Sunday, July 19, 2026

RSA Whistleblower Files...

Meridian Legal Services had forced RSA / Intact Insurance UK into a regulatory hold. Financial Ombudsman Service had the insurer’s internal case file. An investigator was about to be assigned.

This is the recap. If you’ve read all 112 episodes, most of this will be familiar - think of it as the file you’d hand someone new, or the one you’d want on record. If you’ve never read a single one, this is the whole thing, without needing to open 112 tabs.

One more thing before I start. Every section below ends with the specific episode numbers that section is drawn from. That’s deliberate.

If you’re a journalist, a lawyer, another policyholder, or just someone who wants to check a claim against the original documents rather than take my word for it, those episode numbers are your way in. Click through to the relevant number and you’ll find the actual emails, metadata, letters, and regulator correspondence behind whatever I’ve summarised here. Nothing in this episode is meant to stand on its own - it’s a map, not the territory.

(Covered in: EP109, EP110, EP111, EP112)


Who I am and how this started

I’m Artur. I’m a CNC programmer from Birmingham. I work with CNC precision machining. Numbers, tolerances, measurements that either match the drawing or they don’t.

In September 2020, I noticed a crack running through my kitchen wall. Then more, outside, where my house meets the neighbour’s. Subsidence. I called my insurer, RSA, and reported it, expecting the process to be roughly what it says on the tin: investigate, find the cause, fix it.

Almost six years later, I’m still living with cracks in the walls. Along the way I found something I didn’t expect to find ...

(Covered in: EP1, “I never planned to be a whistleblower,” “How an insurance fight took space inside my family life,” “What 1,000 cases and 100 episodes taught me”)


The moment everything changed: a Subject Access Request (DSAR)

In November 2024, I did something every UK resident is entitled to do under GDPR: I asked my insurer for a copy of everything they held on me - a Data Subject Access Request, or DSAR.

What came back didn’t match my memory of the last four years.

There were complaints in the file that I never made. There were documents dated years earlier than the metadata said they were created. There were 73 files redacted so completely that even my own emails, sent back to me, had been blacked out. Dozens more were simply missing. Around 140 files witheld.

I’m not a lawyer, a journalist, or an investigator by training. I’m someone who reads technical drawings for a living, so when the paperwork stopped matching the timeline, I noticed, and I started keeping a forensic record of every discrepancy - dates, metadata, reference numbers, who sent what and when.

That record became this series.

(Covered in: EP1, EP2, EP3)


The three complaints I never made. Fabricated by Insurers.

Three complaints appear in RSA’s records under my name:

• 30 January 2024 (ref 01/24540759)

• 26 September 2024 (ref 09/24576994)

• 7 December 2024 (ref 12/24587074)

None of them has a contact record, a complaint form, or a verification trail behind it. The third one, RSA’s own correspondence shows, was built from what was actually a routine follow-up email to their Data Protection Officer about my DSAR - not a complaint at all.

Here’s the pattern that took me months to see clearly: every one of those three dates was followed, within days, by RSA’s standard “Thank you for contacting us” acknowledgment letter. My two genuine, recorded-delivery complaints - 2 October and 16 December 2024 - never received one.

I started calling that letter the fraud marker. It only ever showed up after something I didn’t send.

Why would a company do this? My own theory, laid out across dozens of episodes with the paperwork attached: each fabricated complaint gave RSA a new reference number and a new start date, which let them argue they’d already dealt with an issue, or that a deadline hadn’t been missed, or that my real complaint could be filed away as a duplicate of one that never happened.

(Covered in: EP4, EP5, EP7, EP12, EP13, EP21, EP24, EP25, EP26, EP27, EP28, EP29)


The documents fabricated in 83 minutes

On 30 April 2024, three documents appeared in my claim file: a Schedule of Works, a Certificate of Structural Adequacy, and a Form of Acceptance. Carried dates suggesting they were years old - 2021, specifically.

The metadata said otherwise. Created and modified within an 83-minute window, on 30 April 2024, by the same member of staff.

