On 18 January 2016, the SME Alliance, a not for profit organisation set up to support small and medium sized enterprises, wrote to Andrew Tyrie, the chair of the UK’s Treasury Select Committee.

In its letter, the Alliance alleged that at least two UK banks had “manipulated or falsified [documents] to the detriment of the customer and to the advantage of the banks”, before using these documents in court “with dire consequences”. The letter went on to describe a meeting with the FCA, which was used to draw its attention to “what is potentially another example of systemic misconduct and even dishonest conduct, by banks”.

According to the Alliance, the FCA was “shocked by the evidence … and … asked our permission to share it with the police”. Afterwards, it appears that the FCA also shared some of the information with two of the banks, without asking the Alliance for permission to do this, or warning the Alliance that it had been done. The Alliance alleges that these disclosures were unlawful, and caused prejudice for the Alliance and its members.

On 9 February 2016, Andrew Tyrie wrote to Tracey McDermott, the acting Chief Executive Officer of the FCA. Tyrie reminded McDermott that the 2013 Parliamentary Commission on Banking Standards found that the FCA “appeared to show little appreciation of the personal dilemmas that whistle-blowers may face”, and that it needed to accept “its responsibility to support whistle-blowers”, before concluding that “it appears the FCA still has a great deal of work to do on this”.

In his penultimate paragraph, Tyrie asked two questions: (a) what is the FCA’s response to the Alliance’s allegation that its representatives and members have been badly compromised by the FCA; and (b) what progress has the FCA made in its attempts to encourage a significant shift in cultural attitudes towards whistle-blowing?

In her reply of 10 March 2016, Tracy McDermott effectively blames the Alliance for its own misfortune. The Alliance “did not present themselves … as providing this information in confidence. Consequently, in pursuing further enquiries, we did disclose limited information to the banks … and did not treat the … Alliance as whistleblowers”. McDermott also argues that the FCA was lawfully entitled to disclose the relevant information on two particular grounds. First, Parliament has given the FCA the power to disclose information, if that would help it to carry out its public functions; and secondly, some or all of the information had already been put into the public domain by the Alliance or its members, allegations which they deny.

This is odd, to say the least. The FCA was careful (and courteous) enough to ask for permission to disclose the information to the police, although that permission was not strictly required either. This is in part because the information was already in the public domain (if it was); and also because Parliament has given the FCA a power to disclose information for the purpose of initiating or pursuing actual or potential criminal investigations. But that does not mean the FCA can and should be criticised for asking for this permission. At least at this stage, it acting with common sense, and in accordance with its own published standards. After all, in its February 2015 publication, “How we handle disclosures from whilsteblowers” the FCA claimed that it always provides “the same level of anonymity to all who disclose to us”, whether they are whilsteblowers who are entitled to anonymity under the Public Interest Disclosure Act, or not. In the same document, it also points out correctly that, “Whilsteblowers almost always want their information and identity to be protected”, before going on to say that its “overriding aim is to ensure that we treat them with the anonymity they need … we will do all we can to protect their identity, unless we are required by a court to disclose it. Even [then] we would try to limit the potential damage, for instance by disclosing only to the judge”.

Little wonder then, that in his reply of 13 May 2016, Tyrie uses quotes from this document to challenge the FCA’s “apparent presumption that the SME Alliance would not require confidentiality”, before asking McDermott to “outline how the FCA decides whether an informant is treated as a whistle-blower, whether they are told clearly of this decision, and what assurance [McDermott] can give to those who are so treated that their involvement will remain confidential”. McDermott has not yet replied.

Whatever the rights and wrongs of this particular case, and notwithstanding the FCA’s investment in whistle-blower training for its staff, the FCA doesn’t always recognise a whistle-blower when it sees one; and it doesn’t always remember that (like an FCA regulated firm), it has whistle-blower obligations and processes of its own. Recognising this human fallibility, we should probably expect the FCA to introduce an additional layer of internal process, which requires FCA staff to expressly discuss whistle-blower status and confidentiality issues with every “informant”, before properly recording the results of the discussion, and what can and cannot be disclosed by the FCA, when, how and to whom, thereafter. This should help, but it’s not enough on its own.

Anyone who’s thinking about whistleblowing to the FCA should probably also take steps to protect themselves. At the extreme, this might mean choosing not to blow the whistle after all; or blowing it anonymously instead, if only because, if the FCA doesn’t know who’s blowing the whistle, it can’t breach their confidence either. But, in many cases, these responses will be unsatisfactory. If the FCA doesn’t know about a problem, it can’t do anything about it; and if it can’t confirm the whistle blower’s status and identify, before asking follow-up questions, it’s likely to find it difficult or impossible to act on the information it’s been given.

The next best thing is for the whistle-blower to do all he reasonably can to protect himself. This ought not to be necessary; but the Alliance’s experience suggests that it is. A whistle-blower who chooses this approach will probably need to expressly ask the FCA to treat him as a whistle-blower (whether the law would give him whistle-blower status or not); and to treat the information and documents he provides in the strictest confidence, whether he’s entitled to it or not. These points could be emphasised by clearly marking every relevant document as “confidential” and “not to be disclosed to anyone outside the FCA, without the prior written consent of” the person who provided the information, and the person the information was about (if different).

Unfortunately, this will not be failsafe. The FCA has the power to disclose some types of information to other regulators and third-parties in some circumstances, and those powers are quite broad. It would also be unlawful for the FCA to fetter is discretion to use these powers, by purporting to give a binding commitment not to share. And, of course, there is always a risk that FCA staff will deliberately or accidentally leak documents or information in any event – although this has been exceptionally rare so far.

However, at least in most cases, the whistle-blower will, by taking this approach, be able to disclose information to the FCA with a higher degree of confidence than might otherwise have been the case. This is essential, if whistle-blowers aren’t to be deterred by the FCA’s apparent, gun-shot to foot, self-inflicted, whistle blowing wounds.

This article was first published in FTSE Global Markets and is available here.