Whistleblower Protection Policy (Kenya)
WHISTLEBLOWER PROTECTION POLICY
[Organisation Name]
Adopted: [Policy Date]
Bribery Act No. 47 of 2016 | Ethics and Anti-Corruption Commission Act No. 22 of 2011 | Employment Act No. 11 of 2007
1. PURPOSE AND SCOPE
1.1 [Organisation Name] (the "Organisation") is committed to the highest standards of ethical conduct, integrity, and compliance with Kenyan law. This Whistleblower Protection Policy (the "Policy") establishes the procedures through which employees, directors, officers, contractors, consultants, suppliers, and other stakeholders (collectively, "Reporters") may report suspected wrongdoing confidentially and without fear of retaliation.
1.2 This Policy operationalises the Organisation's obligations under:
(a) Section 11 of the Bribery Act No. 47 of 2016 — requiring organisations to take reasonable steps to prevent persons associated with the organisation from engaging in bribery;
(b) Section 37 of the Ethics and Anti-Corruption Commission Act No. 22 of 2011 — protecting persons who report corruption to the Ethics and Anti-Corruption Commission (EACC) in good faith from civil or criminal liability; and
(c) Section 45 of the Employment Act No. 11 of 2007 — prohibiting unfair termination of employees who make protected disclosures.
1.3 This Policy applies to all individuals associated with the Organisation regardless of seniority, employment status, or location, including external parties such as suppliers, agents, and joint venture partners.
1.4 Organisation type: [Organisation Type]. This Policy has been adopted by the [Policy Owner] on [Policy Date].
2. COVERABLE CONDUCT
2.1 The following types of wrongdoing may be reported under this Policy:
(a) Bribery and corruption under the Bribery Act No. 47 of 2016, including the offering, giving, receiving, or soliciting of a financial or other advantage to induce or reward improper performance of a function;
(b) Fraud, financial misstatement, theft, or misappropriation of the Organisation's assets;
(c) Violations of the Public Procurement and Asset Disposal Act No. 33 of 2015 in procurement processes;
(d) Money laundering or suspicious transactions reportable under the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA) and the Financial Reporting Centre (FRC);
(e) Workplace safety violations under the Occupational Safety and Health Act No. 15 of 2007 (OSHA);
(f) Personal data breaches or violations of the Data Protection Act No. 24 of 2019;
(g) Anti-competitive conduct under the Competition Act No. 12 of 2010;
(h) Any breach of the Organisation's Code of Conduct, internal policies, or applicable Kenyan law.
2.2 This Policy does not apply to personal grievances about employment matters such as performance management, salary disputes, or interpersonal conflicts, which should be raised through the Organisation's Grievance Procedure.
3. REPORTING CHANNELS
3.1 A Reporter may use any of the following channels to raise a concern:
(a) Confidential hotline: [Hotline Number] — available 24 hours a day, 7 days a week. Anonymous reporting is accepted.
(b) Dedicated confidential email: [Reporting Email] — monitored solely by the [Ethics Officer Title].
(c) Secure web portal: [Web Portal] — third-party managed to preserve anonymity.
(d) Written report addressed to the Audit Committee Chair ([Audit Committee Chair]) — to be used where the concern implicates senior management or the [Ethics Officer Title].
(e) External reporting to the Ethics and Anti-Corruption Commission (EACC) via its toll-free hotline 0800 720 220 or website; or to the Director of Public Prosecutions (DPP) under Article 157 of the Constitution of Kenya 2010; or to the relevant sector regulator.
3.2 Anonymous reports are accepted and will be investigated to the extent practicable. Reporters are encouraged to identify themselves where safe to do so, as identified reports can be more thoroughly investigated.
3.3 Reports should describe the suspected wrongdoing as specifically as possible, including the nature of the act, the persons involved, dates, and any supporting evidence. Supporting documents may be submitted with the report.
4. CONFIDENTIALITY
4.1 The identity of a Reporter will be kept strictly confidential to the maximum extent permitted by law. Disclosure of the Reporter's identity will be limited to those persons who have a direct need to know for the purposes of the investigation.
