‘They Were Tampering With Files’ – The Story of a Whistleblower Engineered Out of RBS


Ross McEwan’s appearances on LBC’s call in morning show are in themselves a symbol of a marked difference since the days of his infamous predecessor. Touting the mantra that he wants to ‘rebuild trust’ since he took up the role as RBS CEO on 1st October 2013, McEwan treads a much more affable public persona, where once Fred Goodwin refused access to the press, and much moreso the public.

It was this control over the bank’s every move that allowed the institution to be heaped with praise while internally it’s practices had long been questionable and its viability in trouble. This extended into the final days before the crash, which is now itself the subject of one of many legal actions against RBS, as shareholders who parted with £12bn in a ‘cash call’ in 2008, allege they were assured by Goodwin the bank was well capitalised, six months before it collapsed. These legal battles are dubbed ‘legacy cases’ by McEwan, putting even more distance between himself and RBS’ most notorious era.

Still, the bad news continues to roll out. RBS has not turned a profit for all of the eight years since the taxpayer bailout. It’s share price at the close of 2015 was less than half of the 502p needed for the taxpayer to break even on 73% ownership. 2015 posted losses of £2bn caused by restructuring (£2.9bn) and litigation (£3.5bn) including £2.1bn for mortgage bonds sold in the US. Other cases against the bank include foreign exchange rate rigging, LIBOR, PPI, interest rate swaps, the investor case above, and one involving small to medium businesses claiming the bank deliberately drove them to the wall in order to asset strip and extract money through charges and fees during the process of insolvency.

Could the bank really hope to escape the past with the arrival of new leadership?

Author Ian Fraser argues not. While Goodwin has become the face of the bank’s failures, Fraser, who penned the book ‘Inside RBS: The Bank That Broke Britain, says this overlooks fundamental problems that still languish inside RBS, their effects persisting eight years on. These problems can range from ‘archaic IT systems’ to the failure of the bank to confront continuing practices.

It was on one of these LBC appearances that Fraser pressed the CEO on another kind of allegation, this time involving ways the bank may be continuing to cover up misconduct through doctoring of customer files. Fraser said ‘the allegations basically are that RBS is on a kind of industrial scale, falsifying the core files on SME customers, and these falsifications are allegedly enabling RBS to then win against these customers.”

A couple of months later the front page of The Times, which had by this point produced several reports surrounding allegations of file falsification at RBS*, carried the headline ‘Whistleblowers betrayed by FCA’. It said ‘evidence and sensitive information’ was passed to high street banks by the regulator, namely 11 cases that ‘highlight evidence that the banks had edited records of customer emails, call transcripts and how they presented their ‘central file’ record of correspondence in order to flatter their own positions when in dispute with customers.’ The bank has always denied the charges.

There’s been a lot in the press recently about file falsification,’  Mark Wright worked for the bank for 25 years, ‘2005 I first highlighted file falsification by Group Compliance.


Wright joined Natwest bank aged 16, progressing up the ladder to Senior Financial Planning Consultant and holding a controlling function from 1995 within RBS Group Wealth Management. He dealt with affluent customers and became renowned for his clean compliance record, his dialogue with customers and the level of business he brought in.

‘I have expertise with RBS Group Systems, complaints process, Regulatory Rules…I was one of the most compliant consultants in the country, gaining an award at the Birmingham Conference.’

In 2005, this all changed because of a routine assessment by Group Compliance, a process whereby files are checked and customer care calls made to ensure products are sold with understanding of risks, terms and conditions. Discipline is handed out if results are negative. For example if something were mis-sold through failure to communicate risk, staff could see a drop in their internal rating (staff are rated 1-5) and/or a suspension of pay rewards.

Despite Wright’s previous record, his assessment in 2005 returned 5 complaints.

‘….which then gave [the compliance manager] grounds to rate me ‘business standards not met’, I had to obviously take that on the chin, I wasn’t allowed to contact the customers.”

