White Collar and Investigations Practice March 19, 2020

Whistleblowing in India: Are we there yet?

With the rise in whistleblower complaints in India, the need for a robust legal regime for protection of whistleblowers has gained importance. Publicly-known attempts to grapple with whistleblower complaints in listed multi-national companies and banks have made it to the front page of every leading newspaper and channel. In this context, we examine whether the existing legal regime provides adequate clarity and support to companies and whistleblowers alike in the management and resolution of whistleblower complaints.

Who is a whistle-blower:

Generally speaking, a whistleblower is considered as any individual who makes a ‘disclosure’. Broadly, a disclosure refers to a concern, usually raised by an employee or group of employees of the Company or even a third party, in writing and in good faith, which discloses or demonstrates information about an unethical or improper activity with respect to the Company and based on actual facts and which complaint is not speculative. The intent has always been to give the terms ‘whistleblower’ and ‘disclosure’ the widest possible amplitude.

Legal Regime in India:

Public Servants:

  • India has enacted the Whistle Blowers Protection Act, 2014 (“Whistle Blowers Act”), which is applicable only to public servants. It was enacted with the intent to establish a mechanism to:
        · receive complaints relating to disclosure of any allegation of corruption, willful misuse of        power/discretion against any public servant;
        · to inquire or cause an inquiry into such disclosure; and
        · to provide adequate safeguards against victimization of the person making such complaint.1
  • The Whistle Blowers Act may be utilized by any person to make a public interest disclosure.2 An amendment to the aforementioned Act was proposed in the form of the Whistleblowers Protection (Amendment) Bill, 2015 (“Amendment Bill”).3 The Amendment Bill sought to, inter alia, incorporate necessary safeguards against disclosures which may prejudicially affect the sovereignty and integrity of the country, security of the State, etc.4 However, the Amendment Bill was not passed by the Rajya Sabha and consequently, it lapsed.

Law applicable to Listed Companies:

  • The Companies Act, 2013, and rules thereunder, provide that certain companies should establish a ‘vigil mechanism’ to report genuine concerns. Further, the Companies Act states that such mechanism should be accompanied by adequate safeguards against the victimization of persons who use the mechanism. There is an additional requirement of publishing the details of the mechanism on the company’s website and in the report of the board of directors.5 The Companies and (Meetings of Board and its Powers) Rules, 2014 further provides that in case of repeated frivolous complaints being filed by a director or an employee, the audit committee or the director nominated to play the role of audit committee may take suitable action against the director or the employee including reprimand.
  • The Securities Exchange Board of India (“SEBI”) has mandated that every listed company should have a whistle-blower policy and make employees aware of such policy to enable employees to report instances of leak of unpublished price sensitive information.6 With effect from December 2019, the SEBI has also introduced a reward mechanism for incentivizing ‘Informants’ to report violation of insider trading laws to SEBI.7
  • Listed companies are required to make a disclosure of material events to the stock exchange(s) pursuant to Regulation 30 of the Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015 (“LODR”).8
  • Recently, the Companies (Auditor’s Report) Order, 2020 was issued (“CARO 2020”) by the Ministry of Corporate Affairs, in line with its objective of strengthening the corporate governance framework under the Companies Act, 2013. The Order applies to every company, including a foreign company as defined in the Companies Act, 2013. CARO 2020 necessitates enhanced due diligence and disclosures on the part of auditors of eligible companies and has been designed to bring in greater transparency in the financial state of affairs of such companies. The revisions have also put greater onus on companies to share information with the auditors, especially on whistleblower complaints received during the course of the year, for the consideration of the auditor, who usually then seeks to know the manner in which the company has dealt with such complaints, including nature of complaint and quantum involved.

Private Employers:

  • There is no specific law on whistleblowing applicable to private employers in India. Some progressive companies (especially subsidiaries of MNCs) have incorporated a whistleblower policy as part of extending their global policies which includes individual employees or group of employees and in some cases even third parties. The purpose of any whistleblower policy is to encourage employees (or any other person for that matter) to report matters without the risk of subsequent victimization, discrimination or disadvantage.

