Whistleblower Policy1
Content
LEGAL CONCERNS IN DRAFTING A POLICY FOR REPORTING FRAUD
1. Definition of Terms
In keeping with the notice requirement of due process, any company policy that may potentially subject an employee to disciplinary and other legal sanctions must be clearly explained and made known to the employee before its implementation. In addition, acts or omission constitutive of the offense must be explicitly defined in the said policy.
Below are my recommendations for legal terms that may be incorporated in the policy.
Fraud – a generic term embracing all multifarious means which human
ingenuity can devise, and which are resorted to by one individual to secure an advantage over another by false suggestions or by suppression of truth and includes all surprise, trick, cunning, dissembling and any unfair way by which another is cheated. Fraudulent act shall include but is not limited to the following: – – any scheme in which cash is stolen from the bank before it Skimming is recorded on the bank’s books and records ; – – any scheme in which cash is stolen from the Cash Larceny or Theft
bank after it has been recorded on the organizations books and records; F r au au d u l e n t d i s b u r s e m e n t o f f u n d s – any act or omission in which an
employee misappropriates or uses for his/her personal gain funds of the bank. Includes, but is not limited, to any scheme wherein the employee: Causes the bank to issue payment by submitting submittin g invoices for fictitious goods or services, inflated invoices for personal purchases; Makes a claim for reimbursement of fictitious or inflated business expenses;
1
Steals the bank’s funds by intercepting, forging or altering a check issued by a client in favor of the bank; Causes the bank to issue payment by making false claims for compensation;
A s s e t M is a p p r o p r i a t io n – any scheme in which an employee steals or
misuses non-cash assets of the bank; F r a u d s t e r – a person who commits fraud. W h i s t l e b l o w e r – one who reveals wrongdoing within an organization to the
public or person of authority. P r o t e c t ed i n f o r m a t i o n – shall refer to any information relating or pertaining to
the commission of fraud reported in good faith, by an employee or any concerned person. This shall also include the name and other identifying circumstances (position, rank, department, etc.) of the person making the report which shall be treated as confidential by the bank. Retaliation – any malicious action taken or executed in bad faith by the
reported fraudster or any person acting in his/her behalf for the purpose of harassing, threatening or intimidating the whistleblower or his/her immediate family, on account of the information provided by the latter to report the fraudulent act/s.
2. How Fraud can be committed
Aside from the clear definition of the prohibited acts, means on how these acts may be committed should also be included.
Fraud as defined in this policy may be committed through: Fraud by abuse of position , defined as where a person who occupies a position in which he or she is expected to safeguard the financial interests of another, abuses that position; this includes abuse through omission. Fraud by false representation, which is defined as where a person makes any representation as to fact or law, express or implied, which they know to be untrue or misleading. 2
Fraud by failing to disclose information , defined as where a person fails to disclose any information to a third party when under a legal duty to disclose such information.
3. Who can report fraud?
There is no legal proscription as to who could make a valid complaint or report for fraud. As fraud within the bank, affects both internal and external parties (e.g depositor, borrowers, etc.) any one with knowledge or is affected/injured by these prohibited acts should report the incident.
4. How to identify fraud?
Bank-wide training for identification of fraudulent transactions should be conducted. This would not only encourage reporting of fraud but would also empower the employee to assess for himself/herself if the transaction he/she is facilitating is compliant with bank policies and regulations. In addition, malicious imputation of fraud could also be avoided.
5. How to report fraud?
The success of this policy will hinge mainly in the accessibility of channels wherein concerned employees and non-employees can report freely, without fear of retaliation or reprisal, any practice or transaction that they suspect to be fraudulent or violative of any company policy or BSP regulatory rules, local ordinance or national law. From the legal point of view, it is more ideal if reports for fraud would be done personally and in writing. This would allow for easier verification and production of evidence if the incident would escalate to the institution of legal action. However, should the company allow for anonymous reporting of fraud, there is no legal setback for such measure as long as audit and HR investigations can provide the evidentiary requirements to prosecute the case.
3
The company in designing its whistleblower policy should consider how to treat possible similar future scenarios. The company policy for imposing sanctions to employees who inadvertently or unknowingly contributed to the commission of fraud and at the same time were the ones who reported the fraud should be studied so as not to be inconsistent with the protection clause of the whistleblower policy.
8. What information is protected?
An employee and the information he/she provides is considered protected information only if the employee brings the alleged unlawful activity, policy, or practice to the attention of the bank and provides the bank with a reasonable opportunity to investigate and correct the alleged unlawful activity. Furthermore, it must be shown that the information is divulged in good faith, with the honest belief that fraud or violation of bank policy is being committed. The protection of confidentiality and non-retaliation is only available to employees that comply with these requirements.
