New whistleblowing rules - is your business ready?
The FCA's new whistleblowing rules stem from the same reforms that created the Senior Managers Regime (which enters into force on 7 March 2016). The FCA's statistics from 2012-2014 (released under FOI requests) show that the numbers of new whistleblowing disclosures it receives are increasing.
Who is affected and from when?
From 7 September 2016, the new rules will apply to UK deposit-takers with assets of £250m or greater (including banks, building societies and credit unions), PRA-designated investment firms, and Solvency II insurance and reinsurance firms and to the Society of Lloyd’s and managing agents ("relevant firms").
For all other FCA-regulated firms, the changes will represent non-binding guidance. The FCA will soon consult on how the rules could be applied to UK branches of overseas banks, and once the bedding in period is complete, the FCA is likely to consider whether similar rules should be applied to the other firms it regulates.
From 7 March 2016, relevant firms must have a senior manager (or, for insurers, a director or senior manager) to act as the firm's "whistleblowers' champion". If the firm has one, the FCA expects firms to appoint a non-executive director to this role. He or she will oversee the firm's period of transition to the new arrangements between 7 March and 7 September 2016 and, once the rules come into force, will be responsible for ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing.
Overview of the rules
The new rules set out the minimum requirements for relevant firms and bring changes to the FCA's Handbook chapter on Whistleblowing (SYSC 18). Relevant firms will need to have in place appropriate and effective arrangements that are able to handle all types of disclosure from all types of person. The FCA has indicated that there will be no regulatory duty on a firm’s staff to blow the whistle.
Among other things, a relevant firm's internal arrangements for whistleblowing must include telling their UK-based employees about the Regulator's whistleblowing services and ensuring that their Appointed Representatives and Tied Agents (if any) do the same for those who are workers. Relevant firms also need to include appropriate training for their UK-based employees, and to report at least annually to their boards on the operation and effectiveness of their whistleblowing systems and controls - this report must maintain the confidentiality of individual whistleblowers.
A relevant firm will have to prepare prompt reports to the FCA about each employment tribunal case with a whistleblower that it loses and will be prevented from including any warranties relating to protected disclosures in settlement agreements.
Will there be an impact on D&O insurance?
At first glance, it seems likely that the new rules will give rise to a greater number of cases of whistleblowing which, in turn, may lead to more regulatory investigations and third party claims against relevant firms. It remains to be seen whether this will be the case, but companies should nonetheless be thinking about their D&O insurance cover and whether it is adequate in light of the new regulatory landscape.
In particular, businesses should review the extent to which their D&O policies provide cover for the often significant costs of a company's internal investigation and the costs of cooperating with the regulator during informal, "pre-investigations". In this regard, businesses should check the following provisions in their policies:
- Definition of "Claim": a D&O policy will only cover defence and/or investigation costs which are incurred after a Claim is made. The definition of Claim is therefore very important in defining what costs will be insured. Does your policy definition of claim include an informal "pre-investigation" enquiry or request for information from a regulator regarding a potential investigation? If not, the costs of cooperating with the regulator, which may involve the provision of substantial documentation, taking legal advice and appointing forensic accountants, will not be covered - nor will they erode any applicable retention under the policy.
- Definition of "Loss": is the definition of Loss in your policy wide enough to cover all of the possible costs involved in responding to a regulatory investigation including legal advice, forensic accountancy, document production etc?
- Company costs: D&O policies routinely restrict coverage to the insured directors and officers of the company who are actually named by a regulator and only cover company costs where the company is named as a "co-defendant" alongside a named individual. Very often, however, regulators do not name specific individuals within a business until fairly late in the investigation, preferring to deal with the company itself, meaning that the costs incurred by the company prior to individuals being named will not be covered, even if it is clear from the outset that certain individuals will be the target of the investigation.
- Conduct exclusions: a D&O policy will not cover losses arising from fraud, but the circumstances in which a fraud is deemed to have been finally established can vary from policy to policy. Usually, fraud is only established by final adjudication of a court. Occasionally, however, policies may provide that fraud is established by the admission of an employee. What happens in that case if an employee agrees to make an admission in return for leniency? What if the company reaches a settlement with the regulator? These issues need to be dealt with in the policy wording to avoid a dispute with the insurer. It is also important to ensure that your policy contains an appropriate "severability" clause providing that one employee's knowledge is not imputed to another.
D&O policies are by no means "off-the-shelf" products and should be tailored to the particular business in question. Relevant firms should review their D&O insurance cover prior to the new rules coming into effect and should discuss any concerns they may have with their broker and, if necessary, with specialist legal advisers.
For more information on the new whistleblowing rules contact Katharine Everett at email@example.com and for advice on D&O coverage contact Garbhan Shanks at firstname.lastname@example.org.