Whistleblower policies encourage staff, volunteers and others to discreetly provide credible information on illegal practices or violations of organizational policies. They protect individuals who risk their careers or take other kinds of risks to report illegal or unethical practices. According to its Report to the Nations, the Association of Certified Fraud Examiners identified tips as the No. 1 method by which fraud is detected. Whistleblower policies (and the use of hotlines) are important to ensuring tips are received by the organization. IRS Form 990 asks nonprofits to report whether they’ve adopted a whistleblower policy. And although no federal law specifically requires organizations to have such policies in place, several state laws do.

Policy essentials

Your whistleblower policy should be tailored to your not-for-profit’s unique circumstances. But here are some general tips to consider when forming, or refining, your policy’s provisions:

1. Be clear about whom the policy covers. Spell out who’s covered by your policy. In addition to employees, volunteers and board members, you might want to include clients and third parties that conduct business with your organization, such as vendors and independent contractors.

2. State which types of wrongdoing are covered. Financial misdeeds often get the most attention, but whistleblower policies can have a longer reach. For example, you might include violations of your organization’s client protection policies, conflicts of interest and unsafe work conditions.

3. Spell out reporting procedures. Explain the procedures for reporting concerns. Must claims be made to a compliance officer or can they be reported anonymously? Is a confidential hotline available? Whom can whistleblowers turn to if the designated individual is suspected of wrongdoing? Your procedures should be clear and simple enough to encourage individuals to come forward.

4. Describe investigative procedures. State that every concern raised by a whistleblower will be promptly and thoroughly investigated and that designated investigators will have adequate independence to conduct an objective query. Ideally, investigators should report directly to your nonprofit’s board of directors.

5. Describe postinvestigation steps. Let everyone know what will happen after the investigation is complete. For instance, will the reporting individual receive feedback? Will the individual responsible for the illegal or unethical behavior be punished? If your organization opts not to take corrective action, be sure to document your reasoning.

6. Promise confidentiality. A guarantee of confidentiality can make whistleblowing more appealing. But it may not be possible to make such promises if whistleblowers need to become witnesses in criminal or civil proceedings. However, your policy should assure confidentiality to the greatest extent possible.

7. Describe disciplinary action. Not every whistleblower is motivated by pure intentions. State that your organization will take disciplinary action against individuals who make unfounded allegations that are reckless, malicious or intentionally false.

8. Forbid retaliation. A critical component of a whistleblower policy is the prohibition against retaliation. Make clear that no retaliation — including harassment, termination or blacklisting — will be tolerated against anyone who raises concerns about potentially illegal or otherwise wrongful practices in good faith. “Good faith” means the individual has a reasonable belief that a problem exists. Specify the party to whom complaints of retaliation can be addressed. Violators should be disciplined promptly and appropriately.

A strong commitment

Whistleblower policies send a strong message about your commitment to good governance and ethical behavior. Make sure that your policy echoes your adherence to an environment of accountability and employee empowerment.