4.2 Where the maintenance of confidentiality is not possible — for example, where criminal proceedings or a regulatory investigation require the Reporter to be identified as a witness — the Reporter will be advised in advance and given the opportunity to make representations.
4.3 Any person who improperly discloses the identity of a Reporter will be subject to disciplinary action up to and including dismissal, in accordance with the Employment Act No. 11 of 2007.
5. NON-RETALIATION
5.1 The Organisation absolutely prohibits retaliation against any person who makes a report under this Policy in good faith, regardless of whether the investigation substantiates the concern. This prohibition applies whether the reporter is an employee, contractor, supplier, or any other person associated with the Organisation.
5.2 Prohibited retaliatory acts include, without limitation: dismissal or constructive dismissal; demotion or reduction in responsibilities; reduction in remuneration; harassment, victimisation, or exclusion; negative performance appraisals unrelated to genuine performance issues; and denial of promotion, training, or career development opportunities.
5.3 Any manager, director, or employee who retaliates — or who authorises, directs, or condones retaliation — against a Reporter will face disciplinary action up to and including summary dismissal.
5.4 An employee who believes they have been subjected to retaliation for making a protected disclosure may: (a) report the retaliation to the [Ethics Officer Title] or Audit Committee; and (b) bring a claim of unfair dismissal or constructive dismissal before the Employment and Labour Relations Court (ELRC) under Section 45 of the Employment Act No. 11 of 2007, which may order reinstatement or award compensation of up to 12 months' gross pay under Section 49 of the Act.
5.5 Section 37 of the Ethics and Anti-Corruption Commission Act No. 22 of 2011 protects Reporters who report to the EACC in good faith from civil or criminal liability for the disclosure.
6. INVESTIGATION PROCEDURE
6.1 Acknowledgement: The [Ethics Officer Title] or Audit Committee will acknowledge receipt of a report within [Acknowledgement Days] of receipt.
6.2 Preliminary assessment: Within 10 business days of acknowledgement, the [Ethics Officer Title] will assess whether the report falls within the scope of this Policy and whether a formal investigation is warranted.
6.3 Independent investigator: Where the report implicates senior management or the [Ethics Officer Title], the Audit Committee shall appoint an independent external investigator — a forensic accountant, advocate, or specialist compliance firm — to conduct the investigation.
6.4 Investigation conduct: The investigation shall gather documentary evidence, interview relevant witnesses, and afford the subject of the complaint a reasonable opportunity to respond — consistent with the principles of natural justice under Kenyan administrative law. All investigation participants are required to cooperate fully and to maintain strict confidentiality.
6.5 Completion: The investigation shall be completed within [Investigation Days] of receipt of the report, where practicable. Extensions shall be communicated to the Reporter.
6.6 Outcome: Written findings shall be documented. The Reporter shall be informed of the outcome to the extent consistent with confidentiality obligations and any ongoing legal or disciplinary proceedings. Where substantiated, corrective action — including disciplinary measures, referral to the EACC, DPP, or sector regulator, and remediation of processes — shall be taken promptly.
7. FALSE REPORTS
7.1 Any person who knowingly makes a false or malicious report under this Policy — that is, a report they know to be untrue and which is made in bad faith — will be subject to disciplinary action and may face civil liability under the Law of Torts or criminal liability for making a false report to an authority.
7.2 This clause must not be read as discouraging good-faith reports where the Reporter has a reasonable belief that wrongdoing has occurred, even if the investigation does not ultimately substantiate the concern. A good-faith report that is not substantiated will not constitute a false report under this Policy.
8. GOVERNANCE AND REVIEW
8.1 The [Policy Owner] shall have overall governance oversight of this Policy.
8.2 The [Ethics Officer Title] shall maintain a confidential register of all reports received, the status of each investigation, and the outcomes and corrective actions taken.
8.3 An anonymised annual summary of reports received, investigations conducted, and outcomes shall be presented to the Board of Directors and, where required by applicable regulations, to the relevant regulator (e.g., CA, SASRA, CMA, or EACC).
