Guidelines for Private Enterprises Regarding the Development and Operation of Internal Reporting Systems Based on the Whistleblower Protection Act

Guidelines for Private Enterprises Regarding the Development and Operation of Internal Reporting Systems Based on the Whistleblower Protection Act
Guidelines for Private Enterprises Regarding the Development and Operation of Internal Reporting Systems Based on the Whistleblower Protection Act
1. The Significance of an Internal Reporting System
(1) The Significance of an Internal Reporting System for Business Operators
The introduction, maintenance and operation of an effective internal reporting system by business operators in accordance with the Whistleblower Protection Act improves the self-cleansing actions of organizations and contributes to the promotion of compliance management. It also leads to the improvement of corporate values and the sustainable development of business operators by gaining the trust of stakeholders such as consumers, trading partners, employees, shareholders and investors, lenders, and the local community.
In addition, business operators providing high-quality, safe products and services through risk management that proactively leverages an internal reporting system, is also important in terms of securing the interests of the overall society and economy, of fulfilling the societal responsibility of the enterprise.
(2) Responsibilities of the Top Management
Nurturing a fair and highly transparent organizational culture and demonstrating a healthy ability of the organization to cleanse itself requires not only the simple introduction of a means for reporting but also for the top management themselves to continually send a clear message to all employees regarding, for example, the following matters:
○ コンプライアンス経営推進における内部通報制度の意義・重要性
The significance and importance of an internal reporting system in promoting compliance management
○ 内部通報制度を活用した適切な通報は、リスクの早期発見や企業価値の向上に資する正当な職務行為であること
That appropriate reporting using the internal reporting system is a legitimate work obligation that facilitates the early detection of risks and improving corporate values
○ 内部規程や公益通報者保護法の要件を満たす適切な通報を行った者に対する不利益な取扱いは決して許されないこと
That the unfavorable treatment of those making appropriate reports satisfying the requirements of internal rules and the Whistleblower Protection Act will never be tolerated
○ 通報に関する秘密保持を徹底するべきこと
That confidential information regarding reports should be carefully protected
○ 利益追求と企業倫理が衝突した場合には企業倫理を優先するべきこと
That corporate ethics should be prioritized when the pursuit of interests and corporate ethics are in opposition
○ 上記の事項は企業の発展・存亡をも左右し得ること
That the above items affect the development and existence of the company.
(3) The Objectives and Character of the Guidelines
These guidelines reinforce the compliance management initiatives of business operators in accordance with the Whistleblower Protection Act, specify and clarify items recommended to do for business operators independently, and show policies for business operators to appropriately handle reports by employees that facilitate early detection and prevention of the violations of laws and regulations to ensure the interests of the overall society and economy.
Furthermore, these guidelines do not preclude carrying out appropriate initiatives according to the size or the type of business of each business operator or the further perfection of the introduction, maintenance and operation of means for responding to reports that have already been put in place by business operators.
2. Introduction, Maintenance and Operation of an Internal Reporting System
(1) Establishing an Internal Reporting System
① 通報対応の仕組みの整備
(i) Establishing a Means for Responding to Reports
ア 仕組みの整備
a. Establishing Systems
In order to properly conduct investigations and rectification measures from the receipt of whistleblowing disclosures and formulate preventive measures to prevent recurrence, it is necessary that the upper management is responsible for establishing a mechanism to handle reports across departments and to appropriately operate.
In addition, it is appropriate to document the roles of the upper management in internal rules.
イ 通報窓口の整備
b. Establishing a Point of Contact for Reports
Clearly stipulating a point of contact for reports and the method they are received requires sufficient and continual notification of such to the management and all employees.
ウ 通報窓口の拡充
c. Expanding the Points of Contact for Reports
When establishing a point of contact for reports, it is appropriate to take the following measures, and for efforts to be made to expand opportunities in order to understand the information pertaining to managerial risks.
