Legal compliance and risk management is at the forefront of the corporate agenda as never before. Increased legislation with international implications designed to stamp out corruption and bribery has led many employers to introduce employee codes of conduct as well as whistleblowing procedures and policies. Increasing legal obligations on employers operating in the United Arab Emirates has led to new policy implementation across many sectors.
Codes of conduct and clear corporate policies are essential parts of an internal governance model. Legislation such as the FCPA and the UK Bribery Act seek to define the tasks officially assigned to employees and sets the foundation for good business practices. Against this background, a corporate Code of Conduct fulfils a number of functions including:
- assisting in preventing regulatory breaches, fraud or other financial scandals
- setting out clear expectations of employees and parameters for acceptable conduct which can be used as a basis for disciplinary action if necessary
- providing a framework for employees to raise allegations of corporate wrong doing internally and managing those employees once allegations are raised
- providing evidence of the importance the organization places on compliance and the steps it has taken to prevent breach and protect employees raising allegations. Such steps will often be taken into account by regulators when investigating and considering sanctions for a potential breach.
In order to enhance anti-bribery and corruption laws, many jurisdictions have provided protection for employees who highlight wrong doing in the workplace. In the US, the Sarbanes Oxley Act of 2002 provides protection for employees of public companies who raise complaints of fraudulent conduct. The Dodds-Frank Wall Street Reform and Consumer Protection Act provides financial rewards for whistleblowers who supply the SEC with information about a US securities law violation that leads to successful enforcement action. In the UK, the Employment Rights Act 1996 originally provided for workers to be protected if they raised allegations of certain categories of wrong doing in good faith and internally. In amendments introduced in June 2013, the requirement for good faith was removed and a requirement that the disclosure be in the “public interest” introduced.
It is key to understand that such protection can apply to employees of businesses if they are publicly listed in the US, or have a presence in the UK or if the worker has a sufficient connection with the UK, regardless of whether the individual was actually working wholly or entirely outside of the UK or US.
In the United Arab Emirates, the State Audit Institution (which is the UAE’s sole anti-corruption authority) provides a mechanism on its website through which wrongdoing within state-owned entities and central government departments can be reported. Complaints can be made anonymously, which may encourage reporting without fear of retaliation.
In the UAE private sector there is no blanket protection for employees unveiling corporate wrong doing. However, there are some protective provisions in place, including one by the independent Dubai Financial Services Authority (DFSA), which requires that all persons and entities licensed by the DFSA have appropriate procedures and protections to allow employees to disclose any information to the DFSA or to other appropriate bodies involved in the prevention of market misconduct, financial crime or money laundering. While this is limited to individuals and entities licensed by the DFSA, it does encourage a culture of reporting.
There is increasing discussion around the need for federal legislation to be introduced to encourage whistleblowers to come forward with their concerns. In 2012 it was reported that the draft of “Corporate Governance for Developers” issued by the Dubai Land Department, contained a protection clause for whistleblowers. The draft also envisions the appointment of an Audit Committee responsible for ensuring a framework is put in place to protect a whistleblower from dismissal or discrimination. It remains to be seen whether this whistleblowing regime will come into effect.
In June 2013, UAE legislators did put forward a bill to create a new anti-corruption authority named “The Federal Authority for Combating Corruption” (the FACC). Under the proposed federal law, which was drafted in accordance with the United Nations Convention Against Corruption, the definition of corruption includes;
- money laundering
- breach of trust
- abuse of public functions or authorities
- damage to public property
- the concealment of the proceeds of any of these crimes.
The legislation would empower the FACC to issue regulations to protect whistleblowers from being prosecuted criminally, civilly or administratively. This protection will extend to whistleblowers who report information in relation to corruption in good faith. Whistleblowers will be presumed to be acting in good faith if it appears that they revealed information in the public interest and with the belief that enough information exists to justify the complaint. The proposed legislation is under deliberation and is widely expected to be passed by legislators before the end of 2013.
Practical steps when implementing code of conduct and whistleblowing policies
- The policy should be in simple language and encourage employees to raise concerns as a matter of course, ensuring the worker is able to bypass the level of management at which the problem may exist (an email address or hotline to receive concerns are the best methods).
- The policy should be publicized internally and regular training should be provided to staff on its provisions and their obligations under it.
- Appropriate technical and organizational measures should be applied to keep secure any information and personal data that has been disclosed or gathered during an investigation (e.g. limited access to files whether electronic or hard copy and password protecting documents).
- Care should be exercised in certain jurisdictions as the concept of legal privilege is limited. It may also not be possible to maintain the anonymity of the whistleblower should a matter progress to investigation, particularly where external reporting to a regulatory authority is required or where the employment of the individual responsible for the breach is terminated.