According to The NonProfit Times, only 41 percent of non-profits have whistleblower policies. Perhaps non-profit leaders believe their organizations are too small or collegial to worry about illicit activities — let alone people reporting them. Or perhaps a whistleblower policy seems like one more thing that requires time and money they do not have. This is a mistake – here is why.
Why You Should Bother
No federal law specifically requires non-profits to protect people who risk their jobs to report illegal or unethical practices. Instead, various federal, state, and local laws contain whistleblower protection provisions, including the Sarbanes-Oxley Act of 2002 and The Dodd-Frank Wall Street Reform and Consumer Protection Act. Also, non-profits are asked on IRS Form 990 to report whether they have adopted a whistleblower policy.
Adopting a whistleblower policy increases the odds that you will learn about activities before the media, law enforcement, or regulators do. Encouraging stakeholders to speak up also sends a message about your commitment to good governance and ethical behavior.
What it Should Say
Your policy should be tailored to your organization’s unique circumstances, but most policies need to spell out who is covered. In addition to employees, volunteers, and board members, you might want to include clients and third parties who conduct business with your organization, such as vendors and independent contractors.
Also specify covered misdeeds. Financial malfeasance often gets the most attention. But you also might include violations of organizational client protection policies, conflicts of interest, discrimination, and unsafe work conditions.
And how should whistleblowers report their concerns? Must they notify a compliance officer, or can they report anonymously? Is a confidential hotline available? Whom can whistleblowers turn to if the designated individual is suspected of wrongdoing?
What to Do with a Report
Covered individuals need to know how you will handle reports once they are submitted. Your policy should state that every concern will be promptly and thoroughly investigated and that designated investigators will have adequate independence to conduct an objective query.
Also describe what will happen after an investigation is complete. For example, will the reporting individual receive feedback? Will the individual responsible for the illegal or unethical behavior be punished? If your organization opts not to take corrective action, document your reasoning. Finally, explain in your policy that although you will do everything possible to maintain the whistleblower’s anonymity, you cannot guarantee it if the whistleblower needs to act as a witness in criminal or civil proceedings.
How to Act Now
Make sure you have your attorney review your whistleblower policy before releasing it. For more information about encouraging staffers to speak up when necessary, contact us. We can help you strengthen internal controls and implement a confidential reporting hotline.