How To Write A Whistleblowing Policy & Downloadable Template
Companies are increasingly putting whistleblowing policies and guidelines in place. It’s a great initiative, but where do you start? For many organisations, it's a new process and they are writing a whistleblowing policy for the first time.
Our goal is to help you understand what are the best practices in writing a whistleblowing policy. We'll walk you through what you need in your policy document and what sections you should have. Finally, we will wrap it up by providing you with some inspiration with a template you can use to kickstart your policy. Our objective with the template is that it reads easily and helps you clearly communicate your whistleblowing guidelines.
Step 1: Start With Your Purpose
The first section of your whistleblowing policy should focus on the big picture. Start with your overall goals and what you want to achieve through your whistleblowing program. Next, outline what conduct employees should report as well as who falls under your whistleblowing policy.
- Every employee should have the chance to speak up anonymously when they feel we are not adhering to our corporate values. They should have a place to report misconduct, every report will be heard and acted on, and we will make improvements based on the results.
- We believe everyone should be able to make reports anonymously. We commit to protecting informant's identities and they only need to reveal themselves if they choose to.
- We will investigate every report of misconduct. At the end of the investigation, we will document the results and provide feedback when appropriate.
The Commitment Of Your Organisation
What Conduct Should Be Reported
Who Falls Under Your Policy
Step 2: Follow With Your Process
What Options Employees Have To Make A Disclosure
Where Do Employees Make A Report
What Happens If They Choose To Remain Anonymous
What Is The Investigative Process
The Use of 3rd Parties For Receiving Reports & Investigating
- Web-based whistleblowing software
- Accounting firms
- Lawyers & legal firms
- Specialised investigative or forensic firms
- Hotline providers
- Human resources consultants
If you are using a web-based whistleblowing software, it’s good to include it in your policy so your staff know it's an independent provider. Employees are often confused and believe corporate IT runs the whistleblowing software. This confusion can hold them back from making reports as they're worried about anonymity.
Many organisations use third parties to do the triage of receiving and evaluating the initial reports. They also might conduct investigations as well as provide advice on particularly sensitive matters. Your whistleblowing policy doesn't need to identify every way you plan to engage with a 3rd party. However, it's a best practice to outline how you might engage with 3rd parties as part of your program.
Who Is Alerted About The Report
What Is The Process Of Updating The Informant
What If The Informant Is Not Satisfied With The Result
Step 3: Outline How You Protect The Informant After Reporting
- The informant has the right to remain anonymous and does not need to identify themselves at anytime during the investigation process.
- You use tools and platforms that help protect their identity during and after submitting a report.
- At no time will the organisation force the informant to reveal their identity.
- The informant can refuse to answer questions they feel could identify themselves.
- If the informant reveals themselves at any time, you will document who will have access to their identity. This can include the case manager, whistleblowing program owner, etc.
- Being terminated or having their employment ceased.
- Performance management.
- Harassment on the job or workplace bullying.
- Warnings or disciplinary actions.
- Any other action that can be perceived as retaliation for making a report.
Considered Risk of Retaliation
Already Retaliated Against
Also, detail what protection you will provide. Protection can include putting them on leave, reassigning them, or some other action to provide them with protection.
Retaliation Not Adequately Resolved
How Do You Deal With Retaliation
Separation Of Issues
Protection & Immunity For Others
Legislative/Regulation Protection & Assistance
Step 4: Identify Key Roles & Responsibilities
- What role or team owns the whistleblowing program at the organisation?
- Who is the individual owner of the program?
- What are the individual roles in the program and what responsibilities does each role hold? Examples of this can be the program owner, day-to-day manager, case managers and investigators, etc.
- What team investigates anonymous reports and does that team change based on the type of misconduct being reported? An example could be that sexual harassment allegations are investigated by human resources, whereas fraud is investigated by legal.
- For global companies, is the whistleblowing program managed from the headquarters? Or are people involved across different regions and countries?