Most businesses encourage their employees to raise whistleblowing disclosures directly via their internal whistleblowing reporting channels rather than disclosing the matter directly to a regulator. This has the advantage of enabling the business to consider and address any issues proactively and promptly. As a result, it is vital that organisations have appropriate policy and procedures in place to effectively manage any whistleblowing disclosures.
However, dealing with whistleblowing disclosures raised by employees can be complicated and riskier than typical workplace investigations. They use many of the same investigative elements but there are several key differences, particularly concerning the anonymity of the whistleblower. The cost of getting it wrong could be significant and that’s before we consider the reputational damage that could result from a whistleblowing claim.
Given the continued focus on whistleblowing, to assist businesses in effectively managing any whistleblowing reports received, we set out below some key practical steps for businesses to consider when a whistleblowing disclosure is raised:
- Undertake a Risk Quality Assessment - All whistleblowing disclosures received by a business should be risk assessed. An effective risk assessment will allow the business to identify whether the disclosures raised have the potential to significantly impact the business. They will also allow the business to identify any potentially affected or relevant stakeholders. Assessment may also allow the identity of disclosures that are not within the scope of whistleblowing policy and may be required to be dealt with in accordance with another procedure.
- Engage with all appropriate stakeholders - When a whistleblowing matter has been risk assessed an organisation should decide whether to engage with appropriate stakeholders (e.g., human resources, legal, compliance). When contacting other stakeholders, it is vital not to compromise the trust, impartiality, and protection of the investigation.
- Create an Investigation Plan - An investigation plan should be prepared and evaluated by an experienced and knowledgeable representative before investigative action commences. Investigations should comply with labour law, confidentiality, and data protection requirements. The plan should outline that the investigation is adequately resourced. The investigation process should be robust enough to withstand administrative, operational, and legal review. Clear terms of reference and scope should be defined and documented.
- Follow due process - Due process should be observed in any investigation arising out of a whistleblower disclosure. For example, the investigation should be conducted without prejudice and the subject of the report of wrongdoing should be given the right to respond as required and given the option to be assisted.
- Securing evidence - Ideally, all relevant documents and investigation results should be saved in the secure Case Management area of the businesses whistleblowing system. The Case Management system should secure and protect all evidence. The personal data should be managed in line with data protection compliance. An audit trail should be maintained relating investigation activities back to the approved investigation plan.
SeeHearSpeakUp delivers whistleblowing solutions to companies globally. Should you wish to seek a quote for these service please click here. Alternatively for more information, contact the team on +44 (0) 1224 625111 or shsusales@aab.uk.