New U.K. Whistleblower Rules Rein in Banks

The United States, many think, leads the way globally in its passage and enforcement of anti-bribery and corruption, and whistleblower protection laws. But U.S. companies doing business in the U.K. need to know that our overseas cousins are not far behind, and indeed may have leapfrogged over us, at least insofar as financial services companies are concerned, with the recent publication of the U.K. Financial Conduct Authority (FCA)'s new whistleblower rules.1

So the title of this column may be more than just a bad pun. A brief review will show that our anti-bribery and whistleblower laws have been answered, step by step, by parallel U.K. laws that in some cases go beyond our own restrictions.

For example, the passage of the Foreign Corrupt Practices Act (FCPA) may have spawned the U.K. Bribery Act. However, the U.K. law in some ways goes further. The FCPA forbids only bribes to governments to extract an improper favor, but the Bribery Act's proscriptions are not so limited. Further, the FCPA contemplates that "facilitation payments" may in some cases be necessary and lawful, but the Bribery Act admits no such possibility.

Similarly, following the most recent financial crisis, the United States, via passage of the Dodd-Frank Act, requires public companies to permit their shareholders to voice a nonbinding "say on pay" with regard to certain senior officers' compensation. The U.K, though (as well as much of Europe), went further, imposing significant legislative limits on incentive compensation.

Indeed, the U.K.'s laws have even spawned "whistleblowers' charities"—not-for-profit entities that give advice to workers who wish to blow the whistle on unlawful or unethical conduct. Thus far, the United States has not seen an influx of such charities, perhaps because the monetary profit for bringing these kinds of cases in the U.S. may surpass any eleemosynary interests in protected whistleblowers' rights.

New U.K. Whistleblower Rules

And now, in October 2015, the FCA's newly published financial services whistleblower rules go several steps beyond the already expansive rights that Sarbanes-Oxley and Dodd-Frank give to corporate and banking employee-whistleblowers.

Let's take a look at these very interesting new whistleblower rules. First, they apply specifically to U.K. "deposit-takers" with assets of £250 million or greater. Deposit-takers are banks, building societies2 and credit unions. The rules also apply to Prudential Regulatory Authority (PRA)-designated investment firms,3 and certain insurance and reinsurance firms within the scope of Solvency II Directive relating to insurance regulation.4 They also apply to the Society of Lloyd's, which provides specialty insurance and reinsurance products.5

This is an extremely broad swath of financial services companies, and the FCA has stated that the rules should be taken as non-binding guidance for all regulated firms, regardless of size.

Should financial firms outside those identified here—such as, for example, U.K. branches of foreign banks—breathe a sigh of relief that they are beyond the scope of these rules? Hardly. This group of companies is only the first to find themselves in these rules' sway.

Thus, as far as the above-mentioned foreign banks are concerned, the FCA states that while they "did not propose to apply rules to these branches as part of this process, [we] will explore this further in a future consultation."

How about others who seem to have dodged these rules, such as investment firms that are not PRA-designated and mortgage brokers? They, too, are in the FCA's crosshairs: after the rules have been in effect "long enough to assess their effectiveness," the FCA declares, it "will consider whether similar requirements should be applied more widely to other firms we regulate, such as stockbrokers, mortgage brokers, insurance brokers, investment firms, and consumer credit firms."

While Dodd-Frank and Sarbanes-Oxley provide whistleblower rights to certain financial services employees, in general the FCA rules apply to a far broader swath of the industry. Dodd-Frank does provide significant whistleblower protection rights to employees of institutions that extend consumer credit (which of course may include banks and mortgage brokers and the like), but the FCA rules are not so limited. The new FCA rules place new obligations on financial services firms to provide far greater opportunity for individuals to blow the whistle.

What do these rules provide, and what do they require of covered entities?

From Sept. 7, 2016, the rules provide that regulated firms should be able to deal with any and all types of disclosure, made by any individual. The subject of a whistleblowing disclosure has been extended to include not only the existing statutory definition of a "qualifying disclosure" but also the new concept of a "reportable concern."6

A qualifying disclosure is a disclosure, made in the public interest, of information which, in the reasonable belief of the employee, tends to show that one or more "failures" has been, or is likely to be committed.

What is a "failure"? It is a criminal offense, a failure to comply with any legal obligation, a miscarriage of justice, putting the health and safety of an individual in danger, damage to the environment, or any deliberate concealment of the above.

The rules have introduced the new concept of a "reportable concern," which is defined as a concern held by a person, in relation to the activities of a covered entity, including anything that would be the subject of a protected disclosure, or a breach of the covered entities' rules or policies and procedures, or behavior that is likely to, or does harm the firm's reputation or financial well-being. This is a far wider definition than that of a "qualifying disclosure" and effectively means that anything from a minor internal policy breach to a damaging scandal would be covered.

'Whistleblowers' Champion'

The rules impose significant new obligations on covered entities. By no later than March 7, 2016, they must appoint a senior manager as a whistleblowers' champion. The champion must be an individual who is regulated by the PRA or the FCA, and who is a non-executive director, and is likely to be a person of significant seniority and influence.

The champion is responsible for "ensuring and overseeing the integrity, independence and effectiveness of the firm's policies and procedures on whistleblowing, including those policies and procedures intended to protect whistleblowers from being victimized because they have disclosed reportable concerns." He or she must ensure that the firm is compliant with the new rules by Sept. 7, 2016.

