Whistleblower Policy1

1


LEGAL CONCERNS IN DRAFTING A POLICY FOR REPORTING FRAUD

1. Definition of Terms

In keeping with the notice requirement of due process, any company policy that
may potentially subject an employee to disciplinary and other legal sanctions must
be clearly explained and made known to the employee before its implementation. In
addition, acts or omission constitutive of the offense must be explicitly defined in the
said policy.

Below are my recommendations for legal terms that may be incorporated in
the policy.


Fraud – a generic term embracing all multifarious means which human
ingenuity can devise, and which are resorted to by one individual to secure an
advantage over another by false suggestions or by suppression of truth and
includes all surprise, trick, cunning, dissembling and any unfair way by which
another is cheated.

Fraudulent act shall include but is not limited to the following:

Skimming – any scheme in which cash is stolen from the bank before it
is recorded on the bank’s books and records;

Cash Larceny or Theft – any scheme in which cash is stolen from the
bank after it has been recorded on the organizations books and records;

Fraudulent disbursement of funds – any act or omission in which an
employee misappropriates or uses for his/her personal gain funds of the
bank. Includes, but is not limited, to any scheme wherein the employee:
 Causes the bank to issue payment by submitting invoices for fictitious
goods or services, inflated invoices for personal purchases;
 Makes a claim for reimbursement of fictitious or inflated business
expenses;
2

 Steals the bank’s funds by intercepting, forging or altering a check
issued by a client in favor of the bank;
 Causes the bank to issue payment by making false claims for
compensation;

Asset Misappropriation – any scheme in which an employee steals or
misuses non-cash assets of the bank;

Fraudster – a person who commits fraud.

Whistleblower – one who reveals wrongdoing within an organization to the
public or person of authority.

Protected information – shall refer to any information relating or pertaining to
the commission of fraud reported in good faith, by an employee or any
concerned person. This shall also include the name and other identifying
circumstances (position, rank, department, etc.) of the person making the report
which shall be treated as confidential by the bank.

Retaliation – any malicious action taken or executed in bad faith by the
reported fraudster or any person acting in his/her behalf for the purpose of
harassing, threatening or intimidating the whistleblower or his/her immediate
family, on account of the information provided by the latter to report the
fraudulent act/s.


2. How Fraud can be committed
Aside from the clear definition of the prohibited acts, means on how these acts
may be committed should also be included.

Fraud as defined in this policy may be committed through:
Fraud by abuse of position, defined as where a person who occupies a
position in which he or she is expected to safeguard the financial interests of
another, abuses that position; this includes abuse through omission.

Fraud by false representation, which is defined as where a person makes
any representation as to fact or law, express or implied, which they know to be
untrue or misleading.
3


Fraud by failing to disclose information, defined as where a person fails to
disclose any information to a third party when under a legal duty to disclose
such information.

3. Who can report fraud?

There is no legal proscription as to who could make a valid complaint or report
for fraud. As fraud within the bank, affects both internal and external parties (e.g
depositor, borrowers, etc.) any one with knowledge or is affected/injured by these
prohibited acts should report the incident.


4. How to identify fraud?

Bank-wide training for identification of fraudulent transactions should be
conducted. This would not only encourage reporting of fraud but would also
empower the employee to assess for himself/herself if the transaction he/she is
facilitating is compliant with bank policies and regulations.

In addition, malicious imputation of fraud could also be avoided.


5. How to report fraud?

The success of this policy will hinge mainly in the accessibility of channels
wherein concerned employees and non-employees can report freely, without fear of
retaliation or reprisal, any practice or transaction that they suspect to be fraudulent
or violative of any company policy or BSP regulatory rules, local ordinance or
national law.

From the legal point of view, it is more ideal if reports for fraud would be done
personally and in writing. This would allow for easier verification and production of
evidence if the incident would escalate to the institution of legal action.

However, should the company allow for anonymous reporting of fraud, there is
no legal setback for such measure as long as audit and HR investigations can
provide the evidentiary requirements to prosecute the case.
4

As in both cases, fraud is never presumed, hence it must be proved by clear and
convincing evidence. Mere preponderance of evidence is not adequate. Contentions
must be proved by competent evidence and reliance must be had on the strength of
the party’s evidence and not upon the weakness of the opponent’s defense. (Tankeh
vs. DBP, November 11, 2013)


6. Response to fraud reports

How fast the company, through its management, responds to a fraud
report is crucial in preventing further loss or damage to the bank.

Response time however should not sacrifice the confidentiality treatment
of this information during the investigation stage. The general rule is that an
employee suspected of committing fraud is innocent until proven guilty. The bank
in exercising its right to protect its interest should also recognize the right of its
employees against malicious, libelous, slanderous and defamatory controversies.

As provided in Article 19 of the Civil Code:

“Every person must, in the exercise of his rights and in the
performance of his duties, act with justice, give everyone his due, and
observe honesty and good faith.”

Violation of this provision will could possibly make the bank liable for civil
damages.

Other legal consideration with regards to response time:
 Provision on fraud reporting requirement in fidelity insurance
contracts entered into by the bank;
 Provision on prescription of crimes;
 Provision on prescription on instituting civil actions


7. Protection Clause

5

Whistleblower Policies, in the global business arena, have long been used
in combating enterprise fraud. Several foreign regulatory bodies have already
required the incorporation of this policy in the risk management policy of highly
regulated business, such as banks and other financial institutions. However,
until now, no law has yet been passed pertaining to this policy within the
Philippines.

Based on my research, foreign whistleblower policies commonly put
emphasis on the following provision:

Confidentiality Clause

This is mainly for the purpose of encouraging employees to report fraud.
By ensuring the confidential treatment, not only of the information given but also
that of the person giving the information, employees become more confident and
candid in sharing what they know.

Non-retaliation Clause
This provision addresses the situation wherein an employee makes a
fraud report against a direct superior or high ranking officer of a company. If after
an investigation is conducted and it is determined that no fraud is actually
committed by the alleged fraudster, this provision gives full protection to the
whistleblower against any present or future reprisal from the alleged fraudster.
Provided that the report is done in good faith.

Case example: XXX
XXX is the BOO of 111 who reported the fraud activities of Tellers AAA
and BBB. By reason of such report, audit was conducted and it was found out
that Ms. XXX’s failure in conducting the appropriate call backing procedure
contributed to the ease in which the tellers perpetrated their fraudulent acts.
Although Ms. XXX was the person who discovered, reported the fraud
incident and requested for an audit investigation on the matter, her employment
was terminated. The legal basis for her termination was based on company
policy that imposes the sanction of termination for gross negligence that results
to monetary loss for the bank in the amount exceeding P30,000.
6

The company in designing its whistleblower policy should consider how to
treat possible similar future scenarios. The company policy for imposing
sanctions to employees who inadvertently or unknowingly contributed to the
commission of fraud and at the same time were the ones who reported the fraud
should be studied so as not to be inconsistent with the protection clause of the
whistleblower policy.

8. What information is protected?

An employee and the information he/she provides is considered protected
information only if the employee brings the alleged unlawful activity, policy, or
practice to the attention of the bank and provides the bank with a reasonable
opportunity to investigate and correct the alleged unlawful activity. Furthermore, it
must be shown that the information is divulged in good faith, with the honest
belief that fraud or violation of bank policy is being committed.

The protection of confidentiality and non-retaliation is only available to
employees that comply with these requirements.