WHISTLEBLOWING POLICY & PROCEDURES 1

WHISTLEBLOWING POLICY & PROCEDURES 2

WHISTLEBLOWING POLICY & PROCEDURES 3

WHISTLEBLOWING POLICY & PROCEDURES

WHISTLEBLOWING POLICY & PROCEDURES 4

Table of Contents
1.0 Introduction................................................................................ 5
2.0 Scope......................................................................................... 5
3.0 Terms and Definitions .................................................................. 5
4.0 Objectives of the Policy. . .............................................................. 7
5.0 Reportable Breaches . . ................................................................... 7
6.0 Reporting Breaches...................................................................... 9
7.0 Reporting levels and procedures of making reports.......................... 9
8.0 Protection of the whistleblower ................................................... 12
9.0 The Ethics Committee.................................................................. 12
10.0 Reports...................................................................................... 14
11.0 Data Privacy and Retention Periods. . ............................................. 14
12.0 Interaction with other policies, procedures & regulations................ 14
WHISTLEBLOWING POLICY & PROCEDURES 5

1.0 Introduction a. Integrity officer

This document explains KELIN’s Whistleblower This is an employee elected by the Board of
Policy and Procedure to support its employees, Directors to act as the focal point for all
directors and third parties in expressing their whistleblowing matters raised within KELIN.
concerns about suspected serious misbehavior He or she is the authorized receiver to whom
at, or related to, the activities of the organization. whistleblowers shall make reports of a breach
under this policy and shall provide liaison and
KELIN is committed to encouraging open communication with anonymous whistleblowers.
communication, honesty, integrity and The Head of Operation & Compliance is the
transparency. This policy demonstrates KELIN’s current Integrity Officer. When the current
commitment to recognize and act in respect incumbent exits the position, the replacement for
of malpractice, illegal acts or omission by this role will be done by the Board. The holder
employees, directors or third parties. of this position will be appointed via nomination
and voting during a board meeting. The Executive
2.0 Scope Director will do the nomination and present to the
board for consideration.
This policy applies to All employees, the Board
of Directors, contractors, partners, interns, b. Whistleblower
volunteers and any other third parties associated
or doing business with KELIN. Third parties A person or entity making a protected disclosure
doing business with or acting on behalf of KELIN about improper conduct or illegal activities under
are strongly encouraged to use the policy. this policy. Whistleblowers may be KELIN’s staff
or Board, applicants for employment, vendors,
contractors, customers or general public. The
3.0 Terms and Definitions whistleblower’s role is as a reporting party. They
are not investigators or finders of fact, nor do they
The definitions of some of the key terms used in determine the appropriate corrective or remedial
this policy are given below: action that may be warranted.
WHISTLEBLOWING POLICY & PROCEDURES 6

c. Improper conduct or breach j. Unethical practice

Is a violation or the suspicion of a violation on A practice or behavior that is not conforming

reasonable grounds of any legislation and/or the to high moral standards; and therefore, morally
organization’s Code of Conduct by any KELIN wrong. Examples include misuse of company
director, employee, contractor, agent or third time, lying to employees, abusive behavior etc.
party on behalf of KELIN.
k. Board
d. Protected disclosure
Means the Board of Directors of KELIN
Means a written or oral communication, whether
by letter, email or over telephone relating to any l. Directors
breach or improper conduct, unethical practice
or behaviour or violation of the Code of conduct Means all persons holding the position of Director
by directors, employees or third parties made in in the organization, whether independent, non-
good faith by the whistleblower. independent, or executive

e. Employee n. Ethics committee

Means all persons engaged by KELIN on a Means the committee formed to evaluate, consider
contract of service irrespective of the duration of and investigate the protected disclosures received
that engagement. This also includes volunteers, from a whistleblower under this policy
interns and pupils.
m. Removed
f. Good faith
Means that the personal data are completely
Good faith is evident when the report is made deleted or adapted in such a way that identification
without malice and the whistleblower has a of the person involved is no longer possible.
reasonable basis to believe that the report is
true; provided, however, that a report does not o. Report
have to be proven to be true to be made in good Means a complaint by a whistleblower of a breach
faith. Good faith is lacking when the disclosure under this policy.
is known to be malicious or false.

g. Unsubstantiated allegations p. Subject

If a whistleblower makes an unsubstantiated Means a person or group of persons against or in

allegation in good faith but is not substantiated relation to whom a protected disclosure is made
by the investigation, no action will be taken or evidence gathered during the course of an
against her/him. investigation.

h. Bad faith q. Interested party

If an allegation is made frivolously, maliciously Means a party with an interest in the matter
or in bad faith for personal gain, disciplinary and who is unbiased or connected to remain
action may be taken against the whistle blower unaffected, regardless of the outcome.

