6 tips for creating a good whistleblower policy 

A whistleblower policy is an important part of internal control systems, ethics, and compliance within an organisation. The new EU Whistleblowing Directive and subsequent national whistleblower laws, have further accelerated the progress as they outline requirements for implementing secure and anonymous whistleblower channels.

The goal for companies is to create an internal corporate culture of trust and encourage employees to speak up about existing problems within the organisation. 

6 tips for creating a good whistleblower policy 

1. Clear communication and education for all employees about ethical guidelines and policies 
2. Information about whistleblowing and reporting channels 
3. A walkthrough of how whistleblowers are protected by the law 
4. A comprehensive guide about the internal whistleblowing process and reporting channels 
5. Examples of misconduct, what is a whistleblowing case and what is not  
6. Mention consequences (but refrain from using zero tolerance) 

1. A good whistleblower policy is all about communication 

By law, all whistleblowers must be protected from any form of retaliation. Make sure that everyone concerned, not just employees, knows how to report misconduct, and are aware they can do so anonymously. Make sure all employees are educated on the company’s values and acknowledge issues that may be unique to your organisation. 

The whistleblower policy should also include a definition of what is a whistleblower. A commonly used definition is a person (often, but not always, an employee), who reveals information about misconduct or activities that are considered illegal, immoral, unsafe or fraudulent. 

2. Information must be provided on both internal and external reporting channels. 

The EU Whistleblower Directive requires all organisations with 50 or more employees to implement internal reporting channels. These channels should be the first choice for reports of wrongdoings or misconduct. In addition to these channels, member states are also obliged to appoint authorities who will maintain external reporting channels.  

3. Describe how the whistleblower is protected in the policy 

The Whistleblower Directive will protect individuals who report misconduct, as well as everyone who assisted the whistleblower in any way. To be protected, the whistleblower must have good reason to believe the information was true and valid at the time of reporting.  

You can read more about the EU Whistleblower Directive here.  

4. Describe the whistleblower process and reporting channels 

Creating a whistleblower policy, you should outline how the organisation’s internal whistleblowing solutions work, and how the whistleblower reports will be managed. 

i) What are the secure internal channels? 

You must facilitate anonymous reporting, in a secure manner. Is it possible to file a report by phone, through a messaging system, at a physical meeting or via an online platform? Explain what the options are and where to find the organisation’s different report channels. 

ii) Who will receive the reports? 

The whistleblowing policy must state who will receive the report, follow up, and outline who may have access to the information. It should also include information about the whistleblowing process and what the whistleblower can expect after submitting a report. According to the EU Whistleblower Directive, the person submitting a report should receive a confirmation receipt within 7 days and feedback regarding the case within three months, at the latest. 

iii) What kind of feedback can you expect?  

The whistleblower always has the right to receive feedback on the report, even if it is not possible to disclose details about the investigation, for example due to legal impediments. The whistleblower policy can include examples of appropriate feedback, such as reaching out to the whistleblower (anonymously via the whistleblower system) and thanking them for the report. You can also confirm that an investigation has been carried out and give a brief update on the status or possible measures. 

If the whistleblower does not receive an update after reporting, is it easy to assume that nothing will change. Therefore, the likelihood of a whistleblower sounding the alarm again in the future are slim. 

5. What can be addressed in the whistleblower system? 

Obvious cases for the whistleblower system are violations of national and union laws. Other examples include serious cases of misconduct or events that pose a risk to the environment or for other people’s safety, events that may have a negative impact on the company’s finances or conduct that is not in line with the company’s ethical policies. 

Read more: 7 examples of workplace misconduct 

What is not whistleblowing? 

The whistleblower policy can also include a reminder that personal issues (such as job satisfaction or grievances) are not meant for the whistleblowing system. Employees can raise such issues, for example, with their manager or the company’s HR department. 

Read more about what is and what isn’t whistleblowing 

6. Avoid a whistleblower policy of zero tolerance 

It is crucial to have policies and procedures in place. This is particularly important when talking about illegal activities, misconduct that could threaten employees or public safety, or wrongdoings that could potentially harm the company.  

The consequences for minor misconduct must not be perceived as unreasonably severe, as it may deter employees from reporting. Therefore, a good whistleblower policy should include specific examples of misconduct and what disciplinary actions may result. The measures should be precise and reasonable. 

The goal of creating a good whistleblower policy 

A whistleblower policy is a first step in building a positive corporate culture that consists of trust and integrity. A good whistleblower policy should encourage ethical behaviour and be the foundation for a transparent and fair process. It must be extremely clear where to go and what kind of problems you can address in the whistleblower system. The policy should also contain references to both the national legislation and to the company’s code of conduct or other ethical policies. Creating a good whistleblower policy is important to help employees trust the process, and thereby feel confident in blowing the whistle when they witness wrongdoing. 

Read more: Get started with whistleblowing 

Would you like to learn more about a whistleblowing service and safe internal reporting channels? Read more about the EU Whistleblowing Directive here and at EUR-Lex.

Are you looking for a safe and secure whistleblowing solution? Read more here.

Would you like to discuss a whistleblowing system for your organisation?
Please contact us or book a free demo!