Whistleblowing Policy (India)
WHISTLEBLOWING POLICY (VIGIL MECHANISM)
Company: [Company Name]
Registered Address: [Company Address]
Effective Date: [Effective Date]
This Whistleblowing Policy (also referred to as the Vigil Mechanism Policy) ("Policy") is adopted by [Company Name] ("Company") pursuant to Section 177(9) and Section 177(10) of the Companies Act 2013, Regulation 22 of the SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015, and the Whistleblowers Protection Act 2014 (to the extent applicable).
1. OBJECTIVE AND SCOPE
1.1 The objective of this Policy is to provide a safe, confidential, and accessible mechanism for directors, employees (permanent, contractual, temporary, and part-time), and — where applicable — suppliers and other stakeholders, to report genuine concerns about unethical behaviour, actual or suspected fraud, financial misconduct, legal violations, safety issues, or violations of the Company's Code of Conduct or ethics policies, without fear of retaliation.
1.2 This Policy applies to all directors, officers, and employees of the Company and its subsidiaries, and — for serious governance concerns — to third-party contractors and suppliers acting on behalf of the Company.
2. COVERABLE CONCERNS
2.1 This Policy covers reports of: (a) financial fraud, accounting irregularities, misstatement of financial results, and misappropriation of Company funds; (b) bribery and corruption (including violations of the Prevention of Corruption Act 1988 and the Company's Anti-Bribery Policy); (c) violations of the Company's Code of Conduct, POSH Policy, or other internal policies; (d) environmental, health, or safety violations; (e) violations of applicable laws and regulations, including the Companies Act 2013, SEBI regulations, the Income Tax Act 1961, and other applicable statutes; (f) conduct that creates a significant risk to the Company or its stakeholders.
2.2 This Policy is not intended for: personal grievances (which are handled through the HR grievance mechanism), general employee feedback, or concerns that are not related to the Company's business conduct.
3. REPORTING CHANNELS
3.1 Reports under this Policy may be submitted through the following channels: (a) Email: [Compliance Email]; (b) Hotline: [Hotline Number]; (c) Direct access to the Audit Committee Chairman: [Audit Committee Chairman] (available in exceptional cases, as required by Section 177(10) of the Companies Act 2013).
3.2 Anonymous reporting: [Anonymous Reporting]. Reporters are encouraged to identify themselves as this facilitates a more complete investigation, but anonymity will be respected to the fullest extent possible where the reporter requests it.
3.3 Reports should include: a description of the concern (what, who, when, where); any supporting evidence (documents, emails, records); and the reporter's contact details (unless reporting anonymously).
4. CONFIDENTIALITY
4.1 The Company is committed to maintaining the confidentiality of the reporter's identity to the fullest extent possible, consistent with the requirements of a fair investigation. Information about reports will be shared only on a strict need-to-know basis.
4.2 No reporter shall be required to disclose their identity as a condition of having their concern investigated.
4.3 Persons involved in the investigation (investigators, witnesses, subjects) must maintain confidentiality throughout and after the investigation.
5. NON-RETALIATION
5.1 The Company expressly prohibits any form of retaliation against a person who makes a good-faith report under this Policy. Retaliation includes dismissal, suspension, demotion, harassment, discrimination, or any other adverse employment action.
5.2 Any person found to have retaliated against a reporter will be subject to disciplinary action, up to and including termination of employment.
5.3 Protection against retaliation is also provided by the Whistleblowers Protection Act 2014 — which makes victimisation of a complainant who has made a good-faith disclosure a criminal offence (Section 16, WBP Act 2014).
5.4 Making a false or malicious report with the intent to harm another person is itself a violation of this Policy and may result in disciplinary action.
6. INVESTIGATION PROCEDURE
6.1 The Company will acknowledge receipt of every report within [Acknowledgement Days] working days of receipt, assigning a unique reference number to the complaint.
6.2 The Compliance Officer (or a designated independent investigator) will conduct a preliminary assessment within 10 working days to determine whether the concern falls within the scope of this Policy and is credible.
6.3 Credible concerns will be investigated by an independent investigator — internal or external — following principles of natural justice. Both the reporter and the subject of the complaint will be given an opportunity to present their case.
6.4 The Company aims to resolve all complaints within [Resolution Days] calendar days of receipt. Complex investigations may take longer — the reporter will be kept informed of progress.