○ 法律事務所や民間の専門機関等に委託する(中小企業の場合には、何社かが共同して委託することも考えられる)等、事業者の外部に設置すること
Establishing a point of contact outside of the business operator through a contract with a law office or private professional organization (in the case of small and medium-sized businesses, it could also take into consideration that multiple companies may jointly cooperate in this type of outsourcing)
○ 労働組合を通報窓口として指定すること
Designating a labor union as a point of contact for reporting
○ グループ企業共通の一元的な窓口を設置すること
Establishing a centralized point of contact for group companies
○ 事業者団体や同業者組合等の関係事業者共通の窓口を設置すること
Establishing a common point of contact for related business operators, such as industry groups or unions within the same industry
In addition, upon confirming the contents of the report as well as the scope and level of protection for the personal information of the reporting, the existing points of contact for reports may be enhanced and used as necessary.
エ 関係事業者全体における実効性の向上
d. Improving the Effectiveness of Related Business Operators as a Whole
In order to promote compliance management in the overall corporate group or supply chain, it is appropriate to provide advice and support as necessary to develop internal reporting systems that include related companies, and periodically evaluate the conditions of the internal reporting systems in related companies.
オ 通報窓口の利用者等の範囲の拡充
e. Expanding the Scope of Users of the Points of Contact for Reports
Along with promoting compliance management, to increase opportunities for the early comprehension of information pertaining to managerial risks, it is appropriate to broadly establish the following matters regarding the scope of users for the point of contact and matters subject to reporting.
○ 通報窓口の利用者の範囲:従業員(契約社員、パートタイマー、アルバイト、派遣社員等を含む)のほか、役員、子会社・取引先の従業員、退職者等
User Scope of the contact point for reports: employees (including contract employees, part-timers, temporary workers, and dispatch employees) as well as executives, employees of subsidiaries or trading partners, and retirees
○ 通報対象となる事項の範囲:法令違反のほか、内部規程違反等
Scope of items subject to reporting: violations of internal rules beyond violations of laws and regulations
カ 内部規程の整備
f. Establishing Internal Rules
Rules for responding to reports must be set forth in internal rules, and the employment of informers and the banning of disadvantageous treatment, as well as the careful maintenance of the confidentiality of the whistleblowers, must be clearly set out in those rules.
② 経営幹部から独立性を有する通報ルート
(ii) Reporting Routes Independent from Upper Management
In order to fully enforce compliance throughout the management structure, beyond having a means of responding to reports from ordinary routes, it is appropriate to establish mechanisms that are independent from upper management; for example, having a direct report route to external directors or auditors, and investigating and taking rectification actions independently from upper management.
③ 利益相反関係の排除
(iii) Eliminating Conflicts of Interest
In order to ensuring the trustworthiness and effectiveness of an internal reporting system, a person in charge of receiving reports, one in charge of investigating reports, and one who responds to reports, as well as a person being reported (meaning a person who is reported to have violated, be violating, or attempt to violate the laws or regulations the same applies hereinafter) must not take part in investigations or rectification measures, etc. of reports related to themselves.
In addition, if outsourcing work such as receiving reports, or investigating the facts pertaining to reports, the use of law offices or private professional organizations that may raise doubts as to their neutrality or impartiality or create conflicts of interest must be avoided.
④ 安心して通報ができる環境の整備
(iv) Maintaining an Environment in Which Reports can be made with Peace of Mind
ア 従業員の意見の反映等
a. Reflecting the Opinions of Employees
When maintaining or operating an internal reporting system, an effective system must be created in which employees can have peace of mind when reporting, by means of reflecting the opinions of employees and referencing the good practices of other business operators.
イ 環境整備
b. Maintaining the Environment
When managing the points of contact for reports, an easy-to-use environment that has few barriers must be maintained so that information pertaining to managerial risks can be contributed as quickly and broadly as possible.
Questions and consultations regarding the means for dealing with the reports of business operators or protecting whistleblowers must be responded to for resolving any doubts or concerns of the users of the contact points for reporting. Depending on the circumstances of the business operator responding to consultations, it may be possible to deal with those at a centralized point of contact for reports.
Trust in the effectiveness of the system must be enhanced by disclosing an overview of the operational performance of the internal reporting system to employees (number of reports made, results, etc.) while displaying sufficient consideration for personal information.
