By Jennifer Coleman, CPA, CFE
It is understandable a nonprofit board might question why an organization needs an official “whistleblower policy.” The term whistleblower conjures up images of elaborate financial schemes or government secrets. Hardly the kind of situations most nonprofit employees and volunteers will confront. In addition, protections for whistleblowers have been enshrined in federal and state law for years. So why would an organization need a written policy?
The most important reason to have a documented whistleblower policy is to protect the organization.
Whistleblower Policies Help Prevent Fraud
According to the Association of Certified Fraud Examiners, almost 40 percent of occupational fraud cases are identified by whistleblowers. When organizations uncover wrongdoing, it is most often an employee who first raises concerns. Whistleblowers can help protect an organization from internal fraud, theft, and other misconduct that would be more damaging if left undetected. Most whistleblower reports are not the elaborate schemes that you might read about in the news, but in cases which individuals within an organization take advantage of their position for personal gain. Unfortunately, nonprofits are not immune from such misconduct.
Having a proactive policy outlining how and when an employee should speak up can encourage early and effective reporting when there is a potential problem. Without a policy, employees and volunteers may feel afraid to speak up, concerned they will be labeled a gossip or troublemaker. Or they may tell a person in the organization who has no authority to respond or knowledge to assess the legality of the reported concern.
Even if the reported activity turns out to be lawful and legitimate, having a policy in place creates a culture in which people know concerns can be reported and will be investigated without fear of retribution. This kind of culture can help inoculate an organization against impropriety.
Reports Are on the Rise
Whistleblowing is on the rise. The Ethics and Compliance Initiative (ECI) 2017 Global Business Ethics Survey found 69 percent of employees in the study said they’d reported misconduct, the highest rate since the survey began in 2000. Among managers, a 2017 survey found that 47 percent had been involved in a whistleblowing action—either as a witness, as the whistleblower, or as the recipient of the complaint. That’s up from 34 percent in 2014.
With the increasing likelihood that an employee, volunteer or board member might make a whistleblower report, it makes sense to have a written policy in place on how the situation should be handled.
What Should a Whistleblower Policy Cover?
A policy should make clear employees’, volunteers’, and board members' rights to report any activity they feel violates state or federal laws or regulations or breaches the organization’s fiduciary responsibilities, and that they can make a report without suffering any kind of retaliation. However, there are limits on what a whistleblower can share without repercussions. The protection doesn’t extend to revelations of protected communications such as attorney-client privileges or trade secrets.
The policy should identify who in the organization should receive whistleblower reports, such as the executive director or the board’s audit committee. And it needs to include an alternative person in the organization in the event the organizational leader with primary responsibility is involved in the activity in question. In addition, it should make clear that the whistleblower has the right to report the activity directly to a government agency or law enforcement without suffering retaliation.
Whistleblowers are also protected from retaliation if they refuse to participate in an activity they report as illegal or not in keeping with the organization’s fiduciary responsibilities.
There should be a section in the policy explaining a whistleblower’s recourse if they feel they have been the target of retaliation. The policy should cover organizational leadership’s obligation to respond to claims of retaliation. Ensuring a whistleblower doesn’t experience retaliation can be challenging but responsibility falls squarely on the employer. The Occupational Safety & Health Administration has issued guidelines for anti-retaliation for employers to follow.
Creating a whistleblower policy need not be complicated or imply that there is a problem in an organization. It is considered a best practice for nonprofit management and the IRS even encourages nonprofits to have a whistleblower policy in the instructions for the 990 form.
Here is a helpful Sample Policy provided by the American Institute of Certified Public Accountants. It is a simple step your organization can take to improve protections for your organization, its employees, volunteers and board members.
Jennifer Coleman, CPA, CFE is the assurance and quality control partner of Myers, Brettholtz & Company, PA. She is a member of the American Institute of Certified Public Accountants and the Florida Institute of Certified Public Accountants and is certified in Fraud Examinations.