Add a bookmark to get started

Abstract building
3 February 20224 minute read

FCAC publishes draft guideline on whistleblowing policies and procedures for banks and authorized foreign banks

The Financial Consumer Agency of Canada (“FCAC”) has published a proposed Guideline on Whistleblowing Policies and Procedures for Banks and Authorized Foreign Banks (the “Guideline”). The Guideline is intended to help banks — including authorized foreign banks — comply with their obligations under the new Financial Consumer Protection Framework (“FCPC”) of the Bank Act and its associated Financial Consumer Protection Framework Regulations (coming into force on June 30, 2022).

Banks are obligated to establish and implement policies and procedure for dealing with employee reports of wrongdoing (“Whistleblowing Policies”). While FCAC recognizes that banks may tailor their Whistleblowing Policies to fit their particular businesses and circumstances, it nevertheless expects banks to use Guideline principles when developing their Whistleblowing Policies. The Guideline principles include: 1) effectiveness, 2) accessibility, and 3) protection.

Guideline principles

Using the Guideline will ensure that Whistleblowing Policies are effective in achieving their goals, are easy to find, understand and use, and protect employees who report a wrongdoing to the bank.


Effective Whistleblowing Policies have the following features:

  • They encourage employees to report wrongdoings, and clearly set out the process for dealing with employee reports. Towards this end, banks must issue a statement to express their organizational support for reporting. Additionally, banks should allocate sufficient resources to deal with reports in a fair and timely manner. This includes designating employees to work closely with management and oversee the development and implementation of Whistleblowing Policies. The process should be regularly reviewed, and any amendments must be communicated to all employees.
  • They set out a process for determining whether a disclosure qualifies as a report of wrongdoing and a process for investigating the report fairly and adequately.
  • They include a commitment to continued employee training, with the goal of encouraging reporting. All employees who deal with reports of wrongdoing should receive specific training. Special attention should be paid to employees who have a greater chance of encountering or contributing to wrongdoings due to their position.


Accessible Whistleblowing Policies inform employees of their ability to report wrongdoings. This includes policies about whom employees should report to, how they should file a report, and various resources available to employees when they file a report.

To be accessible, Whistleblowing Policies should:

  • be written in simple and unambiguous language;
  • indicate that employees have various reporting options both internally (at the bank) and externally (e.g., to any government body that regulates financial institutions);
  • define and provide examples of “wrongdoing”, and
  • give employees access to confidential advice — to be provided by appointed senior officers or an independent, external body — at all times during the reporting process.


Protective Whistleblowing Policies demonstrate how the reporting process is designed to preserve confidentiality. The process must include safeguards that protect the reporting employee’s identity from being revealed, such as by placing access restrictions on confidential information.

Where it is necessary (for investigative purposes) to disclose the identity of an employee to a government or law enforcement agency, the Whistleblowing Policies should contemplate safeguards for the secure transfer of information. The Whistleblowing Policies should specify the manner in which the bank will inform employees that their identity has been disclosed.

Protective Whistleblowing Policies should also set out the measures that the bank will take to protect reporting employees from retaliation, including prohibitions against dismissing, disciplining, or disadvantaging (in any way) an employee for reporting a wrongdoing.

Reporting to FCAC

Where a bank discovers breaches of these provisions after investigating a report, it should assess whether the breach should be reported to FCAC. When reporting to FCAC, the bank must note that it became aware of the breach through a whistleblowing report.


Overall, the Guideline details FCAC’s expectations with respect to the implementation of effective, accessible, and protective Whistleblowing Policies. Banks must establish Whistleblowing Policies that competently deal with reported wrongdoings, prohibit retaliation against the reporting employee, and keep the employee’s identity confidential.


This article provides only general information about legal issues and developments, and is not intended to provide specific legal advice. Please see our disclaimer for more details.