Skip to content

Whistleblowing Policies for Employers

BusinessReviewed by Civil Help editorial team: 9 February 2026Next review: 8 June 20275 min
Verified against 4 sources
  • Public Interest Disclosure Act 1998
  • Enterprise and Regulatory Reform Act 2013 (PIDA amendments)
  • FCA SYSC 18 Whistleblowing Rules
  • GOV.UK List of Prescribed Persons for Whistleblowing (2024)

Whistleblowing — the reporting of wrongdoing in an organisation — is protected by the Public Interest Disclosure Act 1998 (PIDA). Workers who make a protected disclosure cannot lawfully be dismissed or subjected to any detriment. Employers who retaliate face potentially unlimited tribunal awards.

Key points

  • A worker who reasonably believes they are disclosing information in the public interest about wrongdoing qualifies for whistleblower protection.
  • Dismissing or subjecting a whistleblower to detriment is automatically unfair — there is no qualifying period of employment.
  • All employers should have a written whistleblowing policy and a confidential reporting channel.
  • Workers can report to an employer, a prescribed regulator (such as HMRC or the HSE), or — in limited circumstances — wider disclosure to the media.

What Disclosures Are Protected?

A disclosure is protected if it is a qualifying disclosure made in the public interest. A qualifying disclosure is one that the worker reasonably believes tends to show one of six categories of wrongdoing: a criminal offence; a breach of a legal obligation; a miscarriage of justice; a danger to health and safety; damage to the environment; or the deliberate concealment of information about any of these. The worker does not have to be right — they simply need a reasonable belief. Personal grievances (such as disputes about pay or treatment) are not qualifying disclosures unless they also reveal wider wrongdoing.

The disclosure must also be made in the public interest — this does not mean it has to be publicised widely, but the worker must believe it serves some interest beyond their own. Internal disclosures to a manager or employer, and disclosures to a prescribed person (a regulator listed in legislation — including HMRC, the FCA, the HSE, and many others), attract the strongest protection. Wider disclosure (to a journalist, for example) is only protected in limited exceptional circumstances.

Employer Obligations and Best Practice

There is no statutory requirement for most private sector employers to have a whistleblowing policy — but the absence of one is a significant risk indicator and will weigh against an employer in any tribunal claim. A good whistleblowing policy should: set out clearly what types of concern qualify; provide multiple channels for reporting (line manager, senior manager, HR, an anonymous hotline, or an external service); guarantee confidentiality and protection from retaliation; explain how reports will be investigated; and confirm that malicious or false disclosures are not protected.

Certain regulated sectors — financial services firms regulated by the FCA, NHS bodies, and others — have mandatory requirements to have internal whistleblowing arrangements and a dedicated senior manager (a Whistleblowers' Champion). Even without a regulatory requirement, the case for a clear policy is compelling: organisations with effective internal reporting channels catch problems early, before they escalate into regulatory investigations, reputational damage, or litigation.

Handling a Whistleblowing Disclosure

When a worker makes a disclosure, acknowledge it promptly and treat it seriously regardless of the source. Investigate promptly and impartially — never assign the investigation to someone implicated in the disclosure. Protect the worker's confidentiality so far as possible throughout, and consider whether interim protective measures are needed (for example, temporarily reassigning the worker if there is a risk of retaliation from colleagues).

Communicate the outcome of the investigation to the worker where it is appropriate to do so, and explain what action has been taken. Keep records of all disclosures and how they were handled. Monitor the worker's treatment following the disclosure — if they face any adverse action (redundancy selection, disciplinary proceedings, poor performance assessments), ensure there is a clear and documented business reason unconnected with the disclosure. The reputational and financial consequences of a successful whistleblowing claim — unlimited compensation including injury to feelings — make getting this right essential.

FCA-Regulated Firms and Sector-Specific Whistleblowing Rules

For businesses regulated by the Financial Conduct Authority (FCA), whistleblowing obligations go beyond the statutory PIDA minimum. The FCA's whistleblowing rules (SYSC 18) require firms with 50 or more employees to appoint a Senior Manager as Whistleblowers' Champion — a named individual responsible for overseeing the firm's whistleblowing arrangements and ensuring they are effective. This must be a Senior Manager within the meaning of the Senior Managers and Certification Regime (SM&CR). Large firms also have to report to the FCA on how they have handled whistleblowing disclosures.

