Whistleblowing Policy

1. Purpose

Coaley Peak Limited is committed to the highest standards of integrity, openness, and accountability. This policy encourages and enables individuals to raise serious concerns internally before seeking external routes, and provides assurance that those who do raise genuine concerns will be protected from retaliation.

The purpose of this policy is to:

• provide clear guidance on how to raise a concern about wrongdoing, malpractice, or risk;
• explain the legal protections available to those who make a qualifying protected disclosure;
• set out the process for investigating concerns and communicating outcomes; and
• demonstrate our commitment to a culture of transparency and ethical conduct.

2. Scope

This policy applies to all workers of Coaley Peak Limited, including:

• permanent and fixed-term employees;
• agency workers, casual workers, and zero-hours workers;
• contractors, consultants, and self-employed individuals engaged directly by the company;
• suppliers and business partners where the disclosure relates to Coaley Peak’s activities; and
• former workers, where the concern relates to conduct during their engagement.

This policy is distinct from the company’s Grievance Policy, which is the appropriate route for personal employment-related complaints. Whistleblowing concerns those matters that affect others or the organisation as a whole rather than personal employment grievances.

3. Legal Framework

This policy is underpinned by the Public Interest Disclosure Act 1998 (PIDA), as amended by the Enterprise and Regulatory Reform Act 2013 and incorporated into the Employment Rights Act 1996. PIDA provides legal protection to workers who make a “protected disclosure” — that is, a disclosure of information that the worker reasonably believes is in the public interest and tends to show one or more of the categories of wrongdoing described in section 4 below.

Protection under PIDA is available regardless of the length of service, hours worked, or employment status of the worker. A disclosure does not need to be proven correct to attract protection, provided the worker held a reasonable and genuine belief at the time of making it.

4. What Qualifies as a Protected Disclosure

A protected disclosure is a disclosure of information that a worker reasonably believes is made in the public interest and tends to show one or more of the following:

• Criminal offences — including fraud, theft, financial crime, or any other conduct constituting a criminal offence under the laws of any part of the United Kingdom.
• Failure to comply with a legal obligation — including breaches of statutory duties, regulatory requirements, or contractual obligations owed to third parties.
• Miscarriages of justice — including the deliberate concealment of, or failure to report, evidence relevant to legal proceedings.
• Health and safety dangers — including conduct that has endangered, or is likely to endanger, the health or safety of any individual.
• Environmental damage — including conduct that has caused, or is likely to cause, damage to the environment.
• Deliberate concealment — the deliberate concealment of any information tending to show the matters listed above.
• Regulatory breaches — including breaches of rules or requirements imposed by a relevant regulator such as the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO), or the Health and Safety Executive (HSE).
• Data protection failures — including the unlawful processing of personal data or systematic non-compliance with the UK GDPR or the Data Protection Act 2018.

This policy also encourages the reporting of serious concerns that may not meet the strict legal threshold for a protected disclosure, such as significant breaches of our internal policies or ethical standards.

5. How to Raise a Concern

5.1 Internal Channels

In the first instance, concerns should be raised with your line manager. If the concern relates to your line manager, or you do not feel comfortable raising it with them, you may instead raise the concern directly with a senior manager or director.

If you prefer not to raise your concern verbally, or wish to create a written record, you may submit your concern by email to our compliance function at compliance@coaleypeak.co.uk. Please mark any written disclosure clearly as a whistleblowing concern.

When raising a concern, please provide as much relevant detail as possible, including:

• the nature of the concern and the conduct or circumstance giving rise to it;
• the names of individuals involved, if known;
• dates, locations, or any other information that would assist investigation; and
• any documentation or evidence you are able to provide.

5.2 Escalation

If you have raised a concern internally and believe it has not been properly addressed, or if the concern involves senior leadership and you do not believe an internal route is appropriate, you may escalate the concern to our compliance team at compliance@coaleypeak.co.uk or to an external body as set out in section 5.3 below.

5.3 External Routes

PIDA permits disclosures to be made to a “prescribed person” as designated by the Secretary of State. Relevant prescribed persons for Coaley Peak’s activities include:

• Financial Conduct Authority (FCA) — for concerns relating to financial services, regulated activities, or consumer protection. Disclosures can be made via the FCA’s whistleblowing service at fca.org.uk/consumers/whistleblowing.
• Information Commissioner’s Office (ICO) — for concerns relating to data protection, the unlawful processing of personal data, or breaches of the UK GDPR. Reports can be made at ico.org.uk/make-a-complaint.
• Health and Safety Executive (HSE) — for concerns relating to workplace health, safety, or environmental matters. Concerns can be submitted at hse.gov.uk/contact/concerns.htm.
• His Majesty’s Revenue & Customs (HMRC) — for concerns relating to tax evasion, fraud, or money laundering. HMRC operates a fraud hotline at gov.uk/report-an-organisation-for-fraud.