8.4 This Policy shall be reviewed [Review Frequency] and updated to reflect changes in Kenyan law, regulatory requirements, and best practice.
8.5 This Policy shall be communicated to all employees on joining the Organisation and annually thereafter, and shall be made available to contractors and suppliers through procurement documentation and the Organisation's website.
Adopted by the [Policy Owner] of [Organisation Name] on [Policy Date].
Organisation address: [Organisation Address]
Board Chair / Authorised Signatory
________________
Signature
Audit Committee Chair
________________
Signature
Chief Ethics and Compliance Officer
________________
Signature
What Is a Whistleblower Protection Policy (Kenya)?
A Whistleblower Protection Policy in Kenya sets out the rules and standards the organisation expects those it covers to follow.
The Ethics and Anti-Corruption Commission Act No. 22 of 2011 established the EACC as the primary anti-corruption body in Kenya, with power to receive and investigate complaints of corruption and ethics violations. Section 37 of the Ethics and Anti-Corruption Commission Act No. 22 of 2011 provides that any person who reports corruption to the Commission in good faith is protected from civil or criminal liability arising from the disclosure. A Kenya Whistleblower Protection Policy operationalises this statutory protection at the organisational level by establishing internal reporting channels before matters escalate to the EACC or other regulatory bodies.
The Public Officer Ethics Act No. 4 of 2003 requires public officers to adhere to codes of conduct and to declare conflicts of interest and gifts. The Act makes it a disciplinary offence for a public officer to retaliate against a colleague who lawfully reports a breach of the code. Private sector organisations are not directly subject to the Public Officer Ethics Act but are increasingly expected by the EACC and by corporate governance standards to implement equivalent protections.
The Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009 (POCAMLA), administered by the Financial Reporting Centre (FRC), requires reporting entities — banks, insurance companies, SACCOs, lawyers, and accountants — to report suspicious transactions. A Whistleblower Protection Policy in a financial institution complements mandatory suspicious transaction reporting by encouraging staff to report internal misconduct that may not reach the threshold of a formal suspicious transaction report.
The Employment Act No. 11 of 2007 governs the employment relationship in Kenya and protects employees from unfair termination. An employee dismissed or constructively dismissed for making a protected disclosure may bring an unfair dismissal claim before the Employment and Labour Relations Court (ELRC) under Section 45 of the Employment Act No. 11 of 2007. A well-drafted Whistleblower Protection Policy reduces the risk of such claims by clearly setting out the non-retaliation commitment and the disciplinary consequences for managers who victimise reporters.
The Competition Authority of Kenya (CAK) under the Competition Act No. 12 of 2010 encourages leniency applications from companies that self-report cartel conduct. A whistleblower policy that covers competition law violations supports the organisation's ability to identify and disclose anti-competitive conduct before the CAK investigates, potentially securing leniency treatment and reduced fines.
The Kenya National Human Rights Commission (KNHRC) and civil society organisations have long advocated for a standalone Whistleblower Protection Act in Kenya. While no such thorough statute yet exists, the protections spread across the Bribery Act No. 47 of 2016, the EACC Act No. 22 of 2011, and the Public Officer Ethics Act No. 4 of 2003 collectively create a framework that organisations must reflect in their internal policies.
When Do You Need a Whistleblower Protection Policy (Kenya)?
A Whistleblower Protection Policy in Kenya is required whenever an organisation — whether a company, NGO, SACCO, public body, or parastatal — employs staff or engages contractors and wishes to comply with the Bribery Act No. 47 of 2016 and associated anti-corruption legislation.
A Whistleblower Protection Policy is needed when a private company applies for a public procurement contract under the Public Procurement and Asset Disposal Act No. 33 of 2015. Contracting authorities assessed under the Kenya National Public Procurement Regulatory Authority (PPRA) framework increasingly require bidders to demonstrate anti-corruption compliance, and a documented whistleblower policy is a standard element of that compliance pack.
