Whistleblowing Guide

What does effective whistleblowing arrangement actually look like in practice for a UK FCA-regulated firm — given the Public Interest Disclosure Act framework, the FCA’s specific whistleblowing rules in SYSC 18, the Whistleblowing Champion role that all in-scope firms must allocate, the protected disclosure regime that shields workers who raise concerns from detrimental treatment, and the supervisory expectations that have evolved through successive enforcement cases?

Whistleblowing — the act of a worker raising concerns about wrongdoing, malpractice, or regulatory breach within their employer — sits at the centre of how the UK financial system manages the risks that emerge from inside firms rather than outside them. Most material wrongdoing in financial services is identified initially not by external supervisors but by individuals working within the firm who recognise something is wrong and decide to speak up. The protections, processes, and culture that determine whether those individuals feel able to speak up — and whether their concerns lead to meaningful response — are therefore among the most consequential dimensions of how firms are governed. The UK whistleblowing framework, built around the Public Interest Disclosure Act 1998 and supplemented by detailed FCA rules in SYSC 18, exists to provide both the legal protections that enable workers to raise concerns and the operational requirements that ensure firms respond to those concerns substantively rather than defensively.

The framework is more demanding than firms sometimes appreciate. The Public Interest Disclosure Act 1998 (PIDA) — which inserted the relevant provisions into the Employment Rights Act 1996 — creates a structured regime under which workers can make “protected disclosures” of qualifying information. Where a disclosure meets the statutory criteria, the worker is protected from dismissal and from any other detrimental treatment by their employer or colleagues. The FCA’s rules in SYSC 18 add specific operational requirements for in-scope firms: the appointment of a Whistleblowing Champion (typically a non-executive director), the establishment of internal whistleblowing arrangements, the documentation of those arrangements, the training of staff to recognise their rights, the maintenance of records, and the annual reporting to the firm’s governing body. The FCA has supervisory and enforcement powers in respect of these requirements, and has used them in cases where firm whistleblowing arrangements have been found wanting.

The supervisory expectations have intensified over recent years. The FCA has used both speeches and formal enforcement to make clear that effective whistleblowing arrangements are not a compliance formality but a substantive cultural and operational necessity. Multiple enforcement cases — most notably the 2018 fine of Barclays’ CEO for attempting to identify a whistleblower — have established that breaches of the whistleblowing framework can produce individual sanctions as well as firm-level penalties. The FCA’s broader work on culture, conduct, and Senior Managers and Certification Regime accountability has reinforced the expectation that whistleblowing arrangements are tested through real cases and demonstrated through how firms actually behave when concerns are raised.

This guide sets out what UK whistleblowing requirements are, who they apply to, what effective arrangements look like in practice, what the Whistleblowing Champion role involves, how protected disclosures operate as a matter of employment law, what the FCA expects in supervisory engagement, what the common failings are, and what the recruitment implications are for firms building or strengthening their whistleblowing function. It is written for senior compliance leaders, Heads of Conduct, Whistleblowing Champions, HR Directors, Chief Executives, and the non-executive directors who increasingly find themselves taking on Whistleblowing Champion responsibilities.

It is written from the perspective of FD Capital’s team — a specialist finance recruitment firm placing senior compliance, risk, and governance leaders into UK FCA-regulated firms since 2018, including substantive engagement with Whistleblowing Champion appointments, Conduct Officer recruitment, and broader culture and conduct senior recruitment.

Call 020 3287 9501 or email recruitment@fdcapital.co.uk to discuss whistleblowing-related senior recruitment, including Whistleblowing Champions, Heads of Conduct, Compliance Officers with whistleblowing responsibility, and senior NED appointments where whistleblowing oversight is part of the role specification.

The UK Whistleblowing Legal Framework

The UK whistleblowing framework rests on a small number of central pieces of legislation, supplemented by FCA rules for financial services firms.

The Public Interest Disclosure Act 1998 (PIDA). PIDA is the foundational legislation. It does not create freestanding rights but rather inserted new sections into the Employment Rights Act 1996 to establish the protected disclosure regime. PIDA emerged from a series of disasters in the 1980s and 1990s — the Clapham Junction rail crash, the sinking of the Herald of Free Enterprise, the BCCI banking collapse, the Maxwell pension scandal — where post-event reviews repeatedly found that workers within the affected organisations had known of the problems but had not felt able to raise concerns effectively. PIDA was designed to address that gap by creating clear legal protection for workers who do speak up.

