UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
Guidance Note 21 _Whistleblowing and Serious Allegations: Key Corporate Governance Issues Updated
November 2023
di INTRODUCTION
This guidance note aims to provide UKGI Shareholder NEDs and Shareholder Teams with the tools to assist them
in supporting assets and their Boards in adopting a best practice approach to handling whistleblowing and other
serious allegations / complaints.?
This note is not intended to provide an overview of what whistleblowing is or the identification of complaints /
allegations, but rather to assist Teams in identifying and mitigating the corporate governance issues which arise
from such complaints / allegations once made. If you need a refresher on formal whistleblowing processes and
the legal regime which applies, information on this can be found here.
Whistleblowing complaints are subject to whistleblowing laws, and their handling requires the following of
particular processes and specific procedures to protect the whistleblower. Shareholder Teams should be aware
(and should be comfortable that their Board members are aware) of what types of complaints do and do not
constitute ‘whistleblowing’. However, where serious allegations are made which do not constitute formal
‘whistleblowing’ many of the same corporate governance issues arise, and it is likely that the Shareholder team
will expect the same or very similar actions to be taken by the Board. Examples of issues which might tip into this
space, regardless of whether they constitute formal whistleblowing, are:
(i) repeated related complaints;
(ii) instances where a criminal offence has been, is being or is likely to be committed;
(iii) suspected fraud, corruption or bribery or malpractice;
(iv) discrimination against / ill treatment of a stakeholder or stakeholder group.
Throughout this note, for ease we will reference whistleblowing, whistleblowers and whistleblowing issues, but
this guidance should be read to also be applicable to other serious allegations which may be raised outside of the
formal whistleblowing process.
UKGI Legal have a lot of experience advising Shareholder Teams and NEDs on complex whistleblowing issues,
including where these are, or have the potential to become, litigious. If there is a specific issue highlighted in this
note which NEDs or Shareholders Teams wish to explore in more detail, we can assist. In special instances, we can
also call on our panel firms for specific advice. This guidance note should not act as a substitute for legal advice
that UKGI assets may require on the topics explored below.
2. OVERVIEW OF WHY WHISTLEBLOWING MATTERS TO ASSET BOARDS AND UKGI
Why should whistleblowing matter to Asset Boards and what should Assets Board be focused on?
At a high-level, ensuring robustness in whistleblowing frameworks is key to promoting a culture of transparency
and accountability with an organisation — as well as providing a protective framework for workers. The 2018
1 IMPORTANT NOTE TO READER: This guidance note is not, however, designed to address the employment law aspects in
connection with assets’ grievance etc. policies. Concerns in connection with such issues will require specialist
employment law advice
UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
Corporate Governance Code requires the entire Board to take a more direct interest in a company’s whistleblowing
policies and procedures (historically this was simply one of the functions reserved to the audit committee). The
Code states that there should be a means for the workforce to raise concerns in confidence (and if they wish
anonymously) and the Board should routinely review this and the reports arising from its operation. The best and
simplest way to address the requirements of the 2018 Corporate Governance Code is to have a policy which is easy
for the workforce to access, understand and is easy for both workers and the employer to follow and robust
procedures that are followed.
With the above in mind, at a practical level, the boards of assets in our portfolio should be able to satisfy
themselves that the asset has appropriate policies and procedures to:
(i) Receive and assess whistleblowing claims
(ii) Conduct appropriate investigations — with appropriate independence and oversight
(iii) Provide visibility to the Board on significant whistleblowing claims particularly where there were
materials financial, reputations and/or political risks.
Section 3 and 4 below provide some further detail on whistleblowing policies and procedures and the issues that
our assets’ boards and UKGI’s Shareholder Teams should be considering on this topic.
Why does this matter to UKGI?
The Shareholder NED and Shareholder Team will need to satisfy itself on an ongoing basis that the asset’s policies
and procedures and that this topic is receiving appropriate attention at Board level. However, where serious or
high-profile allegations are raised, given the financial, reputational, and political impact this could have on the
asset, the Shareholder NED and Shareholder team may need to do more to assure themselves that the issue is
being taken seriously. Section 5 explores how UKGI can do this in practice.
3. REVIEWING WHISTLEBLOWING POLICIES
All assets within the UKGI portfolio should have existing whistleblowing polices with corresponding hotlines or
methods for complaints/concerns to be raised, which should be fit for purpose. In accordance with Principle C of
POPs, the Shareholder team and Shareholder NED should ensure they are satisfied that the asset has in place an
appropriate whistleblowing policy.