FCA-regulated firms must also ensure their internal whistleblowing channels allow disclosures to be made to the FCA directly. The FCA operates its own dedicated whistleblowing service at FCA Intelligence and actively encourages workers in the financial sector to report concerns about regulatory breaches, market abuse, and financial crime. Since the FCA introduced the rules in 2016, the number of whistleblowing reports received has risen significantly year on year. Firms that are found to have victimised a whistleblower face regulatory action in addition to Employment Tribunal exposure.

In the healthcare sector, the Care Quality Commission (CQC) is a prescribed person for whistleblowing disclosures. In the public sector, the Cabinet Office operates the Civil Service whistleblowing process. Local authorities, NHS Trusts, and other public bodies are subject to additional frameworks that sit alongside PIDA. Regardless of sector, the fundamental principle is the same: protecting the confidentiality of the whistleblower, investigating thoroughly and impartially, and ensuring no retaliation. Where a business is uncertain about its sector-specific obligations, guidance from the relevant regulator or employment legal advice should be obtained before a disclosure arises rather than after.

Frequently asked questions

Is there a qualifying employment period for whistleblowing protection?
No. Unlike unfair dismissal (which requires two years' service), whistleblowing protection applies from day one of employment. It also extends beyond employees to workers, agency workers, and former employees in some circumstances. This means a new employee who blows the whistle and is dismissed in their first week has the same right to bring a claim as a long-serving employee. There is also no cap on compensation for whistleblowing dismissal claims.
What if the disclosure turns out to be wrong?
Protection does not depend on the disclosure being correct — only on the worker having a reasonable belief that it is accurate. If the worker genuinely believed they were reporting wrongdoing and made the disclosure in the public interest, they are protected even if the investigation finds no wrongdoing. However, a worker who knowingly makes a false disclosure or makes a disclosure in bad faith (e.g. primarily to harm a colleague) is not protected, and tribunals can reduce compensation in these circumstances.
Can we require workers to report concerns internally before going to a regulator?
You can encourage internal reporting and make your policy welcoming of it. However, you cannot require workers to exhaust internal channels before contacting a prescribed regulator — disclosures to prescribed persons are fully protected regardless of whether internal channels were used first. Policies that attempt to restrict external reporting are likely to be unlawful and counterproductive.
Do FCA-regulated firms have extra whistleblowing obligations?
Yes. FCA-regulated firms with 50 or more employees must appoint a Senior Manager as Whistleblowers Champion (under SYSC 18), maintain internal and external reporting channels, and report to the FCA on how disclosures are handled. Even smaller FCA-regulated firms must direct workers to the FCA as a prescribed person and ensure their internal processes meet the FCA's standards. Victimising a whistleblower in an FCA-regulated firm can trigger regulatory action as well as Employment Tribunal exposure.
What is the difference between a grievance and a whistleblowing disclosure?
A grievance is typically a personal complaint about the worker's own treatment — a pay dispute, bullying by a manager, or unfair disciplinary action. A whistleblowing disclosure is about wrongdoing that affects others or is in the public interest — financial fraud, health and safety breaches, or criminal conduct by the organisation. The two can overlap: a worker who is underpaid may have both a personal grievance and a qualifying disclosure about NMW non-compliance. Handle each according to the appropriate procedure, and if in doubt treat a disclosure as protected — the consequences of getting it wrong are far more serious for whistleblowing.

Official bodies and resources

Advisory, Conciliation and Arbitration Service

Government

Provides free, impartial advice on workplace relations and employment law, and offers early conciliation before tribunal claims.

Health and Safety Executive

Regulator

Regulates workplace health, safety, and welfare, and enforces related legislation across Great Britain.

Was this page helpful?

Disclaimer

This information is for general guidance only and does not constitute legal advice. You should seek qualified legal help if your situation requires it.