Most will now be familiar with the proposals of the Financial Conduct Authority [“FCA”] and the Prudential Regulation Authority [“PRA”] which significantly change the way individuals working for UK banks, building societies, credit unions and PRA-designated investment firms are assessed and held accountable for the roles they perform. Embedded within the drive to encourage individuals to take greater responsibility for their own actions is a mirror obligation for individuals to take responsibility for their colleagues’ actions too. This paper will consider whether the regulators’ push for a greater whistleblowing culture which relies on banks implementing better arrangements and support for whistleblowers to combat what was described by the FCA and PRA as a ‘culture of fear’ takes into account the difficulties the regulators will face in maintaining such protection if the matter is escalated to regulatory or criminal proceedings.
The Parliamentary Commission on Banking Standards [“the Commission”] Final Report provides that banks should ensure that staff have a clear understanding of their duty to report wrongdoing and to ensure there are sufficient mechanisms in place to enable staff to raise concerns, even if there is no specific allegation of wrongdoing being alleged. An appointed non-executive director should also be personally accountable for protecting whistleblowers against detrimental treatment and for ensuring the effective operation of the firm’s whistleblowing regime. All Senior Persons should have an explicit duty to be open with the regulators. Therefore banks will need to review their whistleblowing procedures and consider whether their employment contracts and codes of practices accord with the existing Capital Requirements Directive IV requirements which came into effect at the beginning of this year and any future requirements which may be introduced as a result of the Final Report.
In addition to this explicit reference to whistleblowing and drive to encourage whistleblowing, is the provision in the Final Report on ‘Handover Certificates’ which arguably acts as a guise to a further whistleblowing provision; Senior Persons must prepare a handover certificate when leaving a role or passing on duties. This is designed to ensure that the Senior Person blows the whistle on the person taking on those responsibilities if there are any concerns. Although there is no legal obligation on employers to protect a whistleblower’s identity, it is not inconceivable that a bank in endeavouring to fulfil the requirements imposed by the regulators to implement effective practices to encourage staff to speak out securely against any fear of reprisal may well take steps to do just that. Whether the regulators have intended or foreseen such a measure is unclear. However the potential difficulties associated with doing so cannot be overlooked.
Protection for the whistleblower…?
One can without difficulty understand the benefits of effective whistleblowing procedures within an organisation which have been well rehearsed in the Final Report and the PRA and FCA’s Consultation Paper; strengthens corporate governance and ethics in an organisation, enables an effective risk management tool and that more support afforded to anyone raising concerns combats any prospect of fear in doing so.
Whilst internal whistleblowing policies cannot guarantee indefinite anonymity for the whistleblower, efforts may be made to protect their identity throughout the internal matter. When the identity is protected, difficulties then arise when further legal action flows from the internal disclosure. Neither the Commission in making its recommendations for better arrangements and support for whistleblowers nor the PRA/FCA in their response deal with how these additional requirements on banks are to work in practice. Further, they do not address this traditional juxtaposition of maintaining said support and protection for the whistleblower if and when the matter is escalated and either enforcement or criminal proceedings are instigated. In such proceedings, the same protection afforded to the whistleblower internally may well not be available at a later stage due to the overriding customary duty to have one’s accuser named.
Anonymity in regulatory and criminal proceedings
The right to know one’s accuser is enshrined in both Article 6 of the European Convention of Human Rights and in our common law. It was helpfully summarised in the judgement of the first anonymous witness trial held in 2008; R v Davis (Iain)  UKHL 36. In short, the court held that the accused had a fundamental right to see and know the identity of his accusers save in rare and exceptional circumstances, particularly where the witness evidence is the sole or decisive basis on which the accused faces allegations. This may well be the case when enforcement action is taken against a Senior Person and evidence of their involvement is difficult to identify.
The Court further held that protective measures of anonymity hampered counsel’s inability to explore who the witnesses were and the nature of their contact. The hampering of which abrogates a long standing common law right directly bearing on the ability of a defendant to defend himself to an extent that was unlawful and rendered the trial unfair.
The court’s refusal to interfere with this long standing common law right was thereafter confirmed in the case of R v Ford  EWCA Crim 2250 where the court held that ‘the admission of anonymous hearsay in criminal proceedings is, in principle, prohibited’.
Therefore, any proposed protection afforded by the employer and required now by the new proposals is to some extent moot if the protection cannot be maintained once the concerns are escalated.
In a new ethos of greater enforcement and transparency by the regulator, surely these issues can only become starker. Has the PCBS in their report and the FCA/PRA in their response failed to take this opportunity to tackle head on this long standing juxtaposition once and for all? Has the regulator considered how this push for greater whistleblowing which rests on the banks’ obligation to provide further protection internally will sit rather uncomfortably with the regulator’s future desire to use information sought from the whistleblowing process to hold individuals to account in later proceedings?