclosure and take all possible steps to protect the identity of the discloser. Thirdly, they could take the discloser seriously and undertake a proper investigation into the disclosure – research indicates that rates of frivolous or vexatious disclosures are exceedingly low.’
Berkowitz believes that in this situation, the GC needs to be cautious. ‘They have to ask themselves who will conduct the investigation,’ he says. ‘Many organisations have very competent people – either in the HR function, or in compliance, or internal audit – who are able to investigate whistleblower claims. But many organisations don’t. Also, companies are increasingly overwhelmed with these claims and need help.’
According to Stroud, having a proper whistleblowing process in place should make life easier for the GC. ‘This should make it very clear where things should be escalated to,’ she says. ‘The published escalation route could be to a whistleblowing committee, to a whistleblowing hotline or to the head of compliance, but it is important that the initial escalation route is clear and transparent to those who want to raise concerns. I think best practice would be that there is then consideration by a committee or a group who make decisions as to how the complaint is to be dealt with and investigated.’
This is also why proper in-depth training is needed on where the difficult issues arise, adds James. ‘If people have thought about whistleblowing before the serious case lands on the GC’s desk, there tends to be a better response,’ she says.
Faced with a whistleblower complaint, some GCs may feel there is a conflict between their obligation to try to investigate or correct the alleged wrongdoing and their obligation, as counsel, to advise the client. ‘There is tremendous potential for conflict,’ says Berkowitz. ‘You have to start with the assumption that the whistleblower is acting in good faith and of course you are going to investigate and advise on the issues. But the organisation is the client, and the GC needs to recall that it is the client’s interests that they have an ethical duty to serve.’
The GC’s obligations do include finding the best way forward for the organisation. ‘Sometimes that includes making a recommendation to discipline a certain executive or to correct a certain action,’ Berkowitz says. ‘But it is normally the client’s decision whether or not to impose discipline. The GC may or may not agree, but having made their legal recommendation, it is up to the client to decide how to proceed.’
In addition, as European law does not always recognise that attorney–client privilege protects communications between in-house counsel and their client, GCs in Europe need to consider the risk that their communications with their client could be disclosed. ‘This could increase the risk of liability if, for example, the GC recommends discipline in writing, but the client decides not to accept that recommendation,’ Berkowitz says.
GCs as whistleblowers
In some cases, it can be the general counsel (GC) of an organisation who acts as a whistleblower. Sanford Wadler, for example, GC at the US firm Bio-Rad Laboratories, told management that he suspected there had been violations of the Foreign Corrupt Practices Act in the company’s China operations. He was ignored, and when he took the issue to the audit committee, he was fired shortly afterwards.
Ultimately, however, he was vindicated when a unanimous federal jury in San Francisco found his dismissal to be illegal. The jury awarded Wadler US$2.96 million in back pay (which is doubled under the Dodd-Frank Act for a total of US$5.92 million) and an additional US$5 million in punitive damages. The verdict was a big deal for the legal sector, as it redefined the boundaries of general counsel privilege, and may spur others to act as whistleblowers themselves.
Crucially, Bio-Rad had asked the court to prevent Wadler from using privileged corporate documents as part of his case. A district judge ruled that the whistleblower protections enshrined in the 2002 Sarbanes-Oxley Act took precedent over state laws regarding attorney–client privilege.
The Bio-Rad case makes it clear that general counsel are entitled to the same legal protections afforded to any other whistleblower. The obligation to report wrongdoing outweighs any right an employer might have to keeping evidence of possible misdemeanours under wraps. In addition, attorney–client privilege does not shield an employer from being called to account for retaliating against a whistleblowing GC.
‘Whistleblower retaliation lawsuits brought by general counsel have always been exceedingly rare and few succeed,’ says Nicholas Sikon, an employment lawyer at US firm Outten & Golden. ‘Most GCs would not file such a suit out of fear that attorney–client privilege would put key evidence out of reach – even if they had a strong case to make. The result is that many GCs may not bring corporate wrongdoing to light in the first place, fearing they would have no recourse if they were terminated or faced other retaliation from an employer.’