Practical Implementation:

  • There is no procedure provided under Indian law for companies when faced with such situations. It is driven by the policy, where such policy exists. However, when a whistle-blower complaint is received, it is generally evaluated and investigated basis the nature of issues raised.
  • Such complaints allow the company to get ahead of the issue and take action well in time before any regulator comes knocking at their doorstep.
  • While the management of the company is primarily responsible for implementing policies, procedures and controls for prevention and detection of fraud, the onus of governance for prevention and detection of fraud is also placed on the board of directors/audit committees.
  • Directors of a company are vested with the fiduciary duty to inter alia act in good faith, the duty to act in the best interests of the company, its employees, the shareholders, and the community and for the protection of the environment, etc. They are, thus, required to make necessary disclosures as and when required.
  • Even the investigation team in question is something that can be tweaked keeping the nature of issues in mind. There is no straightjacket formula. With a view to maintain legal privilege, such investigations may also be led by legal counsel who then work with appropriate forensic teams, as may be required.
  • The manner in which the statutory auditor now seeks information has also evolved. It is not unusual for the statutory auditor to seek a detailed explanation from the company or even the investigation team and satisfy themselves that the team looked at the length and breadth of the allegations sufficiently. Where not satisfied, there have been instances that the statutory auditor has gone back and refused to sign the accounts until and unless steps as identified by them were not carried out to their satisfaction.

Recent Examples:

Lately, there have been several whistleblower complaints in listed companies. In this section, we have examined how one of India’s largest multi-national company in the IT sector  dealt with disclosures pertaining to a whistleblower complaint to the Bombay Stock Exchange. In September 2019, the company received a whistleblower complaint signed by ‘Ethical Employees’ alleging that its CEO and CFO, inter alia, were not adhering to accounting standards pertaining to revenue recognition.In October 2019, the company released a statement wherein it noted that these complaints were placed before the Audit Committee, which retained a law firm and an independent internal auditor to investigate into the allegations.

The Bombay Stock Exchange sought a clarification for not making a disclosure pursuant to Regulation 30 of the LODR with reference to receiving a whistleblower complaint. Subsequently, the company released a statement in response to the request by BSE stating that before the conclusion of the investigation of the generalized allegations in the complaints, a disclosure under Regulation 30 of the LODR was not required. In January 2020,  the IT giant issued issued a statement that the Audit Committee has concluded a rigorous investigation and found no wrong doing by the company and its executives, including the CEO and CFO. In this statement, a summary of the scope of investigation and key findings was also provided.

Further, several other large listed companies have received and handled whistleblower complaints which made it to the headlines in the recent past. Recently a leading private bank was struck by a whistleblower complaint addressed to the Prime Minister and the Finance Minister alleging that its then Chairman, granted a loan to a company, whose Chairman had business connections with her husband.09 This has been one of the most talked about complaints in the country leading to initiation of several civil and criminal proceedings against the then Chairman by multiple law enforcement agencies including Enforcement Directorate, Central Bureau of Investigation and income tax authorities.10

In another instance, a whistleblower in a leading pharmaceutical company approached the SEBI complaining about alleged financial irregularities in the company.11 Eventually, SEBI did not find any merit in the allegations. However, the stocks of the company witnessed several fluctuations due to the complaint. Similarly, several other institutions including private banks, financial institutions, audit and consultancy services have grappled with whistleblower complaints. All of this is what is available in the public domain and is, quite probably, the tip of the iceberg.

Lacunae in the Law?

  • Law applicable to listed companies and certain other classes of companies in India mandatorily need to comply with framing a whistleblower policy providing adequate protection to whistleblowers. This is followed by requirement to promptly disclose material events to the stock exchange, which may include whistleblower complaints.
  • Interestingly, there is no mandatory requirement for private, unlisted companies to adopt a whistleblower policy / a policy to protect whistleblowers (except the specific classes of companies prescribed under the Companies Act). However, certain large multinational companies have adopted international best practices and included whistleblower policies. Such policies are voluntary in nature; and a failure to create or adhere to such policies would not normally attract legal repercussions. The rolling out of CARO 2020 is possibly one step towards addressing such an issue.
  • While the intention of the legislations and regulations are laudable, the manner of investigation into whistleblower complaints and ensuring compliance with regulations is unclear. For instance, the yardstick is unclear as to when, or at which stage of investigation, a disclosure pertaining to whistleblower complaint needs to be made before the stock exchange.
  • It is also unclear as to what the process/procedure for conducting an internal investigation into whistleblower complaints should be. While the Companies Act, 2013 and rules thereunder provide that a vigil mechanism must be in place and adequate safeguards must be taken to protect whistleblowers, there is no prescription of how such a mechanism should operate and how investigations into complaints are required to be done. Again, rolling out of CARO 2020 is possibly one step towards addressing this i.e. by ensuring that the statutory auditor is required to look into how each whistleblower complaint is addressed.

