Whistleblower Policy — Nonprofit Corporation

WHISTLEBLOWER POLICY

[ORGANIZATION NAME]

TABLE OF CONTENTS

1. Purpose
2. Scope
3. Definitions
4. Reporting Procedures
5. Confidentiality
6. Anti-Retaliation Protection
7. Investigation Process
8. Record Keeping
9. Compliance Officer
10. Document Retention and Integrity
11. Board Oversight
12. Acknowledgment Form
13. State-Specific Notes
14. Sources and References

1. PURPOSE

[________________________________________] (the "Organization") is committed to maintaining the highest standards of ethical conduct, legal compliance, and financial integrity. This Whistleblower Policy establishes a mechanism for employees, board members, volunteers, and other stakeholders to report suspected violations of law, regulations, or organizational policies without fear of retaliation.

This policy is adopted in accordance with the governance standards recommended by the Internal Revenue Service for tax-exempt organizations under IRC § 501(c)(3), and in compliance with the applicable provisions of the Sarbanes-Oxley Act of 2002.

2. SCOPE

This policy applies to:

☐ All directors and officers of the Organization

☐ All employees (full-time, part-time, and temporary)

☐ All volunteers

☐ All contractors and consultants

☐ Any individual who has a reasonable basis for believing that a violation has occurred

3. DEFINITIONS

3.1 — Reportable Conduct. This policy covers reports of:

(a) Fraud, embezzlement, or theft of organizational assets;

(b) Falsification of financial records or statements;

(c) Violations of the Organization's conflict of interest policy;

(d) Violations of federal, state, or local law;

(e) Abuse of authority or mismanagement;

(f) Actions that endanger the health or safety of employees, volunteers, clients, or the public;

(g) Actions that jeopardize the Organization's tax-exempt status;

(h) Destruction, alteration, or concealment of documents to obstruct an investigation (SOX § 802; 18 U.S.C. § 1519);

(i) Retaliation against any person who has reported in good faith under this policy;

(j) Other conduct that violates the Organization's policies, code of ethics, or applicable regulations.

3.2 — Good Faith. A report is made in "good faith" when the reporting individual has a reasonable basis for believing the information provided is true. Good faith does not require certainty that a violation has occurred. Reports that are knowingly false or made with malicious intent are not protected.

3.3 — Retaliation. Any adverse action taken against an individual because they have made a good faith report, participated in an investigation, or refused to participate in a suspected violation. Retaliation includes, but is not limited to: termination, demotion, suspension, threats, harassment, discrimination, or any other adverse employment action.

4. REPORTING PROCEDURES

4.1 — How to Report. Individuals who suspect or become aware of reportable conduct should report through one or more of the following channels:

☐ Direct Report to Supervisor (unless the supervisor is involved in the suspected conduct)

☐ Compliance Officer / Designated Recipient:
Name: [________________________________________]
Title: [________________________________________]
Phone: [________________________________________]
Email: [________________________________________]

☐ Board Chair or Audit Committee Chair:
Name: [________________________________________]
Phone: [________________________________________]
Email: [________________________________________]

☐ Anonymous Reporting: [________________________________________]
(e.g., anonymous hotline, online portal, or physical drop box)

☐ External Reporting: Individuals always retain the right to report suspected illegal activity directly to appropriate governmental authorities, including law enforcement, the IRS, or the state attorney general.

4.2 — What to Include. Reports should include:

(a) A description of the suspected violation;

(b) The approximate date(s) and location(s) of the conduct;

(c) The names of individuals involved (if known);

(d) Any supporting documentation or evidence; and

(e) Contact information (unless reporting anonymously).

4.3 — Timing. Reports should be made as promptly as possible after the reporter becomes aware of the suspected violation.

5. CONFIDENTIALITY

5.1 — Protection of Identity. The Organization shall make every reasonable effort to protect the confidentiality of the reporting individual's identity, consistent with the need to conduct a thorough investigation and comply with applicable law.

5.2 — Limitations. Absolute confidentiality cannot be guaranteed, as the Organization may be required to disclose the reporter's identity in connection with legal proceedings, government investigations, or as necessary to conduct an adequate investigation.

5.3 — Anonymous Reports. Anonymous reports will be accepted and investigated to the extent feasible. However, the Organization's ability to investigate may be limited by the lack of follow-up ability.

6. ANTI-RETALIATION PROTECTION

6.1 — Prohibition. The Organization strictly prohibits retaliation against any individual who makes a good faith report of suspected violations, participates in an investigation, or refuses to engage in conduct that would violate applicable law or the Organization's policies.

6.2 — Federal Law. Under Sarbanes-Oxley Act § 1107 (18 U.S.C. § 1513(e)), it is a federal crime — punishable by fine and/or imprisonment up to 10 years — to knowingly retaliate against any person for providing to a law enforcement officer truthful information relating to the commission or possible commission of any federal offense.

6.3 — Consequences of Retaliation. Any employee, director, officer, or volunteer who engages in retaliation shall be subject to disciplinary action, up to and including termination of employment or removal from the Board.