Can GCs be whistleblowing champions?
‘Slowly but surely, the whistleblowing revolution is gaining momentum,’ says Virginie Rozière, a member of the European Parliament, in the foreword to the IBA guide, ‘Whistleblower Protections: A Guide’.‘Once the domain of “traitors” and “snitches”, recent years have seen a growing recognition of the immense public value of whistleblowers and the misconduct they reveal.’
It may be time for general counsel to play their full part in this revolution – to step up and stand up more clearly for those who speak up.
At the moment, they are not often the ‘whistleblowing champions’ in their organisations. ‘I haven’t seen this much in the UK – maybe there’s a sense that the whistleblowing investigation might sit with the legal department, so if they are tasked with promoting whistleblowing as well as looking after the whistleblower, that might be too many hats,’ says James. ‘But lawyers have an incredibly important part to play in ensuring that this all works well, and they can make all the difference in the long run.’
Stroud agrees. ‘Generally the GC does have a role in promulgating a “speak up”culture,’ she says. ‘That might be in supporting the business in giving out the right messages or in supporting compliance in promoting those messages. Legal definitely has a job there to ensure that not only are the processes and policies correct but also that the messaging and communications support the speak up culture.’
GCs should lead from the top, adds Pender. ‘They should encourage a culture of transparency, be open to receiving bad news and not shoot the messenger.’ Jes Staley’s actions have done a good deal of damage in this respect. When senior leaders act in such a manner, ‘potential whistleblowers lose faith in the systems designed to protect them and encourage their reporting of wrongdoing,’ Pender says.
A document called ‘The Barclays Way’, published by the bank in August 2016, had claimed that ‘concerns raised are taken seriously, treated sensitively, and where appropriate, independently investigated… Where permitted by law, you can raise your concerns with the whistleblowing team anonymously’.
And yet five years ago, James says, no one would have been aware that anything had happened. ‘This sort of case wouldn’t have been seen as something that the board had to act upon. It would easily have been moved from the board agenda and forgotten about. But now all financial services board members should know they have a regulator that’s interested and they are also likely to have staff who question things. This results in pressure to do something about this sort of unacceptable behaviour. Perhaps there was also a bit of internal pressure on the board which resulted in the public notice.’
And according to a recent Freshfields survey, whistleblowing is becoming more the ‘norm’.
Almost half (47 per cent) of business managers surveyed reported that they had witnessed or engaged in whistleblowing or had had wrongdoing reported to them, up from 34 per cent in a similar survey conducted by the firm in 2014. In addition, only 13 per cent of business managers claim that their employers discourage whistleblowing – down from 40 per cent in 2014.
However, 55 per cent of managers also reported that they and their co-workers would be deterred from whistleblowing by concerns that it would damage their career prospects or reputation, and 55 per cent claimed that they and their co-workers would be deterred from whistleblowing by concerns that their reports would not remain anonymous.
EU regulators seek stronger whistleblower protections
The European Commission proposed legislation in April 2018 to address the fragmentation of protection for whistleblowers across the EU. The proposal sets out ‘common minimum standards’ to protect whistleblowers against retaliation for reporting breaches in specific EU policy areas, such as financial services, product safety and protection of privacy and personal data.
Unveiling the proposals, the Commission argued that recent scandals such as Dieselgate, Luxleaks, the Panama Papers or the ongoing Cambridge Analytica revelations have highlighted the importance of whistleblowers.
While most of the minimum standards will sound familiar to global employers (for example, the need for internal reporting channels), the Commission’s proposal does take a much wider view on who should benefit from whistleblower protection compared to what is usually seen.
The Commission’s proposal will safeguard the rights of individuals who acquire the information they report through their work-related activities (irrespective of their nature) and who run the risk of retaliation. As currently drafted, this could extend whistleblower protection to ‘gig’ workers and the self-employed.
Jonathan Watson is a journalist specialising in European business,
legal and regulatory developments.
He can be contacted at firstname.lastname@example.org