i. Victimization

Intentionally treating someone in an unfair

manner due to their decision to whistle blow.
WHISTLEBLOWING POLICY & PROCEDURES 7

4.0 Objectives of the Policy Specifically, the objectives of this policy are to:

This policy describes what a person should do when i. Provide for a culture of zero tolerance
he/she suspects or observes a breach. Employees towards fraud, corruption, bribery and
and Third parties can report to the Integrity Officer any malpractice or wrongdoing.
under this procedure, using the following address: ii. Explain what qualifies as a whistle-blow
whistleblowing@kelinkenya.org and provide guidelines on how to report
a concern.
The Board of Directors (“the Board”) of the iii. Encourage stakeholders to bring out
organization is committed to achieving and information helpful in enforcing good
maintaining the highest standard of work ethics corporate governance practices.
in conducting KELIN’s business in line with the iv. Provide a platform to disclose concerns
code of conduct and good corporate governance of malpractices within the organisation.
practices. v. Mitigate against any fraud, operational
or regulatory risk that could lead to
This policy is to provide an avenue for all employees potential
of the organization and the public to disclose any vi. financial loss or damage to the
breach or improper conduct in accordance with organizations’ reputation.
the procedures under this policy and to provide vii. Reassure and protect those who raise
protection for employees and members of the concerns in the public interest and that
public who report such allegations. of the organization, that they can do so
without fear of reprisals or victimisation
The policy is designed to support the following: or disciplinary action, for making such
a report.
• Show the commitment to the organization’s
business ethics of honesty, integrity and 5.0 Reportable breaches
transparency.
• To provide a transparent and confidential A breach or improper conduct that may be
process for all parties to give information on reported under this policy shall not be limited
non- compliances to the Code of Conduct to fraud, theft, corruption, discrimination, or
and any legislation, or any misconduct harassment, but can be in regard to disobedience
regardless of the offender’s position, to to any other KELIN policy or other unethical or
an independent party to investigate the behavioral complaints as well.
allegations and take the appropriate
actions; and The following are examples of breaches or
• To uphold the moral duty as a responsible improper conduct which can be reported under
organization by protecting the interests of this policy:
all its stakeholders.
WHISTLEBLOWING POLICY & PROCEDURES 8
WHISTLEBLOWING POLICY & PROCEDURES 9

6.0 Reporting breaches are encouraged to report breaches at the

earliest possible stage, in order for timely
i. Any person who shall have witnessed or action to be taken.
experienced a breach or improper conduct vi. Although it will be preferable to make a
on the part of a director, employee of the report in English, the organization will
organization or any third party associated support persons reporting a breach in
with the organisation, may make the report Kiswahili or any other language in which a
or disclosure of the breach in any of the report or complaint shall have been made.
following ways: vii. Additional information, as deemed
necessary, will be sought by the authorised
receiver or the Ethics Committee.
i. In writing, duly addressed to either
the line manager of the offender
by a letter in a sealed envelope 7.0 Reporting levels and
specifically marked as “Disclosure
under Whistleblower Policy”; or
procedures of making reports
ii. By telephone or email to the Integrity
7.1. General
Officer (authorized receiver) at the
address that will be provided by
i. There shall be three (3) levels of handling
the authorized receiver. The email
disclosures under this policy:
address and telephone number for
the purposes of reporting shall be:
i. Where a report is made to the line
whistleblowing@kelinkenya.org
management;
and +254708389979 respectively.
ii. Where a report is made to the
authorised receiver;
ii. The whistleblower may be required to iii. Where a report is made to either
provide suitable proof of his/her identity, the chairperson of the Board or
contact number and address so that chairperson of the Finance & Audit
additional information, if any, can be Committee of the board.
obtained.
iii. In case identity cannot be ascertained, the ii. Every recipient of a reported breach
complaint will be treated as anonymous shall ensure that it is handled carefully,
but will nevertheless be investigated to confidentially and promptly, irrespective
the extent possible unless it is completely of the level of the report.
impossible to ascertain the key details iii. If a breach is not reported at the appropriate
of the complaint, in which case such an level, the person receiving the report will
anonymous complaint may not attract forward it to the appropriate level and
further action. inform the whistleblower accordingly,
iv. Disclosure can also be made to the where the identity of the whistleblower
authorized receiver or the line manager as can be ascertained.
the case may be, by telephone or email.
v. The whistleblower shall be required to Level 1: Reporting to line management
provide verifiable information such as
the background, history and reasons for i. As a general rule, employees who wish to
his/her concern, together with names, report a breach should make the report to
dates, places and as much other relevant their immediate supervisor.
information as possible. It is not necessary ii. In case the handling of the report by the
that a whistleblower proves all facts leading immediate supervisor (line management)
to a breach, but he/she should be able to is unsatisfactory or the decision taken
provide sufficient evidence to substantiate is in itself considered a breach, the
the assumption of a breach. Individuals
WHISTLEBLOWING POLICY & PROCEDURES 10

