Upcoming Webinar: August 22, 2024 @ 12:30 P.M. (ET)  |  How to Investigate Anonymous Complaints |  Register Today!

Serious insight for serious situations.

Serious insight for serious situations.

<< Back to all posts

Whistleblower Series: Crafting an effective whistleblower policy

While you’re here, you may wish to attend one of our upcoming workshops:

Workplace Investigation Fundamentals
16 Jul - 18 Jul at
in Online
If a complaint of workplace harassment is made, do you know how to respond, investigate, and report on it — legally and correctly? If you don’t, you are not alone. This 3-day course is a crucial primer for today’s climate. Investigate mock complaints (inspired by our work across the country) from start to finish, build your investigation skills, and learn how to avoid costly pitfalls. The third day focuses on mastering report writing.
Event is fullJoin waiting list

In my last blog, I wrote about whistleblower programs. In this blog, I’ll cover whistleblower policies.

Admittedly, writing about policy writing may not be the most exciting topic. It is, however, a really important one. A good policy is what sets up a whistleblower program for success. If done well, it can also give important information about what the whistleblower program entails to those who are thinking of reporting wrongdoing.

The starting premise is that a whistleblower program is not really a whistleblower program unless it gives whistleblowers some form of protection for coming forward. This protection must be set out in the whistleblower program’s policy. There are two key types of protection:

1. Confidentiality: The whistleblower policy should speak to the confidentiality that is afforded to those who report wrongdoing. It can also include, for example, restrictions on those who are involved in the whistleblower program regarding the disclosure of information relating to whistleblower reports. (Confidentiality in whistleblower matters is not, however, straightforward and I will explore this topic further in another blog.)

2. Retaliation: The policy should protect whistleblowers from retaliation. For example, the policy can set out that retaliation against whistleblowers is prohibited, the potential consequences for retaliating, and an avenue that whistleblowers can use to report retaliation.

Both of these protections can (and should) be extended to others who participate in a whistleblower investigation (e.g., witnesses who give evidence). Such protections can encourage witnesses to participate in the investigation process, and gives investigators something useful to rely on when communicating with witnesses about their participation.

I’ve compiled below a list of other things that are typically included in whistleblower policies:

  • Definition of wrongdoing: The policy should set out what can be reported through the whistleblower program. Typically, this includes things like fraud, accounting irregularities, misuse or waste of company assets, illegal acts, contraventions of the entity’s code of conduct or other policies, etc. When deciding what can be reported, it is important to strike a balance between a definition that is too specific, and one that is overly broad. If “wrongdoing” is defined in a way that is too limited, then the organization may miss the opportunity to hear about some serious issues. If it is too broad, then the program will be used as a “catch all,” which can take up resources unnecessarily and dilute the program’s value.
  • Exceptions: Some organizations expressly set out in their whistleblower policy what types of matters should not be reported through the whistleblower program (e.g., matters that are being dealt with through another dispute resolution mechanism, such as a grievance process).
  • Policy application: The policy should include information about who can report wrongdoing, and about whom the wrongdoing can be reported. Here, the organization would have to decide whether the program is confined to its employees or whether it also applies to others, such as its contractors, customers, etc.
  • Reporting mechanisms: The policy should clearly indicate how reports of wrongdoing can be made. There are usually various avenues that whistleblowers can use and these should all be listed in the policy. More on this in my next blog.
  • Roles and responsibilities: The policy should set out who is responsible for doing what. For example, the policy can state who will be responsible for receiving whistleblower reports and who has responsibility for the program.
  • Intake and investigation: The policy should describe what the organization will do when it receives a whistleblower report.
  • Conflicts of interest: It’s a good idea to include in the policy how reports about those involved in the whistleblower program can be made. I think that it sends a good message that the policy applies uniformly to everyone in the organization. Practically, it is also easier if there is already an established process in place to deal with this type of report.
  • Communication about the program: I am a strong proponent of ensuring that there is an effective strategy in place to communicate the whistleblower program’s existence. If no one knows that the whistleblower program exists, then it obviously won’t be used.
  • Support: Some organizations offer legal support to individuals involved in the whistleblowing process and this too can be included in the policy (there would normally be discretion involved in granting such support).

Ultimately, when drafting the policy, the organization will want to decide what it wants its whistleblower program to look like and how they want it to function. It pays off to engage in this process carefully, rather than to put together a policy haphazardly. However, there is a certain amount of “trial and error” involved and for that reason, it is always a good idea to review the policy yearly and make adjustments as necessary.

Whistleblower & Ombuds Services

If you wish to learn more about our Whistleblower & Ombuds Services. Click here.