SS39/15 – Whistleblowing in deposit-takers, PRA-designated investment firms and insurers

Export guidance as




This supervisory statement applies to the relevant firms (deposit-takers with assets greater than £250 million, PRA-designated investment firms and insurers - meaning insurance and reinsurance firms within the scope of Solvency II - and to the Society of Lloyd’s and managing agents), but also to individuals working in the financial services sector. It will also be of interest to a wider range of firms that may wish to comply voluntarily. This statement sets out the expectations of the PRA on how firms should comply with the PRA’s rules on whistleblowing.


This statement is intended to be read together with the rules contained in the Solvency II Firms: Whistleblowing and CRR Firms: General Organisational Requirements Parts of the PRA Rulebook. Readers may also find it helpful to read this statement alongside PRA Policy Statement 24/15 published on 6 October 2015.1



This statement sets out the expectations of the PRA for firms in relation to the:

  • whistleblowing procedures;
  • training; and
  • whistleblowers’ champion.

Export chapter as


Whistleblowing arrangements


The PRA expects relevant firms to put in place systems and controls to support the whistleblowing procedures required by the rules, and for the procedures themselves to be subject to inspection by audit and compliance functions. Internal procedures should:

  • ensure the firm protects the confidentiality of whistleblowers, if the individual concerned requests this;
  • ensure the firm is able to handle disclosures from people who wish to remain anonymous;
  • assess and escalate concerns raised by whistleblowers within the firm as appropriate, and, where this is justified, to the FCA, PRA (or an appropriate law enforcement agency);
  • track the outcome of whistleblowing reports;
  • provide feedback to whistleblowers, where appropriate;
  • prepare written procedures (eg staff handbooks);
  • maintain appropriate records; and
  • take all reasonable steps to ensure that no person under the firm’s control engages in victimisation of whistleblowers, and take appropriate measures against those responsible for any such victimisation.


A larger firm may create an internal specialist unit to handle disclosures and perform some of the above tasks. A firm’s arrangements should seek to ensure that there are different methods of communication available to a whistleblower: for example, a dedicated phone line or e-mail address.


The PRA realises that some firms may use third parties to provide aspects of this service. The PRA expects that firms will consider the quality of the services being offered, and how this can be monitored.


It may be more appropriate for some matters raised through the whistleblowing function to be dealt with by other areas, such as customer complaints or individual human resources grievances. Firms should be able to filter out genuine whistleblowing cases from those that could be better handled by other functions.

Export chapter as




The PRA expects firms to consider whether training can help make their whistleblowing arrangements more effective. This may include:

All staff - training about the need to report instances of wrongdoing, the methods for doing so, and examples of events that might prompt a report, and action that might be taken. In accordance with the rules, they should also be informed of what would constitute a protected disclosure2 and how they should go about disclosing this to the PRA and the FCA.

Managers - tailored training on how to recognise whistleblowing, how to protect whistleblowers and how to provide feedback to whistleblowers.

The whistleblowers’ champion – possibly specialised training to assist them in the performance of their role.

Staff manning a firm’s whistleblowing service - training may include how to protect confidentiality, how to assess and grade the significance of information provided by whistleblowers, and how to spot trends.


  • 2. As defined in the Public Interest Disclosure Act 1998.


Much of this material may also be reflected in a firm’s written procedures.

Export chapter as


Whistleblowers’ champion


Firms subject to the Senior Managers Regime must allocate a ’prescribed responsibility’ relating to the oversight of whistleblowing policies to a Senior Manager. For the purposes of this supervisory statement, this individual will be known as the whistleblowers’ champion.


As part of discharging the requirements of their prescribed responsibility, the PRA expects the whistleblowers’ champion to ensure that an annual report is presented to the board, regarding the effectiveness of whistleblowing systems and controls. This report should include details of any employment tribunals involving whistleblowers which the firm has lost. The firm has discretion as to the exact content of the report. It should be made available to the PRA on request.


The whistleblowers’ champion should be responsible for ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing, including those policies and procedures intended to protect whistleblowers from being victimised because they have disclosed reportable concerns.


The PRA expects firms to ensure that the whistleblowers’ champion has a level of authority within the firm and access to resources and information sufficient to carry out that function. Having access to resources includes having recourse to independent legal advice and dedicated training.

Export chapter as