Ten points for Non-Executive Directors on whistleblowing

The COVID-19 pandemic has given rise to new concerns about keeping the public, customers and colleagues safe. Rules and guidance are changing fast - uncertainty can lead to risk-taking and gaps may be exploited for fraud. There has never been a more important time to listen to whistleblowers.

• Make it safe: Whistleblowers should be seen as a vital risk management tool - by identifying concerns they can stop harm sooner and play an important role in holding organisations to account. The tone from the top about whistleblowing, and how you treat whistleblowers is important. Foster an open culture, where staff feel safe to speak up and where whistleblowers who raise concerns are protected.
• Avoid unlawful detriment: It is unlawful to subject a worker to any detriment and automatically unfair to dismiss an employee for whistleblowing. Common detrimental treatment of whistleblowers includes breaching their confidentiality, bullying by colleagues or managers, sidelining or demoting them, performance managing them, giving poor references or damaging their reputation. NEDs can be personally liable if they cause a whistleblower detriment. NEDs need to take victimisation of any whistleblower seriously – it can undermine all your arrangements.
• Protect widely: Don’t be constrained by narrow legal definitions when setting your policy. The law doesn’t currently clearly protect non-executive directors as whistleblowers, but NEDs, volunteers, contractors and others can suffer detriment if they speak up. The policy can set the right tone and helps to encourage and protect anyone speaking up in your workplace.
• Guard against the normal but unacceptable: Anyone can be a whistleblower – there is no one type – all they have in common is a willingness to speak up to stop harm. Research by the whistleblowing charity Protect shows that many whistleblowers are new members of staff – they may see with fresh eyes wrongdoing which has been normalised.
• Make it effective: NEDs should check that whistleblowing arrangements are in place and that they are working effectively. Does your organisation have a robust policy and do all the staff know where it is and how to use it? Are you providing multiple channels for raising concerns? Have you considered using an external independent source of advice for your staff? Protect is an independent charity providing free, confidential legal advice for whistleblowers – visit www.protect-advice.org.uk for more information.
• Use a champion: Consider appointing a Board level champion with responsibility for whistleblowing. The new Corporate Governance Code identifies whistleblowing as a Board responsibility, and in some sectors a NED champion is compulsory (eg.FCA regulated banking firms subject to SMCR must have a whistleblowing champion and allocate them the prescribed responsibility for ensuring and overseeing the integrity, independence and effectiveness of the firm’s policies and procedures on whistleblowing). Effectiveness of whistleblowing is a key component that regulators look for in a supportive culture.
• Test the data: Ask questions about the data you receive. There is no “right” number of whistleblowing concerns that should be raised for a particular size of organisation - a low number may indicate a lack of trust in the whistleblowing arrangements, while a high number may indicate that staff are willing to speak up. Look at the trends and the areas where concerns are raised. Ask how many whistleblowers raised concerns anonymously, confidentially or openly – it will tell you more about the culture than the numbers alone.
• Watch out for wilful blindness: Find out what wasn’t raised through whistleblowing that might have been, and ask why. For example, if you hear about a concern first from customers or suppliers, why weren’t staff raising this? Major public inquiries in cases of disaster all show that someone knew about the risk, but didn’t speak out, or spoke out only to be ignored. Ask what have we learnt from whistleblowers? Ask about the experience of the whistleblowers who have used your channels and, where whistleblowing concerns have been upheld, what is the lesson for the organisation?
• Benchmark: Compare your arrangements against best practice. Protect has developed a 360 Benchmark for organisations to test the effectiveness of their arrangements across the areas of governance (policies and procedures, accountability, review and reporting), engagement (communication with staff and training) and operations (investigations, support and protection, resolution and feedback). Compare with your peers, identify gaps and review your arrangements.
• Listen-up first time: There is a small window of time for organisations to hear about risks – most whistleblowers are not persistent and will raise their concern only once. Every interaction with the whistleblower counts – from the first line manager to the Board.

The authors acknowledge the significant contribution to these points by Elizabeth Gardiner, Chief Executive, Protect, and Michael Woodford MBE.