The Employment Rights Act 1996 (as amended by PIDA). The substantive provisions sit in sections 43A to 43L of the Employment Rights Act 1996. These sections define what constitutes a “qualifying disclosure” (information that the worker reasonably believes shows wrongdoing in one of the categories specified), who can make a protected disclosure (workers, with the term defined more broadly than employees), to whom protected disclosures can be made (employer, prescribed person, in some circumstances wider audiences), and what protections apply (protection from dismissal under section 103A, protection from detriment under section 47B). The protections are substantively enforceable through Employment Tribunal claims, with no upper cap on compensation for unfair dismissal under PIDA — distinct from ordinary unfair dismissal claims where the cap applies.

The Enterprise and Regulatory Reform Act 2013. ERRA 2013 amended PIDA in two important respects. First, it introduced the “public interest” test — qualifying disclosures must be made in the reasonable belief that the disclosure is in the public interest. Second, it removed the requirement that disclosures be made in good faith (replacing it with provisions allowing tribunals to reduce compensation by up to 25% where the disclosure was not made in good faith). The amendments addressed perceived weaknesses in the original PIDA framework but also tightened it in respects relevant to firms.

FCA SYSC 18 — Whistleblowing. The FCA’s specific whistleblowing rules sit in chapter 18 of the Senior Management Arrangements, Systems and Controls (SYSC) sourcebook. SYSC 18 applies to a wide range of firms — including all SMCR firms, deposit takers, and other categories. The rules require in-scope firms to establish and maintain “appropriate and effective arrangements for the disclosure of reportable concerns by whistleblowers”, to allocate the Whistleblowing Champion responsibility to a non-executive director (or equivalent), to inform UK-based employees about specified internal and external disclosure routes, to make available a clear policy, to maintain confidentiality, to provide training, to keep records, and to report annually to the firm’s governing body. The full requirements are detailed below.

The FCA’s general supervisory powers. Beyond SYSC 18 specifically, the FCA has broader supervisory powers that engage with whistleblowing. The Senior Managers and Certification Regime makes individual senior managers responsible for the firm’s compliance, including in respect of whistleblowing. The Conduct Rules apply to staff and include rule SC4 (for senior managers): disclose appropriately any information of which the FCA or PRA would reasonably expect notice. Failures in whistleblowing arrangements can engage these broader frameworks.

What Counts as a Protected Disclosure

The technical question of what constitutes a protected disclosure determines who is protected and how. The framework operates through a sequence of tests, all of which must be satisfied.

The information must concern one of the specified categories of wrongdoing. Section 43B(1) of the Employment Rights Act 1996 lists six categories: criminal offences; failure to comply with a legal obligation; miscarriages of justice; danger to health and safety of any individual; damage to the environment; deliberate concealment of any of the above. Information that does not relate to one of these categories may not qualify, even if it concerns matters that are otherwise of legitimate concern.

The worker must reasonably believe the information shows wrongdoing. The test is reasonable belief, not certainty. A worker who reasonably believes that wrongdoing has occurred or is likely to occur is protected even if the belief subsequently turns out to be incorrect. Reasonableness is assessed on the information available to the worker at the time of the disclosure, taking into account the worker’s role and access to information.

The disclosure must be made in the reasonable belief that it is in the public interest. This requirement was added by ERRA 2013. It does not require the disclosure to actually be in the public interest, but the worker must reasonably believe it is. Personal grievances that have no wider public interest dimension may not satisfy this test.

The disclosure must be made through one of the recognised channels. The hierarchy of channels is: disclosure to the employer (the most common and most protected route); disclosure to a prescribed person (specified regulators including the FCA, PRA, HMRC, the Health and Safety Executive, and others); disclosure to a legal advisor; disclosure to a Minister or government department in specified circumstances; wider disclosure (including to the media) where higher tests are satisfied. Each channel has different protection thresholds, with disclosure to the employer being the most accessible and wider disclosure requiring more demanding conditions to be met.

Where these tests are satisfied, the disclosure is “qualifying” and the worker who made it is protected. The protection means the worker cannot be dismissed for making the disclosure (such dismissal would be automatically unfair under section 103A) and cannot suffer any detriment as a result of the disclosure (claim under section 47B). Compensation in successful tribunal claims is uncapped, distinct from ordinary unfair dismissal claims where statutory caps apply.

