top of page


Corporate Buildings

The UK Financial Conduct Authority (FCA) has faced criticism for its handling of a whistleblower’s case. Despite the whistleblower’s repeated reports to the FCA, no action was taken. The FCA claimed the disclosure wasn’t eligible for protection due to non-anonymity. In this article, the author argues that the FCA has a statutory duty to protect whistleblowers and investigate their concerns. However, they failed to intervene in favor of the whistleblowers. This situation raises questions about the oversight of the regulator. The failure to protect whistleblowers erodes public trust in the FCA’s regulatory role, discouraging future disclosures and emboldening wrongdoing.

Significant questions have been raised regarding the behavior of the Financial Conduct Authority (FCA) towards a whistleblower following a repeated failure to protect them from what has been described as “extreme retaliation” stemming from a protected disclosure.

A recent City A.M. article ( with the whistleblower outlines that having made a protected disclosure, they were required to make numerous and escalating reports to the regulator, including to their Chief Executive, of retaliation being suffered. Despite this, the FCA failed to act to protect the individual or otherwise address the conduct of the organization for whom they carry out a regulatory function.

Of significant concern, the FCA stated that the whistleblower did not have the ability to seek protections under the Public Interest Disclosure Act 1998 (PIDA) as the disclosures were not made anonymously, and therefore, the regulator was not required to act on resultant instances of retaliation.

This fundamental misreading of the law is extremely troubling for several reasons. Under the Prescribed Persons Order 2014, the FCA is one of 60 bodies designated by statute capable of receiving and acting upon a whistleblower complaint external to their organization, while still recognizing the disclosure as meeting the threshold of a "protected disclosure." In addition to their other regulatory functions, this means the FCA has a statutory responsibility towards whistleblowers, representing their interests through the investigations of their concerns, and protecting them from retaliation. It is relevant to note that the FCA has at its disposal an “expertly trained whistleblowing team” and received over 1000 individual disclosures in the year 2021/22.

Of importance, for the purposes of UK Law, individuals are only recognized as whistleblowers when they have made a protected disclosure fulfilling the criteria set out in PIDA. Legally speaking, to have failed to make a qualifying protected disclosure is to fail to have undertaken an act of whistleblowing. Consequently, when the FCA asserted that the individual failed to make a protected disclosure and did not fall within the PIDA's scope, they effectively withheld the individual's status as a whistleblower.

Considering the FCA's legal obligations to protect whistleblowers, their internal knowledge in this area, and their capacity to thoroughly investigate industry-standard violations, and in particular cases of retaliation against whistleblowers,[1] it is concerning that they would make a fundamental mistake in not recognizing that a whistleblower disclosure need not be anonymous to qualify for legal safeguards.

Indeed, the vast majority of disclosures meeting the threshold for protection are not made formally as whistleblowing disclosures in the first instance, often simply being concerns reported to line managers or organizational seniors,[2] while PIDA makes clear that the matters raised do not themselves have to be factually accurate, but rather, there is an objectively reasonable belief to their accuracy at the time they were made, and the information ‘tends’ to show a form of behavior outlined in the Act.

It seems therefore, to this author, impossible to reconcile the idea that a body such as the FCA, following repeated complaints being raised, could have made such a basic and fundamental error as to misunderstand who may make a qualifying protected disclosure, and allow abuse to perpetuate unabated in their full awareness.

This event raises a fundamental question: Who is responsible for monitoring or overseeing those in authority or positions of power? Troublingly, it would appear that when it comes to matters of whistleblower protection the FCA remains unaccountable for their actions to the Financial Regulators Complaints Commissioner as the Commissioner can make recommendations to the regulators on remedies (see for instance the Final report by the Complaints Commissioner

for the Complaint number FCA00584 of June 15, 2020). Note that the Commissioner does not have the power to enforce these recommendations. Consequently, although the FCA has a positive duty to prevent retaliation against whistleblowers and to take action against those who do retaliate, there apparently exists no corresponding effective accountability mechanism to ensure they are carrying out this function in the correct way.

As a result, although the FCA has a positive duty to protect whistleblowers from retaliation with a basis in encouraging disclosures and enforcing the highest standards within the financial sector, when evidenced concerns are raised that demonstrate a failure to perform this duty, there is not an effective remedy available for the whistleblower.

Responding to these issues the FCA commented that, “…the error had no impact on actual whistleblower protections under PIDA”, which admittedly is technically correct. This is because for whistleblower protections under PIDA to be accessed, the individual is required to bring an action to an Employment Tribunal following suffering detrimental treatment stemming from the disclosure. It is not the purpose of PIDA to proactively prevent retaliation, other than providing a disincentive, but rather, to provide a remedy should a person have suffered.

It can be understood, therefore, that the role of the FCA in protecting whistleblowers is not one and the same as protections afforded under PIDA. While a person may find recourse under PIDA for harms actually suffered, the role of the FCA, as a designated body, is surely to act swiftly to identify and prevent forms of conduct that would inhibit or otherwise discourage reporting of wrongdoing – namely instances of retaliation and detrimental treatment. The presence of an external prescribed body such as the FCA to whom one can make a disclosure exists precisely because there is a potential risk of retaliation if a whistleblower discloses wrongdoing within their organization.

