On October 6, 2015, the UK Financial Conduct Authority (“FCA”) issued final rules formalizing whistleblower procedures to be implemented by certain banks, building societies, credit unions, investment firms, and insurance and reinsurance companies.1 While the FCA’s final rules do not go as far as those promulgated by the U.S. Securities and Exchange Commission, which provide for whistleblower bounties in certain successful cases, they are consistent with a global trend to encourage whistleblowers and look harshly on employers who would appear to engage in retaliation. And although the final rules are officially binding for only a subset of UK financial institutions, the FCA has made clear it considers them best practices for all UK regulated entities.2 Importantly for U.S. and Asian banks, the FCA is currently considering whether it will apply these rules to UK branches of overseas banks.3 As a result, financial institutions that fall under the FCA’s regulatory regime should pay close attention to these new measures, which will take effect in 2016.
The final rules originate from a recommendation by the Parliamentary Commission on Banking Standards (“PCBS”), which was established in 2012 to investigate professional standards in UK banks and make policy recommendations.4 In 2013, the PCBS issued a multi-volume report containing various recommendations for the UK banking industry, which included the implementation of whistleblower mechanisms and the appointment of a senior individual to oversee the whistleblower program.5 The FCA’s final rules are the result of those recommendations.
The final rules officially apply to a subset of financial institutions regulated by the FCA, which includes:
- Banks, building societies, credit unions, and other UK deposit-takers with assets of £250 million or greater;
- Investment firms designated by the Prudential Regulatory Authority (“PRA”); and
- Solvency II insurance and reinsurance firms (as well as the Society of Lloyd’s and managing agents).6
However, the FCA states that the final rules should serve as “non-binding guidance” for other regulated entities.7 Moreover, once the new rules have been in effect “long enough to assess their effectiveness,” the FCA will decide whether to require them universally.8
The fundamental requirement of the new whistleblower rules is that each financial institution “must establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns.”9 A compliant whistleblower program must meet several basic requirements, which include:
- Effective handling of disclosures, including maintaining whistleblower confidentiality and providing multiple reporting channels;
- Ensuring the effective assessment and escalation of reportable concerns, including to the FCA or PRA where appropriate;
- Implementing controls to ensure the whistleblower is not retaliated against;
- Providing feedback to whistleblowers as feasible and appropriate;
- Maintaining records of reportable concerns;
- Implementing a written procedure available to employees that describes the whistleblower program and anti-retaliation policy;
- Preparing an annual report to the audit committee or similar governing body on the operation and effectiveness of the whistleblower program;
- Reporting to the FCA each contested unsuccessful case before an employment tribunal where the employee alleged retaliation; and
- Providing appropriate training on the whistleblower program to UK-based employees, managers (regardless of location), and employees responsible for managing the whistleblower program.10
Appointment of a Whistleblowers’ Champion
A key element of the FCA’s new rules, which is a direct result of the PCBS recommendations, is the appointment of a “whistleblowers’ champion,” tasked with overseeing the implementation of a compliant whistleblower program as well as its effectiveness and independence going forward.11 The rules requiring whistleblowers’ champions go into effect on March 7, 2016.
The whistleblowers’ champion must be a non-executive director who is subject to either the Senior Managers Regime or the Senior Insurance Managers Regime; however, a financial institution that does not have non-executive directors will not be required to create this position specifically to serve as a whistleblowers’ champion.12 While the whistleblowers’ champion is not required to handle whistleblower reports directly, they are responsible for assessing and elevating them as appropriate.13 The whistleblowers’ champion may be based outside the UK as long as they can effectively carry out the requirements of the position.14
Each year the whistleblowers’ champion must report annually to the entity’s board of directors on the whistleblower program. The annual report will not be made public, but it must be made available to the FCA or PRA upon request. The final rules expressly decline to provide guidance on the report’s content, instead opting to “provide firms with the freedom to tailor it as appropriate.”15
New Requirements for Settlement Agreements
Under the final rules, settlement agreements between financial institutions and employees must contain text explaining employees’ legal rights relating to whistleblowing and protected disclosures.16 Specifically, agreements must clearly state that they are not intended to prevent whistleblowers from making protected disclosures.17
Moreover, institutions bound by FCA rules are not allowed to ask workers who sign settlement agreements to “state that they know of no information that could form the basis of a protected disclosure,” or even to “state whether they have made a protected disclosures.”18
Employment Tribunals: Entities bound by the FCA’s new rules must inform the FCA of “cases where an employment tribunal finds in favor of a whistleblower when the finding related to a claim that the whistleblower was victimized.”19 The whistleblowers’ champion has the responsibility for overseeing compliance with this rule.
Third-Party Whistleblowers: Whistleblowing measures put in place by a financial institution must have the capacity to receive disclosures from anyone, not only employees.20 Financial institutions must also be equipped to receive anonymous disclosures, and the decision to remain anonymous must belong to the whistleblower.21 Financial institutions are permitted, however, to convey to the whistleblower the advantages of disclosing their identity.22
Training: The FCA’s rules lay out detailed training requirements for three different groups: (1) UK-based employees, (2) managers of UK-based employees, and (3) employees responsible for operating the whistleblower program. Significantly, the requirements for the second and third groups apply to employees regardless of location. For example, managers of UK-based employees must be trained on how to recognize reportable concerns and provide feedback to whistleblowers where appropriate, and employees who operate the whistleblower program must be trained to protect whistleblower confidentiality and assist the whistleblowers’ champion where appropriate.23
Required Disclosures: Under the final rules, financial institutions must inform employees located in the UK of their right to make protected disclosures to the FCA and PRA. Furthermore, financial institutions must explain to employees that they are not obligated to report issues internally prior to disclosing them to a regulator, but in fact may use these reporting mechanisms simultaneously or consecutively. This information must be included in the entity’s employee handbook.
The FCA’s final rules relating to whistleblowers are wide-ranging. Currently, they are binding only on a subset of regulated financial institutions in the UK, and UK branches of overseas banks are specifically excluded. However, the FCA’s statement that the rules should be “non-binding authority” for other financial institutions, along with its expressed plans to consider broadening their application in the future, means that all financial institutions falling within the FCA’s domain should pay close attention and may want to consider adopting certain measures on an anticipatory basis. As the FCA rules state: “The FCA would regard as a serious matter any evidence that a firm had acted to the detriment of a whistleblower.”24 Accordingly, close compliance with these new rules will be essential for UK financial institutions going forward.