The FCA’s SYSC 18 Requirements

The FCA’s whistleblowing rules in SYSC 18 set out specific operational requirements that go beyond the general PIDA framework. The rules apply to “SYSC 18 firms” — a category that includes all SMCR firms, deposit takers, and other specified categories. The detailed application is set out in SYSC 18.1.

The internal whistleblowing arrangements. SYSC 18.3 requires firms to establish, implement, and maintain appropriate and effective arrangements for the disclosure of reportable concerns by whistleblowers. The arrangements must include effective channels through which staff can disclose concerns (anonymously or otherwise), procedures for protecting confidentiality, mechanisms for investigating concerns, processes for tracking concerns through to resolution, and feedback mechanisms to whistleblowers. The arrangements must be available to all UK-based employees, including those of group entities providing services to the firm.

The Whistleblowing Champion. SYSC 18.4.4R requires firms to appoint a Whistleblowing Champion. The Champion must be a non-executive director (or, where the firm does not have NEDs, an equivalent senior individual). The Champion has responsibility for ensuring the integrity, independence, and effectiveness of the firm’s whistleblowing arrangements, including the procedures for protecting whistleblowers from being victimised. The Champion is not responsible for handling individual whistleblowing reports — that operational role typically sits elsewhere — but for the overall framework. The Champion role has become a substantive element of NED responsibility in many firms.

Information for staff. SYSC 18.5 requires firms to inform their UK-based employees about specified internal and external whistleblowing routes. Internal routes are the firm’s own whistleblowing arrangements; external routes are the prescribed regulators including the FCA and PRA. The information must be communicated through training and through written materials. The FCA expects firms to refresh this communication periodically rather than treating it as a one-time exercise.

The whistleblowing policy. SYSC 18.6 requires firms to make available a clear and accessible whistleblowing policy. The policy must explain what concerns can be raised, who concerns can be raised with, what protections apply, what investigation processes will follow, what feedback whistleblowers can expect, and what consequences may follow for individuals identified through the process. The policy must be reviewed and updated periodically.

Training. SYSC 18.7 requires firms to provide training to all UK-based staff on the firm’s whistleblowing arrangements. The training must cover what whistleblowing means, who can raise concerns, how to raise them, what protections apply, and what staff should do if they encounter retaliation against a whistleblower. Training must be refreshed periodically.

Records. SYSC 18.8 requires firms to maintain records of all whistleblowing reports received, including the date received, the nature of the concern, the steps taken in response, the conclusions reached, and the timing of the resolution. Records must be retained for a sufficient period to support supervisory engagement.

Annual report to the governing body. SYSC 18.9 requires firms to prepare an annual report on the operation of their whistleblowing arrangements for the firm’s governing body. The report typically covers the volume of whistleblowing reports received, the categories of concern, the investigation outcomes, any lessons learned, any thematic issues identified, and any improvements being made to the arrangements. The annual report is one of the most consequential elements of the SYSC 18 framework — it provides the governing body with the information needed to satisfy itself that the arrangements are operating effectively.

Reporting to the FCA. Firms must report to the FCA where any whistleblowing concern raised has resulted in legal action against the firm or has otherwise crossed specified thresholds. The reporting requirements are set out in SUP 15.

The Whistleblowing Champion Role in Practice

The Whistleblowing Champion role has emerged as one of the most substantive specific responsibilities allocated to non-executive directors of UK FCA-regulated firms. The role is more demanding than its formal description sometimes suggests, and getting it right requires substantive engagement.

The Champion’s overall responsibility is to ensure the integrity, independence, and effectiveness of the firm’s whistleblowing arrangements. In practice, this typically involves: regular engagement with the firm’s executive team responsible for operating the whistleblowing arrangements; review of the policies, processes, and training materials; periodic deep dives into specific cases where the Champion takes a closer look at how arrangements have actually operated; engagement with the annual report to the governing body, providing additional perspective and challenge where appropriate; and oversight of the firm’s response to any specific incidents or themes that emerge.

The Champion is independent of the operational handling of individual whistleblowing reports. Day-to-day handling typically sits with the Compliance team, sometimes the HR team, sometimes a dedicated Speaking-Up function. The Champion’s role is to provide independent oversight of whether those operational arrangements are working substantively — not to make decisions on individual cases.

Effective Champions typically: maintain a separate channel through which whistleblowers can escalate concerns directly to them where the operational arrangements have not produced satisfactory response; engage with specific cases periodically to test whether the operational arrangements are working as intended; engage with HR processes to understand how whistleblower outcomes compare to non-whistleblower outcomes (looking for any pattern of detriment); and use the annual report process to provide substantive challenge to the executive team.