6.4 — Reporting Retaliation. Individuals who believe they have experienced retaliation should report it immediately to the Compliance Officer or Board Chair using the procedures in Section 4.

7. INVESTIGATION PROCESS

7.1 — Acknowledgment. Upon receipt of a report, the Compliance Officer (or designee) shall acknowledge receipt within [____] business days (unless the report is anonymous).

7.2 — Initial Assessment. The Compliance Officer shall conduct a preliminary assessment to determine whether the report involves potentially reportable conduct warranting a formal investigation.

7.3 — Investigation. If a formal investigation is warranted:

(a) An impartial investigator shall be assigned (internal or external, as appropriate);

(b) The investigation shall be conducted promptly, thoroughly, and fairly;

(c) All relevant documents shall be preserved (see Section 10);

(d) Individuals interviewed shall be advised of the anti-retaliation protections;

(e) The accused individual shall be afforded an opportunity to respond to the allegations;

(f) Legal counsel shall be consulted as necessary.

7.4 — Findings. The investigator shall prepare a written report of findings and recommendations. The report shall be presented to the [Compliance Officer / Audit Committee / Board of Directors].

7.5 — Corrective Action. Based on the investigation findings, the Organization shall take appropriate corrective action, which may include:

(a) Changes to policies, procedures, or internal controls;

(b) Disciplinary action against the individuals responsible;

(c) Recovery of misappropriated assets;

(d) Referral to law enforcement or regulatory authorities;

(e) Filing of amended tax returns (if applicable).

7.6 — Notification. The reporting individual shall be informed of the outcome of the investigation to the extent appropriate and consistent with confidentiality and legal requirements.

8. RECORD KEEPING

All reports, investigation records, and outcomes shall be maintained in a secure, confidential file for a minimum of [____] years. Records shall be accessible only to the Compliance Officer, legal counsel, and Board members with a need to know.

9. COMPLIANCE OFFICER

9.1 — Designation. The Board of Directors shall designate a Compliance Officer responsible for administering this policy. The Compliance Officer shall:

(a) Receive and track all reports;

(b) Coordinate investigations;

(c) Maintain confidential records;

(d) Report to the Board or Audit Committee on a [quarterly / semi-annual / annual] basis;

(e) Ensure all staff and volunteers receive training on this policy.

9.2 — Independence. The Compliance Officer shall have direct access to the Board Chair and/or Audit Committee Chair and shall not be subject to undue influence by management.

9.3 — Reports Involving the Compliance Officer. If a report involves the Compliance Officer, the report shall be directed to the Board Chair or Audit Committee Chair.

10. DOCUMENT RETENTION AND INTEGRITY

In accordance with Sarbanes-Oxley Act § 802 (18 U.S.C. § 1519):

(a) No director, officer, employee, or agent shall knowingly destroy, alter, conceal, cover up, falsify, or make a false entry in any record, document, or tangible object with the intent to impede, obstruct, or influence an investigation.

(b) Violations of this provision are a federal felony punishable by fine and/or imprisonment up to 20 years.

(c) All records relevant to an actual or anticipated investigation or legal proceeding shall be preserved immediately upon notification of the investigation (litigation hold).

11. BOARD OVERSIGHT

11.1 — Annual Review. The Board shall review this policy annually and update it as necessary.

11.2 — Training. All directors, officers, employees, and volunteers shall receive training on this policy upon hiring or appointment and annually thereafter.

11.3 — Form 990 Disclosure. The Organization shall accurately report the existence and scope of this policy on IRS Form 990, Part VI, Line 13.

12. ACKNOWLEDGMENT FORM

[ORGANIZATION NAME] — Whistleblower Policy Acknowledgment

I, the undersigned, acknowledge that:

☐ I have received a copy of the Organization's Whistleblower Policy.

☐ I have read and understand the policy.

☐ I understand the procedures for reporting suspected violations.

☐ I understand the anti-retaliation protections provided by this policy and by law.

☐ I agree to comply with this policy.

Name (printed): [________________________________________]

Title / Position: [________________________________________]

Signature: ___________________________________________

Date: [__/__/____]

13. STATE-SPECIFIC NOTES

SOURCES AND REFERENCES

• IRS, "Governance and Related Topics — 501(c)(3) Organizations," https://www.irs.gov/pub/irs-tege/governance_practices.pdf
• IRS Form 990 Instructions, Part VI, Line 13
• Sarbanes-Oxley Act of 2002, §§ 802, 806, 1107
• 18 U.S.C. §§ 1513(e), 1514A, 1519
• Hurwit & Associates, "Sarbanes-Oxley and Nonprofit Organizations," https://www.hurwitassociates.com/nonprofit-financial-accountability-sarbanes-oxley/sarbanes-oxley-and-nonprofit-organizations/
• Public Counsel, "Form 990 Policy Series — Whistleblower Policy," https://publiccounsel.org/wp-content/uploads/2025/09/Form-990-Series-Whistleblower_Memo.pdf
• National Council of Nonprofits, https://www.councilofnonprofits.org