The Certificate of Structural Adequacy went further: it credited a specific engineer’s advice for a tree-removal decision made in 2021. That engineer wasn’t hired until 2023. He couldn’t have advised on something that happened two years before he was involved. I flagged this in writing, repeatedly.

RSA’s response, when it eventually came in a Final Decision Letter, called this “poor attention to detail.” A later Ombudsman decision called it “simple human error.” Neither addressed how a document can be authored in 2021 and modified in 2024 at the same time, or how an engineer can advise on an event that predates his involvement by two years.

(Covered in: EP6, EP8, EP9, EP17, EP18, EP19, EP20, EP31, EP36, EP69, EP70)


The files that vanished, and the ones that were blacked out

My DSAR should have returned a complete file. Instead: 73 documents fully redacted (including, again, my own outgoing emails), and by my count somewhere 70+ further documents missing outright - concentrated, tellingly, around the period of the fabricated September complaint.

One example I’ve come back to more than once: a site-visit report, released to me with every line redacted except one - “The entire meeting was video recorded by the insured’s son.” That sentence survived. Everything describing what was found at the visit did not.

I complained to the ICO twice. Both times, I’ll walk you through what happened to that complaint in a moment.

(Covered in: EP11, EP37, EP45, EP46, EP95)


Round two: the same pattern, in the monitoring data

I assumed, for a while, that the fabrication problem belonged to 2024. Then, in 2025, RSA (rebranding mid-dispute to Intact Insurance UK) ran a six-month monitoring programme on a second problem tree - referred to throughout the series as T5 - that a regulator had specifically ordered them to investigate.

The monitoring point closest to T5 moved 2.3mm downward over six months, with zero recovery across all seven readings - the largest, most one-directional movement of any monitored point on the property. I was told this proved “stability.”

When I asked for the original monitoring files, the April data arrived as a full spreadsheet, properly attributed to the surveying firm. Every month after that arrived only as a PDF: no author, creation dates over a week after the actual survey, and - I later discovered - one of them containing invisible text, embedded but not displayed, findable only by selecting the page and pasting it into a plain text editor.

I don’t think that happens by accident.

(Covered in: EP76, EP77, EP78, EP82, EP83, EP84, EP85, EP86, EP87, EP88, EP89, EP90, EP91, EP92, EP93, EP94)


What FOS did with all of this

This is the part of the story that, honestly, took the longest to accept.

The Financial Ombudsman Service is the free, independent service that’s supposed to resolve exactly this kind of dispute. Over five-plus years, I brought them the fabricated complaints, the backdated documents, and the manipulated monitoring data, more than once, in detail, with evidence attached.

Here’s what I got back, in the regulator’s own words, at different points in the case:

“Artur, I cannot do anything” - the first investigator, when shown proof a complaint had been fabricated, told me it would need to be raised as a brand-new complaint rather than folded into the case already open.

“Your further supporting evidence… hasn’t changed my review of the complaint” - a second investigator, 72 hours after receiving over 500 pages of forensic evidence.

On the backdated Schedule of Works: the Ombudsman accepted RSA’s explanation that the date was a “printing error” - that downloading or printing a document stamps today’s date on it - despite the file’s own metadata recording a creation date, not a print date.

On the false attribution to an engineer who wasn’t hired until two years later: “I can’t see any detriment that Mr N has suffered as a result of this minor and relatively insignificant error.”

Most recently, on the T5 monitoring question: between 19 December 2025 and 15 January 2026, one investigator gave me four different positions on whether RSA had complied with a binding order - non-compliant, then not non-compliant, then “up to the discretion of the investigator,” then a specific evidence threshold I’d already met weeks earlier, then finally: “So, it’s a new complaint. I hope that helps.”

A Freedom of Information request I filed to understand FOS’s own fraud-handling procedures took over a year, three refusals, and a phantom reference number generated for a request I never made, before I learned something that explained a lot: FOS’s own case-management system doesn’t record “document fabrication” as a complaint category at all.

