Whistleblowing policy: Does your organisation need one?

Whistleblowing is the act of reporting (or "blowing the whistle on") organisational misconduct or wrongdoing. A whistleblower is an individual, typically but not limited to an employee, who witnesses and discloses information about certain illicit activities. 

Some of the most common examples of whistleblowing include:

• Unlawful business practices

• Breaches of legal obligations 

• Risks to health, safety and environmental laws 

• And many more…

Important to note: Any wrongdoing disclosed in the UK must be “in the public interest.” This calls into question the number of people affected, the impact and scope of these events and the wrongdoer in question (whether a person or a company). 

A whistleblowing policy is a policy document outlining an organisation's process surrounding those seeking to act as whistleblowers. It should answer common questions around how to “blow the whistle”, various qualifying criteria and helpful guidance. 

In the UK, a whistleblowing policy will most often be part and parcel of grievances at work. That said, there is a prominent school of thought suggesting that whistleblowers require a unique and specific policy all to themselves. 

Additionally, calls for more more formalised whistleblowing policies are only growing in the EU and the UK (more on that below...). This only makes it all the more important that organisations have a solution in place sooner than later.  

A whistleblowing policy should include some of the following elements: 

• A definition of whistleblowing

• The societal and organisational importance of whistleblowing 

• General examples of when employees should “blow the whistle” 

• The process for how to blow the whistle easily and securely 

• Various legal protections for organisational whistleblowers 

• Confidentiality assurances for employees who blow the whistle 

Organisations in the UK often lack a centralised or streamlined way to facilitate whistleblowing for their employees. In most cases, the process depends on an organisation’s overall grievance policy or procedure and nothing more. 

Employees who are looking to blow the whistle will often be guided to their line manager or a prescribed person (someone who has been identified in charge of this particular process). They may also be sent the way of their union representative. 

In these cases, an employee is coached to share what they have seen, and the prescribed person or body is then in charge of taking next steps. They may report back activities to the employee, although they may choose to disclose any names. 

Understandably, employees may also request that they remain anonymous or organisations may open up the opportunity to become a whistleblower anonymously. 

If an employee is dissatisfied with their experience as a whistleblower, they may contact  the Advisory, Conciliation and Arbitration Service (Acas), a specific whistleblowing charity (like Protect) or their trade union. 

In the UK, there exists a certain criteria for making what is known as a "qualifying disclosure" (essentially, ensuring that you are actually blowing the whistle effectively).

First, that it must be a disclosure of information. And, that this information must relate to any of the following wrongdoing:

• A criminal offence

• A failure to comply with legal obligations

• A miscarriage of justice

• Danger to health and safety

• Damage to the environment

• Deliberately covering up any of the above

This is also where subjectivity comes into play. Mainly because the whistleblower must reasonably believe that their disclosure shows wrongdoing. And, that this disclosure is made "in the public interest."

Centralise Employee Data In One Ultra-Secure Place

Create one single source of truth for all employee data and use it to prepare for your organisation’s future. Know exactly the talent you have on hand at a glance for your workforce planning.

Protected Data With Personio

No. Whistleblowers are protected by the law if they are classified as a worker. This might include a policy officer of an NHS employee, a trainee, an agency worker or a member of a limited liability partnership (LLP). 

This means that you are protected by law if you report any of the following behaviours: 

• Criminal offences 

• Health and safety risks 

• Environmental risk or damage 

• A miscarriage of justice 

If a whistleblower is proven wrong then they are no longer protected by the law. This ensures that blowing the whistle only occurs when serious breaches of legality are directly observed by employees. 

Additionally, whistleblowing does not consist of personal grievances like bullying, harassment or discrimination. While these are certainly serious offences, they are simply not covered by whistleblowing law (unless they are in the public interest).

It is essential that organisations protect the equitable treatment of whistleblowers. That means that they should ensure that workers are not treated unfairly or reprimanded for doing the right thing for the good of the public. 

That said, if an employee feels as though they are being treated unfairly, they can take their case to an employment tribunal. In cases of unfair dismissal, this kind of kind must happen within three months of being dismissed. 

The EU Directive on the protection of whistleblowers was a directive created by the EU Commission in late 2019. Since its inception, it has mandated that all EU Member States offer a channel for employees (or non-employees) to become whistleblowers. 

The goals of the EU Whistleblowing Directive are:

• Preventing illegal conduct across EU Member States 

• Improving the process for whistleblowing and protecting employees

• To make it simpler to blow the whistle on organisations 

This directive affects companies with more than 50 employees, public sector institutions, authorities as well as municipalities with 10,000 more inhabitants. 

We can break that down even further by company size: 

Organisations in the EU are expected to offer a vehicle for helping enable whistleblowing whistleblowers to submit behaviours they witness in an online and seamless way. Ideally, through some form of confidential, secure software.

The purpose of the EU Commission's directive on whistleblowing is to create one singular approach to whistleblowing across Europe. This type of unified approach is designed to help protect workers across the continent with regards to any organisational wrongdoing.

As of writing, 24 out of 27 member states have adopted the law on whistleblowing in some way, shape or form. In three states (Poland, Estonia and Slovakia), the process is currently delayed. You can track progress by clicking here.

In the aftermath of Brexit, the UK is under no obligation to adopt the EU directive on whistleblowing. The Commission found that the UK already had in place laws that offer sufficient support to whistleblowers (as part of the “Employment Rights Act 1996”). 

There are some key differences, though, which include: 

That said, this EU directive is sure to influence those in parliament. The UK has already begun to develop a more substantial whistleblowing commission, which may propose similar suggestions as those of the EU Commission (or lean on them heavily). 

It's too soon to tell. The UK Government launched a review of our own whistleblowing laws in late March 2023. The evidence gathering stage will end in the fall, at which point the review will begin to draw conclusions and map out next steps.

The review itself is designed to review the following:

• Those covered by current whistleblowing protections

• The available of information and guidance on whistleblowing (provided by the government and employers alike)

• How employers and prescribed persons currently respond to whistleblowing disclosures

The final output will likely result in some form of changes or recommendations to help guide employers and employees alike on how to manage whistleblowing policies (and potential changes to those policies themselves).

Regardless of whether your organisation is in the UK or the EU, having some form of whistleblowing policy is a must. It gives your employees the opportunity to call out wrongdoing, and to play a vital role for the public good. 

That means not only having a policy in place. It also requires having a process or a channel that is easy enough for employees to use. A place for them to submit their concerns, confidentially and securely, which can then be routed to the proper person. 

Personio Whistleblowing is available now. To find out more visit here: Personio Whistleblowing: An anonymous reporting channel.