Free, confidential whistleblowing advice
Call us on 020 3117 2520 or email us


Whistleblowing in the Financial Sector


Working in the financial sector: how can I raise my concern most effectively and what help can I get?

At Protect, we work with 100s of employers who want to do the right thing when it comes to whistleblowing, by creating a safe and supported speak up culture. It is not always easy, though, when things start to go wrong.

If you work in a bank, building society, credit union, insurer or major investment firm and have witnessed some wrongdoing then you might be able to raise a whistleblowing concern.

This webpage outlines how you can do this internally and externally.

Raising a concern internally

The first step is often to speak to your line manager or look at your employer’s whistleblowing policy and raise a concern internally. 

The FCA/ PRA rules regarding internal whistleblowing

All FCA-regulated entities are advised to comply with the FCA handbook which includes a chapter obliging certain types of firms to have internal whistleblowing (or ‘speak up’) channels. This includes: 

  • Having a designated whistleblowing champion. This will normally be a senior manager at your firm whose job it is to oversee the implementation of whistleblowing arrangements. Your firm might also have a whistleblowing champion at board level, such as a non-executive director; some will just have strategic oversight, others a more hands-on role. Look at your firm’s policy to check. 
  • Having up-to-date written whistleblowing procedures; 
  • Being able to deal with confidential and anonymous disclosures;  please see here for more information about the differences between confidential and anonymous reporting;  
  • Enabling a range of communication methods to raise a concern, (for example, by phone, email or hotline) and stating clearly that you can raise your concerns direct with the FCA or the PRA; 
  • Providing feedback where this is feasible and appropriate; 
  • Having reasonable measures in place to prevent victimisation of whistleblowers; 
  • Delivering staff and management training to ensure that everyone is aware of the whistleblowing process and its rules.  

Relevance for whistleblowers 

If you have a concern, you can raise it through your company’s whistleblowing or ‘speak up’ channels. It is worth looking at your company’s whistleblowing policy in full and deciding who the right person to contact is and how. This may be your line manager, supervisor or a designated whistleblowing contact. Details of what your employer may have in place should be part of any ‘speak up’ or whistleblowing policy. If your company fails to comply with the FCA/PRA rules regarding whistleblowing, that itself may be a reportable concern.

The Senior Managers’ Regime 

Senior managers in key roles linked to regulated business must comply with the senior managers’ regime (“SMR”). This regulates how they must act as a senior manager and discharge their responsibilities. If you have a concern about the conduct of a senior manager, it could be that they are in breach of the SMR. You can check who the Senior Managers are in your business by checking the Financial Services register. You should look at our guidance about raising whistleblowing concerns for more information, or call our Advice Line. 

Settlement Agreements 

If you are bringing an employment tribunal claim against your employer, you may decide to settle your case. 

As part of a settlement agreement, employers sometimes include clauses requiring  you to keep matters confidential after you have left their employment. 

While it may be reasonable to agree some matters (for example, that you will not tell everyone the amount of your settlement), the FCA/ PRA rules state that employers cannot include “gagging” clauses (attempts to prevent you from raising whistleblowing concerns)  or warranties (promises that you do not know of any wrongdoing) in settlement agreements . Whistleblowing law also says that any clause that prevents a worker raising a whistleblowing concern in the public interest is void (not legally binding). These clauses cannot be included in a settlement agreement and, if they are, they have no legal effect. 

The FCA takes a firm stance on this issue so if your employer tries to include a gagging clause, you can report them to the FCA. Please see our webpage on settlement agreements for more information.  

More information on how to raise a whistleblowing concern can be found by clicking the link.

Raising a concern externally

If you feel unable to raise a concern internally, or have done so and it has not been resolved (this could include situations where you have been ignored, have worries while an investigation is ongoing, or are unhappy with the feedback you have received following an investigation) you may consider raising a concern externally.

An external disclosure should be made to the appropriate regulating body- a ‘prescribed person’ by law. If you are working in the financial sector, the appropriate regulating body will likely be the FCA or the PRA, but could in some cases be the Serious Fraud Office (“SFO”) or the Information Commissioner’s Office (“ICO”).

Below is an overview of what the different regulating bodies do and how to raise concerns with them. If you are unsure which regulating body to approach, contact Protect and one of our advisers may be able to assist.  

What the FCA do

  • The FCA acts as watchdog for the conduct of all regulated and authorised firms and individuals.  
  • You should consider contacting the FCA if you have witnessed, or are aware of, wrongdoing happening in the workplace, by an individual or a firm that the FCA regulate. 

How to raise a concern with the FCA 

You can make a report to the FCA by: 

  • Calling their adviceline on +44 (0)20 7066 9200 (open 9am-12pm and 2-5pm) or leaving a message;
  • Writing to them: Intelligence Department (Ref PIDA), Financial Conduct Authority, 12 Endeavour Square, London, E20 1JN 

The FCA offer

  • – complete confidentiality (the FCA state that they always protect the identity of their whistleblowers, and while they might have to share the information provided, they would not disclose that this originated from a whistleblower, unless they are legally obliged to);
  • a dedicated case officer to be assigned to a whistleblower’s case;  
  • meetings with your case officer in person or over the phone; 
  • the option to receive updates every 3 months regarding your concerns. 

