What policies should address
Because of the light—or heat—the IRS has put on this subject, credit unions can find dozens of examples of whistleblower policies simply by googling the words “whistleblower policy sample.”
Your credit union’s size will undoubtedly influence the structure and detail of your policy. In a credit union with less than 10 employees, the reporting chain will certainly look different from that of a larger credit union with more than 200 employees.
In drafting and adopting a policy that’s right for your credit union, consider how it will work when someone discovers an employee or volunteer’s wrongdoing. What happens if a teller discovers a branch manager is shorting the count each day? Where does the controller go if he discovers wrongdoing on the part of the CFO or CEO? The policy may state an employee should first report the potential problem to his or her supervisor if the person is comfortable in doing so, but certainly you must provide an alternate process.
Your policy should designate one individual who will typically be responsible for enforcing compliance with the whistleblower policy. In many credit unions, that could be the head of risk management, fraud prevention, or compliance—or the supervisory committee chair. As addressed in the policy, the person will have the duty to investigate the reported activity and, if appropriate, recommend corrective action to executive management or the board of directors.
Make sure the designated person is at a high enough level within the credit union that he or she wouldn’t be reluctant to investigate the reported activity of a senior executive or even the CEO.
While these policies also may provide for anonymous reporting, a drawback to such an approach is that if the person didn’t provide enough information in the initial tip, the investigation and follow-up may prove difficult, if not impossible.
As you review other organizations’ whistleblower policies, you’ll see they address similar areas. Here’s a possible outline of what your policy may want to cover:
Protect employees from retaliation
While employees are specifically protected against adverse action taken as a result of reporting wrongdoing to the National Credit Union Administration (NCUA) under Section 1790b of the Federal Credit Union Act, this statutory protection doesn’t necessarily extend to reports made within the credit union chain of command that aren’t also made to NCUA.
An effective whistleblower policy must clearly provide that your credit union won’t take any adverse action against the individual—whether a volunteer or employee—for reporting what that person reasonably believed to be wrongful activity that’s intended to be disclosed to comply with the policy. Many policies specifically state the person reporting the questionable action must do so in good faith to be protected from disciplinary action, including termination.
Educate staff and volunteers
It should go without saying that of equal importance to developing a whistleblower policy is that the policy be widely distributed to your employees and volunteers and they be regularly reminded of why and how to report possible wrongdoings. Some organizations have a form to report problems, and you can find examples along with sample policies on the Internet.
Credit unions have (or should have) ethics policies that they require their employees and volunteers to acknowledge annually. You can easily annually disclose your whistleblower policy along with your ethics policy, or even incorporate whistleblower provisions into your ethics policy.
It’s crucial that management and the board of directors emphasize to each employee and volunteer that compliance with the whistleblower policy is mandatory. This approach will ensure that in the unfortunate event wrongful activities are discovered, employees or volunteers know they’re expected to report them, they’ll suffer no adverse consequences for reporting, and your creditunion will fully investigate.
CHRISTOPHER J. PIPPETT is a partner with Fox Rothschild LLP in Exton, Pa.