The Champion role is substantively different from broader NED responsibilities. The Champion typically requires specific time commitment beyond ordinary board engagement, specific training on whistleblowing matters, and willingness to engage with potentially sensitive personnel matters. NED candidates considering Champion appointments should understand that the role is materially more involved than its formal description suggests.

Common Failings in Whistleblowing Arrangements

Specific patterns of failing recur across the regulated population. Recognising these patterns supports both prevention and effective remediation.

Inadequate confidentiality protection. The most consequential failing in whistleblowing arrangements is inadequate confidentiality — situations where the identity of a whistleblower becomes known within the firm in ways that create the risk of retaliation. Firms that handle whistleblowing reports through ordinary HR processes without specific confidentiality controls frequently produce inadvertent identification. The 2018 Barclays case — where the CEO attempted to identify the source of an anonymous letter — established that even very senior individuals can fall into this trap when the temptation to identify the source is strong.

Conflation of grievance and whistleblowing. Many firms struggle to distinguish whistleblowing reports (concerns about wrongdoing) from grievances (concerns about the worker’s own treatment). Treating whistleblowing reports as ordinary grievances tends to produce slower response, less independent investigation, and outcomes that focus on resolving the worker’s grievance rather than investigating the wrongdoing alleged. Distinct processes for distinct matters work better.

Investigation conducted by the wrong parties. Where investigations of whistleblowing reports are conducted by parties with conflicts of interest — typically managers in the affected business unit, or HR partners with prior relationships with the alleged subjects — the investigations often lack the independence required to reach substantive conclusions. Firms with strong whistleblowing arrangements use independent investigators (whether internal but unconflicted, or external where appropriate).

Detrimental treatment of whistleblowers. The most serious whistleblowing failings involve actual or perceived detriment against whistleblowers. The detriment may be subtle — passed over for promotion, excluded from key meetings, given less interesting work, marginalised in team dynamics — and the causal link to the whistleblowing may be denied by the firm. But the pattern is identifiable through careful HR analytics, and supervisors are increasingly attentive to it.

Failure to feed back to whistleblowers. Whistleblowers who raise concerns and then never hear what happened to their report typically conclude that their concerns were ignored. The conclusion may be incorrect — the firm may have investigated thoroughly but not communicated — but the perception drives long-term cultural damage. Effective arrangements provide structured feedback to whistleblowers within agreed timescales.

Inadequate annual reporting. Annual reports to the governing body that contain only volume statistics (“we received 47 reports this year, of which 32 were closed”) without substantive analysis of patterns, themes, and effectiveness do not give governing bodies what they need to discharge their oversight responsibility. Substantive annual reports include thematic analysis, comparison with prior years, identification of any concerning trends, and explicit assessment of whether the arrangements are working as intended.

Cultural undermining of formal arrangements. The most difficult whistleblowing failings involve a gap between formal arrangements (which may be excellent on paper) and cultural reality (where workers do not feel safe raising concerns). The gap typically emerges through specific signals — managers who discourage formal reporting in favour of “having a quiet word”, criticism of past whistleblowers, public attacks on regulators or their processes, executive comments suggesting that the firm’s interests come first. Substantive culture is harder to fix than process, but the process work creates no protection if the culture undermines it.

Supervisory Engagement and Enforcement

The FCA has used a combination of supervisory engagement, public statements, and formal enforcement to drive improvement in whistleblowing arrangements across the regulated population.

Routine supervisory engagement increasingly includes specific questions about whistleblowing arrangements. The FCA’s Senior Managers and Certification Regime supervisory work engages with whistleblowing as one of the indicators of culture and conduct. Specific enforcement actions in the area have established that:

The 2018 fine of Barclays’ CEO Jes Staley for the attempted identification of a whistleblower established that personal accountability under SMCR can engage where senior managers act in ways inconsistent with the spirit of whistleblowing protections. The fine of approximately £642,000, combined with regulatory censure, signalled that the FCA takes whistleblowing protection seriously even where formal arrangements may have been technically satisfied.

Subsequent supervisory and enforcement work has focused on substantive operational implementation — whether arrangements actually work in practice as well as appearing satisfactory on paper. Firms whose arrangements have been challenged in supervisory engagement have typically faced extended remediation programmes covering policy, training, investigation discipline, and culture work.

