Skip to main content

UK whistleblowing rules



The UK whistleblowing framework is arguably under more scrutiny today than any time since the 1990s. The new EU Whistleblowing Directive, the UK government’s current review of whistleblowing in the UK and several recent big-money cases in the US are changing the landscape for whistleblowing and associated risk management and compliance in the UK and beyond.

In this blog, we consider the impact that these recent and potential changes to the current whistleblowing rules may have on companies operating in the UK and set out the steps they should take to facilitate compliance with evolving regulations.


What are the current whistleblowing rules applicable in the UK?


Whistleblowing rules in the UK have been largely static since the Public Interest Disclosure Act 1998 (“PIDA”) was introduced 25 years ago. PIDA forms the core of the UK’s whistleblowing framework, establishing baseline protections for workers who expose allegations of wrongdoing and granting them immunity from retaliation. Recently, though, the UK has begun to question whether the existing framework is fit for purpose. The status quo has been called into question after high-profile success in the United States’ whistleblowing programme – which rewards whistleblowers for coming forward – and policy developments in Europe. Earlier this year the US handed out a $279 million award to a whistleblower, reportedly in connection with a bribery case that resulted in Swedish telecoms company Ericsson paying a $1.1 billion settlement to US authorities. In Europe, the EU Whistleblowing Directive – covered in a recent Deloitte Legal blog – is now in force. Though the UK has left the EU, the new rules still apply to British companies with operations on the Continent. Companies with more than 50 employees must provide internal reporting mechanisms, guarantee whistleblower protections and acknowledge reports within one week. The protections extend beyond company employees, covering interns, suppliers and other external stakeholders. Elements of the EU laws may also be enshrined into UK law at some point in the future, broadening the range of protected persons and strengthening protections afforded to them. Such a change would affect all UK companies of a certain scale, and provide teeth for UK authorities.


What other changes might there be to the whistleblowing rules in the UK?


At the same time, the UK is planning to update its own whistleblower environment. A review of the current whistleblowing framework, launched by the Department for Business and Trade (“DBT”) in March 2023, is due to conclude in the autumn. It will address the effectiveness of the existing system and propose steps to make it fit for purpose in the modern age.

The review has coincided with renewed calls in Parliament to create an “Office of the Whistleblower” along the same lines as the US body created with the Dodd-Frank Act in 2010. The US Office of the Whistleblower, part of the Securities and Exchange Commission, has the power to fine corporate offenders and pay whistleblowers substantial rewards (though the UK Government has no appetite for monetary incentives here – Lord Minto, Minister of State in the DBT, declared in May 2023 that the Government considered cash rewards inappropriate).

There has, however, been some cross-party support for a new whistleblower authority. A bill introduced by Baroness Kramer in 2021 would form a new body to support whistleblowers and monitor public interest disclosures. The Liberal Democrat peer also proposed – unsuccessfully – to create the office as part of the Economic Crime and Corporate Transparency Bill, which is likely to become law in late 2023 or early 2024 (see our recent Deloitte Forensic blog here). Though there are still several obstacles to overcome before an Office of the Whistleblower-style function could go ahead, it's clear that the direction of travel is towards greater protection for those who expose corporate wrongdoing.


What impact will this have on UK companies?


Any tightening of the rules will increase the administrative and reporting burden on companies, but there are benefits for those that act early to strengthen their whistleblower functions. The Association of Certified Fraud Examiners (“ACFE”) has reported that more than 40% of occupational fraud is identified via tips, and a whistleblowing platform is an effective way to gather such information and help with effective organisational management. Recent industry surveys in the UK and by Deloitte in Asia-Pacific identified concerns over the perceived independence of reporting functions, citing them as the biggest barrier for would-be whistleblowers. The Deloitte survey found that 60% of employees were concerned about independence, and 42% feared retaliation if they reported wrongdoing. They showed that whistleblowers prefer to use online platforms and anonymous forms rather than making physical reports – particularly in the age of remote working – but that many firms lack the scale or expertise necessary to run platforms effectively and gather useable information.


How can companies facilitate compliance with the new whistleblowing rules?


A third-party solution can be an effective way to manage reporting channels and make sure would-be whistleblowers feel confident that their reports will be handled independently. External providers can also assist with ongoing monitoring and analysis of whistleblower reports, tracking issues and creating audit trails to demonstrate compliance with the EU Whistleblowing Directive and the UK’s new failure to prevent fraud offence, set to be introduced by the Economic Crime and Corporate Transparency Bill.

A robust whistleblower platform can support timely detection of fraud and corruption issues, and allow businesses to take action before problems escalate out of control and come to the attention of regulators or the media. Alongside a sound corporate governance framework and effective triage of cases, a whistleblower platform is an essential part of any large company’s operations.


How can Deloitte help?


Deloitte operates worldwide and provides a range of legal and forensic services to enhance whistleblowing programmes. We can implement and manage whistleblower reporting channels through our service Conduct Watch, advise on target operating models for whistleblowing programmes, manage end-to-end processes for investigations, assist with reporting requirements and support litigation or remedial action.

For further information, please contact Ian Hughes +44 161 455 8831 and Chris Watt +44 20 8071 3520.