Whistleblowing Policies for Employers
Verified against 4 sources
- Public Interest Disclosure Act 1998
- Enterprise and Regulatory Reform Act 2013 (PIDA amendments)
- FCA SYSC 18 Whistleblowing Rules
- GOV.UK List of Prescribed Persons for Whistleblowing (2024)
Whistleblowing — the reporting of wrongdoing in an organisation — is protected by the Public Interest Disclosure Act 1998 (PIDA). Workers who make a protected disclosure cannot lawfully be dismissed or subjected to any detriment. Employers who retaliate face potentially unlimited tribunal awards.
Key points
- A worker who reasonably believes they are disclosing information in the public interest about wrongdoing qualifies for whistleblower protection.
- Dismissing or subjecting a whistleblower to detriment is automatically unfair — there is no qualifying period of employment.
- All employers should have a written whistleblowing policy and a confidential reporting channel.
- Workers can report to an employer, a prescribed regulator (such as HMRC or the HSE), or — in limited circumstances — wider disclosure to the media.
What Disclosures Are Protected?
A disclosure is protected if it is a qualifying disclosure made in the public interest. A qualifying disclosure is one that the worker reasonably believes tends to show one of six categories of wrongdoing: a criminal offence; a breach of a legal obligation; a miscarriage of justice; a danger to health and safety; damage to the environment; or the deliberate concealment of information about any of these. The worker does not have to be right — they simply need a reasonable belief. Personal grievances (such as disputes about pay or treatment) are not qualifying disclosures unless they also reveal wider wrongdoing.
The disclosure must also be made in the public interest — this does not mean it has to be publicised widely, but the worker must believe it serves some interest beyond their own. Internal disclosures to a manager or employer, and disclosures to a prescribed person (a regulator listed in legislation — including HMRC, the FCA, the HSE, and many others), attract the strongest protection. Wider disclosure (to a journalist, for example) is only protected in limited exceptional circumstances.
Employer Obligations and Best Practice
There is no statutory requirement for most private sector employers to have a whistleblowing policy — but the absence of one is a significant risk indicator and will weigh against an employer in any tribunal claim. A good whistleblowing policy should: set out clearly what types of concern qualify; provide multiple channels for reporting (line manager, senior manager, HR, an anonymous hotline, or an external service); guarantee confidentiality and protection from retaliation; explain how reports will be investigated; and confirm that malicious or false disclosures are not protected.
Certain regulated sectors — financial services firms regulated by the FCA, NHS bodies, and others — have mandatory requirements to have internal whistleblowing arrangements and a dedicated senior manager (a Whistleblowers' Champion). Even without a regulatory requirement, the case for a clear policy is compelling: organisations with effective internal reporting channels catch problems early, before they escalate into regulatory investigations, reputational damage, or litigation.
Handling a Whistleblowing Disclosure
When a worker makes a disclosure, acknowledge it promptly and treat it seriously regardless of the source. Investigate promptly and impartially — never assign the investigation to someone implicated in the disclosure. Protect the worker's confidentiality so far as possible throughout, and consider whether interim protective measures are needed (for example, temporarily reassigning the worker if there is a risk of retaliation from colleagues).
Communicate the outcome of the investigation to the worker where it is appropriate to do so, and explain what action has been taken. Keep records of all disclosures and how they were handled. Monitor the worker's treatment following the disclosure — if they face any adverse action (redundancy selection, disciplinary proceedings, poor performance assessments), ensure there is a clear and documented business reason unconnected with the disclosure. The reputational and financial consequences of a successful whistleblowing claim — unlimited compensation including injury to feelings — make getting this right essential.
FCA-Regulated Firms and Sector-Specific Whistleblowing Rules
For businesses regulated by the Financial Conduct Authority (FCA), whistleblowing obligations go beyond the statutory PIDA minimum. The FCA's whistleblowing rules (SYSC 18) require firms with 50 or more employees to appoint a Senior Manager as Whistleblowers' Champion — a named individual responsible for overseeing the firm's whistleblowing arrangements and ensuring they are effective. This must be a Senior Manager within the meaning of the Senior Managers and Certification Regime (SM&CR). Large firms also have to report to the FCA on how they have handled whistleblowing disclosures.
FCA-regulated firms must also ensure their internal whistleblowing channels allow disclosures to be made to the FCA directly. The FCA operates its own dedicated whistleblowing service at FCA Intelligence and actively encourages workers in the financial sector to report concerns about regulatory breaches, market abuse, and financial crime. Since the FCA introduced the rules in 2016, the number of whistleblowing reports received has risen significantly year on year. Firms that are found to have victimised a whistleblower face regulatory action in addition to Employment Tribunal exposure.
In the healthcare sector, the Care Quality Commission (CQC) is a prescribed person for whistleblowing disclosures. In the public sector, the Cabinet Office operates the Civil Service whistleblowing process. Local authorities, NHS Trusts, and other public bodies are subject to additional frameworks that sit alongside PIDA. Regardless of sector, the fundamental principle is the same: protecting the confidentiality of the whistleblower, investigating thoroughly and impartially, and ensuring no retaliation. Where a business is uncertain about its sector-specific obligations, guidance from the relevant regulator or employment legal advice should be obtained before a disclosure arises rather than after.
Frequently asked questions
Is there a qualifying employment period for whistleblowing protection?
What if the disclosure turns out to be wrong?
Can we require workers to report concerns internally before going to a regulator?
Do FCA-regulated firms have extra whistleblowing obligations?
What is the difference between a grievance and a whistleblowing disclosure?
What to do next
- 1
- 2
- 3
Official bodies and resources
Advisory, Conciliation and Arbitration Service
GovernmentProvides free, impartial advice on workplace relations and employment law, and offers early conciliation before tribunal claims.
Health and Safety Executive
RegulatorRegulates workplace health, safety, and welfare, and enforces related legislation across Great Britain.
Was this page helpful?
Related guides
Anti-Bribery Compliance
The Bribery Act 2010 is one of the toughest anti-bribery laws in the world. It applies to all UK businesses and to foreign companies that do business in the UK. Understanding your obligations and implementing proportionate anti-bribery procedures is essential to avoid criminal liability.
5 min
Essential Workplace Policies
Well-drafted workplace policies protect your business from legal claims, set clear expectations for staff, and demonstrate compliance with employment law. Some policies are required by law; others are best practice. This guide covers what you need.
6 min
Running a Fair Disciplinary Process
A fair and well-documented disciplinary process protects your business from unfair dismissal claims and gives employees a genuine opportunity to respond to concerns. The ACAS Code of Practice on Disciplinary and Grievance Procedures sets out the minimum standards employment tribunals expect.
6 min
Disclaimer