On 23 February 2015 the Financial Conduct Authority ("FCA") and Prudential Regulation Authority ("PRA") issued a consultation paper ("CP") seeking views on proposed significant changes to regulated firms' whistleblowing procedures. If implemented, the proposals in the CP will form part of the PRA Rulebook and FCA Handbook and oblige regulated firms to comply with formal requirements in relation to whistleblowing.
Whilst some firms will already largely comply as a matter of good practice, for many it will require both a significant cultural shift and material changes in how whistleblowing issues are dealt with. Almost all firms will need to make some changes to comply.
Why is this happening?
In response to a report by The Parliamentary Commission on Banking Standards ("PCBA"), the FCA's and the PRA's proposals are aimed at ensuring that:
- Firms formalise whistleblowing procedures; and
- All employees are encouraged to blow the whistle where they suspect misconduct and that they can do so confident that their concerns will be considered and that there will be no personal repercussions.
Who will it apply to?
Insurers (including Lloyd's managing agents and third country branches) and PRA designated investment firms – typically UK banks, building societies and credit unions.
What are the proposals?
In summary, the proposals are that firms:
- Inform their UK-based employees that they can blow the whistle to the FCA or the PRA and provide details on how to do so;
- Put internal whistleblowing arrangements in place (if they are not already), and inform their UK-based employees about these arrangements;
- Offer protections to all whistleblowers, whatever their relationship with the firm, and whatever the topic of their disclosure;
- Include a passage in new employment contracts and settlement agreements clarifying that nothing in the agreement prevents an employee, or ex-employee, from making a protected disclosure; and
- Appoint a "whistleblowers’ champion" under the Senior Managers Regime/ Senior Insurance Managers Regime to an individual being a non-executive director or the Chairman.
At the core of these proposals are changes to the internal whistleblowing arrangements and procedures for firms. The CP suggests that measures should be taken so that firms:
- Respect the confidentiality of people who raise concerns;
- Be able to deal with disclosures from people who have not revealed their identity;
- Assess and escalate concerns raised by whistleblowers within the firm as appropriate, and, where this is justified, to the FCA, the PRA or an appropriate law enforcement agency;
- Track the outcome of whistleblowing reports;
- Track what happens to an internal whistleblower to determine whether they are subsequently disadvantaged as a consequence of speaking out;
- Provide feedback to whistleblowers, where appropriate;
- Prepare written procedures (e.g. staff handbooks, etc.); and
- Take all reasonable steps to ensure that no person under the firm’s control engages in victimising whistleblowers, and take appropriate measures against those responsible for such victimisation.
In what would be a significant change to the way in which many firms currently operate, it is proposed that the whistleblowing process should in future be managed not by the HR function but by an internal audit or compliance function or contracted out to third parties although firms would still remain responsible to the regulators for such an arrangement.
Extension of disclosure regime
The existing framework providing legal protection to whistleblowers under the Public Interest Disclosure Act 1998 ("PIDA"), both in terms who it covers and what it covers, is already wide. However the FCA and PRA propose that firms' whistleblowing procedures should apply on an even more expansive basis. This will include the self-employed, agents, employees of subsidiaries, appointed representatives, customers and competitors and should extend to any allegation of wrongdoing, not just those covered by PIDA. In order to provide bite to protect those that fall outside the legal protection of PIDA, the CP states that any retaliatory treatment would be a matter of regulatory concern. The draft amendment to the handbook extends matters subject to whistleblowing disclosure to a breach of any regulatory rule, failure to comply with a firm's policies or procedures and the almost limitless concept of any behaviour that has or is likely to have an adverse effect on the firm's reputation or financial wellbeing.
The CP sets out a number of actions that firms will need to consider or implement to meet the proposed new requirements, although some aspects are being left until the consultation has closed before final decisions are made. These include:
- Training for all UK based employees on the need to report wrongdoing, the steps to be taken and examples of matters that might give rise to a whistleblowing disclosure;
- Training of managers on how to recognise whistleblowing, how to protect whistleblowers and ensure those accused of wrongdoing receive a fair hearing;
- A mandatory requirement to include in both contracts of employment and settlement agreements an express provision telling employees that they are not prevented by any terms of the agreement from making a disclosure; and
- Consider having contractual whistleblowing arrangements with tied agents and authorised representatives.
It is proposed that an approved person being either a non-executive director or, preferably, the Chairman, is appointed under the Senior Managers Regime/Senior Insurance Managers Regime to have overall responsibility for:
- Overseeing the effectiveness of internal whistleblowing arrangements, including arrangements for protecting whistleblowers against detrimental treatment;
- Preparing an annual report to the board about their operation; and
- Reporting to the FCA where, in a case before an employment tribunal contested by the firm, the tribunal finds in favour of a whistleblower.
The "champion" should be sufficiently senior and independent to be able to deal with the responsibilities arising from the role and should also have access to independent legal advice and dedicated training.
A duty to blow the whistle?
While the CP notes that the FCA and PRA's current view is that it would be undesirable to include a regulatory requirement on individuals to make whistleblowing disclosures, the PBCS report recommended that this should be the case. While that is not proposed, the CP does ask for firms' views on it and so it may be that the proposals change following consultation responses.
What firms need to do?
Many firms will already have in place procedures that cover much of what will be required by the CP. However some specific steps may still need to be taken to ensure full compliance:
- Contracts of employment and settlements agreement will need to be updated to reflect the notification that employees are not prevented by the agreement from making whistleblowing disclosures. Employer's may wish to go further and include a positive contractual obligation on employees to raise wrongdoing;
- Policies will need to ensure that they advise employees of the ability to whistleblow direct to the FCA/PRA and how to do so and to reflect the new framework more generally;
- Consideration may be given to whether TOBAs and tied agent agreements may need to include whistleblowing arrangements;
- Procedures will need to ensure that disclosures can be made confidentially;
- Consider who should have internal operational responsibility for whistleblowing - in many case this may mean a move from HR to internal audit, compliance or a third party;
- Implementing appropriate training across all UK employees and managers; and
- The appointment of the whistleblowers' champion and setting out his or her remit, providing appropriate training and independent legal advice.
The cost benefit analysis appended to the CP notes the initial costs are expected to be upto £280,000 per annum for the largest firms and which is perhaps indicative of the seriousness with which the regulators are taking this and the scope of the steps that firms are expected to take.
The consultation is open for response until 22 May 2015 and the CP can be found here:
In common with most consultation papers, this may more accurately be described as advance notice of what is going to happen. Perhaps the most interesting aspect is around the concept of the "whistleblowers' champion" who will have a specific and accountable regulatory responsibility for the overall operation and effectiveness of a firm's whistleblowing procedures and a regulatory duty to ensure that those making disclosures are not mistreated as a consequence. This means that whistleblowing will, for many, now become a board level issue given the need to report both to the board on at least an annual basis and to the FCA where there is an adverse outcome in any tribunal litigation.
Inevitably those that whistleblow do so for a variety of reasons ranging from good reasons - such as a genuine desire to expose wrongdoing, to bad reasons - such as defensively to existing work related problems and to exert leverage in exit discussions. But whatever the reason it is clear that the regulators will fully expect firms to deal with the matter properly by having processes in place, recording what they do and monitoring and reporting outcomes at board level. The message for the future is very much "Don't shoot the messenger".