While pay rewards were suspended and the complaints were logged on his record, within a few weeks one of Wright’s customers contacted him and said he had made no such complaint. Others followed;

‘All five customers came forward and complained Group Compliance had lied about the transcripts.’

As Wright gathered these customer accounts a member of compliance admitted to him privately that he was ‘not surprised’ his file was incorrect, and that he had seen things ‘added and removed from files to show them in a particular light.’

Wright would later take a polygraph to attest to this.

‘The reason you have customer care calls is you phone and check their understanding, that they understood the risk, that they understood the terms, they understood the charges…

“Bear in mind I was micromanaged for over 25 years in a regulatory environment. It was always drilled into us that when it’s something significant you go right to the top.”

The allegations were ones the bank would seem to take seriously too, if zero tolerance fraud policies were followed. As a deterrent, these internal circulars would sometimes list the number of staff who had received disciplinaries or been fired for numerous breaches of conduct. High on this list was the falsification of customer files.

Wright asked his five customers to put their complaints in writing to approach management. He expected a complicated process of vetting the compliance team, and formal notification of bosses and the regulator.

Instead, Wright was put through a grievance process – an internal work procedure for staff dispute resolution. ‘I wasn’t treated as a whistleblower, I was told to take out a grievance, I was a complainer,’ he says.

Notes from this grievance show Wright was concerned the process was not serious enough, and that something more should have been done, but he was assured by management, even receiving a message from Fred Goodwin himself that the process would be dealt with fairly and the conclusions followed.

Wright’s complaint was upheld and perhaps things could have ended here. But none of the grievance findings were instated, Wright’s record remained tarnished, no action was taken against compliance and none of the five complaints were investigated.

‘I can understand how 1 in 5 missed the complaints handling unit. But all five were never followed up by RBS.’

Wright was advised to file a second grievance in order to instate the findings of the first, but unbeknownst to him, it would be the next of six grievances over the next decade.

‘Everytime I was going through this I was thinking why aren’t we following the process…Not one of those five customer complaints was put through the RBS complaints system.’

 ‘If the processes had been followed to the letter, I wouldn’t be here in this situation’

Wright now believes the bank did this in order to prevent investigation of file falsification.


A 2010 review into complaints handling by the FSA (the Financial Conduct Authority’s previous iteration) found ‘poor handling within most of the banks assessed.’ The regulator said they also found good examples of compliance demonstrating high volumes could be dealt with if banks were committed to improvements, adding that if banks continued to ‘deliver poor outcomes for complainants’, it would use the ‘full range of regulatory rules’ to drive improvement.

The complaints process is pertinent when considering cases like the Global Restructuring Group (GRG), where thousands of businesses complained about deliberate actions by the bank to drive them to the wall during and after the recession. RBS denied allegations that it’s turnaround unit was actually asset stripping businesses, before Buzzfeed’s investigation in October turned up new evidence to prove the ‘Dash for Cash’ project. In November, McEwan finally said he was ‘very sorry’ for what businesses had endured at the hands of the GRG. How could so many complaints be ignored for so long?

For customers let down by the complaints system, other avenues are depressingly narrow and exhaustive to pursue. This may be coupled with the pressure that the bank holds the business responsible for it’s downfall – something repeatedly seen in the GRG case.

Police remain ill equipped to deal with financial fraud, which can be new, complex, and difficult yet also omnipresent. Cyberfraud – including that by banks and building societies – has dwarfed crime statistics since it’s inclusion last year. One million complaints were made to Action Fraud in 2016, and police admitted that not all of these cases could be investigated. Even further behind is the ability to marry up instances of fraud taking place across the country.

Image: Thames Valley Police – Lynden Scourfield was at the centre of the HBOS Reading scandal and sentenced to 11 years

A helping hand can make all the difference. In the case of HBOS Reading which ended in the last few weeks, six bankers were eventually convicted for fraud carried out over a number of years again on businesses in positions of distress (which may be manufactured in itself)– extracting money in ways similar to GRG. Thames Valley Police’s ‘Operation Hornet’ began in 2010 and despite being successful is one of the most complex and long running cases of the unit. The costs of £7m have also been placed on local government, and local taxation – disincentivising similar future investigations despite exposing fraud worth an estimated £1bn.

