- Employment Talk
The listener of last resort: the FCA reflects on its approach to whistleblowers
17 May 2023
It comes as no surprise then that the FCA has announced that it will provide whistleblowers with more detail on what has been done with the information provided, and its reasons for taking or not taking action. This announcement follows a qualitative assessment survey of a small sample of whistleblowers, most of whom were extremely or somewhat dissatisfied with the FCA’s response to their disclosure. Their perception was that there had not been enough dialogue, making it appear that the FCA was reluctant to investigate.
However, the FCA does not only have to worry about breaching GDPR and/or general confidentiality obligations. Section 348 of the Financial Services and Markets Act 2000 imposes a statutory obligation of confidentiality on the FCA, requiring it to keep information that it obtains during its functions and duties confidential – this includes information that the FCA obtains from firms when acting on the basis of intelligence received from whistleblowers. Breaching this statutory obligation of confidentiality in circumstances where none of the limited statutory exceptions apply is a criminal offence.
As a result, the FCA’s commitment to finding a way to provide further feedback to whistleblowers in a way that is consistent with its statutory confidentiality obligations may be easier said than done. The FCA has mentioned potentially sharing more information about the steps it has taken or reasons for taking or not taking action on the basis of information received from a whistleblower, as well as sharing more information about the outcome of any processes undertaken. If the FCA goes down this path, it will need to take great care to ensure that it does not inadvertently stray into providing information that it obtains from firms in a way that breaches its statutory obligation of confidentiality.
Even if the FCA does find a legal way of sharing this kind of information with whistleblowers, it will still be sharing what could be quite sensitive and non-public information about its activities in relation to firms with whistleblowers, with little or no control over what those whistleblowers may do with that information. For example, if a whistleblower is unhappy with the steps that the FCA has taken off the back of information they have provided, they may publicise the information that the FCA has provided to them about processes that may otherwise have remained private, such as if the FCA has requested information from a firm, or even opened a formal enforcement investigation into a firm.
In situations where firms know or suspect that a whistleblower has approached the FCA with concerns, they will need to be prepared to handle the risk that non-public information about the handling of those concerns by the FCA may at some point become public and build this into their communications strategies. In many cases, firms will not know that a whistleblower has approached the FCA, or what feedback has been provided to a whistleblower, potentially leaving them in the dark and on the back foot in this regard.
It is also worth noting that, in the qualitative assessment survey, the largest category of reasons for reporting directly to the FCA was that an internal complaint had been made but ignored. Employers need to be the listener of first resort, which requires not only dealing with disclosures but to reassuring whistleblowers that the disclosures are being investigated. Even where meaningful feedback cannot be given, something can be said to persuade the individual that their speaking up was valued and remedial steps will be taken, where appropriate.