PolicyKitGet started
All templates

Whistleblowing Policy template

Protected disclosure procedure under the UK Public Interest Disclosure Act 1998 (PIDA). Establishes confidential reporting channels, protected categories of disclosure, and non-retaliation protections. FCA-regulated firms have additional SYSC 18 obligations.

pidafca-sysc

Generate your whistleblowing policy in minutes

Answer a few questions about your business and PolicyKit produces a tailored, professionally structured document — ready to export as PDF or Word.

Generate free

About this document

A whistleblowing policy gives staff a safe and confidential way to raise concerns about wrongdoing, malpractice, or risk. It explains what can be reported, how to do so, and the protections available. A trusted channel helps organisations detect and address problems early.

Who needs one: Organisations that want a clear, protected route for staff to report concerns internally.

What a strong whistleblowing policy covers

  • Types of concerns that can be raised under the policy
  • Confidential and anonymous reporting channels
  • Steps for handling and investigating disclosures
  • Protection from detriment for those who speak up
  • Roles and responsibilities for receiving reports
  • Escalation routes and feedback to the discloser

Regulations and frameworks this aligns to

PolicyKit references the standards relevant to your jurisdiction when it generates your whistleblowing policy.

PIDA
The UK Public Interest Disclosure Act, which provides protection for workers who make qualifying disclosures about certain types of wrongdoing.
FCA SYSC
The FCA’s Senior Management Arrangements, Systems and Controls sourcebook, governing firms’ governance, risk management, and internal controls.

Frequently asked questions

What should a whistleblowing policy include?

A robust whistleblowing policy sets out scope, roles and responsibilities, the specific controls or procedures involved, and how compliance is monitored and reviewed, mapped to frameworks like pida, fca-sysc. PolicyKit structures all of this automatically based on your business.

Is this legal advice?

No. PolicyKit generates AI-assisted professional templates and starting points, not legal advice. Every document should be reviewed with qualified legal and compliance counsel before use.

Can I tailor it to my country?

Yes — PolicyKit tailors each document to your jurisdiction, including UK, EU, United States, Australia, Singapore, Hong Kong and more.

You may also need

Cybersecurity & Information Security

Protect your systems, networks, and data from cyber threats. Aligned with NIST Cybersecurity Framework and Cyber Essentials.

Data Protection & Privacy

Manage personal data lawfully and transparently. Covers GDPR, UK GDPR, and US privacy law (CCPA/CPRA) requirements.

Acceptable Use & Access Control

Define how employees and contractors may use company systems, devices, and data — and who can access what.

Incident Response

Prepare for, detect, contain, and recover from security incidents and personal data breaches. Includes breach notification obligations.

Ready to create your whistleblowing policy?

Start free

PolicyKit provides AI-assisted templates and starting points, not legal advice.