When Ian Fraser questioned McEwan about SMEs, it was as a result of these companies bearing the brunt of several scandals since the recession from the mis-selling of interest rate hedging products to the GRG. Fraser described RBS as causing a ‘corporate holocaust,’ across the UK. It is amongst these customers that allegations of file falsification emanate.

Clive May is a leading claimant in a case involving the Enterprise Finance Guarantee, a loan designed to encourage lending by banks to small businesses after the recession. RBS admitted mis-selling the scheme at the start of 2015. As well as alleging the bank mis-sold the loan, May says he was also deliberately driven to insolvency and that there is evidence of file falsification in his case.

One of these allegations revolves around the removal of second home by May’s banking manager in the application for the EFG. The second home would have made May ineligible for the loan. After continuing to pursue the case with North Wales police, this has now been recorded as an act of fraud by the bank. Still, this has come with long running effort on the part of May, and there are other details in his complaint he still wants to raise.

We covered the story of another RBS customer Nigel Henderson in December who was told his files were destroyed by the bank before having them released shortly after the Buzzfeed investigation in October.

In the case of Andy Keats, another business owner put into straits, a recorded phone call for which he requested the transcript from the bank had 1,110 differences with his own transcript. These vary from words to entire sections, with many to the detriment of him as a customer or to the benefit of the bank’s position.

Responding to several of these customer allegations put to RBS, they told us:

‘RBS takes any allegations of misconduct seriously. We are aware of these specific allegations, which have been investigated thoroughly in the past by the bank and, in many instances, externally through bodies such as the Information Commissioner and the courts. We have found no evidence to support these allegations and categorically deny manipulating or falsifying customer records to suit our purposes.”

Complaints are also an internal issue for staff. When pressed by Real Media, again on LBC, about the protections whistleblowers and staff raising concerns should have, McEwan responded:

“Well first off our whistleblowing process is overseen by our board so it’s not overseen by me, well I put the mechanisms in, the actual board overs-, so we take it absolutely seriously…..I’m very surprised if you’re seeing, hearing that our staff are feeling bullied and p…..They should make those…put forward their case and I’m very happy to hear them.”


While no action was taken to instate the findings of the grievance, Wright believes he was targeted in the workplace. Group Compliance had been notified of his complaint which made his working arrangements more difficult to deal with;

‘I had more mystery shops than anyone in the team,’ he says. An inter-office memo obtained by Wright seems to confirm this. It reads:

‘Our observations are well in excess of the T&C scheme and feel that further observations will only confirm what we already know that Mark is routinely competent…I recommend that no more mystery shops are ordered.’

By 2009, Wright’s mental health was deteriorating. He was still going through grievance processes which brought with them new hurdles, took more time but ultimately bore more inaction, fuelling anxiety for Wright. A health report that same year confirmed the employee fell under the protection of the Disability Discrimination Act, as his experience was being affected daily.

Time also strained the support Wright had in his team. One manager later said in an email ‘following taking the grievance procedure as far as I could, I decided to keep my head down, but the assessment was instrumental in my decision to take redundancy at the earliest opportunity in 2009.”

Still, challenges for Wright continued. When he agreed to cover for another area for a month, he ended up carrying the double workload for two years. Wright’s GP wrote to RBS Chairman Phillip Hampton expressing concerns:

‘Tell me why despite Mr Wright informing you on many occasions the negative impact that this was having on his wellbeing that this has been continually ignored.’

It later became apparent his manager had not been informed of his health conditions nor grievance processes, and these records were not kept in his file.

‘If I’m turning round and saying I can’t cope with the work of two people and driving 130 miles a day, I still can’t believe that happened,’ he says. “But it makes perfect sense if my line manager had no idea about my grievances or my health.’