To whom may whistleblowers disclose their reportable concerns? To either the firm, or to the PRA or the FCA, and via "a range of communications methods." Covered entities must provide notice of this right to U.K.-based employees in their employee handbook or equivalent document. Firms must also make clear that reporting is not conditional on first reporting to the firm itself; that employees may report internally to the firm and to the PRA or the FCA simultaneously; or, not at all to the firm.

The whistleblowers' champion must be granted the level of authority, independence, and information sufficient to enable her to carry out these responsibilities; she need not have a day-to-day operational role handling disclosures from whistleblowers; and she may be based anywhere, so long as she can perform her functions effectively.

What arrangements must a covered entity put in place for the disclosure of reportable concerns by whistleblowers? The arrangements must permit a whistleblower to make both confidential and anonymous complaints, and must permit disclosures to be made through "a range of communications methods" which would include email and telephone. Moreover, the arrangements must ensure that the complaints are effectively assessed and, where appropriate, escalated to the FCA or PRA.

The firm must also put into place reasonable measures to ensure that no person under the control of the covered entity engages in "victimisation" of the whistleblower. Further, the entity must ensure that, where feasible and appropriate, it provides "feedback" to the whistleblower about the reportable concern. The firm must prepare and maintain appropriate records of reportable concerns and its treatment of and outcome of the reports.

The firm must also make "readily available" to U.K.-based employees, up-to-date, written procedures outlining the firm's processes for complying with the whistleblower rules.

Firms must also prepare annual reports to its governing body regarding the operations and effectiveness of its systems and controls in relation to whistleblowing. The reports must maintain the confidentiality of individual whistleblowers.

Moreover, firms must make prompt reports to the FCA or PRA about each case the firm contested but lost before an employment tribunal, where the claimant successfully based all or part of his claim on either detriment suffered as a result of making a protected disclosure in breach of section 47B of the Employment Rights Act of 1996, or being unfairly dismissed under Section 103A of the Employment Rights Act of 1996 (i.e., where a tribunal finds that the claimant was either dismissed or victimized for blowing the whistle).

And of course, there is mandatory training: Firms must provide "appropriate" training to U.K.-based employees and managers, as well as to employees who have responsibility for operating the firm's internal arrangements for complying with these rules.

Training must include, among other things, examples of events that might prompt the making of a reportable concern, examples of action that the firm might take after receiving such a report (including measures to protect the whistleblower's confidentiality)—and information about sources of external support, such as whistleblowing charities.

Whistleblowing charities appear to be (thus far) a U.K.-centric phenomenon. They are not-for-profit entities that advise individuals about how to blow the whistle on unlawful conduct.7

There exist some notable and not unexpected exceptions that reflect the differences between U.S. and U.K. dispute resolution—namely, that U.K. law does not recognize the right to a jury trial in civil lawsuits such as this.

Significantly, too, the U.K. law does not provide a financial incentive to whistleblowers that is in any way parallel to our "whistleblower bounty" remedy, provided by Dodd-Frank, under which the Securities and Exchange Commission may award between 10 and 30 percent of any fine recovered as a result of a whistleblower's complaint of violations of securities laws. But then, not all U.S. financial services firms are covered by that law—its coverage is limited to publicly traded companies. The U.K. government and the FCA and PRA have all considered introducing financial incentives for whistleblowers but have decided against it thus far.

U.K. employees are not without remedies. The UK existing unfair dismissal rules, and the process available to UK employees to sue for unfair dismissal, will protect employees who are discharged or victimized as a result of filing a complaint as contemplated by the new rules.

Employment tribunals, which hear these claims, have power to order reinstatement and significant penalties, including unlimited lost wages and benefits. Awards to whistleblowers who work in the financial sector and who succeed in their claims could readily amount to millions of pounds.


1. See "Whistleblowing in deposit-takers, PRA-designated investment firms and insurers," (Oct. 2015). The FCA is an independent body that regulates financial services businesses in the United Kingdom. It is responsible for banking supervision, listing authority, investment services regulation, mortgage and general insurance business regulation, and authority to take action to prevent market abuse.

2. Building societies are financial institutions owned by their members as a mutual organization which offer banking and related financial services, especially savings and mortgage lending.

3. The PRA, a subsidiary of the Bank of England, is responsible for the prudential supervision and regulation of banks, building societies, credit unions, insurers and investment firms, See and

4. The Solvency II Directive (2009/138/EC) is an EU Directive that codifies and harmonizes EU insurance regulation. This primarily concerns the amount of capital that EU insurance companies must hold to reduce the risk of insolvency.

5. See The new regulations also apply to property managing agents, who work with insurance brokerage firms. See

6. All references and quotations to the new rules may be found at "Whistleblowing in deposit-takers, PRA-designated investment firms and insurers," (Oct. 2015).

7. See, e.g., Public Concern at Work, whose web site is, and the Centre for Investigative Journalism,

Philip M. Berkowitz is a shareholder and U.S. co-chair of Littler’s International Law Practice Group. He is based in the firm’s New York City office. This article is reprinted with permission from the January 14, 2016 issue of the New York Law Journal. © ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.