Efforts to provide more protection and encouragement to whistleblowers in the UK have taken a significant step forward this year – a stark reminder that now is the time for businesses to review their own procedures and policies.
In 1998 the UK introduced the Public Interest Disclosure Act (PIDA) to afford protection to individuals who expose or perceive wrongdoing on the part of an organisation, often their employer. This was ground-breaking legislation at the time, with the UK being the first EU state to legislate in this way. These general rules were also supplemented by two sector-specific regimes.
After recommendations made by the Parliamentary Commission on Banking Standards, which were set up in the wake of the Libor rate-setting scandal, the Financial Conduct Authority (FCA) adopted specific rules for the UK banking and insurances industries. These were intended to create a framework to protect and encourage whistleblowers. These rules, inter alia, require:
- appropriate whistleblowing procedures to be established;
- the appointment of a ‘whistleblowing champion’ at a senior level to oversee the integrity and effectiveness of the system; and
- prohibit the use of settlement agreements to restrict departing staff from making potential disclosures.
Recommendations made by Sir Robert Francis in his Freedom to Speak Up review, conducted following the Mid Staffordshire Health Trust scandal, led in 2016 to the NHS adopting the Freedom to Speak Up (FtSU) scheme. This requires every NHS trust to have a ‘FtSU Guardian’ to give independent support and advice to staff who want to raise concerns. And yet, cases continue to emerge where whistleblowers have been ignored or suffered retaliation, so the All Party Parliamentary Group (APPG) was launched in July 2018 to look at the case for strengthening the UK regime. This report is the result of its findings and the extensive evidence gathered.
What were the findings?
The APPG report noted:
‘Many testimonies were difficult to read or hear and have reinforced our commitment to put whistleblowers at the top of the agenda and deliver real protection. We have heard first hand of the price they have paid: mental trauma and impact on whistleblowers and their families, loss and damage to careers, the cost of litigation, blacklisting and the use of NDAs to silence whistleblowers and cover up wrongdoing.’
Key findings from APPG
- The UK regulatory framework of whistleblower protection is complicated, overly legalistic, cumbersome, obsolete and fragmented.
- The remedies provided by PIDA are retrospective and largely misunderstood.
- A general obligation for public and private organisations to set up whistleblowing mechanisms and protections is missing.
- The definition of ‘whistleblowing’ and ‘whistleblower’ is too narrow. Consequently, the protections set by the law apply only to a limited number of citizens and do not properly reflect existing working practice.
- The excessive complexity and fragmentation of the regulatory framework means there is little public knowledge or understanding of the existing legal protection for whistleblowers.
- There is a disconnect between what is understood to be, and what actually is, the role of the prescribed persons (the agencies and regulators to whom protected disclosures may be made under PIDA) leading to confusion, mistrust on both sides and allowing crimes and other wrongdoing to escape scrutiny.
- There is inadequate legal protection for whistleblowers who help uncover wrongdoing which hinders the processes to hold those responsible accountable.
The APPG’s recommendations include provision for:
- greater clarity in the legislation with a statutory definition of ‘whistleblower’ expanded to cover all members of the public, not just workers, and covering those disclosing any violation of integrity and ethics, even when not criminal or illegal, with a focus on the harm (or risk of harm) to the public;
- mandatory internal and external reporting mechanisms;
- expanded protections, to include meaningful penalties for those who fail to meet requirements. A further review of compensation awarded by employment tribunals is also proposed;
- an urgent review of barriers to justice, including access to legal aid measures to tackle inequalities in legal representation and resources and also protection against costs;
- a ban on non-disclosure agreements in whistleblowing cases;
- a better regulatory framework and regulatory co-ordination, with a review of the role of the ‘prescribed persons’ to whom protected disclosure may be made;
- a public awareness campaign; and
- the introduction and establishment of an ‘independent office for the whistleblower’ with powers to set standards, enforce protection, and administer meaningful penalties to not only organisations but individuals within organisations.
What should organisations consider in response to the APPG report?
It is not certain that the APPG proposals will gain traction and parliamentary time, however all businesses should consider the report and reflect critically on the robustness of their own procedures and practices. Effective procedures are good for business.
‘Whistleblowing is one of the most effective means of identifying and addressing risk enabling companies to protect themselves from the negative effects of misconduct.’
In addition, irrespective of the question of legal sanctions, a mismanaged whistleblower situation can cause extensive reputational damage.
Businesses need to be aware of other changes coming through at EU level. A new EU Whistleblower Directive is expected to come into effect in 2021. All EU employers with more than 50 employees will have to adopt formal whistleblowing procedures, including:
- regimes for internal and external reporting lines as well as for public disclosure;
- protection against retaliation;
- exemption from liability for breach of any restriction on disclosure of information imposed by contract, such as an employment agreement or by law, provided the correct procedures are followed; and
- certain rights to legal aid from the state in whistleblower cases.
After Brexit, the UK will not fall within this regime. However, there may be domestic pressure for the UK to establish similar protections and, from a practical perspective, businesses with EU operations may prefer to take a harmonised, uniform approach.