Diversity and inclusion is a core part of how the PRA and FCA assess culture in firms and the handling of non-financial misconduct, such as bullying, sexual misconduct, victimisation and discrimination, is a regulatory priority: “Our message to firms is clear: non-financial misconduct is misconduct, plain and simple”. Where diversity is not prioritised by firms, it can create obstacles to speaking out and where internal debate is not valued, it can lead to a culture where misconduct goes unchecked.
In its Dear CEO letter of 6 January 2020, the FCA focused on non-financial misconduct in wholesale general insurance firms referencing publicised incidents in the sector and setting out its clear expectation that firms should be proactive in tackling such issues. The FCA’s Dear CEO letter is of interest to all insurance firms, not just those operating in the wholesale general insurance market. The FCA regards non-financial misconduct and an unhealthy culture as a key root cause of harm. It wants to see firms identifying the drivers of such behaviour and changes being made to address the causes. Non-financial misconduct will be a key focus for regulatory supervision of firms and senior managers moving forward.
Senior management responsibility
While non-financial misconduct continues to be prevalent, firms’ ability to appropriately address such behaviour is seen by the regulators to be under-developed and senior managers are considered poorly equipped to respond. How senior managers approach issues of diversity and inclusion may be relevant to the regulators’ assessment of their competence and character and any failure to take reasonable steps to address non-financial misconduct could lead the FCA to determine that they are not fit and proper.
Whistleblowing: getting the response right
Increased calls to account more generally in the business sector, combined with growing regulatory scrutiny, has propagated an increasing number of whistleblower reports in this space. In the year ending March 2019, the FCA received a total of 1,119 whistleblowing disclosures. While reports of customer treatment still dominate, reports regarding the culture of firms and individual fitness & propriety account for a significant proportion and reports of non-financial misconduct are rising rapidly too. The FCA suspects that it has “only scratched the surface” on reports of non-financial misconduct. Reports made to the FCA do not expose the true number which will include those cases only reported internally and those where people feel they cannot speak out at all.
Individuals must feel that they can report matters without fear of reprisal, embarrassment or any other form of victimisation. This means not just publicising the availability of whistleblowing channels and giving training on the firm’s whistleblower policy and procedures but fostering real confidence in the integrity of the process, the fair handling of investigations, safeguarding against the risk of detrimental treatment and following through on outcomes and recommendations. The Whistleblowing rules in SYSC 18 apply to Solvency II insurers (and deposit-takers); for all other firms they are non-binding guidance that firms may adopt as best practice.
Firms are expected to review the Dear CEO letter and share it with their senior executive committee and board. Where gaps or shortcomings are identified, firms should act promptly to address them. The FCA and PRA will continue to work closely together to assess instances of inappropriate conduct in firms and will hold firms and senior managers to account for their cultures. The optimum is for firms to cultivate a diverse working environment that promotes transparency and speaking out and where concerns do arise, engenders confidence that those concerns will be treated fairly and objectively.
1 Know your whistleblower policy
1.1 The whistleblowers’ champion has responsibility for overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing including those policies and procedures intended to protect whistleblowers from being victimised because they have disclosed reportable concerns.In practice this means ensuring the firm has:
1.1.1 A detailed step-by-step investigation process including clear guidance on how to assess information and on what constitutes a ‘reportable concern’/falls under the scope of the firm’s policy.Under SYSC 18, a ‘reportable concern’ includes not only anything that would be the subject-matter of a ‘protected disclosure’ (broadly disclosures protected by employment legislation), but also breaches of PRA and FCA rules; breaches of the firm’s policies and procedures and more broadly, ‘behaviour that harms or is likely to harm the reputation or financial well-being of the firm’;
1.1.2 A clear policy for ensuring whistleblowers are protected against victimisation both during and following investigation;
1.1.3 A clear policy to securely store whistleblowing information and protect confidentiality;
1.1.4 A clear policy on how to maintain anonymity where requested;
1.1.5 Guidance on providing feedback to whistleblowers wherever possible;
1.1.6 .Processes to review the effectiveness of arrangements through second and third line reviews;
1.1.7 Processes to evaluate how well policies are embedded with staff;
1.1.8 Training to employees, with annual refresher training; and
1.1.9 Separate training for managers and those responsible for conducting whistleblower investigations.
1. 2 An effective whistleblowing programme is an important attribute of a healthy firm culture.Accordingly, the FCA has made clear that whistleblowing will continue to attract periodic testing and validation as part of its business as usual supervisory activity.The importance which the regulators place on this is evident in action taken against firms (most recently Lloyd’s of London) to require them to submit annual reports to the authorities and provide attestations about their whistleblower programmes for a period of three years.
2. Know when to report matters to the regulators
2.1 Firms should assess early on whether whistleblower concerns ought to be reported to the regulators.Not every case will meet the relevant threshold, but it is important that firms keep reporting requirements under review.Firms have a variety of self-reporting obligations under FCA rules which may impact.Relevant firms must also promptly report each case they contest but lose before an employment tribunal where the claimant successfully bases all or part of their claim on either detriment suffered as a result of making a protected disclosure or unfair dismissal.