ウ 仕組みの周知等
c. Raising Awareness of the Systems
Beyond the importance of compliance management and a means for responding to reports, the internal communications for management and all employees must be done using internal communications, newsletters, e-mail, and internal bulletin boards or handheld flyers and periodically holding trainings and briefing sessions regarding the Whistleblower Protection Act to sufficiently and continually raise employee's awareness and train them. Similarly, sufficiently and continually raising awareness of (as well as conducting training on) these Guidelines is ideal.
エ 透明性の高い職場環境の形成
d. Creating a Highly Transparent Workplace Environment
Along with the establishment, maintenance and operation of an effective internal reporting system, it is important to create a transparent workplace environment such that appropriate responses in the event of reports or consultations from subordinates can be conducted by workplace managers (who are direct or indirect superiors, etc.).
Establishing and operating an effective internal reporting system provides organizations with an appropriate level of tension and a self-cleansing function through regular routes for reporting, contact, and consultation. Internal PR activities are necessary so that management and all employees are sufficiently made aware of how an effective internal reporting system can facilitate the healthy operation of the organization.
(2) Receiving Reports
ア 通報受領の通知
a. Notification of Receipt of Reports
Ideally, the whistleblower should be promptly informed in writing of the receipt of a report if the whistleblower made a report in writing, via e-mail, or another method where they cannot confirm the report's receipt. However, this does not apply should the informer not desire to receive such a notification, or in the event it is difficult to notify the informer because of the anonymous nature of the report or for other unavoidable reasons.
イ 通報内容の検討
b. Examining Report Contents
If a report is received, efforts must be made to openly, impartially, and sincerely examine the necessity of an investigation, and there must be an effort to notify the whistleblower regarding further responses.
(3) Investigative and Rectification Measures
① 調査・是正措置の実効性の確保
(i) Ensuring the Effectiveness of Investigative and Rectification Measures
ア 調査・是正措置のための体制整備
a. Systemic Improvements for Investigative and Rectification Measures
In order to ensure the effectiveness of investigative and rectification measures, investigative authority and independence must be granted internally to the department in charge, along with providing it with the requisite staff and budget.
イ 調査への協力等
b. Cooperation with Investigations
Internal rules need to clearly state that employees must sincerely cooperate with investigations conducted by departments responsible for doing so and that employees must not impede investigations.
ウ 是正措置と報告
c. Reporting and Rectification Measures
If the results of an investigation did identify violations of laws or regulations, rectification and preventive measures need to be quickly implemented, along with appropriate response including internal actions against those involved as necessary. Furthermore, reports must be made to relevant government agencies if necessary.
エ 第三者による検証・点検等
d. Third-Party Verification and Inspection
In order to ensure the effectiveness of investigative and rectification measures responding to reports, it is ideal that business operators receive independent verification by a neutral and impartial third party.
オ 担当者の配置・育成等
e. Assignment and Training of the Responsible Party
In order to operate an effective internal reporting system, it is important for people in charge to improve their skills and make fair initiatives regarding responses to the whistleblowers, investigations, fact-finding, rectification measures, preventive measures, due process, information management and employee training. Therefore, it is necessary to put in place staff who have the required abilities and aptitudes, and provide them with sufficient education and training.
When considering the motivations and morale of the people in charge who support the management of an internal reporting system, it is appropriate to proactively evaluate the contributions of these people regarding the promotion of compliance management.
② 調査・是正措置に係る通知
(ii) Notifications of Investigative and Rectification Measures
ア 調査に係る通知
a. Notifications Pertaining to Investigations
During investigations, the trust, honor, privacy, etc. of those being reported and those who cooperated with the relevant investigation (hereinafter referred to as "investigation cooperators") should be considered. Beyond notifying the whistleblower of the status of the progress of investigations during investigations if appropriate, in the end, the results of an investigation must be summarized as quickly as possible and the whistleblower notified of the same.
イ 是正措置に係る通知
b. Notifications Pertaining to Rectification Measures
After rectification measures are complete, the trust, honor, privacy, etc. of the person(s) being reported and investigation cooperators should be considered, and there must be an effort to notify the whistleblower of the results of those rectification measures as quickly as possible.
