Organisational whistleblowing, allowing employees and often suppliers, and in some cases even the general public to speak up, when they see something that they think is not right, is a global mega trend. It allows organisations to prevent wrongdoings from occurring in the first place, by having a way to anonymously or not report on a suspected wrongdoing. It also demonstrates an organisation´s dedication to high ethical standards and is increasingly a tool that organisations have to have in place to comply with the law, for example the French anti-corruption law, Sapin 2, to take a current example.
To receive critical business tip-offs your employees need to trust the whistleblowing service and believe that cases are managed seriously. This issue raises two important questions: Who should be on the whistleblowing team and how should cases be escalated?
Who should be on the team?
The team should be as tight a team as possible, but always include at least two people. This makes the process more transparent and trustworthy.
Further, you should aim to select non-operative people for the team receiving whistleblowing reports. Ideally, these would include non-executive roles such as compliance, internal audit, legal officers, board members, a representative of the owners or an external lawyer. More than any other type of whistleblowing service, an online service provides the opportunity to set up several teams of recipients so that appropriate gating can occur rapidly.
This also allows you to include external expertise in a secure way, and according to the GDPR principle of “pseudonymisation”. Pseudonymisation is the separation of data so that a person cannot be identified if an external party is involved in an investigation. Note that under the GDPR organisations need to have a personal data processor agreement in place if they outsource the processing of whistleblowing cases.
How should whistleblowing cases be escalated?
Transparency and efficiency are of foremost importance here. Cases need to be managed and sometimes escalated quickly and securely. Those responsible for receiving the cases should be supported by the following: guidelines on what is or is not considered to be a whistleblowing case; a non-retaliation policy; the rights of an accused person; and information on the investigation process, including how to manage personal data correctly.
The following are recommendations for receiving and escalating whistleblowing cases keeping in mind that every organisation is different:
- If an issue concerns any of the individuals on the whistleblowing team, that individual should be excluded from the investigation.
- All accepted whistleblower issues should be reported to the CEO.
- If a suspected whistleblower issue concerns the CEO, the Chairman of the Board should be informed.
- If the whistleblower issue concerns a member of the Board, all members of the Board should be informed (alternatively, a representative of the owner should be informed).
The main purpose of having a thought-through process for managing and escalating cases, is to gain trust of potential whistleblowers, and to ensure that the information, both personal data, and sensitive information, is kept safe at all times.
Founding partner and Senior Advisor
Gunilla Hadders, Founding Partner and Senior Advisor at WhistleB. She has a background at Ericsson and Scania and is a former CEO of a European sustainability consultancy.
Is your anti-corruption compliance program up to international best practices standards ?
Strengthen, benchmark and communicate positively on your program through certification.
Reach international standards. Get results.
Anti-corruption compliance questions ? comments ?Contact us!
ISO 37001: What will the implications be?read more
An Introduction to Anti-Bribery Management Systems (BS 10500)read more
New ISO Standard on Compliance Management Systems - ISO 19600
Martin Tolarة Managing Director GRC Instituteread more
Self-Deception - The ethical bleach that removes the willingness to speak up
Wendy Addisonread more
Why should Whistleblowing mechanisms be externalised?
Scott Grantread more
How is Whistleblowing treated in the new French law Sapin II?
Claudio Interdonato & Karin Henriksson, WhistleB, Lyon and Stockholmread more
The General Data Protection Regulation on corporate whistleblowing: what are the implications?
Karin Henriksson, Founding Partner, WhistleBread more
Keep abreast of anti-corruption compliance news
Sign up to receive our monthly newsletter