2.2 It is also worth bearing in mind that under SYSC 18 relevant firms are required to make clear to staff how they may report concerns directly to the regulators and that reporting to the regulators is not conditional on raising a report internally first.Many whistleblowers choose to report matters simultaneously, both within their firms and to the regulators, and so firms may find themselves reporting on matters in circumstances where the regulators are also in direct dialogue with the whistleblower.
3.1 Ensure those appointed to investigate are sufficiently independent and no conflicts of interest arise in relation to the concerns raised.
4. Protect against the risk of detriment
4.1 Ensure all staff involved in the investigation process understand how to protect the confidentiality of the whistleblower and the importance of safeguarding against all forms of retaliation, however subtle.Detrimental treatment can take many forms from the overt (disciplinary action, demotion/failure to promote, bullying and harassment) to the less obvious (changes to work patterns, denial of training and resources, freezing out and discrediting through chat and rumour).Measures should be put in place to guard against these risks and these should be explained to the whistleblower making it clear how they can escalate any concerns.These measures should continue for a reasonable time after the investigation has concluded.
4.2 Firms should keep in mind the link to fitness and propriety.The FCA regards as a serious matter any evidence that a firm has acted to the detriment of a whistleblower. Such evidence could call into question the fitness & propriety of the firm and relevant members of staff.It may affect the firm’s continuing satisfaction of threshold condition 5 (Suitability) or for a senior manager or certification employee, their status as such.
4.3 Reports of non-financial misconduct can be particularly sensitive to investigate.Very often much of the evidence will be based on witness accounts rather than documents.To facilitate an appropriate level of investigation it may be appropriate to offer limited anonymity to other staff participating in the investigation to ensure they feel protected in speaking out.For example, assurances could be given that names will only be shared with those with conduct of the investigation and not be identified in any final written report. This will not be possible in every case, for example, it may not be appropriate in the case of senior managers where their evidence relates to matters within their area of individual responsibility; such matters may ultimately need to be reported upon to the regulator and addressed internally.For similar reasons, it will also not be appropriate to anonymise subjects of whistleblower disclosures when reporting to the firm’s regulators.An evaluation of the best approach needs to be made in each case.
5. Be mindful of the impact on the subjects of concerns
5.1 Firms should also be mindful of treating fairly those individuals who may be the subject of a whistleblower’s disclosure.The consequences for individuals in the regulated sector where they become the subject of whistleblower disclosures can be far reaching and so it is of equal importance to both the whistleblower and the subjects of any allegations that matters be dealt with in confidence and with an appropriate degree of objective scrutiny.Subjects too should feel properly supported though the process and be able to escalate any concerns they have during and after the investigation has completed. Ensuring an objectively fair investigation process for both the whistleblower and the subject of disclosures should help promote confidence in the system on all sides and mitigate the risk of mistreatment.
6. Be clear on how evidence will be used
6.1 Before meeting with interviewees, the investigation team should be clear on how their evidence may be used.For example, where the investigation is protected by legal professional privilege the parameters and limitations of the privilege in the protection of communications should be made clear, along with an explanation of the client’s ability to waive privilege.The investigation team should set out the steps that will be taken to preserve confidentiality in the evidence provided and, where requested, to anonymise references in any final report but again noting potential limitations (for example where production of information is compelled by the regulators).So far as possible, it should also be explained with whom the final report may be shared and what feedback on the findings may be provided to the whistleblower and other participants in the investigation.
7. Do not prejudge motives or findings
7.1 Many firms fall into the trap at the outset of an investigation of trying to understand the motives of the whistleblower, particularly where the individual simultaneously blows the whistle externally.Instead firms should focus on the substance of the allegations made.While nothing in the FCA’s rules prevents firms taking action against those who have made false and malicious disclosures, focusing on motives at the outset can drive the wrong behaviours and outcomes.Any such evaluation should only be made at the end of the process once all the facts have been objectively gathered.
8. Remember staff will be judging how the firm handles the whistleblower
8.1 While it will be important to protect the confidentiality of the investigation, people talk and particularly where an individual has blown the whistle externally, staff will be aware that a report has been made albeit they may not be aware of the specifics.Regardless of how the firm may feel about the veracity of the allegations made, it is important that due process is followed.Others will be watching to see how the firm handles the matter and where a perception of any unfairness or apparent detriment emerges, this could undermine confidence in the firm’s whistleblowing processes, deterring others from speaking out in the future.
9. Getting the wording of settlement agreements right
9.1 ERA provides that contractual provisions purporting to prevent workers from making ‘protected disclosures’ are void.The FCA requirements go one step further and provide that any settlement agreement with a worker must include wording that makes clear that nothing can prevent the worker from making a ‘protected disclosure’ and the firm cannot ask the worker to give a warranty requiring them to disclose that they have made a ‘protected disclosure’ or know of any information that could form the basis of such a disclosure. Firms are also required not to use measures intended to prevent workers from making ‘protected disclosures’. Firms should therefore think carefully about including any provisions in settlement agreements that could be perceived as seeking to restrict or inhibit an individual’s ability to make a protected disclosure in the future, for example limiting their ability to submit a Data Subject Access Request.
 ‘Opening up and speaking out: diversity in financial services and the challenge to be met’, Speech by Christopher Woolard 19 December 2018
 Ibid (1)
 Under the Public Interest Disclosure Act 1998 (PIDA) and the Employment Rights Act 1996 (ERA).