Whistleblowing about internal and external malpractices is vital for the functioning and survival of companies. But you need a process that is trusted.
Edward Snowden. Katharine Gun. Antoine Deltour. John Doe. Bradley Birkenfeld. Howard Wilkinson. History shows that whistle-blowers rarely get the thanks they deserve.
Yet without them, we might never know about the United States surveillance program (PRISM), the tax deals struck by multinationals (LuxLeaks), the lengths the rich and famous go to conceal their wealth (Panama Papers) or countless other misdemeanours.
Whistleblowers often pay a heavy price for speaking the truth: smear campaigns, financial ruin, untold stress and problems getting another job.
No surprise then that for every person who speaks out, many more choose to remain silent - fearing retaliation or reprisal.
- Research by Eugene Soltes found that while 46% of workers were likely to report the theft of company property and 41% fraudulent accounting whilst only 27% would report inappropriate gift-giving.
- 20% of whistleblowing hotlines do not function properly or allow whistleblowers to maintain anonymity.
Why do you need a whistleblowing policy?
Staff are often reluctant to bring misconduct to the attention of management. That's why you need to create an open, transparent and safe environment where workers feel able to speak up.
Fortunately, whistleblowers are protected by law. People should not be treated unfairly or lose their job because they raised the alarm on corporate misconduct.
A company's whistleblowing policy will depend on the size and nature of the organisation. Large organisations may have a policy where employees can contact their immediate manager or a specific team of individuals who are trained to handle whistleblowing disclosures. Smaller organisations may not have sufficient resources to do this.
What should be in your Whistleblowing Policy?
In the UK workplace whistleblowing policy should clearly set out a company's commitment to safeguarding whistleblowers from detrimental treatment as set out by the Public Interest Disclosure Act 1998.
It should be simple, easily understood and include:
- An explanation of what whistleblowing is, particularly in relation to the organisation
- A commitment to training workers at all levels of the organisation in relation to whistleblowing law and the organisation’s policy
- A commitment to consistent and fair treatment of all disclosures
- A commitment to confidentiality by taking all reasonable steps to protect the identity of whistleblowers where it is requested (unless required by law to break that confidentiality)
- Clarification that any so-called ‘gagging clauses’ in settlement agreements do not prevent workers from making disclosures in the public interest
EU whistleblowing rules
From December 2021, there are rules to enhance whistleblower protection across the EU. Whilst similar to those in the UK, they are far from identical.
- Provide a hierarchy of safe reporting channels - if your company has over 50 employees. In the first instance, reports are to be made within the organisation and then via external channels, which public authorities are obliged to set up.
NB Anyone choosing to report externally will not lose any of the protections. - Prepare for the widening scope - the EU rules cover financial services, public procurement, prevention of money laundering, product and transport safety, nuclear safety, consumer and data protection.
- Support & protect whistleblowers from retaliation - This includes suspension, demotion and intimidation. Measures include independent information and advice, assistance from competent authorities, as well as legal aid in criminal and cross-border proceedings and financial support. Colleagues and relatives must be protected too.
- Follow up whistleblower reports within three months
There are also provisions to protect whistleblowers from liability to prevent companies from misusing copyright, defamation, copyright or insider dealing legislation to silence or threaten whistleblowers.
How to deal with employee disclosures
Once a disclosure has been made it is good practice to hold a meeting with the whistleblower to gather all the information needed to understand the situation.
In some cases, a suitable conclusion may be reached through an initial conversation with a manager. In more serious cases there may be a need for a formal investigation. Your company will need to decide what the most appropriate action to take is.
Best practices for dealing with whistleblowing disclosures
- Have a facility for anonymous reporting
- Treat all disclosures seriously and consistently
- Provide support to the worker during what can be a difficult or anxious time with access to mentoring, advice and counselling
- Reassure the whistleblower that their disclosure will not affect their position at work and you will protect their confidentiality
- Produce a summary of the meeting for record-keeping purposes and provide a copy to the whistleblower
- Allow the worker to be accompanied by a trade union representative or colleague at any meeting about the disclosure, if they wish to do so
Blowing the whistle to a prescribed person
Ideally, you'd want your employees to feel they could make a disclosure directly to their organisation. However, there may be circumstances where they feel unable to. In this case, a whistleblower can make an external disclosure to what is referred to as a prescribed person.
Prescribed persons are mainly regulators and professional bodies but can also include other persons and bodies such as MPs. The relevant prescribed person depends on the subject matter of the disclosure, so a disclosure about wrongdoing in a care home could be made to the Care Quality Commission for example.
A worker might choose to approach the media directly with their concerns. The only issue with this is that in most cases, they can expect to lose the rights accorded to them by law.
Want to learn more about Risk Management?
If you'd like to stay up to date with risk management best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. And if you're looking for a compliance training solution, why not visit our Risk Management Course Library.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!