In order to ascertain the robustness of an asset’s whistleblowing policy, some questions Shareholder Teams and
their respective Shareholder NEDs may want to consider encouraging Boards to ask are:
- How often is the whistleblowing policy reviewed by the Board?
- Has the policy been compared against best practice examples/ the asset’s peers? What, if any, gaps were
identified and what steps are being taken to resolve these gaps? How frequently should the comparison
exercise be refreshed?
- Has the Board appointed a Board level champion with responsibility for whistleblowing?
- What are the reporting thresholds at Board level — does the Board receive information on the number and
types of whistleblowing concerns being raised? In periods of crisis, it would be sensible to increase
frequency of reporting to ensure the Board has barometer of employee’s wellbeing.
- How does the Board review the data it receives in relation to whistleblowing complaints? Boards should
look at trends in the data it receives, for example by asking how many whistle-blowers raised concerns
anonymously, confidentially or openly. This will give Boards a better indication of the culture of the
workplace rather than relying on the number of complaints alone.
UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
- What are the metrics relating to the close out of complaints raised? — The Board should consider the
information that should be reported to it on this issue, including, for example, asking (i) how long does it
take to resolve the concern raised (this gives an indication of the willingness of the asset to deal with
whistleblowing complaints); and (ii) what are the outcomes (if virtually all complaints are deemed
unfounded, this could be a warning signal with respect to underlying business practices).
- Are there any concerns that weren’t raised through whistleblowing that might have been and why was
this the case? If the Board hears about a concern first from customers or suppliers rather than its staff, what
might this indicate in terms of the openness of company culture/other red flags?
- Are the methods for logging a concern well communicated to its workforce and employees at all levels?
The Board should ask itself whether it is satisfied that the policy sets the right tone and helps to encourage
and protect anyone speaking up in the workplace, not simply employees, but also NEDs, volunteers and
contractors.
- Does the policy provide multiple channels for raising concerns? Has the asset considered using an external
independent source of advice for their staff?
- Isthere adequate training for all employees on the asset’s whistleblowing policies and procedures? Is there
specific training for managers? The training for managers should cover how to spot a protected disclosure,
what the appropriate response should be, the appropriate reporting structure and what liability the asset
and they may personally face for getting it wrong. How often is such training conducted (both for new
joiners and to refresh existing workers)?
Whistleblowers should be seen as a vital risk management tool and the tone from the Board about whistleblowing
and how the asset treats whistleblowers is important. Boards should seek to foster an open culture, where staff
feel safe to speak up and where whistleblowers who raise concerns are protected.
If Shareholder Teams and Shareholder NEDs are not satisfied that the Board has an appropriate attitude towards
whistleblowing, serious considerations should be given as to whether this is an issue which requires escalation.
4. HANDLING WHISTLEBLOWING COMPLAINTS — ACTIONS FOR ASSETS
Provision 1.6 of the 2018 Corporate Governance Code states that Boards should ensure that arrangements are in
place for the proportionate and independent investigation of any concerns raised by the workforce and for the
follow-up action.
There is a risk that despite having a robust whistleblowing policy in place, an asset and its Board may mishandle a
whistleblowing complaint it receives by failing to appropriately consider such complaint, or adhere to the
procedures set out in the whistleblowing policy. Common errors include failing to protect the anonymity of the
whistleblower, inadvertently creating a culture of intimidation when seeking to understand and resolve a complaint
and prejudging the outcome of any investigation into such issues (i.e. starting from a ‘prove it to be false’ mentality).
Such errors pose a significant risk to the business and can result in employee litigation and significant reputational
damage. The risk of these errors occurring can be mitigated by having a well written policy which reflects best
practice, making it easily accessible to all workers and providing appropriate periodic training on the policy,
operating in tandem with an open and transparent culture promoted from senior management and the Board,
down through the organisation.
When dealing with whistleblowing complaints, the Shareholder Teams and their respective Shareholder NEDs
should be should consider whether Boards are — and if not encourage them to be — cognisant of the following issues.
UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
(i) Information flow
- The asset’s Board will need to consider whether information flow into the Board is appropriate and sufficient.
Often, the instinct as a Board member is to want to know all the facts relating to a whistleblowing case that has
been flagged to the Board. However, it is often better for the wider Board not to know all of the intimate details,
but rather have enough to be able to assess from an objective and arm’s length ‘perspective.
