Skip to content
WalnutsHR is now live β€” try Pro free for 30 days. Start free
Skip to content
walnutsHR

Whistleblower (speak-up) policy

A whistleblower / speak-up policy with multiple reporting channels, an anti-retaliation clause, and a clear investigation process.

Live documentReviewed for United States (general)

Whistleblower & Speak-Up Policy

Effective

1. Purpose

The Company depends on people raising concerns about wrongdoing β€” from accounting irregularities to safety violations to code-of-conduct breaches. This policy describes the channels available, the protections for people who use them, and how the Company investigates.

2. What can be reported

This policy covers reports of: violations of law or regulation; financial reporting irregularities, fraud, or theft; breaches of the Company's Code of Conduct; bribery or corruption; harassment, violence, or discrimination; safety hazards; environmental violations; misuse of Company assets; and any other conduct an employee reasonably believes to be improper. Reports may be made about Company employees, officers, directors, contractors, or agents.

3. How to report

Primary channel: .

Alternate channel (when the report involves the primary contact): .

Board / audit-committee channel (for material reports against executives or the alternate contact): .

Reports may be made by name, with a request for confidentiality, or anonymously where local law permits and the channel supports it. Anonymous reports may limit the Company's ability to investigate fully β€” providing contact information helps.

4. Good-faith standard

Reports made in good faith β€” meaning the reporter has a reasonable basis for the concern, even if it later proves unfounded β€” are protected. Reports made knowing them to be false, or with reckless disregard for their truth, are not protected and may themselves be subject to discipline.

Page 1 of 3

5. No retaliation

The Company prohibits retaliation against anyone who makes a good-faith report, supports another person's report, or participates in an investigation. Retaliation includes termination, demotion, schedule changes, exclusion from meetings, increased scrutiny, hostile treatment, or any other adverse action that would not have occurred but for the report. Retaliation is itself a violation of this policy and is treated as serious misconduct.

6. Investigation process

Reports are reviewed promptly. Where a substantive investigation is warranted, an investigator (internal or external, depending on subject matter and conflicts) is appointed. Confidentiality is preserved to the extent compatible with conducting a fair investigation. The Company aims to communicate the outcome to the reporter and the subject of the report in writing, while respecting privacy obligations.

7. External recourse

Nothing in this policy limits anyone's right to report concerns externally β€” to a regulator, the police, the labour board, securities regulators, or other competent authorities. The Company will cooperate with any such external investigation as required by law and will not retaliate against anyone for making such a report.

8. Review & metrics

The Company tracks the volume and resolution of reports for trend analysis. Aggregated, anonymized statistics may be shared with the board or audit committee. Individual report details are kept confidential to the people who need to know to investigate.

Page 2 of 3

Β Approved by
Name
Date

Made with WalnutsHR Paper Β· Reviewed for United States (general) Β· April 2026

Page 3 of 3

No compliance hints for this jurisdiction yet β€” your document looks good for the basics. Have a lawyer review before sending anything consequential.

About this template

A whistleblower policy is a quality-control mechanism for the company itself. The companies that handle scandals well almost always had a working speak-up channel; the ones that handle them badly almost always didn't.

When to use it

  • You're publishing or refreshing a handbook.
  • You're preparing for an audit, regulatory inquiry, or fundraising.
  • You operate in regulated industries (public companies must have one under SOX / NI 52-110 in Canada).

What to include

  • Multiple reporting channels β€” including one for reports against the primary contact.
  • A board / audit-committee channel for material reports against executives.
  • Anonymous reporting where supported.
  • A good-faith standard and explicit anti-retaliation language.
  • A defined investigation process.
  • Explicit statement that nothing prevents external reports to regulators.

Frequently asked questions

Should we use an external hotline service?

For companies past 100 employees, yes β€” a third-party hotline (EthicsPoint, NAVEX, Whistleblower Security) provides 24/7 multilingual coverage, anonymity, and audit-trail features that are hard to replicate internally. Below 100, the alternate-contact pattern in this template is usually enough.

What if the report involves the CEO?

Route it to the audit committee chair directly. Public companies are required to have this channel; private companies should set one up before they need it. Document the contact in this policy.

Can we have a 'no anonymous reports' rule?

Functionally you can, but you'll get fewer reports. Most modern policies allow anonymous reporting and ask the reporter to provide contact information voluntarily. Some jurisdictions (parts of the EU, Quebec) restrict anonymous-only reporting under privacy law.

Legal disclaimer. Public companies in Canada and the US are required to have a whistleblower channel under audit-committee rules (SOX 301 in the US, NI 52-110 in Canada). Many regulators offer financial bounties for tips (SEC, CFTC, OSC); your policy should not, and cannot, prevent employees from reporting to those programs. In Quebec, the Securities Act provides additional whistleblower protections. Have a corporate / securities lawyer review the policy before adopting it for a public or near-public company.

Related templates

Code of conduct

A concrete code of conduct covering integrity, respect, conflicts of interest, confidentiality, and reporting channels β€” designed to be readable and enforceable.

Open

Workplace harassment & violence policy

A statutorily required harassment, violence, and discrimination policy with jurisdiction-specific reporting language and statutory references.

Open

Save it. Brand it. Sign it.

Sign up free to save your templates, brand them with your logo, and send for e-signature β€” all from your WalnutsHR dashboard.

Get started for free Try the demoView pricing

30-day free trial Β· No credit card required