One question facing bank employees who work in compliance is how they can file a whistleblower report without violating existing prohibitions on disclosing suspicious activity report information.
By Walt Williams
Congress in 2020 updated the Anti-Money Laundering Act, including requiring the Financial Crimes Enforcement Network to update and expand its whistleblower program. Four years later, the agency is preparing to issue rulemaking to implement that mandate, and many questions remain about how it plans to administer the program and what banks can do to prepare for the new regulations.
“Right now, although we have some broad outlines of what the whistleblower provisions are, the regulations are going to be where the rubber meets the road,” said Eddie Jauregui, a litigation partner at the law firm Holland and Knight, during the ABA/ABA Financial Crimes Enforcement Conference in November
FinCEN Director Andrea Gacki announced late in 2023 that the agency would soon move forward with rulemaking to implement the AML Act’s whistleblower changes, although she did not give a timeline for when the proposed rules would come. However, the rulemaking is widely expected to be released this year. “While we work on the rulemaking necessary to fully implement this program, FinCEN is already receiving tips, investigating information received through those tips and making referrals to its enforcement colleagues at [the Office of Foreign Assets Control] and the Department of Justice,” Gacki said.
The important thing to keep in mind about the AML Act is it is intended to target drug trafficking, arms trafficking, human trafficking, kleptocrats and a host of other bad actors, Jauregui said. The law was passed amid a backdrop of increased sanctions activity, with the hope that its provisions would lead to more whistleblowing on international schemes.
New provisions
The first and most significant change made to the updated AML Act was to increase the award for whistleblowers. Previously, the maximum award was $150,000. Now, the award is up to 30 percent of the recovery over $1 million. The award doesn’t apply to forfeiture, restitution or victim compensation. Instead, the Treasury Department—of which FinCEN is a part—is required to pay whistleblowers 10 to 30 percent of the penalties and fines. “So whatever pound of flesh the government is able to exact based on that whistle being blown, but in excess of $1 million, that is the base number the award is going to be based on,” Jauregui said.
The second major change is the new law removes the Treasury Department’s discretion about whether to issue the award, said Julian André, a partner at the law firm McDermott Will and Emery, speaking at the conference as well. Now the department must pay an award to whistleblowers who provide voluntary information. “When you’re talking about incentivizing whistleblowers to come forward, they’re probably going to be less likely to do so if they think there is just a possibility that they’re going to get an award as opposed to it being something that is now mandatory,” André said.
A third important element concerns the reporting required to be considered a whistleblower under the law. For example, under the Securities and Exchange Commission’s whistleblower program, a person must report his or her claims directly to the SEC. No such requirement is in FinCEN’s whistleblower program.
“You can be considered a whistleblower under the [Bank Secrecy Act] if you blow the whistle to your employer, which is which is basically reporting ‘in’ as opposed to reporting ‘out,’” Jauregui said. “So if you are aware of misconduct or illegal conduct, and you report up your chain of command within your financial institution, you may still qualify as a whistleblower under the BSA.
“If you’re in a compliance function, if you’re in an HR function or some other function where you ordinarily will spot potential violations of the law as part of your normal job duty, you can still qualify to be a whistleblower under the AML Act,” he added.
Seeking clarity
One question facing bank employees who work in compliance is how they can file a whistleblower report without violating existing prohibitions on disclosing suspicious activity report information. “While somebody whose job includes something like this may still qualify as a whistleblower, the mechanics of that may become very difficult,” Jauregui said.
That potential wrinkle is something that hopefully FinCEN’s rulemaking will address, André added. “If you believe you’re the source of original information, how are you going to actually seek an award, particularly if you have not reported it to FinCEN?” he said.
There is also the question of what happens if whistleblowers are unhappy with the reward they received, as the law gives them the ability to appeal the decision, or if multiple people claim they are entitled to the reward. “That’s another reason why regulation will be important because ultimately, the courts will be determining whether that decision was an abuse of discretion, and you need regulations discussing what the discretionary factors to be considered are,” André said.
At an institutional level, banks need to keep in mind that any employee agreements or arbitration agreements that conflict with the whistleblower protections are unenforceable, he said. “So, the short of it is, your bank can’t impose some sort of contractual requirement that would make it harder for you to be a whistleblower.”
The AML Act also contains additional protections and anti-retaliation provisions for whistleblowers.
“Those are tricky because for banks—for any FDIC-insured institutions—the old anti-retaliation provisions apply, and there are new provisions that apply for others,” André said.
“When it comes to retaliation, just know that it’s bad,” he added. “You shouldn’t do it and should discourage retaliation.”
The regulations may be forthcoming, but the law itself is currently in effect. Bank employees who report suspicious activity that leads to a fine are already entitled to an award, and the provisions regarding whistleblower protection are enforceable, even without implementing rules.
“It’s just that there’s a lot of ambiguity and a lack of clarity as to how a lot of this is going to function,” André said.
