According to the Nonprofit Times, only 41% of not-for-profits have whistleblower policies. Perhaps nonprofit leaders believe their organizations are too small or collegial to worry about illicit activities — let alone people reporting them. Or perhaps a whistleblower policy seems like one more thing that requires time and money they don’t have. This is a mistake. Here’s why.
No federal law specifically requires nonprofits to protect people who risk their jobs to report illegal or unethical practices. Instead, various federal, state and local laws contain whistleblower protection provisions, including the Sarbanes-Oxley Act and The Dodd-Frank Wall Street Reform and Consumer Protection Act. Also, nonprofits are asked on IRS Form 990 to report whether they’ve adopted a whistleblower policy.
Adopting a whistleblower policy increases the odds that you’ll learn about activities before the media, law enforcement or regulators do. Encouraging stakeholders to speak up also sends a message about your commitment to good governance and ethical behavior.
What it Should Say
Your policy should be tailored to your organization’s unique circumstances, but most policies need to spell out who’s covered. In addition to employees, volunteers and board members, you might want to include clients and third parties who conduct business with your organization, such as vendors and independent contractors.
Also specify covered misdeeds. Financial malfeasance often gets the most attention. But you might also include violations of organizational client protection policies, conflicts of interest, discrimination and unsafe work conditions.
And how should whistleblowers report their concerns? Must they notify a compliance officer or can they report anonymously? Is a confidential hotline available? Whom can whistleblowers turn to if the designated individual is suspected of wrongdoing?
What to do with a Report
Covered individuals need to know how you’ll handle reports once they’re submitted. Your policy should state that every concern will be promptly and thoroughly investigated and that designated investigators will have adequate independence to conduct an objective query.
Also describe what will happen after an investigation is complete. For example, will the reporting individual receive feedback? Will the individual responsible for the illegal or unethical behavior be punished? If your organization opts not to take corrective action, document your reasoning. Finally, explain in your policy that although you’ll do everything possible to maintain the whistleblower’s anonymity, you can’t guarantee it if the whistleblower needs to act as a witness in criminal or civil proceedings.
How to Act Now
Make sure you have your attorney review your whistleblower policy before releasing it. For more information about encouraging staffers to speak up when necessary, contact us. We can help you strengthen internal controls and implement a confidential reporting hotline such as the one we offer through our Red Flag Reporting system through StoneBridge Business Partners!