ウ 通報者等に対する正当な評価
c. Fair Assessments of Whistleblowers
It is appropriate to fairly evaluate the contributions by whistleblowers and investigation cooperators (hereinafter collectively referred to as "whistleblowers, etc."), for example, by expressing gratitude from the top management if their cooperation has contributed to promote compliance management. Furthermore, sufficient care must be given when doing so to ensure the confidentiality of whistleblowers, etc., for example, by conveying gratitude through the point of contact for reporting.
3. Protecting Whistleblowers
(1) Carefully Maintaining the Confidentiality Pertaining to Reports
① 秘密保持の重要性
(i) The Importance of Maintaining Confidentiality
Leaking the departmental affiliation, name, or other information regarding the whistleblower within the workplace is severely detrimental to the whistleblower, as doing so may lead to further disadvantageous treatment. In addition, this lack of confidentiality damages trust in the internal reporting system and delays the grasping of information pertaining to managerial risk.
Thus, it is important to carefully maintain the confidentiality of reports by taking the following measures.
○ 情報共有が許される範囲を必要最小限に限定する
Limit information sharing to the minimum required scope
○ 通報者の所属・氏名等や当該事案が通報を端緒とするものであること等、通報者の特定につながり得る情報は、通報者の書面や電子メール等による明示の同意がない限り、情報共有が許される範囲外には開示しない
Information such as the departmental affiliation, name, or applicable incident that are clues that could lead to the identification of the whistleblower will not be disclosed outside the permissible scope of information sharing without the permission of the whistleblower in e-mail or writing
○ 通報者の同意を取得する際には、開示する目的・範囲、氏名等を開示することによって生じ得る不利益について明確に説明する
When obtaining the permission of the whistleblower, the potential disadvantages of disclosing objectives, scope, names, and so on will be clearly explained
○ 何人も通報者を探索してはならないことを明確にする
It will be clarified that no one should look for whistleblowers
○ これらのことを、経営幹部及び全ての従業員に周知徹底する
The management and all employees are made thoroughly aware of these items
If it is truly necessary to convey information that may lead to the identification of a whistleblower to the management or investigation cooperators in order to effectively carry out the investigation or rectification measures, beyond obtaining the above consent of the whistleblower, it is necessary to take measures such as the following:
○ 伝達する範囲を必要最小限に限定する
Limiting those being informed to the minimum number required
○ 伝達する相手にはあらかじめ秘密保持を誓約させる
Pledging those being informed to maintain confidentiality before they are informed
○ 当該情報の漏えいは懲戒処分等の対象となる旨の注意喚起をする
Providing warnings to the effect that leaking the relevant information is subject to disciplinary actions
② 外部窓口の活用
(ii) Use of External Points of Contact
ア 外部窓口の整備
a. Establishing External Points of Contact
Along with ensuring the confidentiality of whistleblowers, it is appropriate that external points of contact for reporting (for example, law offices or private professional organizations) should be maintained as much as possible to provide greater opportunities for grasping information related to managerial risks.
イ 外部窓口担当者の秘密保持
b. Maintaining the Confidentiality of Those in Charge of External Points of Contact
The following measures must be taken to protect confidentiality pertaining to reports:
○ 外部窓口担当者による秘密保持の徹底を明確にする
Clearly stating that confidentiality will be carefully maintained by those in charge of external points of contact
○ 通報者の特定につながり得る情報は、通報者の書面や電子メール等による明示の同意がない限り、事業者に対しても開示してはならないこととする
Ensuring that information that may possibly lead to identifying a whistleblower is not disclosed to business operators or others except where the whistleblower grants consent for disclosure in writing or via e-mail
ウ 外部窓口の評価・改善
c. Evaluation and Improvement of External Points of Contact
Regarding the operating conditions of the external points of contact, the following should be done periodically to ensure their trustworthiness and quality:
○ 中立・公正な第三者等による点検
Inspection by neutral and impartial third parties
○ 従業員への匿名のアンケート
Corporate compliance surveys on an anonymous basis involving all employees
Necessary measures should be taken once areas for improvement are identified and understood.