A Whistleblower Protection Policy is required when an NGO registered under the Non-Governmental Organisations Co-ordination Act Cap. 134 receives funding from international donors such as USAID, DFID, or the European Union. Donor due diligence processes require grantees to have documented anti-fraud and whistleblower protection mechanisms as a condition of funding.
A Whistleblower Protection Policy is needed when a SACCO licensed by the SACCO Societies Regulatory Authority (SASRA) under the SACCO Societies Act No. 14 of 2008 implements a governance improvement programme. SASRA supervision guidelines require licensed SACCOs to have internal controls and reporting mechanisms for financial irregularities.
A Whistleblower Protection Policy is required when a listed company on the Nairobi Securities Exchange (NSE) complies with the Capital Markets Authority (CMA) Code of Corporate Governance Practices for Issuers of Securities to the Public 2015, which requires boards to establish audit committees with oversight of internal reporting mechanisms.
A Whistleblower Protection Policy is needed when a hospital, pharmaceutical company, or healthcare provider registered under the Kenya Medical Practitioners and Dentists Council (KMPDC) or the Pharmacy and Poisons Board implements a quality and safety reporting system, confirming that staff can report adverse clinical events, medication errors, or regulatory breaches without fear of victimisation.
Parties in Kenya should prepare a Whistleblower Protection Policy (Kenya) proactively rather than waiting for a dispute to arise. Courts interpret agreements based on the written terms rather than oral representations. Under the Companies Act No. 17 of 2015, the Registrar of Companies at the Office of the Attorney General maintains the register of Kenyan companies. Section 3 of the Law of Contract Act (Cap. 23) governs contractual obligations. The Competition Authority of Kenya (CAK) enforces the Competition Act No. 12 of 2010. The Kenya Revenue Authority (KRA) administers corporate tax under the Income Tax Act (Cap. 470). The High Court of Kenya has unlimited original jurisdiction under Article 165 of the Constitution of Kenya 2010. Where the transaction involves regulated activities, prior approval from the relevant authority may be required before execution.
What to Include in Your Whistleblower Protection Policy (Kenya)
A Kenya Whistleblower Protection Policy compliant with the Bribery Act No. 47 of 2016 and the Ethics and Anti-Corruption Commission Act No. 22 of 2011 must contain the following essential elements.
Scope and Purpose: A clear statement that the policy applies to all employees, directors, officers, contractors, consultants, and volunteers. Confirmation that the policy operationalises the organisation's obligations under the Bribery Act No. 47 of 2016 Section 11, the EACC Act No. 22 of 2011 Section 37, and applicable sector-specific regulations. Statement of the organisation's commitment to ethical conduct and zero tolerance for bribery, fraud, and abuse of office.
Coverable Conduct: An inclusive list of the types of wrongdoing that may be reported, including: bribery and corruption under the Bribery Act No. 47 of 2016; financial fraud and theft; violations of the Public Procurement and Asset Disposal Act No. 33 of 2015; money laundering under the Proceeds of Crime and Anti-Money Laundering Act No. 9 of 2009; workplace safety violations under the Occupational Safety and Health Act No. 15 of 2007; data protection breaches under the Data Protection Act No. 24 of 2019; and any breach of the organisation's code of conduct.
Reporting Channels: Multiple, accessible reporting mechanisms: a dedicated confidential hotline (toll-free where practicable), a dedicated email address monitored by the Ethics Officer or Audit Committee, a secure web-based reporting portal, direct written report to the Board Chair or Audit Committee Chair (bypassing management where the complaint implicates senior management), and external reporting to the EACC, the Director of Public Prosecutions (DPP), or relevant sector regulator.
Confidentiality: Firm commitment that the identity of the reporter will be kept confidential to the maximum extent permitted by law, limited only by legal compulsion or by the requirements of a fair investigation. Where anonymity cannot be maintained — for example where criminal proceedings require a witness to be identified — the reporter will be advised in advance. Anonymous reports will be accepted and investigated to the extent possible.
