Whistleblowing/Helpline & Anti-Retaliation Checklist
Extract from Annual Compliance Program Effectiveness Checklist, by Elena Konovalova
As a Head of Legal & Compliance, protecting your whistleblowers from retaliation and ensuring compliance with regulations regarding whistleblower protection is crucial. This article presents an extract from a comprehensive checklist, following international standards such as ISO 37301:2021, ISO/TS 30423:2021, and ISO 37002:2021, specifically focused on evaluating the effectiveness of your Whistleblowing/Helpline & Anti-Retaliation program.
Using this checklist for self-assessment, you will gain valuable insights on the appropriate program design to prevent and detect retaliation and ensure compliance with regulations such as the EU Whistleblower Protection Directive. This extract addresses the important aspect of your corporate Ethics & Compliance program. It helps you to make informed decisions as to whether and to what extent the Company's compliance program is effective, understand areas for improvement, and start developing an annual program development plan.
Take advantage of this opportunity to gain valuable insights and take your Whistleblowing/Helpline & Anti-Retaliation program to the next level. The 12-minute read is worth your time.
Learn how to objectively evaluate effectiveness of your corporate Ethics & Compliance corporate program, following the best international standards. Use this Checklist for clients & customers’ self-assessment as part of your Compliance Covenants Program.
Scope
It is crucial to ensure that your compliance program is designed to prevent and detect retaliation effectively and to protect your whistleblowers from retaliation. This section of the checklist is specifically tailored to evaluate the appropriateness of your program in relation to the EU Whistleblower Protection Directive and the current regulatory environment. In addition, it aims to provide you with a thorough assessment of your program's effectiveness in protecting whistleblowers and identify areas for improvement.
It is important to note that the checklist includes critical checkpoints, marked by the symbol "!!", which are required by the EU Whistleblower Protection Directive. These critical checkpoints are designed to ensure that your program meets the minimum standards for whistleblower protection and compliance with the Directive. By thoroughly evaluating these critical checkpoints, you can be confident that your program is aligned with the latest regulations and best practices.
Policy & Documentation
- Does the Company’s Code of Conduct include the anti-retaliation policy, or an anti-retaliation section? (Answer: Yes/No)
- Does the Company have formalized Whistleblowing & Anti-retaliation Policy, endorsed by top management? (Answer: Yes/No)
- Does the Board formally approve the policy itself, investigation & anti-retaliation monitoring process? (Answer: Yes/No)
- Have you completed and formalized this year’s annual update of the policy and processes above? Please indicate the date of the latest review
- Is there a suitable level of attention for the whistleblowing & anti-retaliation risks in the Corporate Risk Matrix, the broad disclosure of risks, and general engagement in prevention and mitigation measures? Please explain your assessment
- Is the Company’s anti-retaliation policy or Code of Conduct (if it includes anti-retaliation) published externally? (Answer: Yes/No)
- Does the Company’s employee handbooks, vendor/supplier documents, onboarding briefings, etc. address retaliation? (Answer: Yes/No)
- Does the Company have a matrix of senior management’s responsibilities for promoting whistleblowing & protecting anti-retaliation? (Answer: Yes/No)
Case Management & Analytics
- Does the Company conduct formal security risk management assessment for multiple intake whistleblowing channels? (Answer: Yes/No)
- Does the Company have designated and impartial person(s) and/or teams in place and trained to case-manage retaliation reports to conclusion and also to maintain communications with the involved parties? (Answer: Yes/No)
- Does the Company have real-time visibility with efficient case management? (Answer: Yes/No)
- Does the Company have targeted process that can automatically follow-up or escalate incomplete responses? (Answer: Yes/No)
- Does the Company utilize any type of retaliation analytics to identify potential incidents of retaliation, even where they have not been reported (this may be a result of fear, for example)? (Answer: Yes/No)
- Does the Company invest to visibility of anti-retaliation analytics (i.e. through Ethics & Compliance Portal available to all employees)? (Answer: Yes/No)
- Does the Company visualize company-wide whistleblowing & anti-retaliation insights? (Answer: Yes/No)
- "!!" Would the Company’s policies, processes and record-keeping be sufficient in practice to discharge the “Reverse burden of proof” regarding retaliation enshrined in the Whistleblower Protection Directive? This requires the organization to be able to prove that it did not retaliate against individual(s): the individual(s) no longer have to prove that they were retaliated against.
