NYDFS Departing Superintendent Gives Parting Gift: Whistleblowing Policy Guidelines

On January 7, 2019, the Superintendent of New York’s Department of Financial Services (NYDFS), Maria Vullo, who has since been replaced by Governor Cuomo, gave a parting gift to all companies that are regulated by the DFS: Guidance on whistleblowing programs that must be part of the “comprehensive compliance program” for all DFS-regulated financial service companies. (See Whistleblower Guidance). 

NYDFS regulates, supervises and if necessary brings enforcement actions against a wide variety of financial services companies that do business in New York, including depository and non- depository lenders, fintech companies, securities companies, and title insurance underwriters and agencies, to name just a few. The Guidance first notes NYDFS’s belief that “employees, consultants, vendors, customers and other stakeholders are often well-situated to observe wrongdoing at a company and bring it to management’s attention.” But NYDFS notes that only if companies have instituted a thorough and thoughtful process for encouraging, receiving, evaluating, and acting upon a whistleblower’s concerns will the needed whistleblowing occur. NYDFS noted that there is no “one-size fits all” type of whistleblowing program, but that each company’s program should be based on “factors such as the institution’s size, geographic reach, and the specific lines of business in which it engages.” With that stated, the Guidance is meant to provide “principles that all [NYDFS] regulated institutions should account for” in the design and implementation of their whistleblowing programs.

The principles set out are:

  • Reporting channels that are independent, well-publicized, easy to access, and consistent
  • Strong protections for a whistleblower’s anonymity
  • Established procedures for identifying and managing potential conflicts of interest
  • Staff adequately trained on receiving whistleblower complaints, determining the appropriate course of action thereafter, and competent management to investigate, refer, and escalate as needed
  • Established procedures for investigating allegations of wrongdoing
  • Established procedures for ensuring appropriate follow-up to valid complaints
  • Protection from retaliating against whistleblowers
  • Confidential treatment of whistleblower identity
  • Appropriate oversight of the function by senior management, internal and external auditors/investigators, and the Board of Directors
  • A top-down culture of support for the entire whistleblowing function

Of particular note are NYDFS’s comments that these principles not only apply to a whistleblower policy for internal complaints, but also to external reports of wrongdoing coming from customers and vendors. Thus, the effects of customer complaint procedures have now been significantly upgraded when the complaint is about internal wrongdoing. In light of NYDFS’s culture of substantive and forceful oversight and enforcement, NYDFS-regulated entities must heed these principles by designing a new program or augmenting an existing program to reflect these principles in a manner that will be self-evident in a supervisory examination or investigation. Failure to do so will not only open a company to fines and injunctive relief, but may also suggest to NYDFS that the existence and implementation of other policies and procedures that are required by it or by other supervisory bodies should be examined.