Whistleblowers are integral to corporate governance, acting as sentinels who detect and report unethical practices, fraud, and corruption within organizations. Their role is crucial in fostering a culture of transparency, integrity and accountability, which are foundational principles of good corporate governance. By bringing to light internal malpractices, whistleblowers help prevent financial scandals, protect shareholder interests, and maintain public trust in corporate entities. Legally, they contribute to the enforcement of regulatory compliance and ethical standards, ensuring that companies operate within the bounds of the law.
As such, countries worldwide have enacted laws to protect whistleblowers in the corporate sector. The Public Interest Disclosure Act of 1988 applies to all employees in the UK, including private, public, and voluntary sectors, protecting them from detrimental treatment or victimization for whistleblowing in the public interest. The Sarbanes-Oxley Act (SOX) of 2002 mandates listed companies in the US to establish internal whistleblowing systems, protecting corporate whistleblowers who report financial and securities violations, with specific responsibilities placed on audit committees to handle such complaints confidentially and anonymously.
In the Indian context, whistleblowers have been instrumental in exposing significant corporate and governmental frauds, thus underscoring the need for robust legal protections. But India's key legislation, the Whistle Blowers Protection Act of 2014, only provides a mechanism to receive complaints related to allegations of corruption or willful misuse of power by public servants. Although complaints against public servants employed in public sector undertakings can be made under this Act to the Central Vigilance Commission, it excludes from its ambit any other corporate entity. With respect to the corporate sector, only certain provisions of the Companies Act, 2013, and SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, provide mechanisms for reporting and safeguarding whistleblowers.
Companies Act and Rules
In 2002, the Securities and Exchange Board of India (SEBI) constituted a committee on corporate governance, headed by Shri N. R. Narayana Murthy, which recommended a mandatory whistleblower policy for listed companies in India. But due to resistance from the corporate sector, it was not until the enactment of India's Companies Act that this requirement became mandatory. Section 177 of the Companies Act, 2013, provides for the establishment of a vigil mechanism at every listed company or such classes of companies as prescribed, under the oversight of the audit committee. This mechanism aims to provide a platform for the directors and employees of these companies to report genuine concerns and shall provide adequate safeguards to prevent victimization of such whistleblowers. A provision for direct access to the chairperson of the audit committee must also be provided under exceptional circumstances. Further, the details of the establishment of this vigil mechanism must be disclosed by the company on its website as well as its board of directors report. The code for independent directors, as provided under Schedule IV of the Act, lists one of the duties of independent directors as ensuring the proper functioning of the vigil mechanism. It must be noted that the failure by a listed company in adopting a vigil mechanism shall attract a penalty of ten thousand rupees, and a further penalty of one thousand rupees in case of a continuing contravention.
Further, the Companies (Meeting of Board and its Powers) Rules, 2014, specifies the classes of companies to which the vigil mechanism applies and includes all companies which either accept deposits from the public or have borrowed money from banking and public financial institutions in excess of 500 million rupees. It also states that for companies with an audit committee, the committee shall oversee the vigil mechanism and in case of a conflict of interest of any of its members in a given case, such member or members shall recuse themselves. Whereas companies without an audit committee, shall nominate one of its directors to play the role of the audit committee in regards to overseeing the vigil mechanism. Moreover, the audit committee or the nominated director, has an option to take strict action including reprimand against any director or employee filing repeated frivolous complaints.
It's important to underscore that, unlike the Whistle Blower Protection Act of 2014, the Companies Act and its associated rules do not impose obligations on employers to protect data or ensure the confidentiality of the complainant, witnesses, the inquiry process, or the outcome of the complaint. Leaving such a critical element to the discretion of company-specific policies, without any regulatory oversight, is problematic. The protection of whistleblowers hinges on safeguarding this information and maintaining confidentiality.
SEBI Regulations
The SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, inter alia reiterate the obligations of listed entities in respect of whistleblowers as mentioned under the Companies Act. Specifically, Regulation 4 deals with the principles governing disclosures and obligations of listed entities and states that in order to recognize the rights of stakeholders of the company and encourage cooperation between the company and its stakeholders, this listed entity must devise an effective vigil mechanism or a whistleblower policy in order to enable all stakeholders, including employees and their representative bodies, to freely communicate any concerns about the illegal or unethical practices of the company. With respect to any listed entity which has listed its specified securities on any recognized stock exchange, the entity must formulate either a whistleblower policy or a vigil mechanism for its directors and employees to report genuine concerns, and this mechanism shall provide adequate safeguards against their victimization including providing direct access to the chairperson of the audit committee in appropriate cases.
Further, under a separate section on its website, the listed entity must inter alia provide details of the establishment of the vigil mechanism or whistleblower policy. Moreover, review of the functioning of the whistleblower mechanism also falls under the scope of work of the audit committee as mentioned Schedule II of the Regulations. Also, the annual reports of the listed entities must contain details pertaining to the establishment of the vigil mechanism and a disclosure that no individual has been denied access to the audit committee.
Similarly, the SEBI (Prohibition of Insider Trading) Regulations, 2015, requires listed entity to have a whistleblower policy and make their employees aware of such policy in order to enable them to effectively and fearlessly report instances of leak of unpublished price sensitive information i.e., insider information. These regulations also introduce the concept of an "informant," an individual who voluntarily provides SEBI with original information about violations of insider trading laws. This information must be original, derived from the informant's own knowledge or analysis, and not previously known to SEBI. SEBI has established an "Office of Informant Protection," responsible for receiving and registering voluntary information, maintaining confidentiality, and facilitating communication between the informant and SEBI. The office also interacts with the Informant Incentive Committee, which advises on rewards and other matters.
Whistleblowers are even incentivized with monetary rewards, up to 10% of the monetary sanctions imposed by SEBI, capped at 100 million rupees. Rewards can be granted either fully upon the issuance of a final order or as an interim reward up to 10 million rupees, with the remaining amount paid after the recovery of the sanctions. SEBI ensures confidentiality of the informant's identity, and the details provided, with specific measures in place to protect their anonymity. The legal representatives of informants play a crucial role in verifying information and maintaining confidentiality, further securing the whistleblower's identity and safety.
Way Forward
The recent discourse on whistleblower protection has emerged with the Law Commission of India's 289th Report, recommending specific legislation for the protection of trade secrets with exceptions for whistleblower protection, compulsory licensing, and government use, as well as a separate legislation for economic espionage. This report, dated March 5, 2024, reflects extensive consultations with legal experts and industry stakeholders, indicating a continued focus on strengthening whistleblower protections in India.
India has made significant strides in establishing a legal framework to protect whistleblowers, but challenges remain in effective implementation and enforcement. One such challenge is devising a similar mechanism applicable to private, unlisted and unincorporated entities and their employees. Strengthening these protections and fostering a supportive environment for whistleblowers is essential for enhancing corporate governance in India. By empowering whistleblowers, India can ensure greater accountability and integrity within its corporate sector, aligning with global practices.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.