Whistleblower investigation process: how to prepare for an internal investigation

The most important steps to follow in order to successfully investigate whistleblowing cases in an efficient way
Sabine Stöhr
Chapters

With the EU Whisteblowing Directive introducing strict new compliance requirements, companies across Europe have had to move fast to introduce a whistleblowing system. But how do they deal with incoming reports now? We have summarised the four most important steps when it comes to the internal investigation process of a whistleblowing case.

A man is smoking a pipe while looking through a magnifier.

Step 1: Separate the wheat from the chaff

First and foremost, you should identify reports that are not compliance-relevant or are even denunciatory. For example, complaints revolving around personal grievances do not need to be investigated. 

Nevertheless, it is important to provide feedback to the whistleblower and, where appropriate, take action if an abusive report has been made that is clearly in breach of internal policies.

Step 2: Contact the whistleblower

Establish communication with the whistleblower as soon as possible. If a response to the whistleblowing report is not provided within a few days, you risk employees losing confidence in your whistleblowing system and its credibility being damaged. Ideally, develop a whistleblower feedback template in advance so that you can react to reports quickly. 

If a report doesn’t contain sufficient grounds to suspect actual misconduct, be sure to ask the whistleblower to provide more detailed information on the incident in question. Digital whistleblowing systems allow whistleblower communication by means of integrated mailbox functions.

It is important to remember that in EU member states, the new Whistleblowing Directive has made communication between the organisation and the whistleblower mandatory. The person speaking up must be updated about the progress of the investigation at regular intervals. 

Step 3: Get to the bottom of things

Internal investigations should be initiated promptly if there is sufficient evidence to indicate that a compliance violation has occurred. The bulk of the investigation generally consists of the evaluation of documents (including evidence received from the whistleblower), as well as interviews with employees and potential further discussions with the whistleblower. 

When doing this, make sure to comply with labor law, confidentiality and data protection requirements. Ideally, all relevant documents and investigation results should be saved in the secure Case Management area of your whistleblowing system.

Step 4: Take corrective measures

After the completion of any investigation, you will need to summarize results for management, including any corrective measures that have been taken or are planned. Sanctions and other processes should be transparently communicated within the organization. At the end of the investigation, close the incident in your Case Management system and anonymize any collected personal data, if necessary. For reporting and archiving purposes, all cases should remain within the whistleblower system.

To sum things up:

Whistleblowing Report

A comprehensive study on whistleblowing in European companies

Share this blog post on

Sabine Stoehr contact image | integrityline.com
Sabine Stöhr
Senior Product Manager | EQS Group
As Senior Product Manager for EQS Integrity Line Sabine is an expert on the implementation of whistleblowing systems. She is based in our Zurich office.
Despite often having a negative image, whistleblowers are not snitches, informants or traitors. In fact, they can actually prove hugely beneficial for companies.