Whistleblowing in the financial services sector

15 February 2018

Whistleblowing has become an everyday part of business in the financial services sector. Regulators’ approach to whistleblowing and the increased focus on individual accountability means that whistleblowing and the potentially expensive and serious consequences of whistleblowing reports will continue to concern regulated firms. In our latest bulletin, we review the insurance implications of whistleblowing and the investigations that result.


Whether a report by a whistleblower triggers coverage under a directors and officers (D&O) policy will depend on the facts of the report, the action taken as a result of the report, and the terms of the policy.

A whistleblowing report can be made internally (to the business) or externally and directly to a ‘prescribed person’. In the financial services sector, the prescribed person will often be the Financial Conduct Authority (FCA) or the Prudential Regulation Authority (PRA). As the FCA and PRA encourage internal reporting as a first step (and internal reporting procedures are mandated for certain firms), businesses will often find themselves dealing first with an internal report.

Internal investigations commenced as a result of a whistleblowing report can be expensive, and individuals may face accusations that threaten careers and livelihoods. Those falling within the scope of the internal investigation may, therefore, require legal advice from the outset.

Whether the costs of that legal advice will be covered requires careful analysis of the policy. Insurers are reluctant to cross this ‘coverage boundary’ and provide extensive investigation coverage for matters dealt with purely internally (anecdotal evidence suggests that some business receive dozens of internal reports each year). Cover may not be triggered prior to the involvement of a regulator (for example, once an internal investigation concludes that an external notification is subsequently required).

We have recently seen movement in this area with an insurer offering individuals within the scope of an internal investigation cover for their costs of legal representation, but with insurers retaining the right to claw back costs paid if no self -report results from the internal investigation.

If, in contrast to the above, a whistleblower reports directly to a ‘prescribed person’, and that report results in an investigation by a regulator, coverage is more likely to be triggered for the individual targeted by the regulator (although, again, it will depend on the precise terms of the policy and the form of the investigation).

An important issue on the triggering of a policy is where criminal proceedings are in the pipeline. An individual’s involvement in a criminal proceeding will often commence before his or her arrest and certainly before a charge is made (indeed, neither of these things will necessarily happen, and an individual may be removed from the inquiry after some initial questioning). Again, it is the wording of the policy that will dictate whether there is cover for the legal costs of the particular criminal process to which the individual has been subject.


Another key issue is who will benefit from the cover. When it comes to investigations, a D&O policy will provide cover only for certain individuals. The entity itself will not have cover for its own costs (although an entity will be reimbursed for costs incurred pursuant to an indemnity provided to individuals for the legal costs of those individuals – known as side B cover).

Whistleblowers themselves will not usually receive the benefit of any insurance coverage. It should be noted, however, that although whistleblowers have some protection in terms of their employment rights (i.e. that they cannot be dismissed from employment as a result of whistleblowing that meets certain requirements), they have no protection from any criminal investigation that results from the whistleblowing. Therefore, a whistleblower may need to look to the insurance policy to cover their own legal costs if a criminal investigation turns to them.


As discussed above, when it comes to insurance, whistleblowing concerns the interests of individuals in dealing with investigations that result. Where a business provides an indemnity to individuals for legal costs, it will also have a direct interest in ensuring recovery under the insurance policy.

Individuals targeted in an investigation may have conflicting interests, which could result in the need for several law firms to be instructed. All instructions should be discussed with insurers, including the proposed rates of the law firms and the scope of any work to be undertaken. Instructing lawyers without insurer consent can cause problems when it comes to seeking recovery of legal fees. The impetus to seek consent from insurers may be on the individual, who may be in conflict with his or her employer. Therefore, it is essential that individuals have a solid understanding of the insurance cover available.

D&O policies will always contain conduct exclusions, where an individual has sought to obtain personal profit or committed fraud. Policies will provide for defence costs to be paid by insurers until such an allegation is proven, and so a whistleblowing report making an allegation will not affect coverage at the outset. However, if the allegation is proven, the individual may have to make repayments to insurers.


When considering whistleblowing and the investigations (whether internal or regulator led) that might result, our thoughts automatically turn to the D&O insurance policy. In the current climate, it is our view that professional indemnity (PI) policies ought also to be under consideration. The line between what is a D&O type allegation (for example, an act, error or omission in a director capacity) and what is a PI type allegation (typically an act, error or omission in the conduct of the business) can increasingly be a fine one.

The Public Interest Disclosure Act, which applies to whistleblowers in all sectors, protects a fairly limited and specific set of disclosures (covering, for example, the commission of a criminal offence or the endangering of the health or safety of an individual). The whistleblowing procedures set out by the FCA cover, in addition, a breach of the firm’s policies and procedures and behaviour that harms or is likely to harm the reputation or financial well-being of the firm.

Equally, the roles and responsibilities set out in the Senior Managers and Certification Regime, (which it now seems will be rolled out to apply to almost all regulated firms in 2019, rather than 2018 as had been expected) are extensive and include matters relevant to the conduct of the underlying business as well as the management of a firm.

PI policies often now include some form of investigation cover and may provide some useful cover following a whistleblowing report. In particular, and unlike D&O cover, a PI policy may provide some cover for the legal costs of an entity the subject of a whistleblowing report and subsequent investigation.


Whistleblowing look likely to be a feature of regulated business for the foreseeable future. Insurance can have an important role to play in any response to a whistleblowing report. It is worth considering the scope of coverage not only when a report is made, but also at renewal of an insurance policy when seeking to ensure that you have in place a policy that meets your requirements.

Download Technical & Legal bulletin

For further information please contact Paul Towler, Head of Financial Institutions on +44 (0)207 558 3327 or email paul_towler@jltgroup.com