Such an approach calls into question how regulators view the role of whistleblowers and their contribution to the regulatory landscape. Whistleblowers have been repeatedly recognized as an essential element of a pluralist policing environment,[3] and the primary means of identifying and detecting illegality and other forms of wrongdoing from within an organization.[4] Whistleblowers have emerged as one of the most effective means of detection of wrongdoing, outperforming auditors, regulators, and law enforcement in identifying conduct that transgresses acceptable standards.[5]

Notwithstanding, concerns have been raised that regulators see whistleblowers not as an arrow in the quiver of sectoral oversight, but rather, as representing a failure of the regulator to adequately perform their function. This leads to a marked inability to publicly admit wrongdoing and offer apologies [see on this point Grasso C., The Whistleblowers’ Revolution, in C. Grasso (ed.), Whistleblowers: Voices of Justice, Springer International, forthcoming].

That is to say, a regulator may tend to consider that a report from a whistleblower does not enhance its effectiveness and function, but rather, represents a potential failure of its ability to direct the conduct of the organizations that fall under its oversight.[6]

When approached from this perspective, it becomes possible to identify a perverse incentive to be reluctant or deficient in implementing timely and meaningful methods of protecting whistleblowers from retaliation perpetrated upon them. Simply, if an act of whistleblowing may be perceived as a failure of the regulator, then it follows that whistleblowing becomes an act of harm to the reputation or perceived effectiveness of the regulator, and accordingly, a challenge to their authority. Should this be accurate, it is reasonable to conclude that regulators have little incentive to protect the interests of those harming their reputations.

Accordingly, the repeated failure of the FCA to protect whistleblowers from those whom they oversee and regulate significantly risks undermining the public's trust in the FCA as a regulator.

These systemic failures actively discourage future disclosures through knowledgeable insiders having no faith their interests will be protected should they suffer detrimental treatment. If they see that other whistleblowers have been mistreated by the FCA, then they are less likely to come forward themselves, which in turn, emboldens and encourages wrongdoing through reduced risk of detection.

To deny whistleblowers their status, or fail to proactively protect the interests of whistleblowers is to undermine the basic role and function of the FCA, and their ability to effectively regulate the sector.

[1] See The FCA and Prudential Regulatory Authority implemented a joint fine of £642,430 to the Chief Executive of Barclays Bank, James Staley, for attempting to identify the source of a whistleblowing complaint, citing a breach of the requirement to act with due skill, care, and diligence. The bank was also required to enhance reporting on how it approached and responded to whistleblowers. Bank of England (2018) FCA and PRA jointly fine Mr James Staley £642,430 and announce special requirements regarding whistleblowing systems and controls at Barclays. Bank of England. 11 May 2018. [2] Donkin, M., Smith, R., & Brown, A. J. (2008). How do officials report? Internal and external whistleblowing. Whistleblowing in the Australian public sector, 83. 91-93 [3] Engdahl, O., & Larsson, B. (2016). Duties to distrust: The decentring of economic and white-collar crime policing in Sweden. British Journal of Criminology, 56(3), 515-536. [4] Vadera, A. K., Aguilera, R. V., & Caza, B. B. (2009). Making sense of whistle-blowing's antecedents: Learning from research on identity and ethics programs. Business Ethics Quarterly, 19(4), 553-586. [5] ACFE (2020). ACFE Report to the Nations | 2020 Global Fraud Study. Association of Certified Fraud Examiners. 19; PWC. (2007). Economic crime: people, culture and controls. PricewaterhouseCoopers. 10 [6] Woods, M. (2023) Whistleblowing – To blow or not to blow: The lesson from the Wachovia scandal. In Whistleblowers Voices of Justice (Grasso, C Eds) Forthcoming.


Photo by Sean Pollock on Unsplash

Suggested citation

Bluebook: Stephen Holden, Protecting Whistleblowers: A Call for Oversight Accountability of the UK Financial Conduct Authority, CORPORATE CRIME OBSERVATORY, (December 6, 2023),

Harvard: Holden, S. (2023) ‘Protecting Whistleblowers: A Call for Oversight Accountability of the UK Financial Conduct Authority’. Corporate Crime Observatory. Available at:

OSCOLA: Stephen Holden, ‘Protecting Whistleblowers: A Call for Oversight Accountability of the UK Financial Conduct Authority,’ (Corporate Crime Observatory, 6 December 2023),

Download the article in pdf format:

CCO - Stephen Holden (2023) - FCA and Whistleblowing
Download PDF • 144KB


The views, opinions, and positions expressed within all posts are those of the author(s) alone and do not represent those of the Corporate Crime Observatory or its editors. The Corporate Crime Observatory makes no representations as to the accuracy, completeness, and validity of any statements made on this site and will not be liable for any errors, omissions, or representations. The copyright of this content belongs to the author(s) and any liability concerning the infringement of intellectual property rights remains with the author(s).


bottom of page