whistleblower can make a report as a new ii. If relevant, arrange an interview with or
case to the authorised receiver under Level request additional information from the
2 below. whistleblower to get more details of the
complaint.
Level 2: Reporting directly to the authorised iii. Refer the report and all relevant information
receiver to the Ethics Committee as soon as possible
after receipt of a report of a breach.
i. If reporting to line management is not
possible, because it would be inappropriate 7.3 Procedure on report of breach by a Board
or unfeasible, or is handled in a manner that director or Ethics Committee member
itself constitutes a breach or is otherwise
improper, the whistleblower shall then be i. If the subject of a report of a breach is
entitled to make the report to the authorized either a member of the Ethics committee
receiver by any of the methods specified in or an executive director, the authorized
section 6.1(i) (b) of this policy. For persons receiver shall forward the report directly to
outside the organization, reports should be the chairperson of the Board.
made directly to the authorized receiver. ii. If the subject of a report of a breach is a non-
executive director but not the chairperson
Level 3: Reporting to either the chairperson of of the Board, then the authorized receiver
the Board or chairperson of the Finance & Audit shall submit the report to the chairperson
Committee of the board of the Board.
iii. If the subject of a report of a breach is
i. If the subject of a report of a breach is either the chairperson of the Board, then the
a member of the Ethics Committee or an authorized receiver shall submit the report
executive director of the organization, directly to the chairperson of the Finance
the authorized receiver shall forward the &Audit committee.
report directly to the chairperson of the iv. Upon receipt of a report under section 7.3(i)
Board. and 7.3(ii), the chairperson of the Board
ii. If the subject of a report of a breach shall review the report and may discuss it
is a non-executive director other than with any other non-executive director who
the chairperson of the Board, then the is not the subject of the report and make a
authorized receiver shall submit the report determination within fifteen (15) days on
directly to the chairperson of the Board. whether the report is admissible under the
iii. If the subject of a report of a breach is criteria listed in section 9.3 of this policy.
the chairperson of the Board, then the v. Upon receipt of a report under section
authorized receiver shall submit the report 7.3(iii), the chairperson of the Finance
directly to the chairperson of the Finance & Audit committee shall review the
& Audit Committee. report and may discuss it with any other
iv. Reports under the categories 7.3(i), 7.3(ii) non- executive director and make a
and 7.3(iii) below shall be deemed to be determination within fifteen (15) days on
Level 3 reports in this policy. whether the report is admissible under the
criteria listed in section 9.3 of this policy.
vi. Upon making a determination that a report
7.2 Procedure for handling reports made under section 7.3(i) and 7.3 (ii) is
admissible, the chairperson of the Board
Upon receipt of the report under either Level 1 shall constitute an ad-hoc committee of
or Level 2 or Level 3, the line manager or the the Board comprising at least two other
authorized receiver as the case may be, will take non-executive directors to investigate the
the following actions: report.
vii. Upon making a determination that a
i. Confirm receipt of the report to the report made under section 7.3(iii) is
whistleblower.
WHISTLEBLOWING POLICY & PROCEDURES 11