- When considering whether information flow is sufficient the Board should consider:
othe seriousness of the issues raised (independent of their impact on the business);
othe potential impact on the business of the issues raised (not limited to financial impact, but
also reputational risk, potential misfeasance, legal risk and people risk, including whether
senior management are implicated); and
© whether appropriate processes have been put in place to investigate / respond to the issues
raised. In particular, whether the designated person within the organisation is appropriate
to lead the investigation /response and is free of conflicts. It is considered best practice that
there is at least one senior member of staff as a point of contact for the whistleblower,
particularly in cases where the immediate line management relationship is damaged or
where the disclosure involves the line manager.
©. The Board should also give particular thought as to whether individual Board members
should be more involved in the handling and investigation of the whistleblowing case. This
is particularly important in cases involving senior management, where the Board will want
to be assured that they are receiving appropriate updates on progress. In certain instances
it may be that a Board Sub-Committee such as ARC, will need to be responsible for the
conduct of the investigation.
- Boards should endeavour to set reporting thresholds (including the frequency of reporting) with respect to the
progress of serious complaints. Thresholds may differ according to the nature and seriousness of the complaint.
- If using an external law firm or other specialist advisor, in certain cases (in particular those concerning senior
management) assets may wish to consider using a different firm from the regular / retained legal adviser, in
order to be able to demonstrate the advisor has no pre-existing relationship with the company and /or
individuals involved.
- Ifa Board member is implicated in connection with the whistleblowing complaint it would be appropriate for
that Board member to be recused from any discussion regarding that specific whistle blowing complaint.
- It is important to remember that the formal whistleblowing process is designed to protect the identity of the
whistleblower. Even in cases outside of the formal process, the source of the relevant complaint may need to
be taken into account while designing the process for investigation / response.
(ii) Communication and effectiveness
- Where a disclosure has been made externally, Boards should consider if the asset should respond to the
disclosure with a statement of its own to protect its reputation and if so, when to make such statement. While
an asset can make a statement to dispute any false or misleading statements made, it should take care when
responding to disclosures which contain some truth and some inaccuracies and not issue a blanket denial.
- After an issue has been investigated and, if necessary, addressed, the Board should consider whether the
company’s whistleblowing policy is effective, or needs to be updated.
Victimisation and unlawful detriment
- Boards should ensure adequate protections are in place to prevent the victimisation of any whistleblowers. It
is unlawful to subject a worker to any detriment and automatically unfair to dismiss an employee for
whistleblowing. Common detrimental treatment of whistleblowers includes breaching their confidentiality,
bullying by colleagues or managers, side-lining or demoting them, performance managing them, giving poor
references or damaging their reputation.
UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
5. LEANING INTO SERIOUS ALLEGATIONS AS SHAREHOLDER
Where Shareholder NEDs or Shareholder Teams become aware of serious whistleblowing complaints, they will need
to consider whether a more proactive approach is required and should be prepared to take further action.
As UKGI observed to the Post Office Horizon IT Inquiry in its Opening Statement dated October 2022 “Particularly
where significant or high-profile whistleblowing matters are brought to an asset’s attention, UKGI (via the
Shareholder Team and/or Shareholder NED), should take steps to ensure it is properly sighted on how an asset is
handling its response, and if it considers the handling to be inadequate, it should be prepared to intervene.” In
essence, where significant and/or high-profile allegations arise in a public forum, the Shareholder team must satisfy
itself that the asset’s Board is alive to the risk that the issue might present and that the allegations are being
addressed in an appropriate manner.
When might the Shareholder NED/Shareholder Team need to further engage and lean into issue?
There is no prescriptive list. However, examples of the types of serious issue that may require increased attention
from UKGI include:
- where the Shareholder NED/Shareholder Team considers issues are not being considered by the Board with
an appropriate level of seriousness, e.g. where Board appear to be unsighted on detail or too deferential
to assurances being provided by management;
- where the issue represents a significant reputational risk to the asset and — directly or indirectly — the
Shareholder;
- where Board members or significant number of senior management are implicated in the issue;
- where the Shareholder NED/Shareholder team considers the process to investigate the issue may be
flawed;
- where the Shareholder NED/Shareholder team do not feel they have access to sufficient information to
assess whether the complaint is being dealt with appropriately.
What does further action look like?
Ensuring UKGI is able to understand and fully consider allegations being made in connection with assets in the
portfolio, and the risks associated with them, is a key part of UKGI’s stewardship responsibilities in connection with
the portfolio, and the Shareholder team and Shareholder NED should lean in to ensure they understand the relevant
whistleblowing complaint / allegation, and the risks it presents to the organisation, Shareholder and UKGI as agent
of the Shareholder. What are they ways in which this might be done?