③ 通報の受付における秘密保持
(iii) Maintaining Confidentiality in Receiving Reports
ア 個人情報の保護
a. Protecting Personal Information
There are various ways reports may be received: telephone, fax, e-mail, websites, etc. However, reports need to be received through appropriate measures such as setting up a dedicated line, and meeting in separate rooms or outside of offices during non-business hours, as the confidentiality of whistleblowers must be protected.
In addition, personal information must be carefully protected by taking the following measures.
○ 通報事案に係る記録・資料を閲覧することが可能な者を必要最小限に限定する
Restricting access to records and documents pertaining to reported incidents to the minimum number of people possible
○ 通報事案に係る記録・資料は施錠管理する
Keeping records and documents pertaining to reports secured under lock and key
○ 関係者の固有名詞を仮称表記にする
Replacing proper nouns of related persons or organizations with fictitious names
Moreover, if managing digital data regarding reports, personal information should be protected through the following types of information security measures.
○ 当該情報を閲覧することが可能な者を必要最小限に限定する
Restricting the access to the relevant information to the minimum number of people possible
○ 操作・閲覧履歴を記録する
Recording logs of usage and viewing
イ 通報者本人による情報管理
b. Information Management by the Whistleblowers Themselves
Whistleblowers themselves should be made to sufficiently understand the importance of information security pertaining to their being whistleblowers in order to prevent their identification as whistleblowers through their own information leaks.
ウ 匿名通報の受付と実効性の確保
c. Ensuring the Effectiveness of Receiving Anonymous Reports
Reports must be received anonymously to ensure the effectiveness of responses to reports and to carefully protect personal information. When receiving such reports, means should be implemented whereby information is conveyed bi-directionally between whistleblowers and points of contact for reporting, even if the reports are anonymous.
④ 調査実施における秘密保持
(iv) Maintaining Confidentiality in Investigations
ア 調査と個人情報の保護
a. Investigations and Protecting Personal Information
In order to maintain the confidentiality of whistleblowers, etc. during investigations, the investigation methods should be duly considered so that whistleblowers are not identified by not sharing information unless it is absolutely necessary to share information(whistleblower’s affiliation, name, etc., information that only the whistleblower could know, the fact that a report caused the investigation, etc.)may lead to the identification of the whistleblower.
In order to make it difficult to identify whistleblowers, etc., preventing the person concerned from knowing that a report caused the investigation, it is necessary to take, for example, the following measures:
○ 定期監査と合わせて調査を行う
Conducting the investigation together with periodic audits
○ 抜き打ちの監査を装う
For camouflage, pretending to be random audit
○ 該当部署以外の部署にもダミーの調査を行う
Conducting a dummy investigation that involves an organization other than the one involved
○ 核心部分ではなく周辺部分から調査を開始する
Starting by investigating areas peripheral to the central matter of interest
○ 組織内のコンプライアンスの状況に関する匿名のアンケートを、全ての従業員を対象に定期的に行う
Regularly and anonymously surveying all employees regarding the status of compliance within an organization
(2) Prohibition of Disadvantageous Treatment Such as Dismissal
ア 解雇その他不利益な取扱いの禁止
a. Prohibition of Dismissal and Other Forms of Disadvantageous Treatment
A business operator must not dismiss or otherwise treat whistleblowers, etc., disadvantageously for making a report that satisfies the requirements of internal rules or the Whistleblower Protection Act or for cooperating in an investigation prompted by a report (the “whistleblowing, etc.”).
Specifics regarding other disadvantageous treatment mentioned in the previous paragraph include the following matters.
○ 従業員たる地位の得喪に関すること(退職願の提出の強要、労働契約の更新拒否、本採用・再採用の拒否、休職等)
Matters regarding acquisition or loss of an employee's status (forcible submission of resignation letter, refusal to renew labor contract, refusal of formal employment or re-employment, forcible time off, etc.)
○ 人事上の取扱いに関すること(降格、不利益な配転・出向・転籍・長期出張等の命令、昇進・昇格における不利益な取扱い、懲戒処分等)
Matters regarding personnel measures (demotion, disadvantageous transfer, secondment, orders for transfer of employment or long-term postings, disadvantageous treatment in advancement or promotions, disciplinary actions, etc.)
