Ensuring legal compliance and encouraging a speak up culture are key priorities if you receive an account of potential misconduct from a whistle blower.
Ben Kenny explains how a clear framework can help you triage and respond to reports efficiently, and keep whistle blowers on side and engaged throughout the process.
Responding to whistleblower allegations, however they arise and regardless of their nature, requires very careful management to ensure that stakeholder confidence is maintained and the narrative across the business is controlled.
Primarily, one needs to have an open and responsive whistleblowing platform available to both internal and external stakeholders. Sometimes organisations have a KPI target to reduce the number of whistleblowing reports received. While there may be some merit to this, it’s far better for an organisation to be aware of problems (or perceived problems) so that it can address them, rather than to bury its head in the sand.
Once you’ve received a report, the first step is triage and assessment: treat every report seriously and quickly gauge its credibility and potential impact by reference to a clear framework. If it appears significant, brief key relevant stakeholders and identify anyone who needs to be blocked from accessing the detail of the allegations for conflict reasons.
If possible and practical, acknowledge to the whistleblower that their concern has been received and will be addressed. Huge amounts of time and resources can be saved with an on-side and responsive whistleblower who can assist with identifying relevant data and involved parties. By contrast, a disgruntled whistleblower can cause significant reputational damage by taking concerns outside of the company if not effectively managed. So keep your whistleblower engaged and updated (to the extent possible and practical) throughout the investigation.
Next, protect confidentiality and prevent retaliation by keeping the circle of knowledge as small as possible and preserving relevant evidence, such as documents and emails. Ensure the whistleblower’s identity (if known) remains confidential and make clear that no retaliation will be tolerated. This isn’t just about legal compliance—it also reinforces a speak-up culture.
In tandem, plan and conduct an investigation if it is warranted. Decide who will investigate and what resources are needed — for serious allegations, consider involving outside counsel and independent experts to maintain objectivity. Bring in the right specialists (such as forensic accountants or IT experts) to ensure a thorough and credible investigation.
Finally, take action and follow up. When the investigation concludes, act decisively on the findings — implement corrective measures and consider self-reporting to regulators if warranted. Close the loop by giving the whistleblower and other stakeholders feedback, and use the lessons learned to improve your whistleblowing program.
It can also be a good idea to follow up with whistleblowers to check for instances of retaliation.
The key takeaway is that you don’t have to handle a whistleblower event alone — a coordinated effort with Legal, HR, Compliance and outside experts is crucial for the best outcome. If you have a strong whistleblowing framework, an effective hotline and access to the right subject matter experts and investigators, then you can respond to any whistleblower report. In doing so, you’ll protect your organisation’s reputation, and foster a culture where speaking up is a catalyst for improvement.