A statement confirmed he had no knowledge of Wright’s situation. In 2016, Wright’s GP repeated their concerns to Norman Lamb MP:

‘I remain concerned that the statement’s from Mark’s line manager states he ‘knew nothing at all.’ I am also concerned that RBS state they would have had no way of knowing that events leading up to Mark’s breakdown in health would have had such a dramatic effect on him. Furthermore, I remain very concerned taking into account Mark’s line manager’s statement that there was nothing in Mark’s records regarding his health and wellbeing when there are clear notes on Mark’s records dated 2009.’

Wright was signed off work by his doctor in 2012 owing to ill health.


‘I was put straight into a portfolio manager job, and I was looking after the senior manager. There was a particular lady in the office and she was showing me how things were done which included amending loan documentation for file purposes.’

An ex-staff member who worked in RBS commercial banking told Real Media they were trained to lift and forge customer signatures in the first week of employment:

‘The bank has a mandated system called ISV (Image Signature Verification) where it was an electronic signature of the customer. If something wasn’t signed all we do is take a copy of the bank ISV, cut it out, take a few photocopies of it so you lose any lines, or you could hold it up against a window and trace it through. That was a common practice and I was taught that in my first week.’

The whistleblower, who wishes to remain anonymous, said the training was conducted on a 1-on-1 basis but that practices were known throughout the bank;

‘It was commonly known through the managers. The woman who ran the office did the training. You question it. You think is this normal? But everyone else knew about it and everyone was taught the same thing. My manager, her husband was a senior in the bank.’

‘With compliance you expect to see certain things in a folder. Half the time if you didn’t have it, it would be manufactured to be there.”

‘In my new employment there is someone who worked for RBS and we had a joke about leaning on windows and tracing through signatures. He was based in Kent, and myself up in East Anglia.’

Responding to the allegations, RBS told Real Media: ‘This is the first time these allegations have been made to the bank and we will conduct an investigation into these claims. Given the allegations are over 10 years old and the line manager of the whistleblower has now left the bank we have not been able to look into this any further in the timescales provided.’

However, while the whistleblower received training 10 years ago, they continued to work at the bank for eight years and told Real Media this practice took place throughout that time.

While these may be the first allegations within the bank, in 2012, two insurance companies owned by RBS were found to have forged signatures and complaints to meet compliance guidelines in more than 1 in 2 cases investigated by the FSA.


After being signed off work, Wright formally left the company in July 2013. ‘They engineered me out’, he says. At this point, Wright’s MP Norman Lamb became more involved in his case, providing support by seeking responses from both the regulator and the bank. Lamb told Real Media;

‘There’s the personal and the broader picture here self-evidently because he’s a whistleblower, he’s whistleblowing about wrongdoing in the bank and so he would say establishing the truth about what happened is incredibly important and I think he feels as strongly about that as he ever did.

‘We’ve had repeated requests to meet with the bank which have been rejected which makes things more difficult.’

Several representatives have ignored Lamb’s requests for information and propositions to meet;

‘I’ve written to Chairs who don’t bother to reply themselves and pass it on to people below them which I think is arrogant and unacceptable given that he’s raising very serious concerns. I’ve been disgusted at the high handed nature of the bank.

“Baroness Noakes didn’t even reply to me.”

Baroness Noakes is a sitting member of the Risk Committee at RBS, to whom Wright also wrote while he was still employed by the bank.

‘I don’t know how it looks when an employee is coming to you on his knees and I get no response,’ says Wright.

After continued failure seeking a response from the bank, Wright turned to the Financial Conduct Authority, who offer a whistleblowing service for concerns and protection for those that contact them. Yet it would be the FCA who identified Wright to the bank.


Wright had contacted the regulator describing his situation – a 25 year Natwest/RBS employee who had discovered wrongdoing on several counts, reported it to his employer and received hostility and harassment as a result, leading him to leave his job.

Yet, many of Wright’s questions, concerns, offers for meetings and the sharing of information on other legal aspects of the bank’s conduct were ignored or left unanswered.

His relationship with the regulator became difficult and barbed. Last year, after asking whether the regulator had ever given his identity to RBS since his communications with them, the answer was yes. In 2013.

