Does your nonprofit adequately protect whistleblowers?

Published January 1, 2019

Whistleblower policies protect individuals who risk their careers — or take other kinds of risks — to report illegal or unethical practices. Although no federal law specifically requires nonprofits to have such policies in place, several state laws do. Moreover, IRS Form 990 asks nonprofits to state whether they have adopted a whistleblower policy.

Adopting a whistleblower policy increases the odds that you’ll learn about activities before the media, law enforcement or regulators do. Encouraging stakeholders to speak up also sends a message about your commitment to good governance and ethical behavior.

Be inclusive

Your policy should be tailored to your organization’s unique circumstances, but most policies should spell out who’s covered. In addition to employees, volunteers and board members, you might want to include clients and third parties who conduct business with your organization, such as vendors and independent contractors.

Also specify covered misdeeds. Financial malfeasance often gets the most attention, but you might also include violations of organizational client protection policies, conflicts of interest, discrimination and unsafe work conditions.

And how should whistleblowers report their concerns? Must they notify a compliance officer or can they report anonymously? Is a confidential hotline available? Whom can whistleblowers turn to if the designated individual is suspected of wrongdoing?

Investigate thoroughly

Covered individuals and other stakeholders need to know how you’ll handle reports once they’re submitted. Your policy should state that every concern will be promptly and thoroughly investigated and that designated investigators will have adequate independence to conduct an objective query.

Also describe what will happen after the investigation is complete. For example, will the reporting individual receive feedback? Will the individual responsible for the illegal or unethical behavior be punished? If your organization opts not to take corrective action, document your reasoning.

Stress confidentiality

Don’t forget to stress confidentiality. Explain in your policy that it may not be possible to guarantee a whistleblower’s identity if he or she needs to become a witness in criminal or civil proceedings. But promise you’ll protect confidentiality to the extent possible. Finally, be sure to have your attorney review your whistleblower policy.

Please contact us for additional information

US Department of Labor releases information for 2025 annual benefits plan report/return filings

The U.S. Department of Labor today announced that its Employee Benefits Security Administration joined the Internal Revenue Service and Pension Benefit Guaranty Corp. in releasing informational copies of the 2025 Form 5500, Form 5500-SF, IRS Form 5500-EZ, IRS Form 5558 and related instructions online. The full article is available here: https://www.dol.gov/newsroom/releases/ebsa/ebsa20251215 Please contact us with […]

What is Peer Review and Why Is It Important

Organizations and individuals around the country rely on audit reports issued by CPA firms. When a CPA firm signs an audit report, they are certifying that they have done what is required by generally accepted auditing standards in order to issue that report. But who checks up on the CPA firm to make sure they […]

PBGC Premium Filing Due Date Change for 2025 Plan Years

PBGC Premium Filing Due Date Change for 2025 Plan Years - premiums are due one month earlier than usual On January 6, 2025, the Pension Benefit Guaranty Corporation (PBGC) issued Technical Update 25-1, providing important guidance to sponsors of PBGC-covered1 single-employer and multiemployer defined benefit (DB) plans regarding the change in the timing of PBGC […]