The FCA’s recent whistleblowing campaign, ‘In confidence, with confidence’, encourages those working within the financial sector to raise any concerns they have of wrongdoing. The FCA say that they are committed to protecting the identity of those they advise and have increased the size of their specialist whistleblowing team, who are trained to deal directly with whistleblowers. 

The FCA deal with concerns regarding many different issues, including: mis-selling; treating customers fairly; money laundering; fitness and propriety; systems and controls, unauthorised business and sexual harassment. 

Sexual harassment can also amount to a breach of conduct rules and allegations of sexual harassment can be raised with the FCA directly. If raised internally, firms are obliged to notify the FCA within 7 days.

Our sexual harassment webpage has further guidance on raising such a concern. 

More information can be found on the FCA website (from which the above information was collected). 

What the PRA do

  • The PRA is responsible for the prudential regulation and supervision of banks, building societies, credit unions, insurers and major investment firms. It ensures stability of the UK financial system by creating policies for firms to follow, setting standards and promoting safety and soundness through supervision of financial institutions at the level of the individual firm. Not all firms will be regulated by the PRA.
  • You should consider contacting the PRA if you work, or used to work, in the financial services industry and have concerns relating to your employer or other firms or individuals. 

How to raise a concern with the PRA

You can make a report to the PRA by: 

  • Calling their adviceline on +44 (0)203 461 8703 during office hours or leaving a callback message; 
  • Writing to them: Confidential reporting (whistleblowing) IAWB team, Legal Directorate, Bank of England, Threadneedle Street, London, EC2R 8AH. 

The PRA offer

  • complete confidentially (unless they are legally obliged to disclose a whistleblower’s identity);
  • a dedicated whistleblowing team case officer to be assigned to a whistleblower’s case to look at the information provided and any other supporting information; 
  • to contact you if they need more information (unless you have asked them not to or they think it is unsafe to do so);
  • to decide if they will take further action. 

The PRA can provide only ‘very limited feedback’ to whistleblowers. 

More information can be found on the PRA website (from which the above information was collected). 

What the SFO do

  • The SFO investigates and prosecutes serious or complex fraud, bribery and corruption. 
  • You should approach the SFO if you believe that your concern falls within this remit; be aware that the SFO can only take on a very small number of serious cases.  

How to raise a concern with the SFO 

You can make a report to the SFO: 

  • using their secure online reporting form on their website (they cannot take reports over the telephone).
  • The SFO offer confidentiality and say that they do not normally disclose the identity of individuals who contact them; however, there are rare situations where a judge may order them to to do so, in which case, they will consider all available options and consult with you where reasonable to do so.  

More information can be found on the SFO website (from which the above information was collected). 

What the ICO do

  • The ICO is responsible for upholding information rights in the public interest.
  • You should consider contacting the ICO if your concern relates to issues of data protection and/or freedom of information.

How to raise a concern with the ICO 

You can make a report to the ICO by: 

  • Calling their helpline on 0303 123 1113 and selecting the option for whistleblowing complaints. The ICO ask that you make clear to the person you speak to that you consider yourself to be making a protected disclosure under the whistleblowing provisions. Their staff will then be able to guide you to an online reporting tool where you can submit your protected disclosure.
  • Writing to them, making clear that you consider yourself to be making a protected disclosure under the whistleblowing provisions.  
  • Their head office is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
  • The ICO offer complete confidentiality (unless they are legally obliged to disclose a whistleblower’s identity).

More information can be found on the ICO website (from which the above information was collected). 

Your rights


The FCA is one of the very few regulators that investigates whistleblower victimisation. If you are a whistleblower who has been victimised, you can tell the FCA who may decide to take action against the person victimising you, particularly if they are a senior manager. 

It is therefore advisable to talk to the FCA if you are afraid of being victimised or have been victimised as a result of raising a concern. As appropriate, the FCA can either keep the risk of victimisation in mind and offer you protection while investigating a concern, or sanction anyone who victimises you at work because you have raised a concern.   

The Public Interest Disclosure Act

As a whistleblower, you have legal rights protecting you from detriment and dismissal for whistleblowing  

The Public Interest Disclosure Act 1998, shortened to PIDA, is the law that protects whistleblowers from negative treatment or unfair dismissal. It is part of the Employment Rights Act 1996 (“ERA”). 

PIDA makes it unlawful to subject a worker to negative treatment or to dismiss them because they have raised a whistleblowing concern. Raising a whistleblowing concern is also known as a making a protected disclosure’. 

If at any stage of the process you would like additional advice from Protect, you are welcome to contact us through our online form or call our adviceline on 020 3117 2520 and/or utilise the email template library and other resources on our Advice Line webpages.