○ 経済待遇上の取扱いに関すること(減給その他給与・一時金・退職金等における不利益な取扱い、損害賠償請求等)
Matters regarding economic treatment (reduction in wages or other disadvantageous treatment in lump sum payment or retirement allowance, demands for compensation for loss or damage, etc.)
○ 精神上生活上の取扱いに関すること(事実上の嫌がらせ等)
Matters regarding mental or physical treatment (harassment, etc., and other de facto acts)
Appropriate measures for relief and recovery must be taken if it is found that a whistleblower, etc., was dismissed or has received other disadvantageous treatment because of his whistleblowing, etc..
イ 違反者に対する措置
b. Measures for Violators
Those who caused disadvantageous treatment against a whistleblower for whistleblowing, etc., must face disciplinary actions, or other appropriate measures.
In addition, the same measures must apply to those who leaked confidential information regarding whistleblowing, etc., and those who without good reason informed others of the details of personal information obtained through whistleblowing, etc., or used such information for unlawful purposes.
ウ 予防措置
c. Preventive Measures to Protect Whistleblowers
If individuals being subject of a whistleblowing disclosure may possibly learn of the existence of whistleblowers and investigation-cooperators, business operators should forewarn the individuals of the abovementioned items and take other appropriate measures in order to definitely protect whistleblowers and investigation-cooperators.
(3) Reduction or Release of Dispositions for Those Who Voluntarily Reported Themselves
If a person involved in any violation of laws and regulations voluntarily reports of the violation or cooperates with investigations to enable as quickly as possible information gathering regarding the violation and to promote compliance management, and thereby cooperates in early detection and resolution of issues, then a business operator may, for instance, consider developing a mechanism to reduce or remit any disciplinary action against that person depending on the circumstances.
4. Evaluations and Improvement
(1) Follow-Up
ア 通報者等に係るフォローアップ
a. Follow-Up Pertaining to Whistleblowers
Sufficient follow-up for whistleblowers and investigation cooperators must be done to protect them and confirm that they have not received disadvantageous treatment due to having made a report. If dismissal or such treatment is found to have occurred during follow-up as a result of the report, the management must take responsibility to see that appropriate measures are taken to provide aid or restitution to the individual.
イ 是正措置に係るフォローアップ
b. Follow-Up Pertaining to Rectification Measures
Following rectification measures, beyond confirming that these corrective or preventive measures are functioning properly in a manner such that violations of laws and regulations are not reoccurring, improving the means of responding to reports and new corrective or preventive measures need to be taken as necessary.
ウ グループ企業等に係るフォローアップ
c. Follow-Up Pertaining to Group Companies
If a business operator has received reports and if the whistleblowers and investigation cooperators are employees of an affiliated company or trading partner, it is ideal that the business operator should take all due care to maintain the confidentiality of the report, and conduct follow-ups with them and other necessary measures in order to ensure that they are not receiving disadvantageous treatment.
In addition, a business operator should take other necessary measures, in order to confirm that rectification and preventive measures are functioning properly at affiliated companies and trading partners.
(2) Evaluation and Improvement of Internal Reporting Systems
ア 評価・改善
a. Assessment and Improvement
In order to improve the effectiveness of the internal reporting system, internal audits and objective assessments and inspections are performed periodically by neutral and impartial third parties on the following items.
○ 整備・運用の状況・実績
Current introduction, maintenance and operating conditions, actual circumstances
○ 周知・研修の効果
Effectiveness of internal publicity and training
○ 従業員等の制度への信頼度
Employee trust in the system
○ 本ガイドラインに準拠していない事項がある場合にはその理由
Reasons for any items which do not conform to these guidelines
○ 今後の課題
Future issues
The management must take responsibility for making continual improvements to the system based on the results of the audits, assessments, and inspections.
イ ステークホルダーへの情報提供
b. Providing Information to Stakeholders
The level of effectiveness of the internal reporting system within each business is tied to maintaining and improving corporate values by demonstrating the ability of an organization to cleanse itself. Because this information is important to stakeholders such as consumers, trading partners, employees, shareholders and investors, lenders, and the local community, it is important that the results of assessments and inspections of the internal reporting system are actively touted in CSR reports and on websites.