Edward Snowden. Katharine Gun. Antoine Deltour. John Doe. Bradley Birkenfeld. Howard Wilkinson. History shows that whistleblowers rarely get the thanks they deserve.
Yet without them, we might never know about the United States surveillance program (PRISM), the tax deals struck by multinationals (LuxLeaks), the lengths the rich and famous go to conceal their wealth (Panama Papers) or countless other misdemeanours.
- Why do you need a whistleblowing policy?
- What should be in your whistleblowing policy?
- EU whistleblowing rules
- How to deal with employee disclosures
- Whistleblowing to a prescribed person
Whistleblowers often pay a heavy price for speaking the truth: smear campaigns, financial ruin, untold stress and problems getting another job.
No surprise then that many more choose to remain silent for every person who speaks out - fearing retaliation or reprisal.
- Research by Eugene Soltes found that while 46% of workers were likely to report the theft of company property and 41% fraudulent accounting, only 27% would report inappropriate gift-giving.
- 20% of whistleblowing hotlines do not function properly or allow whistleblowers to maintain anonymity.
1. Why do you need a whistleblowing policy?
Staff are often reluctant to bring misconduct to the attention of management. That's why you need to create an open, transparent and safe environment where workers feel able to speak up.
Fortunately, the law protects whistleblowers. People should not be treated unfairly or lose their jobs because they raised the alarm on corporate misconduct.
A company's whistleblowing policy will depend on the size and nature of the organisation. Large organisations may have a policy where employees can contact their immediate manager or a specific team of trained individuals to handle whistleblowing disclosures. Smaller organisations may not have sufficient resources to do this.
2. What should be in your whistleblowing policy?
In the UK, workplace whistleblowing policy should establish a company's commitment to safeguarding whistleblowers from detrimental treatment as set out by the Public Interest Disclosure Act 1998.
It should be simple, easily understood and include:
- An explanation of what whistleblowing is, particularly concerning the organisation
- A commitment to training workers at all levels of the organisation concerning whistleblowing law and the organisation's policy
- A commitment to consistent and fair treatment of all disclosures
- A commitment to confidentiality by taking all reasonable steps to protect the identity of whistleblowers where it is requested (unless required by law to break that confidentiality)
- Clarification that any so-called 'gagging clauses' in settlement agreements do not prevent workers from making disclosures in the public interest
3. EU whistleblowing rules
From December 2021, there are rules to enhance whistleblower protection across the EU. Whilst similar to those in the UK, they are far from identical.
- Provide a hierarchy of safe reporting channels - if your company has over 50 employees. In the first instance, reports are to be made within the organisation and then via external channels, which public authorities are obliged to set up.
NB Anyone choosing to report externally will not lose any of the protections. - Prepare for the widening scope - the EU rules cover financial services, public procurement, prevention of money laundering, product and transport safety, nuclear safety, consumer and data protection.
- Support & protect whistleblowers from retaliation - including suspension, demotion and intimidation. Measures include independent information and advice, assistance from competent authorities, legal aid in criminal and cross-border proceedings and financial support. Colleagues and relatives must be protected too.
- Follow up whistleblower reports within three months
There are also provisions to protect whistleblowers from liability to prevent companies from misusing copyright, defamation, copyright or insider dealing legislation to silence or threaten whistleblowers.
4. How to deal with employee disclosures
After the employee discloses information, it is good practice to hold a meeting with the whistleblower to gather all the information needed to understand the situation.
In some cases, the parties may reach a suitable conclusion through an initial conversation with a manager. There may be a need for a formal investigation in more serious cases. Your company will need to decide the most appropriate action to take.
Best practices for dealing with whistleblowing disclosures
- Have a facility for anonymous reporting
- Treat all disclosures seriously and consistently
- Provide support to the worker during what can be a difficult or anxious time with access to mentoring, advice and counselling
- Reassure the whistleblower that their disclosure will not affect their position at work, and you will protect their confidentiality
- Produce a summary of the meeting for record-keeping purposes and provide a copy to the whistleblower
- Allow a trade union representative or colleague to accompany the worker at meetings about the disclosure
5. Whistleblowing to a prescribed person
Ideally, you'd want your employees to feel they could make a disclosure directly to their organisation. However, there may be circumstances where they feel unable to. In this case, a whistleblower can make an external disclosure to what is referred to as a prescribed person.
Prescribed persons are mainly regulators and professional bodies but can also include other persons and bodies such as MPs. The relevant prescribed person depends on the subject matter of the disclosure, so a disclosure about wrongdoing in a care home could be made to the Care Quality Commission, for example.
A worker might choose to approach the media directly with their concerns. The only issue with this is that they can expect to lose the rights accorded to them by law in most cases.
Want to learn more about Risk Management?
We’ve created a comprehensive Enterprise Risk Management roadmap to help you navigate the compliance landscape, supported by IIRSM-accredited e-learning in our Risk Management Course Library. The IIRSM approves quality content and integrates risk decision-making to help keep people and organisations safe, healthy and resilient.
We also have 100+ free compliance training aids, including assessments, best practice guides, checklists, desk aids, eBooks, games, posters, training presentations and even e-learning modules!
Finally, the SkillcastConnect community provides a unique opportunity to network with other compliance professionals in a vendor-free environment, priority access to our free online learning portal and other exclusive benefits.