The FCA and PRA have introduced new rules to build on and formalise the good practice already found in the whistleblowing procedures of large UK-based banks, building societies*, investment firms and insurers. The rules have been designed to complement recent reforms to the senior management arrangements and remuneration in the financial services industry. (see here)
The rules will take full effect from September 2016. They follow recommendations made by the Parliamentary Commission on Banking Standards that banks put in place mechanisms to allow their employees to raise concerns internally and appoint a senior person to take responsibility for the effectiveness of these mechanisms.
The key new rules require firms to:
- appoint a non-executive director (who is subject to the Senior Managers Regime or the Senior Insurance Managers Regime) as the firm's "whistleblowers' champion";
- put in place internal whistleblowing arrangements able to handle all types of disclosure from all types of person;
- avoid restrictions on whistleblowing in employee settlement agreements;
- tell UK- based employees about the FCA and PRA whistleblowing services;
- present a report on whistleblowing to the board at least annually;
- inform the FCA if it loses in a dispute at an employment tribunal with a whistleblower (note that there is already a power, though not a duty, for tribunals to send details of certain whistleblowing claims to the FCA if the claimant consents); and
- require its appointed representatives and tied agents to tell their UK-based employees about the FCA whistleblowing service.
While the rules will only apply to certain entities, it is clear that the FCA considers that they should be treated as non-binding guidance to other regulated entities. The signs are that it will consider whether to apply the rules more widely in due course. Consequently, any regulated entity would be well-advised to consider whether changes need to be made to their existing whistleblowing policies. Further, even outside regulated businesses, the FCA and PRA's rules may set the standard, which may affect, for example, determinations as to whether a company has adequate procedures to prevent bribery under section 7 of the Bribery Act 2010.
The FCA guidance suggests that the "whistleblowers' champion" role is entirely non-executive in nature, and that the champion need not have a day-to-day operational role handling disclosures; however, it is clear that the individual in this role will have personal regulatory responsibility for the implementation and oversight of whistleblowing procedures. This sits uneasily alongside the usual role of a non-executive director and heightens the personal risk on the individual nominated to be champion. It seems likely that certain firms, in particular if they have faced issues with their whistleblowing processes in the past, may struggle to find a non-executive director prepared to take on the role. Employers will need to carefully consider the individual rights that their whistleblowers' champion may have, particularly if they are in fact an employee of the organisation. Issues of confidentiality and channels of information will also need to be considered and protocols established.
There is already fairly extensive legal protection in place for workers and former workers who blow the whistle and are then dismissed or subjected to a detriment. The threshold for that protection is the making of a "protected disclosure". The Employment Rights Act 1996 sets out what information can amount to a protected disclosure, to whom it must be disclosed and other requirements for protection to apply. It is worth noting that an employee dismissed for making a protected disclosure can bring a claim for unfair dismissal with potentially uncapped damages. This is unlike "standard" unfair dismissal damages which are capped. In light of the existing legislation, many employers will already have whistleblowing policies in place to manage the process and risk. This will have been even more pressing for those employers who are subject to the additional requirements of the US Sarbanes-Oxley Act.
Adding an extra layer of complexity, employers will now need to revisit their internal whistleblowing policies and procedures to ensure compliance with the new rules. Care will also be needed when entering into settlement agreements with employees. Many employers will already provide in settlement agreements that the individual is not precluded from making a protected disclosure. The new rules expressly require this. Settlement agreements will also need to be checked to ensure they do not contain any warranties that the employee has not made a protected disclosure and knows of no information which could form the basis of a protected disclosure. This seeks to close the loop on attempts to circumvent whistleblowing protection by putting the employee in breach of contract if they later blow the whistle on a matter they knew about at the time of the settlement agreement.
The regulators have emphasised that they consider that these changes will give comfort to whistleblowers and encourage a culture in which individuals raise concerns and challenge poor practice and behaviour, building on good practice already found in the financial services industry. Questions have been asked about whether the regulators have missed an opportunity to implement a mechanism for payment of whistleblowers, which has been introduced in the US, with some whistleblowers being awarded tens of millions of dollars. However, the early signs are that the UK approach in recent years is paying dividends, with a 28% rise in whistleblowing reports to the regulator in the 2014-2015 financial year, even without payment, or indeed these new changes to the whistleblowing regime. Only time will tell whether the new rules will achieve the FCA's aim to instil cultural change.