Whistleblowing - the Tip of a Data Iceberg
Since late last year, the FCA has published three quarters of whistleblowing data – for quarter 3 and quarter 4 of 2021, and quarter 1 of 2022. It looks like a fourth quarter won’t be out until close to the year end, so let’s explore these three quarters of numbers we have so far.
Over the nine months (July 21 to March 22), the number of reports made to the FCA whistleblowing team was fairly steady at about 94 reports per month. There is a rising trend in the number of allegations contained in each report. It currently stands at just under two allegations per report.
Most whistleblowers identify themselves when reporting to the FCA, but there is a rising trend of whistleblowers wanting to report anonymously. In July 2021, it came in at 26%, but has since risen to 36% in March 2022. That to me would be worth drilling down into, if I had the base data.
There is a small but persistent reporting of the poor handling of whistleblowing concerns by their firm. It averages around 5% of all reports over these three quarters.
The top five concerns being reported are pretty consistent across the three quarters:
- fitness and propriety
- treating customers fairly
- FSMA
- culture of the organisation
- compliance
There is little explanation of what they encompass (beyond the generic), which is odd, given that together they account for 74% of all reports over these three quarters.
They are however an interesting mix. One relates to the input role of individuals (fitness and propriety), while another relates to the outcome impact on individuals (treating customers fairly). Another relates to the overall problem at the firm (culture), while another relates to oversight and controls (compliance).
This is a broad and varied mix, although it may of course be influenced by the way in which these categories are scoped and used by the FCA. That said, it is still interesting that whistleblowers are prepared to report from a number of perspectives - specific and generic, upstream and downstream.
Six Concerns about this Data
These three quarters of data are interesting, but feel very incomplete. Here are six areas in which I feel the FCA is holding back on useful information from its whistleblowing reports. And yes, I mean holding back (more on this later).
- why hasn't this data been available for before July 2021? The FCA's whistleblowing team has been around for several years now and they've been reporting internally on whistleblowing over that period. What can't this historic data be made available now?
- how does this data compare with the reports being made internally within regulated firms themselves? Such data is compiled by firms and passed on to the FCA. These 'reported directly to the FCA' numbers may only be the tip of a reporting iceberg. Why can't we see both?
- there is no sector level breakdown, leaving us without any sense of what sectors within financial services might be driving these trends. Given each report is tied to a regulated firm, and each regulated firm is tied to a sector, this shouldn't be an onerous set of numbers to produce.
- no indication is given of uphold rates. In other words, these reports are the inputs, but what are the outcomes? How many fines, investigations, warning letters etc resulted from these reports? If whistleblowers are to be encouraged to report, they need to have a sense of how well others before them have been being listened to, and what has happened as a result of the significant step those others have taken.
- there's no sense of whether these levels of reporting are within, above or over FCA expectations. I have FCA data on expected levels of whistleblowing reporting banded by size of firm. Such banding data tells the regulators whether there's too little, too much or roughly expected levels of reporting. This can then drive gap analysis, which in turn influences the regulator's engagement with each firm. Why can't we see more of this in the public domain?
- there's nothing on the influence of preventative measures in these three quarters of data. How much whistleblowing training is being provided by regulated firms? How does this correlate with reports and outcomes. In other words, what impact is the training requirement having?
Am I asking too much here? Certainly not, for the simple reason that I have a lot of what I'm asking above for the year 2014. That's eight years ago. So, for example, in 2014, 20.4% of whistleblowing disclosures related to financial advisors and intermediaries, while 14.1% of disclosures related to insurance. Furthermore, they were the top two categories, pushing consumer credit and retail banking into third and fourth place respectively.
Is More Necessary?
Some of you will no doubt be wondering whether more data (along the lines I'm asking for above) is really necessary? Hasn't the FCA got its hand on this now?
I'm not convinced that whistleblowing is being regulated effectively across the insurance market. Remember the case of Lloyds of London from 2019. It emerged that Lloyds had forgotten to renew its contract with the external firm that managed its whistleblowing helpline. As a result, it had been out of action for 16 months, leaving staff without any way of reporting their concerns anonymously.
This was not just a failure in procurement, but one of...
- compliance, because they should have questioned the sudden absence of data;
- ethical culture, because a problem like this wouldn't have happened if people had cared about speaking up;
- leadership, because senior management should have questioned the lack of reports on whistleblowing;
- regulation, because the regulator should have logged that no reports were being received and queried their absence.
And if this can happen at this icon of insurance, just when that market was awash with harassment cases, what might be happening elsewhere?
Looking Forward
Insurers should have a comprehensive range of internal reporting on whistleblowing in place. Let's assume that each insurer has already gone through at least one internal audit of how well it is all working. What they then need is a context against which to judge their own numbers. Some of that context should come from their own internal monitoring, such as through exit interviews and staff surveys. Most of that context however will come from benchmarking data provided by the regulator.
If that benchmarking data is available to regulated firms, it should also be available to the people working in the market and the consumers being served by that market. I've been told that previous quarterly data would have to be requested through a freedom of information request. Well, setting the accessibility bar that high is just not acceptable.
There's a sense here of a 'need to know' mentality. Given the type of issues that whistleblowing can encompass, this needs to be replaced with a 'right to know' mentality.