Creating a safe whistleblower channel is important, but you also need to manage the reports that may be sent through the channel. Learn more about how to create an effective, customized for your organization, investigation team to handle whistleblower reports while ensuring integrity and compliance.
Creating a safe whistleblowing channel is a very important first step. But someone is also needed to receive and handle the reports that may come in. In short, a team is needed, or at least a designated responsible person, who has the knowledge and sufficient mandate to receive and investigate whistleblower reports.
The EU whistleblower directive does not specify mandatory requirements for the composition of the investigation team. However, the directive sets out best practices for handling whistleblower reports and the need for clear procedures.
Organizations should develop internal policies, aligned with the EU directive and local legislation, that describe the structure and responsibilities of the investigation team. These policies shall include confidentiality agreements, reporting procedures and escalation mechanisms.
HINT! Use our service to create a secure reporting channel for whistleblowers.
Basic principles for handling incoming whistleblower reports
- Expertise and objectivity; the primary objective of forming an internal investigation team, or appointing a responsible employee, is to ensure the expertise needed to address the complexity of the case while maintaining objectivity
- Impartiality and confidentiality; impartiality is essential for a credible investigation
- team members or manager must be selected so that conflicts of interest are avoided
- confidentiality is important to protect the whistleblower and sensitive information
- clear definition of roles and responsibilities helps to ensure a structured and efficient investigation process
- possibility to outsource investigations to external lawyers or specialized companies
- Education and awareness; team members and managers should receive training in handling whistleblower reports and investigations that include
- legal obligations
- confidentiality requirements
- best practices for conducting thorough and fair investigations
- the psychological and professional implications for both the whistleblower and the accused party
- Strategic decision making; the board and external oversight bodies shall make strategic decisions regarding the organization’s response to reported problems, these entities shall
- assess the seriousness of the problems
- evaluate potential risks
- determine appropriate actions to correct underlying problems and prevent future malpractices
Models to consider for structuring your whistleblower investigation team
For larger organizations, it may be good to outsource the handling of whistleblower investigations to a third party, and preferably an independent law firm, while for smaller organizations it is more cost-effective with a hybrid solution or in-house handling.
Structure your investigative team according to your organization’s needs and requirements.
Internal management of whistleblower reports
For smaller organizations that are likely to receive only a few reports a year, it is generally best to choose an employee in the role who is independent and has a background in corporate governance, as well as an interest in ensuring organizational compliance, rather than a full team.
- Compliance Officer; is, with his expertise in compliance matters critical to maintaining the integrity of the investigation, the obvious choice if one exists in the organization
- HR director or HR manager; has important insights into workplace culture and employee relations, which may be relevant in cases involving misconduct or ethical breaches, and is best suited to the role if there is no Compliance Officer in the organization
- Head of Finance or Chief Financial Officer (CFO); has expertise in financial management and is responsible for oversight in cases involving financial misconduct may also be a suitable option
- In-house Legal Counsel or Outsourced Legal Partner; the organization’s legal counsel who can navigate legal implications, ensure compliance with legal requirements and manage potential litigation, is also a suitable option
Regardless of which role is given the task, this must always report directly to the board, e.g. via the chairman of the board, about whistleblower reports that come in and the ongoing handling of the reports. If a report concerns the organization’s top management, it must be possible to report to the board without informing the relevant top management.
Handling whistleblower reports with an internal investigation team
In those organizations that have slightly more resources, a special investigation team should be created that is activated if a whistleblower report is received. This investigation team should consist of the roles included in the above list of appropriate roles in a small organization, plus a specially appointed board member.
Other members of senior management and/or the management team should not be included to avoid conflicts of interest.
The investigation team should have a responsible team leader who is also the main recipient of whistleblower reports. The team should appoint at least one whistleblower report recipient to ensure that nothing falls through the cracks (the time requirement for action) or to cover up if the report is about the team’s leader.
Hybrid team for handling whistleblower reports
In a hybrid model, the handling and investigation of whistleblower reports is outsourced to a third party who then manages the entire process. At the same time, the organization needs to appoint a responsible role, or establish an internal team, to which the external party reports and which handles the matter in the organization.
The same rules of conduct apply here as in the other models. Regardless of who or who is appointed to handle and investigate whistleblower reports, it must always be ensured that no conflicts of interest or other problems can arise and that the reporting ends up at a sufficiently high level (the board). Even if you outsource, the organization still has full responsibility for the handling.