The FCA publishes periodic statistics on whistleblowing reports it receives directly. These reports — made by individuals to the FCA as a prescribed person under PIDA — represent both an external check on firm arrangements and a source of supervisory intelligence about emerging issues. Firms whose internal arrangements are working effectively typically see fewer external reports because internal channels are working.

Recruitment Implications — Whistleblowing Roles UK Firms Need

The whistleblowing framework drives demand for several distinct senior roles across UK FCA-regulated firms.

Whistleblowing Champion (NED appointment). The non-executive director allocated the Whistleblowing Champion responsibility under SYSC 18.4.4R. Typically combined with broader NED responsibilities, but the Champion responsibility specifically requires individuals comfortable with substantive personnel matters, willing to engage with operational detail beyond ordinary board level, and credible to whistleblowers as an independent escalation point.

Head of Speaking Up / Head of Whistleblowing Operations. Larger firms increasingly establish dedicated functions responsible for the operational handling of whistleblowing reports. The Head of this function is typically a senior compliance or governance professional with specific experience in confidential investigations, employment law dimensions of whistleblowing, and the cultural work that effective arrangements depend on.

Head of Conduct. Conduct functions in larger firms typically include whistleblowing oversight as part of broader culture and conduct responsibility. The Head of Conduct role engages with whistleblowing patterns, the relationship between conduct and culture, and the broader question of how the firm’s conduct framework is operating substantively.

Investigation specialists. Senior investigation specialists — typically with backgrounds in regulatory, audit, or law enforcement — handle complex whistleblowing investigations. These individuals may be permanent appointments in larger firms or engaged on an interim basis for specific cases.

HR Director with Whistleblowing oversight. Senior HR Directors often carry specific responsibility for the personnel dimensions of whistleblowing — ensuring that the HR processes around whistleblowers comply with the broader framework, monitoring for patterns of detriment, and supporting the cultural work.

Recruitment for these roles requires specific attention to candidate characteristics that go beyond ordinary compliance recruitment. Whistleblowing oversight roles benefit from candidates with personal credibility on integrity matters, comfort with confidential information, willingness to challenge senior executives where required, and judgement to distinguish substantive concerns from grievances or interpersonal disputes.

How FD Capital Works on Whistleblowing-Related Recruitment

FD Capital places senior compliance, risk, and governance leaders into UK FCA-regulated firms, including substantive engagement with Whistleblowing Champion appointments, Head of Conduct recruitment, investigation specialist placements, and senior HR Director appointments where whistleblowing oversight is part of the role.

Adrian personally screens candidates for senior whistleblowing-related placements given the personal credibility and judgement requirements of the role. Initial introduction is typically within 48 hours for urgent requirements, with full shortlist within five working days for specific assignments.

Initial consultation is confidential and at no charge. Call 020 3287 9501 for an immediate whistleblowing-related senior recruitment requirement, or email recruitment@fdcapital.co.uk.

Related Reading

• SMCR: The Senior Managers and Certification Regime Explained — UK senior management framework relevant to whistleblowing accountability
• FCA Conduct Rules: A Complete UK Guide — individual conduct framework that applies to whistleblowing-related conduct
• Consumer Duty: The Complete UK Guide — broader culture and conduct framework
• Operational Resilience: A Complete UK Guide — adjacent governance framework
• Section 166 Skilled Person Reviews: A Complete UK Guide — supervisory tool sometimes engaged in whistleblowing-related cases
• Recruitment for FCA Regulated Firms — specialist recruitment for FCA-regulated firms

FD Capital Recruitment Services

• NED Recruitment — non-executive director recruitment including Whistleblowing Champion appointments
• Chief Compliance Officer Recruitment — CCO and senior compliance recruitment
• Compliance Recruitment — broader compliance professional recruitment
• Risk and Compliance Recruitment — combined risk and compliance recruitment
• FCA-Regulated Firms Recruitment — specialist FCA-regulated firms practice
• Chief Risk Officer Recruitment — CRO recruitment

External References

• Public Interest Disclosure Act 1998 — the foundational UK whistleblowing legislation
• Employment Rights Act 1996 — the Act amended by PIDA to create the protected disclosure regime
• Enterprise and Regulatory Reform Act 2013 — the legislation that introduced the public interest test
• FCA Handbook — SYSC 18 — the FCA’s whistleblowing rules
• FCA Whistleblowing — FCA guidance and information for firms and individuals
• UK Government — Whistleblowing for Employees — government guidance on whistleblowing rights
• Protect — UK whistleblowing charity offering legal advice and policy work
• ICAEW — professional body for Chartered Accountants