Workers may also contact Protect (formerly Public Concern at Work), the UK’s leading whistleblowing charity, for free, independent, and confidential advice.

In exceptional circumstances — for example where the concern is of an extremely serious nature and internal or regulatory routes are not appropriate — a disclosure to a wider audience (such as the media) may attract protection under PIDA, but only where very stringent conditions are met. Workers considering this course of action should seek independent legal advice first.

6. Confidentiality and Anonymity

We will handle all whistleblowing concerns with the utmost confidentiality. The identity of the person raising the concern will not be disclosed without their consent, except where we are legally required to do so or where it is impossible to investigate effectively without doing so. In such cases, we will inform the individual before any disclosure is made, where practicable.

Anonymous disclosures are accepted. However, we encourage individuals to identify themselves where possible, as anonymous concerns can be more difficult to investigate effectively and it may not be possible to update an anonymous reporter on the outcome of an investigation.

All documentation relating to a whistleblowing investigation will be stored securely and access will be restricted to those directly involved in handling the concern.

7. Protection from Retaliation

7.1 What is Prohibited

Coaley Peak Limited takes a zero-tolerance approach to retaliation against any person who raises a concern in good faith under this policy. Retaliation includes, but is not limited to:

• dismissal or threatened dismissal;
• demotion, reduction in hours, or changes to terms of engagement;
• exclusion, isolation, or victimisation by colleagues or management;
• harassment, bullying, or intimidation, whether direct or indirect;
• denial of promotion, training, or development opportunities;
• negative performance assessments motivated by the disclosure; and
• any other detrimental treatment connected with the raising of a concern.

7.2 Legal Protections

Workers who make a qualifying protected disclosure have the right under PIDA not to be subjected to any detriment by their employer as a result. Employees who are dismissed as a result of making a protected disclosure may bring a claim of automatic unfair dismissal, for which there is no qualifying period of employment. Compensation awards in such cases are uncapped.

Any employee who retaliates against a person for raising a concern under this policy will be subject to disciplinary action, which may include summary dismissal for gross misconduct.

8. Investigation Process

Upon receipt of a whistleblowing concern, the compliance function or designated investigating officer will:

• acknowledge receipt of the concern promptly, ordinarily within five working days;
• assess the nature and severity of the concern and assign it to an appropriate investigator who is independent of the subject matter;
• conduct a thorough and impartial investigation, gathering evidence and interviewing relevant parties as necessary;
• maintain records of all steps taken and findings made; and
• provide feedback to the reporting individual on the outcome of the investigation, subject to any legal or confidentiality constraints.

The timeframe for an investigation will depend on the complexity of the concern. We aim to complete initial assessments within ten working days and to conclude investigations within 28 calendar days where possible. Where an investigation is likely to take longer, we will keep the reporting individual informed of progress.

Where the investigation substantiates the concern, appropriate action will be taken. This may include disciplinary action, referral to an external authority, changes to processes or controls, or other remedial measures. The company reserves the right to refer matters to the relevant regulatory authority or law enforcement agency where required.

9. False or Malicious Allegations

This policy is not intended to be used to raise concerns that are known by the reporting individual to be false, or as a vehicle for personal grievances. Workers who make disclosures they know to be false, or who make allegations recklessly without reasonable belief in their truth, will not be protected by this policy and may be subject to disciplinary action.

The distinction between a concern raised in good faith that is not substantiated on investigation, and a deliberately false or malicious allegation, is important. The former will not attract any adverse consequence for the reporting individual; the latter may.

10. Responsibilities of Managers

All managers and supervisors at Coaley Peak Limited have a responsibility to:

• foster an open and transparent team culture in which individuals feel safe to raise concerns;
• take all concerns raised under this policy seriously and handle them with sensitivity and discretion;
• refer concerns to the compliance function or a senior leader promptly and without delay;
• not attempt to investigate concerns themselves unless specifically authorised to do so;
• not disclose the identity of the reporting individual without authorisation;
• not take, threaten, or condone any retaliatory action against a person who has raised a concern; and
• complete training on whistleblowing obligations as required by the company.

Failure by a manager to meet these responsibilities may itself constitute a disciplinary matter.

11. Training and Awareness

Coaley Peak Limited will ensure that all workers are made aware of this policy as part of their induction. Refresher training will be provided periodically. Managers and those with specific responsibilities under this policy will receive role-appropriate training to ensure they understand their obligations and are equipped to handle concerns appropriately.

A summary of this policy and key contact information will be made available to all workers through internal communications and on the company’s intranet.

12. Review

This policy will be reviewed at least annually by the compliance function to ensure it remains current, legally compliant, and fit for purpose. Reviews will take into account any changes to relevant legislation, regulatory guidance, and best practice. Any material amendments will be communicated to all workers.

Questions regarding this policy may be directed to compliance@coaleypeak.co.uk.