6.5 Serious matters (those involving potential fraud, statutory violations, or senior management) will be escalated to the Audit Committee. For matters involving senior management, the Board will be informed directly.
6.6 All investigation records will be maintained for at least seven years.
7. ANNUAL REPORTING AND REVIEW
7.1 The Compliance Officer will report to the Audit Committee at least annually on: the number and nature of complaints received; the number resolved and pending; actions taken; and any systemic issues identified.
7.2 The Company will include in its Annual Report a statement of POSH Act, Code of Conduct, and Vigil Mechanism compliance, as required by the Companies Act 2013 (Section 134) and the SEBI LODR Regulations 2015.
7.3 This Policy shall be reviewed annually by the Audit Committee and updated as required. This Policy is published on the Company's website consistent with SEBI LODR Regulation 22.
7.4 This Policy is governed by the laws of India and the laws of the State of [Governing State].
Board / Managing Director
________________
Signature
Audit Committee Chairman
________________
Signature
What Is a Whistleblowing Policy (India)?
A Whistleblowing Policy in India establishes the framework of rules governing the area it covers and the steps taken when those rules are broken.
In India, the legal foundation for whistleblowing in the private sector is Section 177(9) of the Companies Act 2013, which requires listed companies, companies that accept public deposits, and companies with significant bank borrowings to establish a vigil mechanism. The vigil mechanism must be overseen by the audit committee and must provide direct access to the audit committee chairperson in exceptional cases. The SEBI Listing Obligations and Disclosure Requirements (LODR) Regulations 2015 (Regulation 22) reinforce this requirement for listed entities and mandate disclosure of the policy on the company's website.
For public sector entities and government employees, the Whistle Blowers Protection Act 2014 provides a separate statutory framework — enabling disclosures of corruption and abuse of power by public servants to designated Competent Authorities, with protections against victimisation and identity disclosure.
Beyond the mandatory legal requirements, a well-crafted Whistleblowing Policy reflects the company's commitment to ethical business conduct and is a fundamental element of a corporate governance framework that meets the expectations of investors, institutional shareholders, and international business partners. The National Guidelines on Responsible Business Conduct (NGRBC) 2019, published by the Ministry of Corporate Affairs, include responsible whistleblower mechanisms as part of their framework for responsible business practices.
A thorough Whistleblowing Policy covers the types of conduct that can be reported, the channels through which reports can be made, the investigation procedure, the protections afforded to complainants, and the consequences of retaliation or bad-faith reporting.
The legal framework governing the Whistleblowing Policy (India) in India draws on several key statutes and regulatory bodies. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Parties executing a Whistleblowing Policy (India) in India should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Indian Contract Act, 1872 sets the foundational requirements.
When Do You Need a Whistleblowing Policy (India)?
A Whistleblowing Policy is legally required for listed companies, companies accepting public deposits, and companies with bank borrowings exceeding ₹50 crore under Section 177(9) of the Companies Act 2013. SEBI LODR Regulation 22 independently requires listed entities to have and disclose such a policy. However, the policy is valuable for all companies regardless of whether it is mandatory.
Every company with significant corporate governance risk needs a Whistleblowing Policy. Financial fraud, accounting irregularities, bribery, and misconduct are detected more quickly and at lower cost when employees have a safe channel to report concerns. The Association of Certified Fraud Examiners (ACFE) Report to the Nations consistently finds that tips from employees are the most common method of detecting occupational fraud globally — and companies with hotlines detect fraud significantly faster and with lower losses than those without.
Companies with operations in multiple states or a dispersed workforce particularly benefit from a centralised, confidential reporting channel, because geographic distance can make it harder for employees to raise concerns with their immediate managers.
Companies undergoing M&A transactions or seeking PE/VC investment need a Whistleblowing Policy as part of their compliance framework — investors routinely conduct compliance due diligence and consider the presence of a vigil mechanism as a positive governance indicator.
Companies in regulated sectors — banking, insurance, pharmaceuticals, telecom, mining, and defence — face heightened regulatory scrutiny and need demonstrably strong reporting mechanisms. SEBI, the RBI, IRDAI, and other regulators have all emphasised the importance of internal reporting mechanisms in their governance guidelines.
Parties in India should prepare a Whistleblowing Policy (India) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Whistleblowing Policy (India)
A thorough Whistleblowing Policy for an Indian company should contain the following essential elements.
