In implementing a whistle blower policy, what are some of the must-haves and what are some common pitfalls to avoid?

Hello,

I recommend speaking with your legal counsel before implementing a Whistleblower policy. Attached is a link to good article by Littler published in August of this year. Here are a few points from the Employer Responsibility section and the link to the article follows:

-Update policies to encourage employees to report their reasonable good faith concerns with any issues within the company;
-Update policies to clearly articulate that the employer will not tolerate any reprisals or retaliation by anyone against an individual who reasonably in good faith makes a complaint;
-Develop and implement whistleblower reporting procedures for employees and procedures for handling such reports;
-Consider implementation of a Code of Conduct;
-Train management about whistleblower protections, handling of internal complaints, including how managers deal with employees who have complained about those same managers, and reporting procedures. In this regard, Littler Mendelson just completed a year-long project in conjunction with its Legal Learning Group and subject matter experts and has a new training product on Retaliation and Whistleblowing, which can be tailored to an employer's organization;
-Review mandatory arbitration agreements and revise as necessary.

http://www.littler.com/PressPublications/Lists/Insights/DispInsights.aspx?id=157

I hope you will this information useful.

Good stuff from Lisa. What follows is an example from personal experience.

One of my SOX clients had a Whistleblower policy and outsourced the service provider. As it turned out, the service provider was previously owned by the then HR Director, as the company was sold to an employee to carry on. Seems to be a conflict, but the point was to create some arms length firewall. The Chairman and the BOD knew of this relationship and were OK with it.

The "guts" of their policy providing employees the 1-800 phone contact information for the employee hotline. Was supposed to be available 24/7/365, as one would expect, with confidentiality guaranteed, the caller was not required to disclose their name. Reporting to the company was supposed to be in place, where the employee wanted to remain not disclosed, this was supposed to be maintained.

Simple SOX test, called the 1-800 number. Result : Failed. I called early afternoon, middle of the week, got a recording no one currently available, to leave phone number for call to be returned. Pretty much broke the confidentiality commitment if the caller left the call back info, the rest is obvious.

CFO was surprised, he called, got the same response. As a consultant to the company, the working relationship with the HR Director went south quickly. Not real confident the ownership interest wasn't still in play. Also, the company had no evidence of any reporting of calls into the 1-800 service available -- comments were they never received.

Moral to the story, in picking a 3rd party hotline service provider, make sure they are appropriately scaled to provide the service level committed (this example was not), make sure their service offering is in sync with company policies and procedures surrounding the whistleblower program, make sure there was some reporting mechanism on a pre-determined frequency, whether there were and calls or not.