(Covered in: EP14, EP15, EP21, EP40, EP41, EP55, EP56, EP57, EP58, EP59, EP60, EP61, EP62, EP63, EP67, EP68, EP69, EP70, EP71, EP72, EP73, EP74, EP75, EP79, EP80, EP97, EP98, EP99, EP100, EP101, EP102, EP103, EP104, EP105, EP106, EP107, EP108)


What ICO did with it

The Information Commissioner's Office exists to enforce data protection law. I sent them the 73 redacted files, the missing documents, and evidence my data had been shared with third parties without a clear lawful basis.

Their first outcome: they said they were “unable to determine” whether RSA had complied with the law, and asked RSA’s own Data Protection Officer to review RSA’s own handling and report back in 14 days. RSA’s DPO’s review concluded the redactions were “appropriate.” That was accepted, no further questions asked.

When I filed a second, far more detailed complaint months later - 350-plus pages, covering everything the first complaint hadn’t - the ICO closed it as a “duplicate” of the first, without reviewing the new evidence.

(Covered in: EP46, EP64, EP65, EP66, EP81, EP95)


What FCA and SFO did with it

Both were copied on nearly every escalation in this case from January 2025 onward: the fraud alerts, the formal complaints, an open offer of full access to my underlying evidence. Neither is on record, anywhere in this series, taking a documented substantive action.

(Covered in: EP22, EP24, EP27, EP29, EP43, EP47, EP51, EP52, “When Every Watchdog in Britain Suddenly Goes Blind”)


Why I don’t think this is just about me

Two things convinced me this isn’t a one-off.

First: in 2023, a legal representative named Gary Smith won a landmark High Court case against FOS over roughly £500 million in mis-sold timeshare compensation for around 20,000 families. After he won, by his account, the compensation largely didn’t get paid - and at least 26 of his clients died still waiting. He’s now preparing a second judicial review, built on more than 1,000 documented FOS cases.

Second: reviews from FOS’s own current and former staff describe an organisation under pressure to hit closure targets set by executives who, in one reviewer’s words, “have never worked a day in the Investigator role” - producing, in that reviewer’s phrase, “rushed, sloppy investigations.”

None of that proves my case. But it’s hard to read alongside everything above and conclude I just had unusually bad luck three separate times, with three separate regulators.

(Covered in: EP98, “ONE LEGAL EXPERT EXPOSED THE UK CONSUMER PROTECTION FRAUD,” “THE WATCHDOG HAS NO TEETH,” “What 1,000 cases and 100 episodes taught me”)


Where things stand now

As of this episode: Claim 202009030674 remains on official regulatory hold. RSA/Intact’s contractor has been stood down. All demands for site access have been withdrawn. 

 https://www.linkedin.com/pulse/ep113-rsa-whistleblower-files-whole-story-so-far-six-years-nadolny-dov2e/

Sanctions against PricewaterhouseCoopers LLP and Mr John Waters...

This Press notice concerns the outcome of an investigation into the relevant Statutory Audit Firm and Statutory Auditor (as defined in the FRC’s Audit Enforcement Procedure). It would not be fair to treat any part of this announcement as constituting or evidencing an investigation into, or findings in respect of the conduct of, any other persons or entities.

Executive Counsel of the Financial Reporting Council (FRC) has issued a Final Settlement Decision Notice (FSDN) under the Audit Enforcement Procedure and imposed sanctions against PricewaterhouseCoopers LLP (PwC) and John Waters, audit engagement partner, in relation to the statutory audit of the consolidated financial statements of Babcock International Group Plc (Babcock) for the financial years ended 31 March 2019 (FY2019) and 31 March 2020 (FY2020).

The sanctions are:

PwC:

  • A financial sanction of £3,248,437 (this figure reflects a starting point of £5,500,000, discounted for the mitigating factor of exceptional cooperation by 12.5%, and further discounted for admissions and early disposal by 32.5%);
  • A published statement in the form of a Severe Reprimand;
  • An order requiring PwC to take specified action with the aim of preventing the recurrence of the contravention; and
  • A declaration that the FY2019 and FY2020 Audit reports signed on behalf of PwC did not satisfy the Relevant Requirements in relation to the matters set out in the FSDN.

