Nicola Sharp of Rahman Ravelli examines the obligations the FCA places on businesses regarding whistleblowing
In its Handbook, the Financial Conduct Authority (FCA) is very specific and very clear about the obligations it expects companies to meet in terms of whistleblowing.
Chapter 18 of the Handbook was drafted in order to set out the requirements placed on firms regarding the adoption and communication to UK-based employees appropriate internal procedures for what it terms “handling reportable concerns made by whistleblowers as part of an effective risk management system’’.
It sets out the role of the whistleblowers’ champion as well as the requirement of firms to ensure that settlement agreements expressly state that workers may make protected disclosures and do not include warranties related to protected disclosures. The chapter details the whistleblowing obligation under article 73(2) of MiFID, which requires MiFID investment firms (except collective portfolio management firms) to have in place appropriate procedures for their employees to report potential or actual infringements of MiFID and MiFIR and other EU-derived whistleblowing obligations. Notably, it also explains the link between a firm’s whistleblowing measures and its fitness and conformity to standards, while also offering guidance on best practice to firms that do not have to apply the measures covered in the chapter.
SYSC 18.3 of the Handbook states that a firm must establish, implement and maintain appropriate and effective arrangements for the disclosure of reportable concerns by whistleblowers.
These arrangements must:
- be able to handle disclosures of reportable concerns, including where the whistleblower has requested confidentiality or chose not to reveal their identity
- allow for disclosures to be made through a range of communication methods
- ensure the effective assessment and escalation of reportable concerns by whistleblowers
- include reasonable measures to ensure that a whistleblower is not victimised by anyone under the control of the firm
- ensure feedback is given to a whistleblower about the concern they raised, providing this is feasible and appropriate
- include the preparation and maintenance of appropriate records of concerns reported by whistleblowers and the firm’s treatment of them
- involve up-to-date, written procedures available to all UK-based employees
- include reports made at least annually to the firm’s governing body on the operation and effectiveness of its whistleblowing systems
- include prompt reports to the FCA about each case the firm contested but lost before an employment tribunal where the claimant successfully based all or some of their claim on either detriment suffered because they made a protected disclosure in breach of section 47B of the Employment Rights Act 1996 or on being unfairly dismissed under section 103A of the Employment Rights Act 1996;
- make provision for appropriate training for UK-based employees, these employees’ managers (wherever they are based) and the employees responsible for operating the firms’ internal arrangements.
Chapter 18 encourages firms to invite their appointed representatives and tied agents to consider adopting appropriate internal procedures to prompt employees with concerns to blow the whistle internally about matters that are relevant to the FCA or the Prudential Regulation Authority (PRA).
When a firm devises and introduces a training and development programme, such a programme should be for all UK-based employees and make it clear that the firm takes reporting of concerns seriously, while explaining the methods for doing so.
The FCA expects training for UK-based employees to cover:
- examples of concerns that could be reported
- examples of action that might be taken by the firm after receiving a reportable concern
- how a whistleblower’s confidentiality can be protected
- sources of external support, such as whistleblowing charities;
Managers of UK-based employees should be trained in how to recognise when there has been a disclosure of a reportable concern by a whistleblower as well as how to protect whistleblowers and their confidentiality and provide feedback to them, where appropriate. They should also be taught how to ensure fair treatment of anyone accused of wrongdoing by a whistleblower.
All employees of the firm responsible for operating the firm’s arrangements must know how to protect a whistleblower’s confidentiality, assess and grade the significance of information provided by whistleblowers and assist the whistleblowers’ champion when required to do so.
The Whistleblowers’ Champion
A UK banking firm subject to the Senior Managers and Certification Regime (SMCR) must allocate the FCA-prescribed senior management responsibility for acting as the firm’s whistleblowers’ champion. An insurer must appoint a director or senior manager to this role while a firm should appoint a non-executive director as its whistleblowers’ champion (although if it does not have a non-executive director it does not have to appoint one to meet this requirement).
A whistleblowers’ champion has the responsibility for ensuring and overseeing the integrity, independence and effectiveness of the firm’s whistleblowing policies and procedures; including those designed to protect whistleblowers from victimisation arising from them reporting concerns. A person appointed to this role should have a level of authority and independence within the firm and access to sufficient information and resources – including independent legal advice and training – to enable him to carry out that responsibility. But this does not have to be a day-to-day operational role or be based in one particular place.
Settlement agreements with workers
A firm must include a term in any settlement agreement with a worker that makes it clear that nothing in such an agreement prevents a worker from making a protected disclosure.
The Handbook states that firms can use the following working – or an alternative that has the same meaning – in a settlement agreement:
“For the avoidance of doubt, nothing precludes [name of worker] from making a “protected disclosure” within the meaning of Part 4A (Protected Disclosures) of the Employment Rights Act 1996. This includes protected disclosures made about matters previously disclosed to another recipient.”
Firms must not request that workers enter into warranties requiring them to disclose to it that they have made a protected disclosure or that they know of no information which could form the basis of a protected disclosure. Firms are also not able to use measures that are intended to prevent workers from making protected disclosures.
MiFID and other EU legislation
A UK MiFID investment firm (apart from collective portfolio management investment firms) must have appropriate procedures in place for its employees to report a potential or actual breach of any rule implementing MiFID, a requirement imposed by MiFIR or any EU regulation adopted under MiFID or MiFIR. These procedures must enable employees to make an internal report via a channel that is specific, independent and autonomous. This channel can be provided through arrangements made by social partners, subject to the Public Interest Disclosure Act 1998 and the Employment Rights Act 1996.
This requirement will apply to a third country investment firm as if it were a UK MiFID investment firm (unless it is a collective portfolio management investment firm) if that firm carries on MiFID or equivalent third country business from an establishment in the United Kingdom.
Other similar whistleblowing obligations apply to those subject to FCA regulation under EU legislation, including Article 32(3) of the Market Abuse Regulation, article 71(3) of the CRD, Article 99d(5) of the UCITS Directive, Article 24(3) of the Securities Financing Transactions Regulation and Article 41(4) of the Prospectus Regulation.