Non-Retaliation: An absolute prohibition on retaliation against any person who makes a report in good faith, regardless of whether the investigation substantiates the allegation. Prohibited retaliatory acts include dismissal, demotion, reduced hours, harassment, exclusion, negative performance reviews, and denial of promotion. Any manager or employee who retaliates against a reporter will face disciplinary action up to and including termination. Reporters who believe they have suffered retaliation may seek reinstatement or compensation before the Employment and Labour Relations Court (ELRC) under Section 45 of the Employment Act No. 11 of 2007.
Investigation Procedure: Acknowledgement of the report within 5 business days. Assessment by the Ethics Officer or Audit Committee within 10 business days to determine whether a formal investigation is warranted. Appointment of an independent investigator where the complaint implicates senior management. Investigation completed within 60 days where practicable, with extensions communicated to the reporter. Written outcome communicated to the reporter to the extent consistent with confidentiality and disciplinary constraints.
False Reports: A statement that knowingly false reports made in bad faith are a disciplinary offence and may expose the reporter to civil liability under the Law of Torts or criminal liability for making a false report to an authority. This clause must be balanced to avoid chilling legitimate good-faith reports.
Governance and Oversight: The Audit Committee of the Board shall have oversight of the policy's operation. The Ethics Officer (or equivalent) shall maintain a register of reports, investigation outcomes, and corrective actions taken. An annual summary (anonymised) shall be reported to the Board and, where required, to the relevant regulator. The forms-legal.com Kenya Whistleblower Protection Policy template is structured to satisfy the Bribery Act No. 47 of 2016 compliance requirements and international anti-corruption standards.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Whistleblower Protection Policy (Kenya) (Kenya) [Legal document template]. Forms Legal. https://forms-legal.com/kenya/business/policies/whistleblower-policy-kenya
"Whistleblower Protection Policy (Kenya) (Kenya)." Forms Legal, 2026, https://forms-legal.com/kenya/business/policies/whistleblower-policy-kenya.
@misc{formslegal-whistleblower-policy-kenya,
author = {{Forms Legal}},
title = {Whistleblower Protection Policy (Kenya) (Kenya)},
year = {2026},
howpublished = {\url{https://forms-legal.com/kenya/business/policies/whistleblower-policy-kenya}},
note = {Free legal document template}
}Frequently Asked Questions
Kenya does not yet have a standalone Whistleblower Protection Act that mandates all organisations to adopt a formal policy. However, the Bribery Act No. 47 of 2016 Section 11 requires organisations to take reasonable preventive measures against bribery, and regulators and courts treat a documented whistleblower policy as a key element of such measures. Specific sectors face stronger obligations: the Capital Markets Authority (CMA) Code of Corporate Governance 2015 requires listed companies to have internal reporting mechanisms; the SACCO Societies Regulatory Authority (SASRA) supervisory guidelines require licensed SACCOs to have internal controls for reporting financial irregularities; and international donor frameworks typically require NGOs to have anti-fraud and whistleblower policies as a funding condition. Even where not strictly mandatory, the absence of a policy is treated as an aggravating factor by the Ethics and Anti-Corruption Commission (EACC) when assessing organisational culpability for bribery offences.
Kenyan law provides whistleblower protection through several statutes. Section 37 of the Ethics and Anti-Corruption Commission Act No. 22 of 2011 protects persons who report corruption to the EACC in good faith from civil or criminal liability for the disclosure itself. Section 45 of the Employment Act No. 11 of 2007 prohibits unfair termination and entitles an unfairly dismissed employee to reinstatement or compensation before the Employment and Labour Relations Court (ELRC). The Bribery Act No. 47 of 2016 treats an organisation's failure to protect reporters as a failure to take reasonable preventive measures. The Public Officer Ethics Act No. 4 of 2003 makes retaliation against a colleague who reports an ethics breach a disciplinary offence for public officers. While these protections are fragmented across multiple statutes and less detailed than those in South Africa's Protected Disclosures Act, they collectively provide a meaningful framework that a well-drafted internal Whistleblower Protection Policy reinforces and operationalises.