admissible, the chairperson of the Finance Director in the case of an employee, inform
&Audit committee shall constitute an ad- the subject of a report under this policy of
hoc committee of the Board comprising at such report having been made.
least two other non-executive directors to ii. If the subject of a report is a director of
investigate the report. the Board, then the Board chairperson or
viii. The chairperson of the Board or the the chairperson of the Finance & Audit
chairperson of the Finance & Audit Committee shall inform the subject of
Committee may involve the Ethics a report under this policy of such report
Committee, the Executive Director and having been made.
other organization employees or directors, iii. In cases where there is a substantial risk
as well as external advisers or institutions that such notification would jeopardize
in the investigation as required and as far the ability to effectively investigate the
as they are not the subject of the report reported facts or to gather the necessary
themselves. evidence, notification to the person about
ix. The decision whether a breach has whom a report is filed can be withheld as
occurred or not shall be taken and long as such risks exist.
communicated to the whistleblower and iv. The information given to the subject of the
the interested party within two (2) months report will contain the facts of the breach
after the chairperson of the Board or as reported.
the chairperson of the Finance & Audit v. The subject of a report of breach under
Committee have arrived at a determination this policy will be given the opportunity to
or such other appropriate period as may provide an explanation, without the name
be necessary. of the person who reported the breach
x. In case of a finding that there has been being disclosed to him/her.
a breach, the chairperson of the Board vi. The subject of the report shall be entitled
or the chairperson of the Finance & to and may request access to his/her
Audit Committee, as the case may be, personal data held by the organization
shall ask the ad-hoc committee to make through the chairperson of the Ethics
a recommendation to the Board for its Committee in the case of an employee or
consideration and determination based on the board chairperson or the chairperson
the findings of the Investigations. of the Finance & Audit Committee, as the
xi. Once a determination on a report has case may be.
been made the chairperson of the Board, vii. As soon as the investigation has been
the chairperson of the Finance &Audit concluded, the subject of the report will
Committee or the chairperson of the Ethics be informed of any action to be taken as
Committee, as the case may be, shall a result of the report. If the person about
inform the whistleblower in writing about whom a report was filed is informed that
the decision taken on the whistleblower’s no action will be taken, any suspension or
report. temporary measure that had been imposed
on him/her as guided by the human
Notwithstanding the foregoing, no adverse resource policy manual and/ or other
decision shall be made against any subject of a organization policies will automatically
report under this policy before the subject is given terminate and cease to be of effect.
details of the complaint and allowed to make a viii. The subject of the report shall have the
response to it in writing or any other reasonable right to have incorrect, incomplete and
manner as the subject shall request. outdated data corrected or removed in
accordance with the rights available under
7.4 Information to subject of a report the Constitution, The Data Protection Act
and the Fair Administrative Action Act
i. The Ethics Committee may, through the respectively.
Head of Human Resources or the Executive
WHISTLEBLOWING POLICY & PROCEDURES 12

8.0 Protection of the 8.3 Abuse of the policy

whistleblower i. The organization encourages persons to

report breaches in good faith. If after an
8.1 Non-retaliation investigation a breach cannot be confirmed
or cannot be substantiated, no action shall
i. Any whistleblower who reports a situation be taken against the whistleblower.
or occurrence which he/she reasonably ii. Appropriate action will, however, be taken
believes is a breach under this policy shall against a person who it is established made
be protected from blame, harassment or a report in full knowledge or ought to have
undue questioning. known that a reported alleged breach was
ii. Retaliation against a whistleblower for false at the time it was made.
reporting in accordance with this policy iii. Where it is established that an employee
is a serious violation of the policy itself. If has made a malicious report without any
this occurs, the violator will be subject to factual foundation, disciplinary action
appropriate disciplinary sanctions. will be taken against the malicious
iii. Any such retaliation shall be reported to whistleblower.
the authorized receiver, the chairperson
of the Board or the chairperson of the
Finance & Audit Committee at once as a 9.0 The Ethics Committee
breach in itself.
iv. The organization, the authorized receiver 9.1 Role of the Ethics Committee
and/or the Ethics Committee as appropriate
shall assure the whistleblower that he/ i. The Ethics Committee shall be the body
she will not be expected to get involved duly authorized by the Board for the
in the investigations after providing the purpose of considering and, evaluating all
disclosure information. protected disclosures from whistleblowers,
maintaining records thereof and liaising
with the Executive Director in the
8.2 Confidentiality
preparation of the reports to the Board
under section 10 of this policy.
i. The organization would prefer to avoid
ii. The Ethics Committee shall meet and
anonymous reports, as it can make
determine within fifteen (15) days of
investigating allegations very difficult.
receipt of a report, whether that report is
However, if a person feels there is no
admissible under section 9.3 of this policy.
other way than filing an anonymous
iii. The Ethics Committee may co-opt or
report and applicable local law allows for
liaise with security officers or professional
it, the organization will take appropriate
investigators inside or outside the
protective action.
organization in the event that it requires
ii. In recognition that a whistleblower may
investigation and or other security-related
require anonymity, all whistleblower
guidance with regard to any matter under
reports shall be handled confidentially,
its consideration.
and whistleblowers shall also be expected
to observe absolute confidentiality.
9.2 Composition of Ethics Committee
iii. Under circumstances, when maintaining
someone’s privacy hinders finding the
i. The Ethics Committee shall consist of the
truth, the organization may not be able
following persons, each of whom shall be
to guarantee full confidentiality for the
a full- time employee of the organization
whistleblower such as where the breach
and is well respected for integrity,
may require to be reported to the police
independence and fairness:
for further action.
WHISTLEBLOWING POLICY & PROCEDURES 13

