Dr Alison Lui, Reader in Corporate and Financial Law at Liverpool John Moores University, contributes to today’s guest post:
“Just a castaway
An island lost at sea
Another lonely day
With no one here but me
Than any man could bear
Rescue me before I fall into despair”
Whilst whistle-blowers such as Paul Moore of HBOS and Ian Taplin of Lloyds Bank were not castaways on a far-flung island, their whistle-blowing experiences were certainly lonely. They were ignored, ostracised and shunned by colleagues and employers. Despair is an appropriate word to describe Moore’s experience. In his own memoir “Crash Bank Wallop: The Memoirs of the HBOS Whistle-blower”, Moore admitted that whistle-blowing almost killed him. Moore was the former Head of Regulatory Risk at HBOS (2002-2004). Moore tried to raise concerns about HBOS’s sales culture but a major weakness of HBOS is the reluctance of certain directors and the group audit committee to co-operate with him. Increasingly anxious with the customers’ lack of understanding of the capital risks tied to corporate bond funds, Moore wanted to undertake a review into corporate bond fund sales. Corporate bond funds were sold to customers at HBOS when the yield rates decreased on their standard deposit accounts. Moore did not have the support of the Chief Financial Officer and at times, his team was ‘threatened’ when they carried out the review. HBOS made him ‘redundant’ in 2004. Taplin was a former employee in the Wealth and Private Bank of Lloyds TSB (2005-2010). During his time at Lloyds, he raised two grievances in relation to intimidation by management and an unfair sales policy called ‘segmentation’. Taplin was dismissed in August 2010.
Against this backdrop, the Parliamentary Standards on Banking Standards Report (Changing Banking for Good) called for more protection of whistle-blowers in the financial industry in June 2013. The Parliamentary Commission on Banking Standards were correct to identify that the lack of whistle-blowing was the underlying cause of poor corporate governance in the financial industry:
“The financial crisis, and multiple conduct failures, have exposed serious flaws in governance. Potemkin villages were created in firms, giving the appearance of effective control and oversight without the reality…Poor governance and controls are illustrated by the rarity of whistle-blowing, either within or beyond the firm, even where, such as in the case of LIBOR manipulation, prolonged and blatant misconduct has been evident”.
In response to the Parliamentary Commission on Banking Standards Report, the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA) published new rules on whistle-blowers’ protection, which became effective from September 2016. The rules are set out in SYSC 18 of the FCA Handbook. Broadly speaking, the FCA rules aim to develop a ‘speak up’ culture, where whistle-blowers need not worry about retaliation by the employer. To achieve this, the FCA rules require firms to have effective arrangements in place for employees to raise concerns, and to ensure these concerns are handled appropriately and confidentially. Secondly, firms must appoint a non-executive director to be a whistle-blowers’ champion. Thirdly, firms have to put in place arrangements to protect whistle-blowers from victimisation, and overseeing the preparation of an annual report to the firm’s governing body. Fourthly, firms have to publish any lost tribunal claims for whistle-blowing to the FCA. Finally, settlement agreements have been revised so that they make clear that the worker will not be prevented from making a protected disclosure by virtue of signing an agreement. Under SYSC 18.5.3, workers must not be asked to give warranties in relation to whether they have made a disclosure or have information that could amount to a disclosure.
On paper, these rules appear to provide more protection to whistle-blowers in the financial industry. The FCA reviewed its new rules and produced their findings in December 2018. Their review focused on the following: firms’ policies and procedures on protecting whistle-blowers such as maintaining confidentiality and policies on victimisation; role of the whistle-blowers’ champion; training arrangements and the firms’ annual reports on whistle-blowing. Their findings are mixed. Positive news includes that the new rules are effective in implementing whistle-blowing arrangements fairly and consistently and non-executive directors are proving to be effective whistle-blowing champions. Areas for improvement include the requirement for more whistle-blowing training from firms. Further, firms need to document their whistle-blowing investigation process and practical arrangements for protecting whistle-blowers better.
While most firms are encouraging a ‘speak up’ culture, it is noticeable that the FCA findings revealed that some firms’ annual reports are rather sparse in their analysis of lost tribunal cases on whistle-blowing. Arguably, this ‘name and shame’ tactic is embarrassing for firms but analysis of lost tribunal cases is of significant value to whistle-blowers and other stakeholders. Analysis and self-evaluation of lost tribunal cases can be of immense help to the specific firms as well to improve their ‘speak up’ culture.
Although FCA’s rules have been effective in improving whistle-blower protection to a certain extent, the FCA itself, has to do more to protect whistle-blowers. Revealing the identity of Mark Wright, the whistle-blower who blew the whistle against the Royal Bank of Scotland in December 2013, was a serious error on the part of the FCA. Wright contacted the FCA with an allegation of file falsification at RBS, which the FCA rejected. The FCA argued that Wright had disclosed his name to several people and warned RBS that he would report the allegation to the FCA. Therefore, the FCA thought that anonymity was not requested because it thought that Wright was not a whistle-blower. This is a weak defence. The Complaints Commissioner revealed that the FCA had actually classified Wright in its internal database as a whistle-blower and referred to him that way in internal correspondence. The FCA failed to exercise due care, skill and diligence when it revealed Wright’s identity. The FCA has since published a new whistle-blower protection policy in 2015, which ensures anonymity is given to whistle-blowers. Given that the FCA is the regulator of financial companies, its poor judgement and carelessness in this incident set a bad example for the regulated.
Three years later, the FCA has been criticised for its weak enforcement against Jes Staley of Barclays Bank, who attempted to reveal the identity of the whistle-blower. The whistle-blower wrote two letters to the board of Barclays in 2016 and expressed concerns regarding the recruitment of Tim Main as head of the financial group in New York. Tim Main is a friend of Jes Staley. Staley used the bank’s internal security unit twice to search the identity of the whistle-blower. The FCA and PRA fined Staley £642,430 for failing to exercise due care, skill and diligence under the Senior Managers and Certification Regime. The regulators, however, did not fine the bank for the compliance team’s lack of control over the whistle-blower’s complaint.
Two points from the Barclays case are worth noting. First, whistle-blowers are still struggling to keep their anonymity. This is despite the new protective policies being implemented at Barclays Bank. Clearly, the whistle-blowers’ champion and the bank’s internal controls on whistle-blowing failed at Barclays. Secondly, although the FCA and PRA are now monitoring and supervising Barclays Bank at an enhanced level, a more effective deterrent would have been to find Staley in breach of the more serious offence of lack of integrity. According to the FCA’s Final Notice, Staley was aware of the rationale of anonymity under Barclays’s whistle-blowing policy. Further, he was also aware that the bank’s whistle-blowing policy applied to any anonymous disclosure. By attempting to reveal the identity of the whistle-blower, he ignored all the necessary procedures, policies and controls on whistle-blowing. Staley did not record his reasons for asking Group Security in Barclays for identifying the whistle-blower. This appears to be recklessness than carelessness. The FCA has been known to interpret recklessness as a lack of integrity. It is a missed opportunity and a real shame that the FCA did not find Staley guilty of the more serious offence of lacking in integrity.
The message for the FCA and the PRA is this: they should rigorously pursue tougher enforcement against perpetrators who attempt to reveal whistle-blowers’ identities. After an initial surge of whistle-blowing cases from 150 in 2006 to 1,360 cases in 2014, there has been a drop in cases to 1,047 in 2017 after the FCA introduced the new rules. Whistle-blowers must be protected from retaliation if the regulators want them to speak up. Anonymity is an important way of achieving this.