Scope and Covered Persons: The policy should apply to all directors, employees (permanent, contractual, and temporary), and — for serious governance concerns — third parties such as suppliers, customers, and business partners.
Coverable Concerns: A clear list of the types of conduct that can be reported, including financial fraud, bribery and corruption, violations of the company's code of conduct, safety hazards, environmental violations, and violations of laws and regulations. The list should be illustrative rather than exhaustive.
Reporting Channels: Multiple channels should be available — an email address monitored by the compliance officer or ethics committee, a dedicated telephone hotline (which may be operated by an independent third party), and a web-based reporting portal. Anonymous reporting should be permitted, with a note that anonymous reports may be more difficult to investigate.
Confidentiality: Explicit commitments to maintain the confidentiality of the complainant's identity to the fullest extent possible, consistent with the requirements of a fair investigation.
Non-Retaliation: An explicit prohibition on retaliation against persons who make good-faith reports, and a description of the consequences of retaliation (disciplinary action up to and including termination).
Investigation Procedure: A defined procedure for receiving, triaging, investigating, and resolving complaints, with timelines and escalation paths (to the audit committee for serious matters, as required by Section 177(10) of the Companies Act 2013).
Feedback: Commitment to inform complainants of the general outcome of their report within a reasonable time.
Annual Review: A commitment to review and update the policy annually, and to report to the audit committee on the operation of the policy, the number and nature of complaints received, and outcomes.
Additional compliance elements for a Whistleblowing Policy (India) used in India include: Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). The Industrial Disputes Act 1947 and state labour commissioners govern employment disputes. The Information Technology Act 2000 and IT (Reasonable Security Practices) Rules 2011 protect personal data. The Income Tax Act 1961 and Goods and Services Tax Act 2017 govern tax obligations through the Central Board of Direct Taxes (CBDT) and GST Council. Forms-legal.com provides this template as a starting point for India-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Whistleblowing Policy (India) (India) [Legal document template]. Forms Legal. https://forms-legal.com/india/business/policies/whistleblowing-policy-india
"Whistleblowing Policy (India) (India)." Forms Legal, 2026, https://forms-legal.com/india/business/policies/whistleblowing-policy-india.
@misc{formslegal-whistleblowing-policy-india,
author = {{Forms Legal}},
title = {Whistleblowing Policy (India) (India)},
year = {2026},
howpublished = {\url{https://forms-legal.com/india/business/policies/whistleblowing-policy-india}},
note = {Free legal document template. Based on Indian Contract Act, 1872}
}Also available for these jurisdictions:
Frequently Asked Questions
Yes — a vigil mechanism (the Indian statutory equivalent of a whistleblowing policy) is mandatory for certain categories of companies under Section 177(9) of the Companies Act 2013. Section 177(9) requires every listed company, every company that accepts deposits from the public, and every company that has borrowed money exceeding ₹50 crore from banks or public financial institutions, to establish a vigil mechanism for its directors and employees to report genuine concerns about unethical behaviour, actual or suspected fraud, or violation of the company's code of conduct or ethics policy. Section 177(10) of the Companies Act 2013 further provides that the vigil mechanism must provide adequate safeguards against victimisation of persons who use the mechanism in good faith, and must also provide for direct access to the chairperson of the audit committee in appropriate or exceptional cases. For listed companies, the SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015 (LODR Regulations) — specifically Regulation 22 — independently require listed entities to formulate a vigil mechanism/whistle blower policy. The policy must be disclosed on the company's website and the annual report must contain a brief description of the policy. For public sector undertakings (PSUs) and government employees, the Whistle Blowers Protection Act 2014 (WBP Act) provides a separate statutory framework.
The legal protections available to whistleblowers in India operate at multiple levels under different statutes. Under the Whistle Blowers Protection Act 2014, the primary protection mechanism for public sector whistleblowers is identity protection. Section 4 of the Act requires the Competent Authority (the authority to whom disclosures are made) to keep the identity of the complainant confidential. Section 16 makes it an offence to victimise a complainant who has made a good-faith disclosure — victimisation includes dismissal from service, suspension, demotion, harassment, and discrimination. The penalty for victimisation is imprisonment up to three years and a fine up to ₹50,000. Under Section 177(10) of the Companies Act 2013, the vigil mechanism must provide adequate safeguards against victimisation of persons who use the mechanism in good faith. The statute does not prescribe the precise form of these safeguards, leaving it to the company to design appropriate protections — but the expectation is that reports will remain confidential, investigations will be conducted by independent persons, and complainants will not face adverse employment consequences for good-faith reporting. For employees in the private sector, the Industrial Disputes Act 1947 (ID Act) may provide some protection. Section 25F of the ID Act restricts the retrenchment of a workman without following the prescribed procedure (notice and compensation).