a. The Deputy Executive Director iv. Upon conclusion of the investigation,

b. The Head of Operations & the Ethics Committee shall consider the
Compliance evidence and determine whether a breach
c. Senior Finance & Administration has occurred or not.
Officer v. If the Ethics Committee determines that a
d. The Legal Counsel, and breach has been established to have been
e. Any other person as the committee committed by an employee, it shall make a
may consider necessary to discharge recommendation to the Executive Director
its functions under this policy; based on the organization’s policies and
any other applicable laws for execution in
ii. The Ethics Committee shall appoint a accordance with the recommendation.
chairperson from among its members vi. The Ethics Committee shall simultaneously
whose primary function shall be to preside with its recommendation to the Executive
during the conduct of the committee’s Director inform the whistleblower in
functions. writing about its recommendation. This
iii. A member of the Ethics Committee, who information may be direct or through the
is the subject of a whistleblower’s report authorized receiver.
shall not attend or participate in the vii. The Ethics Committee shall inform
proceedings of the committee until the the whistleblower accordingly if the
report of breach against such member is investigation of the report takes more than
conclusively resolved. one (1) month and give a written indication
of how long it may take to provide a final
9.3 Admissibility of reports response.
viii. Providing false information, refusal to give
The policy is designed to support the following: information and, or withholding relevant
information from the Ethics Committee
i. It clearly specifies and relates to a breach; will be regarded as gross misconduct
and on the part of an employee or any other
ii. It is sufficiently substantiated. involved party.
ix. The periods mentioned in this policy start
on the day following the date on which
9.4 Investigation by Ethics Committee the report is received at the appropriate
reporting level, unless otherwise indicated.
i. If the Ethics committee determines that the
report is admissible, it shall investigate it 9.5 Confidentiality
by itself or through any other departments
of the organization or external organs as it i. The authorized receiver, the whistleblower,
may consider necessary. the Ethics Committee and the Board shall
ii. The Ethics committee shall be entitled to keep each report confidential.
speak to the whistleblower either directly ii. Information relating to the report shall
or through the authorized receiver to only be given to other persons within
clarify the information provided or may the organization if they need this to
seek additional information from other execute their tasks under this policy and/
persons. or to implement the conclusions of the
iii. The Ethics Committee shall, in conducting investigation.
its investigations, be entitled to all iii. The name of the whistleblower will not be
documents and information from the disclosed unless this is necessary for the
organization, employees or directors, investigation and/or judicial procedures
including all of the organizations’ and only after informing the whistleblower.
departments and organs as it shall consider
necessary for that purpose.
WHISTLEBLOWING POLICY & PROCEDURES 14

10. Reports 12. Interaction with other

policies, procedures and
The Ethics committee shall provide a report of
cases covered under this policy to the Executive regulations
Director and the Board through the Finance &
Audit Committee on a quarterly basis. This Policy interacts and overlaps with several
other KELIN policies and procedures:

11. Data privacy and retention i. Code of conduct

periods ii. Anti-Fraud & Bribery Policy
iii. Human Resource Manual
i. Personal data relating to a report judged iv. Child protection policy
to be “inadmissible” or “admissible but v. Safeguarding policy
not valid” shall be removed immediately. vi. Finance Manual
ii. The Ethics Committee will take the vii. Conflict of Interest policy
necessary technical and organizational viii. Risk Management Policy
measures to adequately safeguard
personal data against loss or unauthorized In implementation of this policy, regard and
access. compliance shall also be made to the following
iii. Personal data relating to reports that are laws and regulations as amended from time to
admissible and valid will be kept for time:
two (2) years, unless disciplinary action i. The Non-Governmental Organizations
is taken, or court proceedings are filed (NGO’s) Act (2016)
against a person. In these events, the ii. The Fair Administrative Action Act (2015)
data will be removed within two (2) years iii. The Penal Code (Cap. 63)
after the disciplinary action, or the court iv. The Bribery Act (2016)
proceedings have been finalised. v. The Data Protection Act (2019)
WHISTLEBLOWING POLICY & PROCEDURES 15
WHISTLEBLOWING POLICY & PROCEDURES 16

NAIROBI OFFICE
Kuwinda Lane, Off Lang’ata Road, Karen C
P O Box 112 - 00202, KNH Nairobi
Tel: +254 020 2515790
Mobile: +254 710 261 408 / +254 788 220 300
Fax: 020 386 1390

KISUMU OFFICE
Nyalenda Railways Estate, Block 9/220
Off Nairobi Road Opposite YMCA
P.O Box 7708 - 40100, Kisumu - Kenya
Tel: +254 057 204 1001/+254 020 251 5790
Cell: +254 716 978 740/+254 710 261 408