Regulators Need to Walk the Walk in Supporting Whistleblowers

As Congress has held hearings about the unfolding Wells Fargo scandal, several lawmakers have been particularly outraged by claims from numerous former employees that they faced retaliatory firing after trying to stop the improper practices by complaining to bank managers, human resources and compliance staff.

Some senators, led by Democrat Elizabeth Warren of Massachusetts, have pressed the issue, calling on the Securities and Exchange Commission to investigate whether the bank fired whistleblowers.

If such firings occurred, the congressional ire is fully justified because employer retaliation against whistleblowers strikes at the very heart of every regulatory compliance program. But U.S. bank regulators should be just as outraged; they need to protect whistleblowers openly and aggressively.

The Ethics & Compliance Initiative, a national think tank for ethics and compliance professionals, issued a report this year concluding that "the greatest" ethics and compliance risk to an organization "is an environment where the employees are unwilling or unable to make management aware of their knowledge of or suspicions that wrongdoing is taking place."

Regulators recognize this risk as well. The Office of the Comptroller of Currency, which regulates federally chartered banks, requires that institutions under its supervision (including Wells Fargo) adopt a corporate whistleblower policy that guarantees "a process for employees to report legitimate concerns about suspected illegal, unethical, or questionable practices with protection from reprisal." The absence of this check on corporate misbehavior is viewed by the agency as a threat to the safety and soundness of banking operations.

But despite characterizing whistleblowers as a pillar of regulatory compliance, the OCC actually affords them very little direct support. Here, the OCC has broad authority to follow up on the whistleblower allegations. Perhaps the consent order could have established a special master or some neutral arbitration process that would have expeditiously heard claims and granted appropriate relief to injured employees, such as job reinstatement, back pay, damages and legal fees.

At the House Financial Services Committee hearing with Wells CEO John Stumpf, Rep. Gwen Moore, D-Wis., asked the executive whether there was a fund set aside to compensate victims of the bank's retaliation. Stumpf responded by saying that the retaliation allegations were "very regrettable," and that the bank was taking them "very seriously." Cold comfort, indeed.

Understandably impatient, some former employees have already brought a class-action lawsuit against Wells Fargo for alleged ill treatment. But from a regulatory compliance perspective, private litigation — which is often costly and glacial in its pace — should serve as a safety net, not as the main infrastructure for enforcement. Leaving whistleblowers to their own devices in the courts sends a discouraging message: "We desperately need your help, but you're on your own." Instead, the regulators' clear message to the entire financial services community should be, "Whistleblowers, we have your back!"

Daniel S. Alter is a senior fellow at NYU Law School's Program on Corporate Compliance and Enforcement. He previously served as the general counsel to the New York State Department of Financial Services.