A well-designed whistleblowing investigation process for an Indian company should balance thoroughness, speed, confidentiality, fairness, and legal compliance. The following framework reflects best practice under the Companies Act 2013, SEBI LODR Regulations 2015, and general principles of natural justice recognised by Indian courts. Receipt and Acknowledgement: Upon receipt of a complaint through the designated channel (email, hotline, or web portal), the compliance officer or ethics committee should acknowledge receipt within 48–72 hours, assign a unique reference number to the complaint, and provide the complainant with guidance on next steps. Initial Assessment (Triage): Within 5–10 working days of receipt, the compliance officer (or an appointed independent investigator) should conduct a preliminary assessment to determine whether the complaint: (a) falls within the scope of the policy; (b) is prima facie credible and supported by sufficient detail; (c) is vexatious or in bad faith; or (d) requires referral to an external law enforcement agency. Investigation: Credible complaints should be investigated by an independent person — either the compliance officer, a senior officer not involved in the subject matter of the complaint, an external counsel, or a forensic investigations firm. The investigation should include document review, interviews with relevant witnesses, and, where appropriate, digital forensics.
A Whistleblowing Policy (India) does not legally require a lawyer in India, and individuals and businesses may draft and execute the document independently. The Indian Contract Act, 1872 does not mandate legal representation for the creation or signing of this type of document. However, seeking independent legal advice from a qualified India lawyer is recommended for transactions involving substantial financial value, complex regulatory requirements, or cross-border elements where multiple legal jurisdictions may apply. A lawyer can verify that the document complies with all applicable statutory requirements, identify potential risks specific to the transaction, and confirm that the terms adequately protect the interests of all parties involved. The Supreme Court of India has jurisdiction over disputes arising from this type of document, and Registrar of Companies (ROC) may impose additional compliance obligations depending on the nature of the underlying transaction. Professional legal review is particularly advisable where the document will be submitted to government agencies or used as evidence in legal proceedings.
A Whistleblowing Policy (India) does not legally require a lawyer in India, though legal advice is recommended. Under Indian law, the Indian Contract Act 1872 governs agreements. The Companies Act 2013 and Registrar of Companies (ROC) regulate corporate documents. The Information Technology Act 2000 governs electronic contracts and data protection. The Consumer Protection Act 2019 provides consumer rights. The Income Tax Act 1961 requires tax compliance. Forms-legal.com provides this template as a starting point — always review with a qualified Indian advocate for significant transactions. Under India law, Indian Contract Act, 1872, parties should seek independent legal advice from a qualified lawyer to confirm compliance with all applicable requirements. Under Indian law, the Indian Contract Act 1872 governs contractual obligations, with Section 10 setting essential requirements for valid agreements. The Companies Act 2013 regulates corporate entities through the Registrar of Companies (ROC) and Ministry of Corporate Affairs (MCA). Forms-legal.com provides this template as a starting point for India-compliant documentation.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Anti-Bribery and Anti-Corruption Policy (India)
A comprehensive Anti-Bribery and Anti-Corruption Policy compliant with the Prevention of Corruption Act 1988 (as amended 2018), Companies Act 2013, and FCPA/UK Bribery Act for Indian entities with international operations. Covers gifts, hospitality, facilitation payments, and whistleblowing.
Code of Conduct (India)
A comprehensive Code of Conduct for Indian companies compliant with the Companies Act 2013 (Section 149, Schedule IV), SEBI LODR Regulations 2015, and National Guidelines on Responsible Business Conduct 2019. Covers director and employee obligations, conflicts of interest, and ethical business standards.
POSH Policy — Prevention of Sexual Harassment at Workplace (India)
A comprehensive POSH Policy compliant with the Sexual Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act 2013 and Rules 2013. Covers Internal Complaints Committee constitution, complaint procedure, enquiry process, penalties, and mandatory annual reporting obligations.