The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have published new rules for the financial industry relating to whistleblowing. The new rules should not come as a surprise, as they follow a long period of consultation, but they do pose some important questions:

Why are they being introduced?

When are they being introduced?

Who will they apply to?

What are they?

What should you be doing now?    


In recent years, whistleblowing has become more prominent in public thinking, not least because of a number of banking scandals. The aim of these new rules is to encourage a culture in which individuals working in the financial services industry are comfortable raising concerns regarding potential fraud or other unlawful practices. In turn, this should lead to financial concerns which are genuinely in the public interest being promptly and properly investigated.


The bulk of the rules will come into force on 7 September 2016. However, the first requirement goes live today, 7 March – are you ready?


Currently not all companies in the financial sector are captured by the new rules. At this time they only apply to:

  • UK deposit-takers (banks, building societies, credit unions) with over £250 million in assets;
  • PRA-designated investment firms;
  • Insurers that meet the solvency II requirements.For regulated companies outside the list, the rules act as non-binding “guidance” only. However, it may only be a matter of time before they are rolled out further, for example to mortgage and stock brokers.


  • This means that at present overseas branches of UK companies are not covered but this continues to be under consultation.
  • By 7 March 2016, if you are within the rules, you must appoint a “whistleblowing champion” who:
  • will have responsibility for “ensuring and overseeing the integrity, independence and effectiveness” of the company’s policies and procedures on whistleblowing;
  • should be a non-executive director who is not concerned with the day-to-day operations of the company;
  • should have access to independent legal advice;
  • should receive training to enable him to carry out his responsibilities;
  • no doubt to his relief, does not have to have “Whistleblowing Champion” as his formal job title.
  • By 7 September 2016, you must:
  • put in place an internal whistleblowing channel to handle all types of disclosure from employees. This does not mean that you need to investigate every disclosure made. You do however have to ensure that every disclosure is considered and filtered to the relevant area of the organisation if it is better dealt with elsewhere. For example, if the disclosure is more of the nature of a grievance (for example because it lacks the public interest element necessary for a protected disclosure), then this should be escalated to the relevant department (usually the HR department).
  • must protect the confidentiality of whistleblowers, including allowing employees to makes disclosures anonymously. A whistleblowing hotline would allow employees to make an anonymous report.
  • maintain written whistleblowing procedures which are readily available, for example in a staff handbook or on a staff intranet. The existence and whereabouts of these policies should be notified to staff, especially if there are any changes as a result of these rules.
  • permit disclosures to be made through a range of communication methods. If someone raises a complaint by email or verbally to a manager or in an exit interview, this should all be fed through the whistleblowing channel in the same way that a report to a hotline would be. It is advisable for managers to be trained to be able to identify a disclosure.
  • provide appropriate feedback to whistleblowers (where they are not anonymous) and keep them updated where possible so that they know their concerns are not being ignored.
  • prepare and maintain appropriate records of concerns raised. Consider who will keep and maintain these records.
  • put in place reasonable measures to prevent the victimisation of whistleblowers. It is sensible to train managers so that they understand what “victimisation” is and to protect the anonymity of whistleblowers so that they cannot be victimised in the first place.
  • produce an annual report to include information on any Employment Tribunals involving whistleblowing that the company has lost (this will also have to be reported to the FCA).
  • provide training for employees responsible for operating the internal whistleblowing arrangements;
  • tell all UK-based employees about the FCA and PRA whistleblowing services;
  • amend your template settlement agreements and contracts to make it clear that nothing in those agreements prevents employees from making a protected disclosure and check that employees are not asked to give any warranties that they have not made a protected disclosure and do not know of any information that could form the basis of one. The whistleblowing champion must be appointed by no later than 7 March 2016.
  • Get ahead of the game and start to implement the other above measures now. Are your current procedures robust enough? Do you need to make changes and do you have training in place already? Now is the time to seek legal advice on these points.

What should you be doing now?

It is expected that if a company is accused of wrongdoing the FCA will scrutinise the company’s whistleblowing policies and procedures and compliance with these rules closely. They are not simply a “tick box” exercise, but must be enforced effectively.