Interestingly, a former employee of Tata Consultancy Services made a complaint to SEBI questioning the robustness of the vigil mechanism itself.12 Such instances go to show that there is a need for further clarity on the manner of implementation of whistleblower policies and the manner of investigation into whistleblower complaints.


While employee vigilance is increasing, and whistleblower complaints are on the rise, the law on the manner of handling such complaints and protecting whistleblowers is unclear and still being developed. To that end, having a robust whistleblower policy in place is critical. Companies should be cognizant of the several nuances involved in framing whistleblower policies.

On the one hand, while companies need to have a robust mechanism in place for investigating and resolving whistleblower complaints, the companies must ensure adequate protection to whistleblowers in the form of non-retaliation policies and anonymity (if the whistleblower prefers to remain anonymous). The policy should also take into account the various jurisdictions in which today’s global companies operate and ensure compliance with laws in each of such jurisdictions. These may impinge on the effectiveness of the investigation itself e.g. privacy laws are consistently being tested by the regulators during the course of investigations. It is understandably difficult to balance the whistleblower policies as there also exists a possibility of frivolous or malicious whistleblowing to harm the company or its executives. There is a need to create a compliance culture and focus on importance of reporting and strengthening anti-retaliation policies. The need of the hour is to make employees “FEEL SAFE.

Needless to state, it may take some time to develop a mature whistleblower protection regime in India, which is responsibly utilized by companies and employees alike. India may not be ‘there yet’ – but is certainly getting there quickly, with amendments in the law such as the recent CARO 2020, and an increased awareness in companies to address whistleblower complaints and the protection of whistleblowers with sensitivity and seriousness. For a further understanding of how internal investigations may be conducted in India, please refer to our paper on the Contours of Internal Investigation in India”.

Bhavana Sunder, Payel Chatterjee & Sahil Kanuga

You can direct your queries or comments to the authors

1 Preamble, Whistle Blowers Protection Act, 2014.

2 A disclosure is defined as: 

(i) an attempt to commit or commission of an offence under the Prevention of Corruption Act, 1988(49 of 1988);

(ii) wilful misuse of power or wilful misuse of discretion by virtue of which demonstrable loss is caused to the Government or demonstrable wrongful gain accrues to the public servant or to any third party;  

(iii) attempt to commit or commission of a criminal offence by a public servant, made in writing or by electronic mail or electronic mail message, against the public servant and includes public interest disclosure. 

3 The Whistleblowers Protection (Amendment) Bill, 2015.  

4 Statement of Objects and Reasons, The Whistleblowers Protection (Amendment) Bill, 2015.  

5 Section 177, Companies Act, 2013; Rule 7, Companies and (Meetings of Board and its Powers) Rules, 2014.  

6 Regulation 9A (6), Securities and Exchange Board of India (Prohibition Of Insider Trading) Regulations, 2015.  

7 Chapter IIIA, Securities and Exchange Board of India (Prohibition Of Insider Trading) Regulations, 2015.  

8 Regulation 30, Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015. 


10 https://economictimes.indiatimes.com/industry/banking/finance/roc-files-prosecution-plaint-against-4-companies-of-chanda-kocchars-husband/articleshow/69404937.cms?from=mdr

11 https://www.livemint.com/Money/qXOKBGC82bg2QD8i19IPIK/Sun-Pharma-shares-slump-to-sixyear-low-on-report-of-fresh-a.html 

12 https://economictimes.indiatimes.com/tech/ites/tcs-vigil-mechanism-is-under-sebi-watch/articleshow/70442467.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

Nishith Desai Associates 2013. All rights reserved.