Mr Waters:

  • A financial sanction of £59,062 (this figure reflects a starting point of

£100,000, discounted for the mitigating factor of exceptional cooperation by 12.5%, and further discounted for admissions and disposal by 32.5%).

  • A published statement in the form of a Severe Reprimand; and
  • A declaration that the FY2019 and FY2020 Audit reports signed on behalf of PwC did not satisfy the Relevant Requirements in relation to the matters set out in the FSDN.

PwC will also pay Executive Counsel’s costs of the investigation.

Babcock is a Public Interest Entity (PIE). It is a multinational corporation headquartered in the UK, and its shares are listed on the Main Market of the London Stock Exchange. It provides engineering services and other services (in the UK and internationally) in relation to maintaining, upgrading, operating and managing significant infrastructure and essential equipment. A number of its contracts are UK government contracts, including contracts with the Ministry of Defence.

PwC and Mr Waters have admitted serious and numerous breaches[[1] ] of Relevant Requirements in relation to the auditing of cash pooling; financing arrangements in relation to a specific overseas contract; capitalisation of certain costs on aircraft; an intangible asset; assessment of goodwill impairment; certain credit notes on aircraft; and two long-term contracts, across both audit years. Material restatements were made in the FY2021 financial statements to correct prior period errors associated with some of the breach areas.

PwC and Mr Waters failed to exercise adequate professional scepticism and to obtain sufficient appropriate audit evidence in all those areas of the audits, and to achieve fair presentation and compliance with accounting standards in five areas. In these areas, they failed adequately to challenge management as to whether management’s accounting approach was compliant with the financial reporting framework, and demonstrated an insufficient audit response to the risk of material misstatement.

With regard to Mr Waters’ position, he faced severe challenges in discharging his responsibilities as audit engagement partner, including as a consequence of being appointed to the FY2019 Audit at short notice, after the audit had commenced, and not having had the opportunity for any handover from his predecessor. The COVID-19 pandemic made the FY2020 Audit significantly more difficult.

As part of the sanctions accepted by PwC, PwC has agreed to examine and report to the FRC on aspects of its processes in respect of the change of audit engagement partners during an ongoing audit and the response to indicators of increasing audit risk during an engagement.

The Respondents’ exceptional level of cooperation during the investigation by Executive Counsel of the breaches is demonstrated by the following facts and matters:

  • PwC undertook two separate critical self-reviews of different areas of the FY2019 and FY2020 audits at the request of Executive Counsel, and disclosed their findings to Executive Counsel;
  • PwC undertook a Root Cause Analysis to identify the underlying causes of the audit failings, and disclosed their findings to Executive Counsel; and
  • Mr Waters participated fully in the self-reviews and Root Cause Analysis and fully co-operated with Executive Counsel’s investigation.

“In March 2023, the FRC announced sanctions against PwC and two audit engagement partners in relation to the FY2017 and FY2018 audits of Babcock and one of its subsidiaries.

Following a separate investigation in relation to the FY2019 and FY2020 audits, PwC and the new audit engagement partner appointed in relation to those financial years have admitted serious and numerous breaches. These included significant contraventions of the fundamental requirements to perform an audit with adequate professional scepticism and to evaluate effectively whether the financial statements complied with accounting standards and achieved fair presentation of the underlying transactions. The quality of these audits fell short of the standards expected of statutory auditors.

The FRC acknowledges that the audit engagement partner assumed his role in FY2019 in challenging circumstances. In such circumstances, however, the firm and the audit engagement partner should together have ensured that those challenges were appropriately addressed, and the audit work performed in accordance with applicable standards.”

Penrose Foss, Executive Counsel:

Read the Final Settlement Decision Notice.

 https://www.frc.org.uk/news-and-events/news/2026/07/sanctions-against-pricewaterhousecoopers-llp-and-mr-john-waters/