Today, most people would agree that creating a whistleblower policy is an important part of internal control systems, ethics, and compliance within an organisation. The new EU Whistleblowing Directive and subsequent national whistleblower laws, have further accelerated the progress as they outline requirements for implementing secure and anonymous whistleblower channels.
The goal for companies is to create an internal corporate culture of trust and encourage employees to speak up about existing problems within the organisation.
By law, all whistleblowers must be protected from any form of retaliation. Make sure that everyone concerned, not just employees, knows how to report misconduct, and are aware they can do so anonymously. Make sure all employees are educated on the company’s values and acknowledge issues that may be unique to your organisation.
The whistleblower policy should also include a definition of what is a whistleblower. A commonly used definition is a person (often, but not always, an employee), who reveals information about misconduct or activities that are considered illegal, immoral, unsafe or fraudulent.
The EU Whistleblower Directive requires all organisations with 50 or more employees to implement internal reporting channels. These channels should be the first choice for reports of wrongdoings or misconduct. In addition to these channels, member states are also obliged to appoint authorities who will maintain external reporting channels.
The Whistleblower Directive will protect individuals who report misconduct, as well as everyone who assisted the whistleblower in any way. To be protected, the whistleblower must have good reason to believe the information was true and valid at the time of reporting.
You can read more about the EU Whistleblower Directive here.
Creating a whistleblower policy, you should outline how the organisation’s internal whistleblowing solutions work, and how the whistleblower reports will be managed.
i) What are the secure internal channels?
You must facilitate anonymous reporting, in a secure manner. Is it possible to file a report by phone, through a messaging system, at a physical meeting or via an online platform? Explain what the options are and where to find the organisation’s different report channels.
ii) Who will receive the reports?
The whistleblowing policy must state who will receive the report, follow up, and outline who may have access to the information. It should also include information about the whistleblowing process and what the whistleblower can expect after submitting a report. According to the EU Whistleblower Directive, the person submitting a report should receive a confirmation receipt within 7 days and feedback regarding the case within three months, at the latest.
iii) What kind of feedback can you expect?
The whistleblower always has the right to receive feedback on the report, even if it is not possible to disclose details about the investigation, for example due to legal impediments. The whistleblower policy can include examples of appropriate feedback, such as reaching out to the whistleblower (anonymously via the whistleblower system) and thanking them for the report. You can also confirm that an investigation has been carried out and give a brief update on the status or possible measures.
If the whistleblower does not receive an update after reporting, is it easy to assume that nothing will change. Therefore, the likelihood of a whistleblower sounding the alarm again in the future are slim.
Obvious cases for the whistleblower system are violations of national and union laws. Other examples include serious cases of misconduct or events that pose a risk to the environment or for other people’s safety, events that may have a negative impact on the company’s finances or conduct that is not in line with the company’s ethical policies.
Read more: 7 examples of workplace misconduct
What is not whistleblowing?
The whistleblower policy can also include a reminder that personal issues (such as job satisfaction or grievances) are not meant for the whistleblowing system. Employees can raise such issues, for example, with their manager or the company’s HR department.
Read more about what is and what isn’t whistleblowing
It is crucial to have policies and procedures in place. This is particularly important when talking about illegal activities, misconduct that could threaten employees or public safety, or wrongdoings that could potentially harm the company.
The consequences for minor misconduct must not be perceived as unreasonably severe, as it may deter employees from reporting. Therefore, a good whistleblower policy should include specific examples of misconduct and what disciplinary actions may result. The measures should be precise and reasonable.
A whistleblower policy is a first step in building a positive corporate culture that consists of trust and integrity. A good whistleblower policy should encourage ethical behaviour and be the foundation for a transparent and fair process. It must be extremely clear where to go and what kind of problems you can address in the whistleblower system. The policy should also contain references to both the national legislation and to the company’s code of conduct or other ethical policies. Creating a good whistleblower policy is important to help employees trust the process, and thereby feel confident in blowing the whistle when they witness wrongdoing.
Read more: Get started with whistleblowing
Are you looking for a safe and secure whistleblowing solution? Read more here.
If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.
Philippa Johnsson, Whistlelink
Test our whistleblowing system free for a month
HAPPY TO MEET YOU!