6
1. Definition of Terms
In keeping with the notice requirement of due process, any company policy that may potentially subject an employee to disciplinary and other legal sanctions must be clearly explained and made known to the employee before its implementation. In addition, acts or omission constitutive of the offense must be explicitly defined in the said policy.
Below are my recommendations for legal terms that may be incorporated in the policy.
Fraud – a generic term embracing all multifarious means which human
ingenuity can devise, and which are resorted to by one individual to secure an advantage over another by false suggestions or by suppression of truth and includes all surprise, trick, cunning, dissembling and any unfair way by which another is cheated. Fraudulent act shall include but is not limited to the following: – – any scheme in which cash is stolen from the bank before it Skimming is recorded on the bank’s books and records ; – – any scheme in which cash is stolen from the Cash Larceny or Theft
bank after it has been recorded on the organizations books and records; F r au au d u l e n t d i s b u r s e m e n t o f f u n d s – any act or omission in which an
employee misappropriates or uses for his/her personal gain funds of the bank. Includes, but is not limited, to any scheme wherein the employee: Causes the bank to issue payment by submitting submittin g invoices for fictitious goods or services, inflated invoices for personal purchases; Makes a claim for reimbursement of fictitious or inflated business expenses;
1
Steals the bank’s funds by intercepting, forging or altering a check issued by a client in favor of the bank; Causes the bank to issue payment by making false claims for compensation;
A s s e t M is a p p r o p r i a t io n – any scheme in which an employee steals or
misuses non-cash assets of the bank; F r a u d s t e r – a person who commits fraud. W h i s t l e b l o w e r – one who reveals wrongdoing within an organization to the
public or person of authority. P r o t e c t ed i n f o r m a t i o n – shall refer to any information relating or pertaining to
the commission of fraud reported in good faith, by an employee or any concerned person. This shall also include the name and other identifying circumstances (position, rank, department, etc.) of the person making the report which shall be treated as confidential by the bank. Retaliation – any malicious action taken or executed in bad faith by the
reported fraudster or any person acting in his/her behalf for the purpose of harassing, threatening or intimidating the whistleblower or his/her immediate family, on account of the information provided by the latter to report the fraudulent act/s.
2. How Fraud can be committed
Aside from the clear definition of the prohibited acts, means on how these acts may be committed should also be included.
Fraud as defined in this policy may be committed through: Fraud by abuse of position , defined as where a person who occupies a position in which he or she is expected to safeguard the financial interests of another, abuses that position; this includes abuse through omission. Fraud by false representation, which is defined as where a person makes any representation as to fact or law, express or implied, which they know to be untrue or misleading. 2
Fraud by failing to disclose information , defined as where a person fails to disclose any information to a third party when under a legal duty to disclose such information.
3. Who can report fraud?
There is no legal proscription as to who could make a valid complaint or report for fraud. As fraud within the bank, affects both internal and external parties (e.g depositor, borrowers, etc.) any one with knowledge or is affected/injured by these prohibited acts should report the incident.
4. How to identify fraud?
Bank-wide training for identification of fraudulent transactions should be conducted. This would not only encourage reporting of fraud but would also empower the employee to assess for himself/herself if the transaction he/she is facilitating is compliant with bank policies and regulations. In addition, malicious imputation of fraud could also be avoided.
5. How to report fraud?
The success of this policy will hinge mainly in the accessibility of channels wherein concerned employees and non-employees can report freely, without fear of retaliation or reprisal, any practice or transaction that they suspect to be fraudulent or violative of any company policy or BSP regulatory rules, local ordinance or national law. From the legal point of view, it is more ideal if reports for fraud would be done personally and in writing. This would allow for easier verification and production of evidence if the incident would escalate to the institution of legal action. However, should the company allow for anonymous reporting of fraud, there is no legal setback for such measure as long as audit and HR investigations can provide the evidentiary requirements to prosecute the case.
3
The company in designing its whistleblower policy should consider how to treat possible similar future scenarios. The company policy for imposing sanctions to employees who inadvertently or unknowingly contributed to the commission of fraud and at the same time were the ones who reported the fraud should be studied so as not to be inconsistent with the protection clause of the whistleblower policy.
8. What information is protected?
An employee and the information he/she provides is considered protected information only if the employee brings the alleged unlawful activity, policy, or practice to the attention of the bank and provides the bank with a reasonable opportunity to investigate and correct the alleged unlawful activity. Furthermore, it must be shown that the information is divulged in good faith, with the honest belief that fraud or violation of bank policy is being committed. The protection of confidentiality and non-retaliation is only available to employees that comply with these requirements.
6
