Whistleblowing policy in the UK: A step-by-step guide
This article provides a step-by-step guide on how to create an effective whistleblowing policy, from defining whistleblowing and outlining reporting channels to ensuring confidentiality and protection against retaliation.
Whistleblower protection in the UK is governed by the Public Interest Disclosure Act 1998 (PIDA). This legislation ensures that employees who report misconduct can do so without fear of retaliation.
With the recent introduction of the Worker Protection Act, there are new responsibilities for employers to navigate. This legislation, effective from October 2024, requires businesses to take “reasonable steps” to prevent workplace harassment. The Worker Protection Act highlights the need for UK organisations to have a robust whistleblowing policy in place.
The Worker Protection Act and how it relates to whistleblowing policies
A well-rounded whistleblowing policy is more than a box-ticking exercise — it’s the foundation of a transparent, healthy workplace culture. From of October 2024, under the new Worker Protection Act, policies must also cover harassment, ensuring that employees can confidently report issues such as discrimination or sexual harassment. Employers who don't take proactive steps could face increased fines, including higher compensation awards in employment tribunals.
When integrating both PIDA and the Worker Protection Act, a whistleblowing policy should clearly outline how employees can raise concerns, protect them from retaliation and ensure that complaints are dealt with promptly and confidentially. Regular training and communication on this policy is essential to foster an open and accountable environment.
To support your efforts to comply with UK law and foster an open, accountable workplace, we've outlined key steps to creating a strong and effective whistleblowing policy.
How-to guide for whistleblowing policy in the UK
1. Understand whistleblowing and its importance
Whistleblowing refers to the act of reporting wrongdoing, such as criminal activity, health and safety violations, environmental harm, or breaches of legal obligations. A whistleblowing policy ensures employees can raise concerns confidentially and without fear of reprisals. The Public Interest Disclosure Act 1998 (PIDA) safeguards whistleblowers against unfair dismissal or detrimental treatment, provided the disclosure is made in good faith and the employee reasonably believes the information is true.
Why is it crucial? A whistleblowing policy is not just a legal requirement—it’s a foundation for trust, showing employees that their safety and the organisation's integrity are priorities.
2. Define whistleblowing and provide examples
Start your policy with a clear definition of whistleblowing. Explain what constitutes whistleblowing under the law, differentiating it from personal grievances. Provide examples such as:
- Fraud or financial mismanagement
- Health and safety violations
- Breaches of legal obligations
- Damage to the environment
These examples will clarify the scope of what employees can report and ensure they understand their concerns are legitimate.
3. Clarify the reporting channels
Your whistleblowing policy must detail how employees can report concerns. Offer multiple channels to ensure accessibility, such as:
- Direct reports to a designated manager
- Third-party reporting software, which offer confidentiality and support
- Anonymised reporting mechanisms
Ensure your reporting process is straightforward and encourage employees to come forward. Highlight that disclosures can be made internally first, but they can also contact prescribed bodies if necessary.
4. Ensure confidentiality and anonymity
Employees are more likely to report concerns if they know their identities will be protected. Emphasise your commitment to maintaining confidentiality throughout the process. In some cases, employees may want to remain anonymous. Make it clear that while anonymity is respected, it might limit feedback or investigation outcomes. Your whistleblowing system, such as SpeakUp, should allow for anonymous reporting to protect employee identities.
5. Explain the investigation process
Your whistleblowing policy should include a clear explanation of how the company will investigate disclosures. Outline the steps, such as:
- Acknowledging receipt of the report within a specified timeframe (e.g., 48 hours)
- Conducting a thorough investigation led by a designated team
- Providing regular updates on the progress of the investigation
- Concluding with feedback to the whistleblower (while respecting confidentiality)
This structure will give employees confidence that their concerns will be taken seriously.
6. Highlight protection against retaliation
One of the key elements of PIDA is the protection of whistleblowers against retaliation. Your policy should explicitly state that employees who report concerns will not face any detrimental treatment. This includes protection from:
- Unfair dismissal
- Demotion or loss of privileges
- Harassment or victimisation
Under PIDA, if an employee believes they have been treated unfairly after blowing the whistle, they can bring a claim to an Employment Tribunal.
7. Set clear expectations on bad-faith disclosures
While encouraging whistleblowing, it’s also essential to deter bad-faith or malicious disclosures. Explain that deliberate false reports or those made with malicious intent may lead to disciplinary action. This ensures that the policy is used responsibly while maintaining a fair and transparent culture.
8. Include a section on external reporting (Prescribed Persons)
In cases where employees don’t feel comfortable reporting internally, they should have the option to contact prescribed persons or bodies, such as the Health and Safety Executive (HSE) or the Financial Conduct Authority (FCA). List these bodies in your policy, explaining that whistleblowers still receive protection under PIDA when reporting to a prescribed person.
