If you are responsible for managing the whistleblowing programme at your company, you have a lot on your hands. By now, you probably know that it is not just about having a piece of software installed and getting access to a case manager that tracks reports made through the system: it is about managing a comprehensive whistleblowing programme under the direction and support of both the company’s governing body and its management.
Managers of such programmes often do not know what to do or what to focus on. They have typically just followed their own intuition and developed their own set of priorities. This, coupled with the fact that there was no formal advice on which qualities a whistleblowing programme manager should have, has many in the position suffering imposter syndrome and wondering whether they are the right person for the job.
There is good news, however: we have formal guidelines by which we can compare our whistleblowing programmes and test whether they have the right resources.
Using the ISO whistleblowing guidance
In late 2021, the International Organization for Standardization (ISO) formally enacted the International Standard ISO 37002 – Whistleblowing Management Systems – Guidelines (ISO Whistleblowing Guidelines). The ISO Whistleblowing Guidelines are now available, and you are able to get a copy from the ISO website in your country for a small fee.
The ISO Whistleblowing Guidelines are the first comprehensive guide for companies that operate whistleblowing management systems. The guidelines provide advice for organisations to create whistleblowing management systems based on the principles of trust, impartiality and protection. The guidelines are adaptable, and their use will vary with the size, nature, complexity and jurisdiction of the organisation’s activities. Following the ISO Whistleblowing Guidelines can assist an organisation to improve its existing whistleblowing policy and procedures, or to comply with applicable whistleblowing legislation.
What do the ISO Whistleblowing Guidelines say about the management of the whistleblowing programme?
The ISO Whistleblowing Guidelines clearly set out what the person (or group) that is responsible for the whistleblowing programme actually needs to do.
The guidelines state that the people managing the programme have the responsibility for and authority over:
- the design, implementation, operation and improvement of the whistleblowing management system
- ensuring that the whistleblowing management system is designed and resourced to ensure comprehensive assessment of reports and the risks of detriment, impartial and timely investigations of reports and protection and support arrangements
- ensuring, to the maximum extent possible in the organisation, that investigation and protection functions are delivered independently (i.e. provided by different persons or areas), while recognising that each may be assigned to existing functions
- providing advice and guidance on the whistleblowing management system and issues relating to reporting wrongdoing
- reporting on a planned and ad hoc basis on the performance of the whistleblowing management system to the governing body, top management and other relevant functions, such as the compliance function, as appropriate.
The whistleblowing management function (which is what the ISO Whistleblowing Guidelines calls the team managing the whistleblowing programme) should be adequately resourced with personnel who have the appropriate ‘competence, integrity, authority and independence’. This should include ‘direct, unrestricted access to adequate resources as necessary to ensure the impartiality, integrity and transparency of the whistleblowing management system and its processes’. The whistleblowing management function should also have ‘direct, unrestricted and confidential access to top management and the governing body’.
Can I delegate any of this?
Under the ISO Whistleblowing Guidelines, the short answer is yes, you can delegate some of the above responsibilities. Organisations that do not have a person dedicated solely to the whistleblowing function can appoint one or more persons to perform that role, in addition to other responsibilities, as long as there are no conflicts of interest or trust or impartiality issues.
The ISO Whistleblowing Guidelines also require you to work out which resources are needed for the establishment, implementation, maintenance and continual improvement of the whistleblowing management system and for meeting its objectives. The guidelines say that these resources may include, but are not limited to, financial and human resources, IT solutions, specialised skills, organisational infrastructure, investigators, contemporary reference material on whistleblowing, legal expertise, and professional development and training. These resources may be provided internally or sourced externally.
Are there certain minimum requirements for the person who will manage the function?
The ISO Whistleblowing Guidelines don’t set out minimum requirements or competencies for whistleblowing function managers, suggesting that organisations should define their own.
The guidelines state that an organisation should:
- determine the necessary competence of person(s) doing work under its control that affects the whistleblowing management system, its performance and operations;
- ensure that these persons are competent on the basis of appropriate education, training, or experience;
- ensure that, where relevant, the personnel are able to work with the appropriate level of impartiality;
- where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken.
Being an ISO advice, there is also a clear obligation to keep appropriate documentation as evidence of competence.
The ISO Whistleblowing Guidelines also oblige those responsible for carrying out activities related to protection, support and investigation to display trustworthiness, emotional intelligence, diplomacy, impartiality, integrity, leadership, confidentiality and sound judgement.
The ISO Whistleblowing Guidelines will really help those managing whistleblowing programmes to gain confidence by outlining best practices for and characteristics of whistleblowing function managers. If your whistleblowing programme meets the ISO guidelines in all respects then you have a leading-edge system that meets the best international standards and you should feel very comfortable that it is fit for purpose.
The guidelines also reinforce the message that the leadership and management of the company have to be great supporters of the whistleblowing programme and its managers. If that support is lacking it puts the whole programme in jeopardy.
Using the ISO Whistleblowing Guidelines as a handbook is a huge advantage for every company, so we strongly encourage people managing whistleblowing programmes to adopt these guidelines.
If you are interested in building your programme from scratch, in consultative advice on the ISO Whistleblowing Guidelines or for a free trial of the Speeki whistleblowing platform, please contact us here.