(i) Challenge the Board: In almost all cases, the first lever which would be deployed would be for the
Shareholder NED to raise the relevant concern with the Board / Chair as appropriate to ensure that the
asset’s board are fully alive to the risks that the issue might present.
(ii) Challenge the executive: Review assurances being provided by an asset’s executive team to a Board to
test whether it is sufficiently independent and objective. In particular, the Shareholder NED must be
willing to challenge the asset’s management team if she/he has any concerns about the way such
allegations are being addressed, including where there is a sufficient degree of independence/objectivity
in the assessment of the allegations and the asset’s response
UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
(iii) Commission third party assurance: In certain (exceptional) instances UKGI may want to consider
commissioning third party assurance. As HMG is the ultimate Shareholder of UKGI’s portfolio of assets,
it is subject to greater scrutiny than a traditional Shareholder. The Shareholder NED and Shareholder
team should consider whether it needs to take a closer examination of the conduct/output of any
investigation into significant/ high-profile allegations an independent third-party review may be needed
(iv) Encourage further Board engagement: Where for example, allegations are raised by investigative
journalists and have been subject to a degree of fact checking before broadcast or print, it would be
prudent for the Board to consider the significance of the information being aired, independently of the
view of the executive, who may not be able to examine the issues objectively. This is also the type of
circumstance in which, from a Shareholder perspective, the third-party assurance referenced in (iii)
above may become a useful tool.
(v) Consider alerting the Department/Departmental Involvement: Often given the sensitive and
confidential nature of whistleblowing claims and investigations, it is understandable why the asset and
correspondingly the Shareholder NED may wish to keep details of the issue within a tight group.
However, depending on the nature of the claim, ensuring that Departmental policy officials and/or Perm
Sec are sighted is important, particularly where reputational, governance or financial risk are engaged
(vi) Review ToR: Where serious allegations have been raised, particularly where senior management and/or
board members are implicated, the Shareholder NED and Shareholder Team may want to consider
providing a formal Shareholder view (in conjunction with the Department) on the adequacy of any ToR
for an investigation. We have a recent example of this in the portfolio
(vii) Critical self-reflection: The Shareholder NED and Shareholder team must periodically reflect on its own
assumptions and biases in relation to the issue in question, challenge itself as to whether it is in danger
of being involved in “group” think and reflect on whether it is providing strong and effective challenge.
It is possible that the whistleblowing complaint will be concerned with information of a sensitive nature, which
the company suggests would be inappropriate to share with a wider group. UKGI Legal can assist Teams in
navigating this situation and would reassure Shareholder Teams and Shareholder NEDs that it is both appropriate
and necessary that the existence and subject matter of the whistleblowing complaint is shared with UKGI Legal
and members of the Shareholder team to assist the Shareholder NED in performing their duties as a Board
member in connection with the relevant issue.
If the team and Shareholder NED feel further steps are required, there are a variety of options available, the
application of which will depend on the circumstances. UKGI Legal are available to assist Teams in considering
how to appropriately escalate concerns.
Further resources
While this guidance note is not designed to be circulated outside UKGI, for those interested in this topic,
there is a useful note produced by the law firm Simmons and Simmons entitled Ten points for Non-Executive
Directors on whistleblowing* which covers many of the points raised in this guidance note and can be
1 https://www.simmons-simmons.com/en/publications/ck8ke4onflyst0a16lvadq04j/ten-points-for-nonexecutive-
directo whistleblowing
UKGI00044274
UKGI00044274
This Guidance Note is for the information of UKGI staff. It is not to be circulated outside of UKGI
circulated to assets as required. The NAO has also published Assessment criteria for whistleblowing policies!
which may be useful if an asset is looking to review the robustness of its existing whistleblowing policies.
There has been recent parliamentary discussion regarding strengthening the UK’s audit and corporate
governance framework, including amendment of the 2018 Corporate Governance Code and the introduction
of anew regulator, the Audit, Reporting and Governance Authority (ARGA) having been previously mooted
for 2023. The introduction of the ARGA is likely to inform best practice for whistleblowing policies. Until
further guidance comes through from that regulator or the Financial Reporting Counsel, the Whistleblowing
Guidance for Employers and Code of Practice March 2015? remains the current BEIS guidance on
whistleblowing.
1 https://www.nao.org.uk/wp-content/uploads/2014/01/Assessment-criteria-for-whistleblowing-policies.pdf
2 _https://assets. publishing. service.gov.uk/government/uploads/system/uploads/attachment_data/file/415175/bis-
15-200-whistleblowing-guidance-for-employers-and-code-of-practice.pdf