A FTSE250 Assistant Company Secretary writes...
“Within your organisation who ‘owns’ the Whistleblowing Policy i.e. is responsible for writing it, its implementation and regular review? Is the same person/team responsible for monitoring and reviewing any reports made in accordance with the policy? i.e. determining whether a report made under the policy is actually a grievance rather than a genuine concern?”
The Compliance monitoring team, which reports to the General Counsel and Company Secretary, monitors and reviews the whistleblowing reports and investigates them accordingly. Whistleblowing period reports are regularly considered by the Audit Committee at each meeting. The Compliance monitoring team would also report matters of significance to the Chairman and CEO where appropriate, with serious incidents notified to the Audit Committee members.
I would normally say the owner is the Company Secretary, in the way described in most of the previous comments. However in my current company although oversight rests on the Audit Committee and as such the Company Secretary is bound to be involved, the policy is effectively owned by the HR Director working closely with the Group Security Director.
The whistleblowing policy is part of the suite of governance policies. It is owned by the GC&CS in terms of its review, revision and ensuring it is tabled at Board meetings.
Promoting the context of the policy is a wider task for CoSec from the induction process for new starters, through to various types of marketing, using internal communication channels. The confidential reporting service is supplied through a 3rd party. When cases are reported, only the GC&CS and other senior members in the Co Sec team are alerted. Depending on the nature of the concern it is then decided which other stakeholders are relevant to deal with the matter from there.
Any significant concerns are reported to the Audit Committee.
There is a whistle blowing Committee. However, the Policy itself is a governance one and therefore “owned” by Group Secretariat. Any changes made to this Policy require Board approval.
we have a corporate compliance committee comprising reps from Legal, HR, Security and Finance and allocate cases to the relevant discipline. I chair this as GC/Company Secretary.
As Group Company Secretary I prepare, update and communicate the policy and procedure in the Company. Reports initially come to me from a 3rd party provider and investigations are coordinated through me with support of appropriate/non conflicted senior management.
Reports and detail of investigations and actions taken are shared quarterly with the Audit Committee. Key is to keep the policy visible to all employees and give absolute assurance about confidentiality and zero tolerance towards any form of recrimination.
The Group Council/Company Secretary “owns” the policy in the manner described. Any notifications go to that person.
The Group Council/Company Secretary “owns” the policy in the manner described. Any notifications go to that person, and also to the head of internal audit
The policy is on our audit committee agenda for an annual sign off. As company secretary I amend it as required and work with HR to produce a report for the board at each audit committee on any reports made. Again if we get a report I would meet with HR to assess if it is a genuine concern and how it should be dealt with.