FCA chairman allegedly breached whistleblower’s confidentiality

Unlock Editor's Digest for free

FT editor Roula Khalaf selects her favourite stories in this weekly newsletter.

The chairman of the British financial regulator is accused of violating the confidentiality of an internal whistleblower who wrote to him asking for help, thereby violating the code of conduct for which he is responsible.

According to the emails, Ashley Alder, chair of the UK's Financial Conduct Authority, forwarded the correspondence in December and March without redacting the complainant's name, address and concerns.

The FCA’s whistleblowing policy states: “Your identity will not be disclosed without your consent.”

The whistleblower was fired by the regulator in 2021 for alleged misconduct and also lost an employment tribunal case against the authority, a decision he is appealing. However, his concerns about alleged opaque hiring practices, detailed to Alder, led to an internal review.

In response to the whistleblower's correspondence, the FCA has also launched a second internal review to examine the regulator's process for deciding whether allegations of misconduct should be formally investigated internally.

The regulator has already come under fire for its handling of whistleblowers. Last year, the Information Commissioner's Office ruled that the FCA had breached its data protection obligations. The Times reported that the case concerned the FCA allegedly intercepted and redirected its staff's correspondence, including confidential emails from whistleblowers, to keep an eye on people it deemed troublesome.

In another case from 2018, the complaints officer of the UK financial regulator FCA sharply criticized the bank for passing on the identity of a whistleblower from the Royal Bank of Scotland to the bank. However, the FCA said at the time that the allegations against the bank now known as NatWest had “been proven to be unfounded”.

The FCA requires regulated firms to have internal complaints-making policies that promise confidentiality and to report annually on how well they are performing. Former Barclays chief executive Jes Staley was fined over £600,000 by the FCA and the Bank of England in 2018 after attempting to uncover the identity of an anonymous whistleblower.

Despite these strict rules for FCA-regulated firms, Alder forwarded the whistleblower's unredacted emails to two other people within the FCA and referred a third person who “informed” others about the matter, according to the emails seen by Banking Risk & Regulation, a service of FT Specialist.

The FCA's policy states: “We will do everything in our power to keep your identity secret… If it is necessary for someone other than the original recipient of your disclosure to know your identity, we will discuss this with you before your identity is disclosed.”

The former employee raised their concerns through a dedicated hotline in October, and then wrote to Alder and FCA whistleblower advocate Liam Coleman in December after the whistleblower felt their concerns had only been partially addressed.

Alder did not respond and did not indicate that he might share the information with anyone else, the whistleblower said. Coleman responded to the complainant in a detailed exchange of letters.

The whistleblower's emails were marked “PRIVATE – FOR RECIPIENT ONLY” and referred to FCA guidelines. He even asked for anonymity from Alder's private secretary, the whistleblower said.

The FCA declined to comment on whether the employees other than Alder and Coleman who had access to the emails were part of the official team dealing with whistleblower complaints.

The whistleblower said he was “angry, stunned and speechless” when he saw the forwarded emails. He described them as “institutional betrayal” and accused the FCA of “incompetence and ineptitude”.

FCA staff are required to complete mandatory whistleblower training every year. However, “this requirement does not appear to apply to the FCA chairman,” said the whistleblower.

“What this case really shows is that the FCA does not have its own affairs in order. As such, there are serious doubts about its ability to lead and discharge its duties as a regulator to the companies it regulates,” said Georgina Halford-Hall, chief executive of WhistleblowersUK, who called on Alder to “punish himself”.

The nonprofit group is advocating for a whistleblowing law that would establish an independent oversight body to set standards and investigate violations.

Alder did not respond to requests for comment from the FCA press office.

A spokesman for the FCA said it could not comment on the case “as the individual's employment tribunal proceedings are ongoing”.

An ICO spokesperson said: “There are legal safeguards in place to ensure that whistleblowers can freely report certain types of wrongdoing.

“Anyone who has concerns about how their data has been handled after making a disclosure of this nature can contact us with their concerns.”

Ellesheva Kissin is a reporter at Banking risks and regulationa service of FT Specialist