Tips for Creating a Whistleblower Policy

Whistleblower policies encourage the staff, volunteers and others of an organization to discreetly provide credible information on any illegal practices or violations of organizational policies. The policies protect individuals who take risks to report these illegal or unethical practices. In its Report to the Nations, the Association of Certified Fraud Examiners identified tips as the number one method by which fraud is detected. Whistleblower policies, and the use of hotlines, are important to ensuring tips are received by the organization.

IRS Form 990 asks nonprofits to report whether they have adopted a whistleblower policy. Although no federal law specifically requires organizations to have such policies in place, several state laws do.

Policy Essentials

Your whistleblower policy should be tailored to your organization’s unique circumstances. Here are some general tips to consider when forming, or refining, the provisions of your policy:

1. Be clear about whom the policy covers. Completely spell out who’s covered by your policy. In addition to employees, volunteers and board members, you might want to include clients and third parties that conduct business with your organization, such as vendors and independent contractors.

2. State which kinds of wrongdoing are covered. Financial misdeeds often get the most attention, but whistleblower policies can have a longer reach. For example, you might include violations of your organization’s client protection policies, conflicts of interest and unsafe work conditions.

3. Spell out reporting procedures. Explain the procedures for reporting concerns. Is a confidential hotline available? Must claims be made to a compliance officer or can they be reported anonymously? Whom can whistleblowers turn to if the designated individual is suspected of wrongdoing? Your procedures should be clear and simple enough to encourage individuals to come forward.

4. Describe investigative procedures. State that every concern raised by a whistleblower will be promptly and thoroughly investigated and that designated investigators will have adequate independence to conduct an objective query. Ideally, the investigators should report directly to the organization’s board of directors.

5. Describe post-investigation steps. Let everyone know what will happen after the investigation is complete. For example, will the reporting individual receive feedback? Will the individual responsible for the illegal or unethical behavior be punished? If the organization opts not to take corrective action, be sure to document the reasoning for this.

6. Promise confidentiality. A guarantee of confidentiality can make whistleblowing more appealing. But it may not be possible to make such promises if the whistleblowers need to become witnesses in criminal or civil proceedings. However, your policy should assure confidentiality to the greatest extent possible.

7. Describe disciplinary action. Not every whistleblower is motivated by pure intentions. State that your organization will take disciplinary action against individuals who make unfounded allegations which are reckless, malicious or intentionally false.

8. Forbid retaliation. A critical component of a whistleblower policy is a prohibition against retaliation. Make clear that no retaliation — including harassment, termination or blacklisting — will be tolerated against anyone who raises concerns about potentially illegal or otherwise wrongful practices in good faith. Good faith means the individual has a reasonable belief that a problem exists. Specify the party to whom complaints of retaliation can be addressed. Violators should be disciplined promptly and appropriately.

The Message of a Strong Commitment

Whistleblower policies send a strong message about an organization’s commitment to good governance and ethical behavior. You should make sure that your policy echoes your adherence to an environment of accountability and employee empowerment.

Join Our Newsletter

Sign up to receive exclusive newsletters with the latest information affecting you and your organization.

Posted in