If you see something, say something. Back in college, I’d often see that message displayed on signs while riding the Subway in Manhattan. The message makes sense – government agencies are not all-knowing and need to rely on others to be their eyes and ears. The same is true, it seems, for federal regulators in the financial industry – they might not be aware of every infraction or compliance violation at an institution, and they’ve increasingly sought the help of insiders – the institution’s employees – through encouraging “whistleblower” activity.
Government agencies have recently been taking steps to make whistleblowing more enticing. Earlier this spring, the Department of Justice (DOJ) unveiled plans for a new whistleblower pilot program that would provide financial rewards to those who are the “first in the door” to provide new information regarding corruption or criminal use of the U.S. financial system. Additionally, the Financial Crimes Enforcement Network (FinCEN) has its own whistleblower program relating to violations of the Bank Secrecy Act (BSA), through which a BSA whistleblower can receive at least 10 percent, but no more than 30 percent, of the monetary sanctions obtained in an enforcement action based on original information they provided.
Whereas the examples provided above focus on making whistleblowing more attractive through financial incentives, the Consumer Financial Protection Bureau (CFPB or bureau) recently published guidance relating to whistleblowing that takes a different approach.
Last week, the CFPB published Consumer Financial Protection Circular 2024-04, Whistleblower Protections under CFPA Section 1057. In the circular, the bureau declares that confidentiality agreements between financial institutions and their employees could lead to violations of the Consumer Financial Protection Act (CFPA), specifically section 1057.
To review, section 1057 of the CFPA generally protects a “covered employee” from termination or other discrimination resulting from a wide range of whistleblower conduct, including providing information to the CFPB regarding potential violations of federal consumer financial protection laws, refusing to participate in such potential violations, testifying in proceedings under the jurisdiction of the bureau, or filing (or causing to be filed) any proceeding under federal consumer financial law. Notably, the law protects employees who have already blown the whistle, as well as those who are “about to” provide information, meaning that it also protects employees who are contemplating or preparing to blow the whistle.
What does all of this have to do with confidentiality agreements? The bureau explains: “depending on how they are worded and the context in which they are employed, [confidentiality agreements] could lead an employee to reasonably believe that they would be sued or subject to other adverse actions if they disclosed information related to suspected violations of federal consumer financial law to government investigators.” By the bureau’s logic, the belief that an employee could be sued or otherwise punished causes a “chilling effect” in which the employee decides not to share information with the bureau, which therefore impedes the CFPB’s ability to enforce federal consumer finance laws. The CFPB circular explains that the Securities and Exchange Commission (SEC) and Commodities Futures Trading Commission (CFTC) have made similar pronouncements relating to confidentiality agreements.
The circular does not state that all confidentiality agreements violate section 1057 – instead, whether an agreement violates the CFPA will depend on how broadly it is worded and context in which it is used. The bureau notes that asking an employee to sign a confidentiality agreement upon discovery of a compliance violation could be a factor that points towards a violation of section 1057:
“The risk of a violation of Section 1057 is heightened when covered persons impose such agreements in situations that are particularly likely to lead a reasonable employee to perceive the required entry into the agreement as a threat, such as in the context of an internal investigation or other scenario involving potential violations of law—for example, after the uncovering of suspected or confirmed wrongdoing, or in the aftermath of a potentially embarrassing episode for a company. When an employee participates in an investigation or otherwise is made aware of possible wrongdoing and simultaneously is required to sign such an agreement, there is a heightened risk that the employee reasonably would view the requirement to sign as a threat by the employer to take adverse action if the employee were to engage in whistleblowing activity. Indeed, the employee reasonably may not fathom any other reason for why they are being made to sign the agreement beyond that the employer is threatening to sue or otherwise punish the employee for engaging in whistleblowing. In line with the analysis above, such threats may constitute discrimination within the meaning of Section 1057 and thus be prohibited, regardless of whether or not the employer acts upon them or a court actually would enforce a confidentiality agreement with respect to whistleblowing.”
(emphasis added).
The circular also asserts that language permitting employees to share information “to the extent permitted by law” – while technically permitting whistleblowing – might not be explicit enough to avoid the “chilling effect” discussed above. The CFPB posits that some employees could interpret the confidentiality agreement to prohibit information sharing, while being unaware of the contours of what is permitted by law. To remedy this, the CFPB recommends: “An employer can significantly reduce the risk of this kind of perception—and thus of violating Section 1057—by ensuring that its agreements expressly permit employees to communicate freely with government enforcement agencies and to cooperate in government investigations.”
Based on this circular, credit unions may want to think carefully about the wording of confidentiality agreements. To avoid potential compliance issues or regulatory scrutiny, credit unions may want to consider wording such agreements to explicitly permit sharing information with government enforcement agencies.