Companies are increasingly putting whistleblowing policies and guidelines in place. It’s a great initiative, but where do you start? For many organizations, it's a new process and they are writing a whistleblowing policy for the first time.
Our goal is to help you understand the best practices in writing a whistleblowing policy. We'll walk you through what you need in your policy document and what sections you should have. Finally, we will wrap it up by providing you with some inspiration with a template you can use to kickstart your policy. Our objective with the template is that it reads easily and helps you clearly communicate your whistleblowing guidelines.
Step 1: Start With Your Purpose
The first section of your whistleblowing policy should focus on the big picture. Start with your overall goals and what you want to achieve through your whistleblowing program. Next, outline what conduct employees should report as well as who falls under your whistleblowing policy.
Overall Goals
From the beginning, it is good to outline, in bullet points, the goals of your whistleblowing program. It’s a chance to clearly and concisely communicate what you want your program to achieve. Keep it short, make it very clear, and ensure these are very tangible goals. Examples can look like:
- Every employee should have the chance to speak up anonymously when they feel we are not adhering to our corporate values.
- We commit to protecting informants' identities and they only need to reveal themselves if they choose to.
- We will investigate every report of misconduct and provide feedback when appropriate.
The Commitment Of Your Organisation
Here is where you can communicate your organization's commitment to hearing from whistleblowers. Your commitment should focus on the broader, aspirational elements like “employees should feel safe in expressing their concerns” and “employees will not face retaliation or abuse”.
What Conduct Should Be Reported
When creating your whistleblowing guidelines, it’s important to identify what behavior you want employees to report. Some behaviors like theft, fraud, harassment, and discrimination are very clear-cut. A best practice is listing out the acts of misconduct you want employees to report to aid clarity.
Who Falls Under Your Policy
You want to identify who inside and outside your organization will come under your policy. Typically all employees would come under it, but you also want to define if your policy covers other parties like contractors, partners, and former employees.
Step 2: Follow With Your Process
If your purpose is the “why” and "what", then your process is the “how”. In this section, you want to clearly outline each step an employee will take and what options they have available along the way.
What Options Employees Have To Make A Disclosure
A robust whistleblowing policy provides options for how to make a disclosure. An increasing number of employees report through web and mobile-based whistleblowing software. Additionally, there can be a phone hotline, submission via email, and even submission through the post.
Where Do Employees Make A Report
In many organizations, employees don't know where to make a report. Your whistleblowing policy is where you make it clear on where to report. If you use a digital platform, direct employees to a website to submit a report.
What Happens If They Choose To Remain Anonymous
Anonymity is a big part of any whistleblower policy. It's important to note that the informant does not need to identify themselves when they make their initial report. However, it's prudent to mention that in some cases, an investigation cannot continue without knowing the informant's identity, which is ultimately the informant's choice.
What Is The Investigative Process
Use your whistleblowing policy to set expectations regarding the steps you will take and how much time you need. If employees know the process, they will have more confidence in the ultimate result.
The Use of 3rd Parties For Receiving Reports & Investigating
Your policy should outline how you work with third parties such as accounting firms, legal firms, or specialized investigative firms. If you are using a web-based whistleblowing software like Whispli, it’s good to include it in your policy so your staff knows it's an independent provider.
Who Is Alerted About The Report
Your policy should identify who receives an alert. There can be different stakeholders depending on what type of misconduct is reported. For example, Legal might handle fraud, while Human Resources handles sexual harassment.
Step 3: Outline How You Protect The Informant After Reporting
All informants want to know how they will be protected. This section discusses specific protections you provide an informant after they've submitted a report.
Anonymity
Focus on how anonymity works after submitting a report. The informant has the right to remain anonymous at any time during the investigation process.
Potential Retaliation
Document the steps you will take to protect an informant from direct retaliation, such as:
- Being terminated.
- Performance management.
- Workplace bullying.
- Discrimination.
How Do You Deal With Retaliation
Outline in clear language that those who retaliate will face disciplinary action, including the potential to be terminated from their roles.
Protection & Immunity For Others
Communicate that the same protections afforded to an informant also apply to witnesses as a result of their involvement in an investigation.
Step 4: Identify Key Roles & Responsibilities
It’s important to identify who in the organization owns your whistleblowing policy and program. Medium and smaller organizations might house this in Legal, Compliance, or Human Resources.
The goal of documenting your roles and responsibilities is to provide employees with clarity on who will be involved.
.png)
Step 5: And Finish With Governance
The last section details the governance of your whistleblowing program. Governance provides the link from the organization to your Board of Directors.
Changes To Your Whistleblowing Policy
Document who is involved when you change your whistleblowing policy and who ultimately approves this. Your policy should also contain a changelog.
Report To Your Board Of Directors
It's important to make sure there is a link from your whistleblowing policy to your Board of Directors. Provide details about how often you update the board and what metrics you share.
Writing your whistleblower policy is just the first step. It needs to live and you have to consistently communicate it to your organization. Establishing an effective whistleblowing program is an ongoing effort.
Conclusion
A whistleblowing policy is more than just a legal requirement; it is a declaration of your organization’s values. While the steps outlined above provide the necessary framework, the ultimate success of your program hinges on trust. A policy is only as effective as the confidence your employees have in the systems that support it.
This is where Whispli transforms a document into a reality. We don't just help you check a compliance box; we provide the secure, anonymous bridge that turns a written policy into a living culture of integrity. By combining a clear, well-structured policy with our intuitive, mobile-first platform, you remove the friction and fear often associated with speaking up.
Remember, writing the policy is just the starting line. To truly protect your organization, you must consistently communicate your commitment and provide your team with a tool they actually feel comfortable using. Start with a strong foundation, and let Whispli ensure the anonymity and security that makes your policy a true safe haven for your employees.
With your policy framework now clear, do you feel your current internal culture is ready to embrace these "courageous conversations," or is there still some groundwork needed to build trust with the rank-and-file?
%201.avif)
%201%20(2).avif)
%201%20(1).avif)
