Barclays Whistleblower Case and the Question of Anonymity
By John Bostwick, Managing Editor, Radius
Barclays announced last Monday that the UK’s Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have started investigations into Barclays CEO Jef Staley’s conduct related to the company’s whistleblowing program. Last year an anonymous letter was sent to the Barclays’ board, and another anonymous letter was sent to a Barclays’ executive, about the recruiting of a senior employee who had worked with Staley at a previous employer. The board categorized both letters as whistleblows.
The FCA and PRA investigations will examine Staley’s attempts to uncover the identity of the employees who sent the letters. The announcement says that Staley “considered that the letters were an unfair personal attack” on the subject. The investigations will also scrutinize Barclays Banks’ related responsibilities and its “systems and controls and culture related to whistleblowing.”
Last Monday’s announcement also indicates that Barclays’ board and its third-party legal counsel have concluded that “Mr. Staley honestly, but mistakenly, believed that it was permissible to identify the author of [one of] the letters,” in the mistaken belief that he’d been given clearance to do so. The board further concluded that Staley “made an error” in attempting to uncover one of the anonymous letter writers, adding that the writers’ identities were not uncovered and that Staley himself apologized to the board.
The board has issued a formal letter of reprimand to Staley and plans to lower his compensation “significantly,” taking into consideration the findings of the FCA and PRA investigations (once concluded) when making the compensation adjustment. Barclays has also commissioned an independent review of its whistleblowing policies and procedures.
Although Barclays decided to retain Staley, the story was covered by virtually all major news providers. An article in The Financial Times explains that the investigations are “a setback for Barclays as it attempts to restore its reputation following numerous scandals since the financial crisis, which include Libor rigging and an ongoing criminal probe over the bank’s Qatar rescue deal in 2008.” While citing opinions that Staley’s attempts to uncover the whistleblowers’ identities represented a “moment of madness” and a “shoot yourself in the foot moment,” the article mostly casts Staley in a positive light. It notes that he has “simplified and crystallized Barclays’ strategy,” leading to increased profits. One source quoted contends that “the board has rallied around [Staley] … he’s considered to be good for Barclays and therefore they would like him to stay.”
Other articles include harsher assessments. An article in Bloomberg Gadfly notes that while Barclays has publically stated it handles whistleblower claims in an “appropriate” and “successful” way, the Staley investigations suggest “either that Staley is unaware of whistleblower protections in both the UK and US, or that the bank doesn’t know how to communicate with its CEO.” The fact that Staley’s actions related to the whistleblowers “were linked to a hiring process casts a shadow not just on Staley, but on the new executives he has hired — several of whom come from his old employer, JPMorgan Chase & Co. Staley risks being seen to be protecting some employees over others.” The article concludes that this is “not a good look for a CEO who has cut thousands of jobs in recent months, nor is it good for the morale of those employees trying to deliver his turnaround plan.”
Bloomberg, Reuters and others have noted that Staley’s case is not just being investigated by UK authorities, but “is also under scrutiny by the Department of Financial Services in New York.” Many in the US and UK who have read about Staley’s actions may be inclined to immediately deem his actions (like some of the sources quoted above) as foolish or worse. After all, many of us — especially those of us who have gone through employee anticorruption training — assume that all whistleblowers have rights to anonymity. However, as an editorial in The Financial Times notes, “The FCA says in its guidelines on external whistleblowers that ‘measures such as keeping disclosures confidential will help,’ but it stops short of anything more prescriptive.”
The Staley affair throws light on the occasional ambiguity of whistleblower laws and the fact that they vary by country. The UK government website has commendably clear information about whistleblowing for employees, including a section on making a whistleblowing claim anonymously or confidentially. It states that “the person or body” that receives the claim “should make every effort” to protect the identity of the whistleblower. However, the site notes that employers may not be able to resolve an anonymous claim if they don’t get all the information they need, and that if a whistleblower reports a claim to the media then rights to anonymity will be lost. It adds that there is a different whistleblowing “process” in Northern Ireland.
The US has a number of whistleblowing laws, including the Whistleblower Protection Act of 1989, which indicates that the identity of any individual who makes a disclosure may not be disclosed without the whistleblower’s consent except in limited circumstances (e.g., to protect public health). That seems clear enough, but the law applies only to public employees. The rest of US whistleblower protections appear in a hodgepodge of 20 different statutes collected on the Occupational Safety and Health Administration’s (OSHA’s) website.
Among these OSHA-enforced statutes is the Sarbanes-Oxley Act (SOX). As the nonprofit National Whistleblower Center explains, SOX contains a provision requiring employers to create internal audit committees and “establish procedures for employees to file internal whistleblower complaints, and procedures which would protect the confidentiality of employees who file allegations.” The statute only applies to publically traded companies, however, and some of its passages are far from clear to the lay reader. The language related to audit committees and confidentiality appears in section 301, for example, and mentions establishing procedures for “the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting or auditing matters.” I may be misreading it, but the language seems to leave room for interpretation. For example: If a whistleblowing complaint doesn’t relate to “accounting or auditing matters,” is the anonymity of the whistleblower still protected?
The rules protecting a whistleblower’s anonymity, then, are not necessarily clear or applicable in all situations, and that’s just considering some UK and US regulations. There is moreover scant consistency across borders, even among developed nations. A highlights summary of an OECD report on whistleblower protection in the public and private sectors provides an analysis of a whistleblower survey completed by 32 OECD member countries in 2014. The survey shows a general increase in whistleblower protections across OECD countries since 2009. But some countries have dedicated whistleblower laws, while others provide whistleblower protections in “specific provisions in different laws and/or sectoral laws.” Most of these laws apply to whistleblowers in the public sector, though some of them protect private sector whistleblowers. The report notes that most OECD countries do not have dedicated whistleblower laws, and that “the degree of protection afforded within the provisions of [non-dedicated] laws varies and is less comprehensive than the protection provided for within dedicated laws, which often provide more clarity.”
The report stresses the importance of protecting whistleblowers’ anonymity, noting that “maintaining confidentiality is the first element of a whistleblower protection system, [and] when this fails, reprisals may ensue.” In reality, however, “measures affording anonymous reporting and incentives are not widely applied by OECD countries” and that a number of OECD “whistleblower protection systems exclude anonymous disclosures or state that they will not be acted upon.” Of the 27 countries that responded to a 2014 OECD survey on managing conflict of interest in the executive branch and whistleblower protection, 16 countries (including the UK and US) guarantee anonymity to public sector whistleblowers, while 11 (including Canada and France) do not. (It’s worth emphasizing that these numbers don’t apply to the private sector.)
The highlights report lists some of the arguments against anonymous reporting, including the possibility that an anonymous claim may deflect attention from the claim itself to the identity of the whistleblower. Perhaps more compellingly, some argue that “anonymous disclosures can render reporting systems less effective as the large volume of cases can render investigations difficult due to insufficient information and limited options for follow up.” Mr. Staley at Barclays may sympathize with those who have concerns about “reliability and vindictive allegations, which can be based on the assumption that anonymity may make the whistleblower unaccountable and may attract ‘the cranks, the timewasters and the querulents’ (Latimer and Brown, 2008).”
As we read about Staley’s whistleblower-related misconduct, then, we’d do well to remember that relevant laws vary considerably by country and that there are arguments for and against protecting the anonymity of whistleblowers. That said, his story is also a reminder that ignorance of the law is no excuse, that any company must comply with the laws of all its countries of operation and that employees (including CEOs) must follow company policies or suffer the consequences.