In October last year, the FCA and PRA published policy statements containing new rules on whistleblowing. These are designed to encourage a culture in which individuals can safely raise concerns and challenge poor practice and behaviour without fear of retaliation.
Firms have until 7 September 2016 to comply with the new rules. With this just around the corner, we summarise who the new rules cover and highlight some key points that firms must address to implement the new rules effectively and correctly.
Who do the rules apply to?
The new rules apply to:
- UK deposit-takers with assets of £250 million or greater. This includes banks, building societies and credit unions.
- PRA-designated investment firms.
- Insurance and reinsurance firms within the scope of Solvency II and the Society of Lloyd's and managing agents.
The new rules do not apply to UK branches of overseas banks but the FCA and PRA have said they will explore this in a future consultation.
Five key points
- Supporting the Whistleblowers' Champion
Under the Senior Managers Regime rules, firms should have already appointed a non-executive director as Whistleblowers' Champion. The Whistleblowers' Champion will have responsibility for ensuring and overseeing the firm's transition to the new arrangements which come into force on 7 September 2016.
The FCA and PRA have made it clear that they expect the Whistleblowers' Champion to be given access to sufficient resources to ensure they can carry out the role effectively. This includes having access to independent legal advice and training.
- Dealing with disclosures
Firms must establish and maintain "appropriate and effective" arrangements for dealing with protected disclosures raised by any whistleblower.
This is likely, in most firms, to result in an increase in the number of disclosures by staff and others. Firms will need to introduce a clear and sufficient mechanism for ensuring proper consideration, assessment and escalation of any disclosures. In doing so, firms will need to ensure they can maintain confidentiality and retain accurate records. Firms that do not already operate a confidential helpline should consider this and may need to engage external providers for this purpose.
- Updating policies and procedures
Firms will need to update their whistleblowing policy to describe and explain any new arrangements they introduce relating to considering reportable concerns. In addition, the new rules require that firms must communicate to any UK-based employees that they may make disclosures to the PRA or the FCA and set out the methods for doing so. These requirements will therefore mean that revision of existing whistleblowing policies and procedures is likely to be essential.
However, firms may not need to use their whistleblowing procedure for all reportable concerns. In some cases, a grievance or customer complaint procedure may be better suited. Firms should therefore review these procedures as well, to ensure compliance with the new rules and that there is no unintended conflict or ambiguity.
Firms should also review and update contracts of employment, consultancy agreements and settlement agreements. Settlement agreements must now include a statement which makes it clear that nothing in that agreement prevents a worker from making a protected disclosure. There is also a new prohibition on including any terms requiring the worker to disclose if they have made a protected disclosure or to warrant that they know of no information which could form the basis of a protected disclosure.
Firms must provide suitable training for: (i) UK-based employees; (ii) managers of UK-based employees (wherever they work); and (iii) employees responsible for operating the firm's internal arrangements.
The FCA and PRA have provided guidance on what this should cover. Firms can engage external providers to prepare and deliver this training but will need to tailor this to ensure that it adequately reflects their specific policies and procedures.
- Reporting on whistleblowing
Firms must prepare an annual Whistleblowing Report to the board, which should be overseen by the Whistleblowers' Champion. The FCA and PRA have not specified what the Report should contain. The first Report will need to be made within 12 months from 7 September 2016. Firms should be thinking now about what they intend to cover in the Report, to be able to collect and collate relevant information for each disclosure.