Yes. A whistleblower in Kenya can report anonymously, both to internal organisational channels and to the Ethics and Anti-Corruption Commission (EACC), which accepts anonymous complaints. Anonymous reports can be submitted to the EACC through its toll-free hotline (0800 720 220), its website, or by dropping a written report at any EACC regional office. Internally, a Kenya Whistleblower Protection Policy should provide an anonymous reporting channel — typically a dedicated email address or a third-party managed hotline — that does not capture identifying information. The practical limitation of anonymous reports is that investigators may be unable to seek clarification from the reporter, potentially reducing the weight given to the complaint. Organisations are encouraged to assure reporters that identified reports are treated with the same confidentiality as anonymous ones, to encourage reporters to identify themselves where safe to do so.
An employee who retaliates against a whistleblower in Kenya faces both disciplinary and legal consequences. Under the Employment Act No. 11 of 2007, an employee who is dismissed, demoted, or subjected to detriment because they made a protected disclosure may bring a claim of unfair termination or constructive dismissal before the Employment and Labour Relations Court (ELRC). The ELRC may order reinstatement or award compensation of up to 12 months' gross pay under Section 49 of the Employment Act. The retaliating manager may face personal disciplinary action up to dismissal under the organisation's internal Whistleblower Protection Policy. In the public sector, retaliation against a colleague who reported an ethics breach is a disciplinary offence under the Public Officer Ethics Act No. 4 of 2003. The Ethics and Anti-Corruption Commission (EACC) may also treat evidence of retaliation as an aggravating factor in any investigation of the original misconduct. Organisations should document every retaliatory act and act promptly to stop it to avoid vicarious liability.
Yes. A Kenya Whistleblower Protection Policy should extend coverage to external parties — suppliers, contractors, consultants, agents, joint venture partners, and customers — who may have information about bribery or other misconduct involving the organisation. The Bribery Act No. 47 of 2016 Section 3 criminalises bribery by persons associated with an organisation, which expressly includes agents and intermediaries acting on the organisation's behalf. An external whistleblower who reports that a supplier is paying bribes to secure contracts provides the organisation with critical information to take remedial action and potentially avoid criminal liability. The reporting channels established in the policy should be communicated to external parties through supplier contracts, the organisation's website, and procurement documentation. Confidentiality and non-retaliation protections should explicitly extend to external reporters, including protection against termination of commercial relationships in reprisal for a good-faith report.
A Kenya organisation should investigate a whistleblower complaint through a structured, confidential, and independent process. On receipt of a complaint, the Ethics Officer or Audit Committee should acknowledge it within 5 business days and assess whether it falls within the policy's scope. Where the complaint implicates senior management, an independent external investigator — a forensic accountant, advocate, or specialist compliance firm — should be appointed to avoid conflicts of interest. The investigation should gather documentary evidence, interview witnesses, and provide the subject of the complaint with an opportunity to respond (principles of natural justice under Kenyan administrative law). The investigation should be completed within 60 days where possible. Findings should be documented in a written report, with recommendations for corrective action, disciplinary measures, or referral to the Ethics and Anti-Corruption Commission (EACC), Director of Public Prosecutions (DPP), or sector regulator. The reporter should be informed of the outcome to the extent consistent with confidentiality and any ongoing legal proceedings.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Anti-Bribery and Corruption Policy (Kenya)
A Kenya Anti-Bribery and Corruption Policy for companies, compliant with the Bribery Act No. 47 of 2016 s.7, the Anti-Corruption and Economic Crimes Act No. 3 of 2003, and the Public Officer Ethics Act No. 4 of 2003, covering gifts, hospitality, facilitation payments, and whistleblowing.
Conflict of Interest Policy (Kenya)
A Kenya Conflict of Interest Policy governing directors, employees, and officers of Kenyan companies and organisations, compliant with the Companies Act No. 17 of 2015, Public Officer Ethics Act No. 4 of 2003, and the Leadership and Integrity Act No. 19 of 2012.
Corporate Governance Policy (Kenya)
A Kenya Corporate Governance Policy establishing board structure, director duties, audit, risk, and ethics frameworks for companies under the Companies Act No. 17 of 2015 and Capital Markets Authority guidelines.