- "!!" Will the Company’s policies, processes, and record-keeping ensure compliance with the relevant action/response/conclusion timeframes specified in the Whistleblower Protection Directive?
- Does the Company communicate the anti-retaliation policy and message to all employees?
- Does the Company track the number of visitors (readers) on Whistleblowing/Anti-retaliation Policy zone of the internal portal&
- Does the Company communicate its anti-retaliation action plan and/or cases/actions to employees?
- "!!" The Whistleblower Protection Directive extends retaliation protection (notably) to third parties or facilitators – such as colleagues or relatives – who could be affected by a helpline report or other disclosure. Protections also apply to those whose work-based relationship has yet to begin, such as through pre-contractual negotiations, or where it has ended.
- Does the Company communicate its anti-retaliation policy and message to all vendors, suppliers and other third parties covered by the EU Whistleblower protection Directive?
- "!!" Does the Company have the necessary processes, channels, and training in place to address these types of external retaliation reports under the Whistleblower Protection Directive?
- Does the?Company communicate the anti-retaliation policy and message to everyone with whom it has a “work-based relationship”. This includes (but not limited to) temporary workers, fixed-term contract workers, freelancers, contractors, trainees, interns (paid or unpaid) and volunteers.
Training, Learning & Understanding
- Does the Company train managers and supervisors on anti-retaliation, including identification and prevention?
- Does the Company cascade the anti-retaliation training (in full or in part) to employees, contractors and others?
- Is the Company satisfied that workforce – managers, supervisors, employees, contractors and others – understands the various forms of retaliation, and how it can take place (e.g. supervisory retaliation, peer retaliation, overt (“hard”) retaliation, subtle (“soft”) retaliation, deferred retaliation)?
- Is retaliation addressed as part of the Company’s Onboarding process?
- Is retaliation addressed as part of the Company’s annual Employee Satisfaction Survey process?
- Is retaliation addressed as part of the Company’s Exit Interview process?
- Does the Company regularly disclose Metrix of its Whistleblowing & Anti-Retaliation Program?
- Does the Company have alternative protective measures available for its employees (i.e. via Industry Ombudsman, etc.)
- Is retaliation in its various forms and how it can take place addressed within the Company’s whistleblowing/helpline reporting processes?
- The Company’s follow-up processes, practices, record-keeping, and training address longer-term retaliation risk?
? Take Actions to control and correct
? Evaluate need to eliminate
? Manage the consequences
? Make changes to system as necessary
? Review effectiveness of corrective action
As you move through the checklist, it's important to keep in mind the steps necessary to develop an #improvement plan that will help you take action and make meaningful changes to your Whistleblowing/Helpline & Anti-Retaliation program. This will help you to ensure that your program is effective and compliant with the #EUWhistleblowerProtectionDirective and regulatory environment and that your whistleblowers are protected from retaliation.
To develop your #improvementplan, complete the following steps:
- Take Actions to Control and Correct: Identify the specific actions that need to be taken to control and correct any issues identified in the checklist. This may include implementing new policies and procedures, training employees, or revising existing processes.
- Evaluate Need to Eliminate: Assess whether any existing processes or procedures need to be eliminated to improve your program's effectiveness. This may include removing redundancies or streamlining operations to make them more efficient.
- Manage the Consequences: Consider the potential consequences of the actions you plan to take and develop a plan to manage them effectively. This may include communicating changes to employees or stakeholders or addressing potential legal or regulatory implications.
- Make Changes to the System as Necessary: Based on the actions identified in steps 1-3, make any necessary changes to your program's systems and processes. This may include updating policies, creating procedures, or implementing new technologies.
- Evaluate Resources: Assess the resources required to implement the improvement plan, including staffing, budget, and technology. Identify any potential barriers to implementation and develop a plan to address them.
- Review Effectiveness of Corrective Action: Regularly monitor and evaluate the effectiveness of the corrective actions taken to ensure that your program continues to improve over time. This may include conducting audits, monitoring metrics, or soliciting feedback from employees.
By following these steps and regularly reviewing the effectiveness of your program, you can ensure that your #whistleblowing / #Helpline & #AntiRetaliation program remains effective and compliant with the EU Whistleblower Protection Directive and regulatory environment, and that your whistleblowers are protected from retaliation.