9. Provide guidance on legal and regulatory compliance
Explain how your policy complies with UK regulations. Each country has its own laws regarding whistleblowing. For businesses operating internationally, tailor your policy to ensure compliance with local laws where you operate. In the UK, PIDA sets the legal framework, but international offices may have different requirements.
10. Review and update the policy regularly
Whistleblowing laws and regulations evolve. It’s important to regularly review and update your policy to ensure ongoing compliance with the latest legislation and best practices. Government reviews, such as the 2023 review of PIDA, may result in changes to the framework.
Whistleblowing software and its role in supporting whistleblowing policies
A well-written whistleblowing policy is an essential starting point for fostering transparency, but it becomes more effective when paired with dedicated whistleblowing software. Solutions like SpeakUp offer an extra layer of security and anonymity for employees reporting wrongdoing. These platforms streamline the reporting process, provide anonymity options, and ensure that reports are handled promptly.
By integrating whistleblowing software into your policy, you reduce the risk of missed reports and make it easier for employees to speak up without fear. This technology also helps companies remain compliant by securely storing records of all reports and investigations, which is crucial during audits or legal reviews.
Beyond the policy: fostering a speak up culture
Creating an effective whistleblowing policy goes beyond legal compliance. An organisation should also invest time into building a speak up culture. While misconduct happens, and chances are they will continue to, managing and addressing issues quickly is key to minimising harm.
Therefore, building a strong speak-up culture fosters trust and accountability, empowering employees to raise concerns and enabling organisations to handle issues before they escalate.
Frequently asked questions about Whistleblowing Policy in the UK
What is a whistleblowing policy?
A whistleblowing policy outlines how an organisation handles concerns raised by employees regarding illegal, unethical, or unsafe practices within the company. It ensures that employees feel safe to report misconduct without fear of retaliation. In the UK, whistleblower protection is governed by the Public Interest Disclosure Act 1998 (PIDA).
Why is a whistleblowing policy important?
A whistleblowing policy is crucial for promoting a culture of transparency and accountability. It helps organisations detect and address potential issues early, protecting the business from legal risks and fostering trust among employees. It also complies with UK law, which mandates protection for whistleblowers.
Can you give an example of a whistleblowing policy?
An effective whistleblowing policy might include the following components:
- A clear definition of whistleblowing, differentiating it from personal grievances.
- Steps for employees to report concerns, such as confidential phone lines, online reporting tools, or direct contact with HR.
- A section that explains protection against retaliation and confidentiality measures for whistleblowers.
For instance, an employee could report financial mismanagement or a health and safety violation through a confidential reporting system, with assurance that their identity will be protected.
What is the difference between whistleblowing policy and procedure?
A whistleblowing policy outlines the organisation's commitment to ethical practices and the protection of whistleblowers, while the procedure provides the step-by-step process for how employees should report concerns. The procedure includes how to file a report, whom to contact, and what actions will be taken after the report is received.
How does a whistleblowing policy protect employees?
In the UK, the Public Interest Disclosure Act 1998 (PIDA) protects employees who report wrongdoing in good faith. A robust whistleblowing policy ensures that employees who report concerns will not face retaliation, such as unfair dismissal, demotion, or harassment. It also guarantees confidentiality and provides clear channels for reporting.
How do you create a whistleblowing policy template?
A whistleblowing policy template should include:
- A definition of whistleblowing and examples of reportable issues (e.g., fraud, health and safety violations).
- Clear reporting channels, including anonymous reporting options.
- Confidentiality guarantees for employees who raise concerns.
- A description of the investigation process, including timelines for acknowledging and resolving reports.
- Assurance of protection against retaliation for employees who speak up.
- Guidelines on handling bad-faith or malicious reports.
Using whistleblowing software like SpeakUp can simplify the reporting process, making it easier for organisations to handle reports efficiently while maintaining confidentiality.
What should a whistleblowing policy include?
An effective whistleblowing policy should cover:
- Definition of whistleblowing: Clarify what counts as whistleblowing and provide examples.
- Reporting process: Detail the steps for reporting misconduct, offering multiple channels.
- Confidentiality: Explain how the organisation will protect the whistleblower's identity.
- Protection against retaliation: State explicitly that employees who report concerns will be protected under PIDA.
- Investigation process: Outline how the organisation will handle reports and provide feedback.
External reporting options: Include information on how employees can report to prescribed bodies if necessary.
Get the whistleblowing tools you need for compliant case management
Got questions about your current whistleblowing policy?
We’ve turned 20 years of experience with whistleblowing compliance into advanced software tools. Use these to make your whistleblowing workflows simple and efficient.