This section provides guidance in relation to the requirement that an organisation should implement procedures which enable personnel to report suspected or actual corruption, or breach of the anti-corruption policy or programme, in a safe and confidential manner (Measure 18 of the Anti-Corruption Programme for Organisations).

A proper reporting system is necessary to enable an organisation to prevent and detect corruption.   It will also provide personnel with some assurance that the organisation intends to implement its anti-corruption policy properly.

Features of a corruption reporting procedure

  1. The organisation should implement a reporting procedure under which personnel are required or encouraged to report to the organisation as soon as reasonably possible any suspected or actual corruption or breach of the anti-corruption policy or programme.
  2. Personnel should be appropriately informed about the reporting procedure:
    • Personnel should be informed about the reporting procedure by it being:
      • directly communicated to all personnel (electronically or in hard copy)
      • published on the organisation’s web-site
      • displayed on the notice board at each of the organisation’s offices.
    • Personnel should be further informed and reminded about the reporting procedure:
      • by it being referred to in training
      • by issuing personnel with periodic reminders (e.g. annually) from an appropriate manager (preferably the chief executive or equivalent) emphasising the organisation’s commitment to ethical practice and requiring or encouraging personnel to report any concerns so as to help the organisation comply with its commitments.
    • If any jurisdiction in which the organisation operates has a legal duty to report corruption or suspicion of corruption, then this legal duty, and the consequences of any breach of this legal duty, should be clearly notified to personnel.
  3. The reporting procedure should identify to whom reports should be made. There are several alternative methods:
    • The procedure may nominate one specified person to whom personnel should report (e.g. the compliance manager).
    • The procedure may require personnel to report in the first instance any concern to their line manager, and only to escalate the report to the compliance manager or other appropriate manager in the event that:
      • personnel have no confidence in the integrity or reliability of the line manager, or
      • the line manager is the subject of or is implicated in the report; or
      • the line manager fails to take appropriate action.
    • The system may require or enable personnel to report to an external reporting facility. If the report is to an external reporting facility, the organisation must ensure that the external reporting facility as soon as possible passes the report to an appropriate senior person within the organisation to deal with the issue. If the compliance manager is not the recipient of reports, then the compliance manager should be notified of all reports.
  4. The reporting procedure should identify how reports should be made.  As the system should (unless prohibited by law) allow anonymous and confidential reporting (see below), then at least one of the reporting options available should permit anonymity. There are several alternative methods:
    • in person
    • by e-mail
    • by telephone
    • by an on-line contact form
    • by letter.
  5. The reporting facility should be available and easily accessible to all personnel.
  6. Anonymous reporting should be permitted (if and to the extent that applicable laws allow this).
  7. The organisation should keep the identity of personnel who make a report, and those named in the report, confidential unless:
    • the organisation is required by law to disclose this information
    • the person making the report, or named in the report, agrees to disclosure of his/her name.
  8. The reporting procedure should ensure that personnel can seek advice from a specified person or organisation (which could be the compliance manager or other appropriate manager, or a third party advisor):
    • on what to do if faced with a concern or situation which could involve corruption (See Dealing with Corruption – Individuals)
    • on how and when they can report to appropriate external authorities, such as criminal investigation authorities.
  9. The reporting procedure should ensure that any report received is passed on as soon as possible to an appropriate person within the organisation for investigation and appropriate action (see Measure 19 Investigating and Dealing with Corruption). The person who has the responsibility to deal with these reports could be the compliance manager, or other appropriate manager, or the board. This person should be independent of any issues which are the subject of the report.
  10. The organisation should ensure that:
    • personnel who made the report are protected from retaliation after raising a concern in good faith or on the basis of a reasonable belief
    • it is a disciplinary offence for personnel to retaliate against someone who raises a concern in good faith or on the basis of a reasonable belief.
  11. The organisation should ensure that all reasonable steps are taken to protect the safety of any individual who raises a concern in good faith or on the basis of a reasonable belief.
  12. The individual who made the original report should be kept informed of the action being taken to the extent that this information does not prejudice any investigation or endanger anyone’s safety.
  13. The reporting procedures, and any reports made under them, should be documented by the organisation.
  14. These reporting procedures can be stand-alone anti-corruption reporting procedures, or may be the same as, or form part of, those used for the reporting of other issues of concern (e.g. safety, discrimination, bullying).

Implementation checklist for Measure 18

  1. The organisation should prepare a written reporting procedure which is compliant with the above requirements.
  2. The organisation should appoint a suitable person(s) to receive reports, and a suitable person(s) to investigate reports. This could be the same person for both functions, or different persons. The persons appointed could be internal or external.  They should be independent of the matters reported or likely to be reported.
  3. The organisation should publish the reporting procedure to its personnel, electronically or in hard copy, and on the organisation’s relevant office notice boards. A copy should also be published on the organisation’s web-site or intranet. Reminders should be sent out at least annually to personnel.
  4. The organisation should investigate and deal appropriately with all received reports in accordance with Measure 19 Investigating and Dealing with Corruption.
  5. The compliance manager should periodically review any reports received and the outcomes to ensure that the system is working appropriately.
  6. A summary of any reports received and outcomes should be sent to the board as soon as possible in the case of a serious issue, and at least annually in the case of minor issues.

Updated on 10th April 2020