Published

New UK Whistleblower Rules: A Roadmap

Financial firms in the UK are grappling with new whistleblower requirements aimed at helping to prevent another financial crisis. And while many in the financial community are nervous about the new requirements, we believe British companies will actually benefit from implementing them.

The rules require financial sector companies to establish mechanisms to allow—and even encourage—employees to raise concerns internally when they believe they’ve seen wrongdoing at their firms.

UK Whistleblower Requirements: A Snapshot

The rules’ first requirement—that financial companies “appoint a senior person to take responsibility for the effectiveness of these arrangements,” also known as a whistleblowers’ champion—took effect earlier this month. The Financial Conduct Authority (FCA) also mandates that, by September, organisations must:

  • Implement internal whistleblowing capabilities for all types of disclosure from all types of persons
  • Explain in settlement agreements that workers have a legal right to blow the whistle
  • Inform UK-based employees about FCA and Prudential Regulation Authority (PRA) whistleblowing services
  • Report, at least annually, on whistleblowing to the board
  • Inform the FCA if they lose an employment tribunal with a whistleblower
  • Require their appointed representatives and tied agents to tell their UK-based employees about the FCA whistleblowing service

 

Taking the Best from the New Regulations

The new whistleblower rules were borne out of a newfound desire for transparency and improved accountability in the wake of a series of scandals that rocked Britain’s financial industry. According to an FCA statement, employees of financial institutions are sometimes reluctant to speak out about wrongdoing for fear of suffering personal consequences. So the FCA and PRA specifically designed the rules to encourage employees to speak up by offering them confidentiality and making it easier for them to report.

Encouraging employees to speak up about potential wrongdoing is exactly what many UK companies are already doing anyway, with or without regulatory requirements. Following the new rules will further help UK companies uncover potential violations early so they can address them before they become major problems. “These rules aim to encourage a culture in which individuals raise concerns and challenge poor practice and behaviour,” the FCA said in its Whistleblowing Policy Statement.

With that said, there are several things financial organisations should know about the new rules, and several practices they should put in place to ensure compliance and effectiveness.

Whistleblowing Channels are Just the Beginning

Offering a hotline and reporting tool to employees will achieve little if employees don’t use them. The goal of the new rules is to encourage employees to raise concerns so that employers can address them before they become larger problems. But if employees believe that they will suffer reprisals for speaking up, the vast majority (if not all of them) will keep their concerns to themselves. Similarly, if employees do not understand how the process will work once they raise issues, they again will be reluctant to step forward, and instead will “keep their head below the parapet.”

As a result, a critical complement to establishing the whistleblower mechanisms is clear, ongoing awareness communication and training about:

  • The existence of the whistleblowing channels and the ability to report anonymously
  • The fact that speaking up is a good thing and is encouraged
  • What happens after an issue is raised
  • No tolerance for retaliation against those who raise concerns and the potential punishments for those who retaliate
  • When it comes to potential violations of the law, employees do not need to inform managers about the issue first but can, if they choose, use whistleblowing channels as a first step

Training Managers at All Levels Will Be Essential

Managers may be wary of the new whistleblowing capabilities and some may tell employees that they must “follow the chain of command” if they have a concern. Managers may also be unaware of the range of negative actions that might be considered reprisals. That’s why all managers—including front-line managers—will need to receive clear training explaining:

  • The purpose of the whistleblowing mechanisms
  • That raising concerns is to be encouraged, not squashed
  • That employees do not have to follow the chain of command
  • The range of negative actions that managers must avoid once an employee has raised an issue
  • The consequences to them if they do retaliate

While the new rules have elicited some complaints from UK financial executives, they are backed by sound logic: strong whistleblower processes will protect organisations and their employees from the devastating financial and reputational consequences of corporate scandals. And complying with the rules could make authorities more likely to be lenient in imposing penalties when something does go wrong.

In that regard, the new rules could instead give financial executives one less thing to worry about if they are confident that the first time they hear about a problem it will be from an internal source rather than a regulator.

To better understand UK whistleblower requirements and what you need to stay ahead, contact an ethics and compliance expert today.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

Our Global Privacy Officer Answers Data Privacy FAQs

Knowing how to protect customer, vendor and employee data has become a hot-button compliance concern. Learn more on how to manage the complexities of data privacy laws, regulations and best practices in this post by our Global Privacy Officer & Senior Counsel, Amanda Gratchner.

Amanda Gratchner | Mar 16th, 2016
Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Key Findings from NAVEX Global's Third Party Risk Management Benchmark Report

High-profile compliance failures stemming from third party misconduct have escalated in recent years. NAVEX Global’s recent Third Party Risk Management Benchmark Report sheds light on this evolving issue by examining who owns third party risk, organizations’ approach to due diligence the resources allocated to third party risk management, among other key benchmarks.

Randy Stephens | Mar 31st, 2016
Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments

Subscribe Now!
Most Recent
Whistleblowing & Incident Management Benchmark Report – A Fresh Perspective on Whistleblowing
Whistleblowing & Incident Management Benchmark Report – A Fresh Perspective on Whistleblowing
Alexandre Bougherara | Apr 18th, 2024
The True Cost of Cybersecurity Failure – When Technology (and People) Fail
The True Cost of Cybersecurity Failure – When Technology (and People) Fail
Cherelle Johannes | Apr 16th, 2024
The Broader Significance of the DOJ Whistleblower Rewards Program
The Broader Significance of the DOJ Whistleblower Rewards Program
Jaclyn Jaeger | Apr 11th, 2024
Compliance & Cybersecurity – Working and Worrying Together About the Intersection of People and Technology
Compliance & Cybersecurity – Working and Worrying Together About the Intersection of People and Technology
Bill Cameron | Apr 09th, 2024
Healthcare Organizations are Facing Increased Scrutiny – Here's What You Need to Know
Healthcare Organizations are Facing Increased Scrutiny – Here's What You Need to Know
Jaclyn Jaeger | Apr 04th, 2024