Whistleblowing, as set out in the Public Interest Disclosure Act 1998 ('PIDA'), is the act of reporting a wrongdoing within an organisation with the aim of preventing it, and any harm that may arise from it. This holds particular importance in the financial services industry due to the clear potential for serious wrongdoings such as insider trading, financial fraud, money laundering and corruption to undermine the integrity of the financial system. For this reason, the Financial Conduct Authority ('FCA') and the Prudential Regulation Authority ('PRA'), as financial services regulators in the UK, also provide additional rules and guidance which go beyond what is required by statute, with the aim of promoting a culture of openness and transparency in the firms they regulate.
Whistleblowing under PIDA
To be protected under PIDA, the Whistleblower must make a qualifying disclosure, in which they disclose information that they reasonably believe to show the existence of a wrongdoing.
However, a qualifying disclosure will not be protected unless it also meets the required criteria to be considered a protected disclosure. A protected disclosure must be made in good faith and relate to a specified wrongdoing, such as a criminal offence or breach of a legal obligation. Furthermore, it must not be in one of the categories exempted under PIDA, such as a disclosure made in the course of the person's official duties or those subject to legal privilege. There is no longer a requirement for the disclosure to be made in good faith, although the Whistleblower must be able to show that they reasonably believed the information to be true.
Further, to be protected, the disclosure must be made to specified persons listed in PIDA, which include the employer and prescribed persons, such as regulators. The degree of protection will vary depending on who the disclosure is made to and, in the first instance, Whistleblowers are encouraged to make the disclosure internally to their employer before making a disclosure to another category.
The FCA and PRA both have specific whistleblowing rules and guidance in place which apply to the firms they regulate.
The FCA Rules on Whistleblowing
The FCA rules on whistleblowing are primarily contained in the FCA Handbook under the 'Systems and Controls' section, which contains a chapter on whistleblowing (SYSC 18). These rules apply to a broad range of financial services firms, including banks, building societies, credit unions, insurers, investment firms, mortgage lenders, and consumer credit firms.
Under the FCA rules, firms must have a whistleblowing policy in place setting out the procedure for making a disclosure and the ways in which the Whistleblower will be protected. The policy must be communicated to all employees and training provided to ensure a full understanding of the policy and its procedures.
Additionally, the FCA requires firms to have a mechanism in place for anonymous disclosures to be made and to ensure that Whistleblowers do not suffer any detriment from having made a disclosure. Firms must also have in place a procedure for the investigation of disclosures.
The FCA rules also require firms to appoint a 'Whistleblower's Champion' who will be a manager with sufficient seniority who is made responsible for the firm's internal whistleblowing arrangements. The Whistleblower's Champion must ensure that the Whistleblower receives fair treatment and that the concerns they raise are investigated in full.
Finally, the FCA requires an annual report to be made to both the firm's board and the FCA itself, containing the number and nature of the disclosures received within the year and detailing how these disclosures were handled.
The PRA Rules on Whistleblowing
The PRA's rules on whistleblowing, found in the PRA Rulebook (2A (Whistleblowing)), apply to a narrower range of firms within the financial services sector, mainly those which take deposits, such as banks, building societies, and credit unions, and PRA-designated investment firms.
Similar to the FCA's rules, the PRA also require firms to have a whistleblowing policy in place and to provide employees with training on their responsibilities regarding whistleblowing. PRA regulated firms must also have a mechanism in place for anonymous disclosure and must investigate any disclosures they receive.
Unlike the FCA's rules, the PRA do not require a Whistleblower's Champion to be appointed. However, as part of the whistleblowing arrangements it expects the firms it regulates to have in place, firms must designate a person or team to take overall responsibility for its whistleblowing procedures.
Whistleblowing and the Senior Management and Certification Regime
All firms regulated or authorised under the Financial Services and Markets Act 2000 are subject to the Senior Management and Certification Regime ('SM&CR'). Implemented by the FCA, the SM&CR is a regulatory framework aimed at promoting a culture of responsibility and accountability within financial firms.
As such, under the SM&CR, senior managers have a duty of responsibility in the area they are responsible for which extends to ensuring that there are effective systems and controls in place regarding whistleblowing. Furthermore, SM&CR firms must have whistleblowing policies and procedures in place, which are both clear and effective, and certain categories of firm must also appoint a Whistleblower's Champion.
The SM&CR places particular importance on providing employees, including senior managers themselves, with training regarding the firm's whistleblowing policies and procedures to encourage a culture of openness regarding reporting concerns.
Whistleblowing plays a key role in identifying the breaches and forms of misconduct that SM&CR firms are required to report to the FCA. Therefore, the SM&CR encourages firms to have robust mechanisms in place for reporting such breaches internally.
Consequences of Non-Compliance
Any failure to comply with whistleblowing requirements may give rise to Employment Tribunal claims from a Whistleblower who suffers a detriment and/or dismissal resulting from reporting concerns.
The FCA and PRA are authorised to take regulatory action such as formal investigations, fines and other disciplinary measures against firms that fail to comply with their whistleblowing requirements. In more serious cases, the regulators may even restrict or revoke the firm's regulatory approval.
Further, senior managers with responsibility for the firm's compliance with whistleblowing procedures may be held personally accountable for failure to fulfil their obligation. Such a failure may subject them to investigations, fines, or bans from holding certain positions within the financial services industry.
Finally, non-compliance with whistleblowing requirements may give rise to significant reputational damage which has the potential to undermine public perception of the firm's integrity regarding the financial services it provides.
Conclusion
Financial services employers should exercise caution and seek legal advice when handling relations with a whistleblowing employee as any detriment they are subjected to, such as demotion, dismissal, harassment, or other unfavourable treatment, will entitle them to bring a claim in the Employment Tribunal. Further, employers can also be held liable for the actions of their employees in relation to whistleblowing, including any retaliation that a Whistleblower suffers resulting from their disclosure. However, providing employees with regular whistleblowing training and encouraging a speak up culture where concerns are reported quickly will help to bring any potential regulatory breaches to light early on and allow them to be dealt with in line with the firm's regulatory requirements.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
