Effective whistleblowing policies are an essential part of any business' ESG strategy. An organisation which seeks to operate ethically and with good governance needs to have procedures in place to ensure that staff feel able to raise concerns, to ensure that concerns are investigated effectively and that staff who raise concerns are protected against retaliation. Poor treatment of whistleblowers, or a corporate culture which discourages staff from raising concerns, feature in many a corporate scandal, with the Post Office/Horizon affair only the most recent to have gained prominence.
Whistleblowing touches on each element of ESG. Effective whistleblowing procedures and effective protection against retaliation are crucial to employee relations. From a governance perspective, whistleblowing should be seen as a core part of a business' risk and compliance strategy. Whistleblowers can even have a environmental impact, by highlighting environmentally-damaging practices and greenwashing.
So what are the key elements of effective whistleblowing policies?
Clear and accessible: The policy should be easily accessible to all staff and make it clear how reports can be made. Depending on the size of the business and employee demographics, it may be sensible to have the policy available in different languages or in formats accessible to those with disabilities. The policy should also make it clear which complaints should be dealt with under the grievance policy instead.
Confidentiality: Whistleblowing investigations should be conducted with proper regard for confidentiality. Employers should have systems in place to ensure that documents and emails relating to the investigation can only be accessed on a “need to know” basis.
Requests for anonymity can raise tricky issues for employers, as they can inhibit effective investigation. However, as a matter of best practice, such requests should be accommodated as far as it is possible to do so. In some cases, it will be necessary to weigh up the risk of unfairness to other employees against the risks to the whistleblower if their identity is disclosed.
Protection against retaliation: Policies should make it clear that any retaliation against a whistleblower will be treated as gross misconduct. Difficult issues can arise where an employee may have committed misconduct in connection with their whistleblowing; determining whether disciplinary action is legally permissible depends on whether the misconduct is separable from the whistleblowing itself. While it's not possible for policies to give an exhaustive list of “separable” misconduct, some examples may be useful (e.g. breaches of IT and data protection policies in order to obtain evidence to support a whistleblowing complaint).
Going beyond legal compliance: Not all individuals who may work for an organisation are protected under whistleblowing law (e.g. most job applicants are not protected) and not all disclosures of unethical behaviour will be a protected disclosure under whistleblowing legislation. Employers looking to achieve best practice and create a culture of speaking up should, however, ensure that their policies encourage all staff (and, where appropriate, suppliers and other third parties) to raise concerns so that they can be investigated.
Monitoring and analysis: It's important to evaluate whether the policies work in practice - for example, if there is a pattern of whistleblowers leaving the organisation, this indicates a potential problem. Businesses should therefore conduct (properly anonymised) analysis, to ensure that the values espoused in the policy are reflected in day-to-day practice.