Whistleblowing is the act of reporting any unethical activity or wrongdoing, such as fraud or corruption, within a company. The person who raises this red flag is called a whistleblower. Whistleblowing can be done by a Director or an employee or by outside persons such as auditors, vendors, contractors, suppliers or consultants. A strong whistleblower mechanism is one of the main pillars of a strong corporate governance system in a company. It is imperative for a company’s proper and ethical functioning. It helps in raising concerns, so that the company can find solutions before it is too late.
In India, the Whistleblowing or Vigil Mechanism is governed by:
- The Companies Act, 2013
- SEBI’s (Listing Obligations and Disclosure Requirements) Regulations, 2015 (LODR)
- Companies (Auditor’s Report) Order, 2020
- The Whistleblowing Protection Act, 2014
Both the Companies Act and LODR have made it mandatory for all the listed companies, above a certain threshold, to establish a ‘vigil mechanism’, for Directors and employees to report genuine concerns. They also state that adequate safeguard should exist for preventing victimisation of persons who use such a mechanism. Further, there is a need for a direct access to the chairperson of the Audit Committee of the company. The said policy has to be hosted on the website of the company. Under the Companies Act, powers have also been given to auditors to report on any fraud that might come to their attention.
The Whistleblowing Protection Act, 2014 aims at protecting all those who give information regarding any corrupt practices related to any Government official. This too strives to safeguard the whistleblower from any kind of victimisation.
For a whistleblowing mechanism to be successful, the following should be kept in mind –
- To have a policy which is updated with all relevant details, at all times. The policy should be hosted on the website of the company. To mention that the policy is available on the intranet would not be adequate.
- The policy should specifically state the category of persons who can report using the mechanism. Ideally, the applicability of the mechanism should extend to Directors, employees and all stakeholders of the company.
- To make the policy easy to understand, it should contain an indicative list of inclusions and exclusions.
- The manner of reporting should be specifically provided. The various modes through which different companies facilitate this are phone calls, emails, posting the complaint, and in-person meetings. Companies could administer this in-house by giving the contact details of a whistle officer, as he/she is usually called. Some companies outsource this function to a third party agency, and give details of the hotlines on which whistleblowers can contact the agency.
- The policy should specifically mention whether or not it would consider anonymous complaints. Keeping quiet about it does not help whistleblowers who are not confident about not being victimised, should their identity be leaked.
- Both the Companies Act and LODR specifically mention that in exceptional cases, access should be given to Chairperson of Audit Committee. Most companies also state that if the complaint is against the Chairperson or the Managing Director or the whistle officer, the same should be sent to the Chairperson of Audit Committee. In the case of a promoter company, any complaint filed against the promoter should also be directly submitted to the Audit Committee Chair. The Chairperson of Audit Committee being an Independent Director, is expected to act on the complaints independently without any bias or prejudice. For this reporting, the policy should also provide the contact details of the Audit Committee Chair, such as his/her email id or address, that is directly accessed by him/her.
- The process followed in the case of a complaint being filed, should be mentioned in the policy. Care should be taken that in the process undue powers should not be given to any one person for dealing with a complaint that may be filed using this mechanism.
Companies are supposed to disclose, in their Annual reports, the number of whistleblower complaints filed and complaints resolved. To increase transparency and governance, the Ministry of Corporate Affairs (MCA) vide Companies (Auditor’s Report) Order, 2020 (CARO 2020), has made it mandatory for companies to disclose all whistleblower complaints to the auditor, along with the due diligence done by the company.
For the mechanism to be successful, it is also important that employees are sensitised about this mechanism, through training and awareness programmes, to report any misconduct or wrongdoing. It is equally important to generate the confidence that the identity of a whistleblower will be kept confidential, and there will not be any harassment or victimisation of the person.
Increasingly, this mechanism is becoming powerful. Having a strong whistleblowing mechanism encourages employees to report incidents of misconduct, and wrongdoing, that may come to their notice. It helps to maintain an ethical workplace, while protecting the reputation of the company.