One of Wright’s first questions was whether the bank had sought guidance from the FCA regarding his whistleblowing concerns from 2005 onwards. When this question went unanswered, Norman Lamb’s office manager requested the FCA respond to what was a simple question.

In a later data release, it was found the FCA then contacted the bank, naming Mark Wright, and intelligence he was giving to the FCA as well as asking whether the bank had sought guidance. Wright was not asked permission, despite contacting the FCA through the whistleblowing line and carrying his afore mentioned credentials. Emails show the FCA contacted the bank even before FCA staff had checked internally whether Wright was a listed whistleblower.

Still, the FCA claim that they had to contact the bank for the answer. Their responses further state that as Norman Lamb MP had written to the bank on Wright’s behalf in an attempt to resolve issues at the end of Wright’s employment, the FCA assumed it was correct to contact the bank with Wright’s name, despite these communications being separate and the FCA question a historic one.

Many questions arise from this series of events. However, in context of several other instances it is not so unique.

Take the story at the top of this piece concerning the FCA passing other sensitive information concerning ‘edited transcripts’ to the bank. One city lawyer speaking to Business Insider about this specific case said it ‘may deter people from reporting potential wrongdoing in the banks because they would not be protected.’

It was the FCA that emailed a previous 2015 Real Media article on Clive May’s case to the bank also to ‘make them aware.’ Further information passed by May to the FCA regarding RBS processes was also forwarded verbatim to the bank.

In many of these cases, the FCA say they ‘have to’ share *some* information with banks to investigate – yet the picture forming seems to be one where complete allegations are presented to the bank enabling them to form defences rather than questioning and probing the banks themselves on the part of consumers with serious concerns.

Bizarrely, in return to the FCA’s contact with the bank, RBS seem to have shared Wright’s medical records, asking them to be deleted in later emails. Could this be regarded as a mistake?

Wright later experienced difficulty in getting RBS to acknowledge possession of these medical records with which to process his pension transfer.

The bank stated to the FCA the case was ‘long running’, ‘now closed.’

‘There hasn’t been acceptance of the seriousness of breaching his identity,’ says Norman Lamb MP.

As minister for Mental Health, Lamb is particularly struck by the effects the last decade has had on Wright’s mental health:

‘It’s dominated his life for a long time. It’s very difficult for Mark to move on when this hangs over him and the sense of injustice he suffered. That he did the right thing and suffered for it.”

For Wright, a feeling of closure is indeed paramount for a story which has impacted every aspect of his life. He recalls periods in which he wishes he was more able to support his family over the last decade;

‘I wasn’t there for [my wife] at all because all I could think was how I was stitched up. My son is 14, from the time he’s been able to understand me I’ve always had this luggage that I can’t shake off.”


Drastic measures have been undertaken at great expense to re-invent and re-direct the image of RBS. In May 2016, The Times reported that the Royal Bank of Scotland was dropping the RBS brand from more than 500 branches across England, Scotland and Wales. An advisor deemed the brand ‘toxic’ due to its association with Goodwin. Marketing Director David Wheldon later admitted that the brand was nearly completely scrapped, before receiving a renewed push in Scotland. Yet, questions still arise over the bank’s true reform, and how it is dealing with the many issues that pushed it to the brink in the first place.

Many of these are issues which whistleblowers could help unlock were there greater support. In the US, whistleblowers are rewarded in financial institutions and these have proved ‘extraordinarily successful’ with ‘worldwide reach.‘ Reports have repeatedly cited that reward laws, designed to protect and encourage ‘insiders’ to report misconduct,‘ work. In the UK however, these individuals face danger and cost for speaking out.

‘We have the legal framework,’ says Norman Lamb MP, ‘but this does not seem to translate to the real life practicalities for the needs of whistleblowers.” He continues, the rewards system ‘is exactly what we should aim for.’

*This article was updated on 20/02/2017 to highlight previous reports by The Times on allegations of file falsification.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s