The act of an individual, wherein such individual reports or intimates an activity, which may be illegal, illicit, irregular, dangerous, unethical and against public welfare and policy, to the appropriate higher authorities, whether external or internal, who may have such discretionary powers to direct a corrective measure is generally considered as the act of ‘whistle-blowing’. It can also include a situation where an employee, who is the whistle-blower, reports any such actions committed by his/her colleague, manager, vendor or so on to the applicable and appropriate officials as prescribed under policies of the company framed in pursuance of the applicable guidelines[1].

To summarise, a whistle-blower is a person who reports, any and all, unlawful or illegal activities undertaken within an organization, whether private or public, to the appropriate authorities or officials with the intention to mitigate and/or cease such illegal activities, in the interests of the organisation or public in general.

Whistleblowing is considered a courageous and brave act as the whistle-blower may go through retaliation from the individuals against whom the complaint is raised. Accordingly, ensuring protection of the whistle-blowers is absolutely important in order to set examples in the eyes of the employees or public, as the case may be, wherein more individuals would be inclined towards doing what is right. Proportionally, such protection to the whistle-blowers may compel the wrongdoers to think twice before committing such unlawful and illegal activities.

Framework for Protection

The Whistle Blowers Protection Act, 2014 (“Act”), which is yet to be enforced, contains the protective measures to be provided to whistle-blowers. It is pertinent to note that the applicability of the Act is limited to public servants and public sector undertakings and organisations. The Act prevents the victimization of the whistle-blower by way of initiating legal proceedings against him or otherwise, merely on the basis that such whistle-blower has disclosed certain information or rendered assistance in an inquiry under the Act. Further, it mandates the concerned Government authority to provide relevant protection to the whistle-blower along with the witnesses in the inquiry. The concerned authority, i.e., the Competent Authority designated for different organisations and departments, if required, must undertake measures to conceal the identity of the whistle-blower, unless it is required /necessary to be disclosed with prior written consent of the whistleblower for obtaining comments, explanation or reports from the head of the department or authority of the concerned entity, against whom the complaint has been received.

In case of companies, while the term ‘whistleblowing’ is not explicitly mentioned, the Companies Act, 2013 categorically mandates a class of companies to have a vigil mechanism vis-à-vis whistleblowing, to ensure that sufficient safeguards are accorded to the whistle-blowers. Section 177 (9) and (10), Companies Act, 2013 read with Rule 7 of the Companies (Meetings of Board and its Powers) Rules, 2014 mandates the following class of companies to establish a vigil mechanism for directors and employees for reporting genuine concerns or grievances in respect to the company:

    1. All listed companies;
    2. Companies that accept deposits from the public; and
    3. Companies that have borrowed money from banks and public financial institutions in excess of Indian Rupees 500 million.

Further, companies that are required to constitute an audit committee are required to oversee the mechanism through the committee, and members of the committee who have any conflict of interest with respect to any matter are required to recuse themselves. Other companies have been instructed to nominate a director to perform the role of audit committee for the purposes of vigil mechanism. The vigil mechanism is designed to also ensure safeguards against victimisation of employees and directors who avail vigil mechanism and grant them direct access to the chairperson of the audit committee, or the director nominated for the purposes of vigil mechanism, in exceptional cases.

While such safeguards are not listed in the Companies Act, 2013, the obligated companies may devise the requisite framework to outline the protective measures which can be undertaken in the interest of the whistleblower. The vigil mechanism is generally construed as the whistleblower policy as it aims to expose and report unethical, fraudulent and violative behaviour of the employees in the higher management of the companies.

Security and Exchange Board of India (“SEBI”), under SEBI (Prohibition of Insider Trading) Regulations, 2015, under the chapter, ‘Restrictions on Communication in Relation to and Trading by Insiders in the Units of Mutual Funds’ and SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015, under multiple chapters, mandate the listed companies to establish a whistle-blower policy vis-à-vis vigil mechanism. Both the terms “whistle-blower policy” and “vigil mechanism” have been used interchangeably in this regard.

Further, the Insurance Regulatory and Development Authority of India (“IRDAI”) has also released guidelines, namely, “Guidelines for Corporate Governance for Insurers in India”, wherein the guidelines advise companies regulated by it to set up a ‘Whistle Blower Policy’. Additionally, the Reserve Bank of India (“RBI“) has introduced a scheme named, “Protected Disclosures Scheme for Private Sector and Foreign Banks”, wherein the banks are required to formulate a whistleblower policy/vigil mechanism.

While the legal framework in India has set forth multiple guidelines for the formulation of the whistleblower mechanism, the foregoing provisions/guidelines have not proved to be a substantial measure to circumvent such consequences faced by the whistle-blowers. Accordingly, there is a need to enhance protection for the whistle-blowers, which may be undertaken in the following manner:

      1. sufficient and stringent protection policy to the whistle-blowers reporting corruption or wilful misuse of power or wilful misuse of discretion through formation of statutory bodies on a state level and a central level;
      2. a regular mechanism within the organisation to encourage such persons to disclose information on corruption or wilful misuse of power or wilful misuse of discretion;
      3. establishment of dedicated teams/groups on a central and state level for the purpose of inquiry and investigation and implement absolute safeguards against victimisation of the whistle-blower;
      4. appropriate and proportionate mechanism to create absolute safeguards for whistleblowers in the private sector; necessary penalties and imprisonment for the violators may vary on a case-to-case basis and specific penal provisions should be incorporated in the current legislation to increase the liability for such violations;
      5. appropriate penalty/punishment for revealing the identity of the whistle-blower, negligently or with malice;
      6. appropriate penalty/punishment for harassing, threatening, undue pressure/compulsion, etc.;
      7. the current legislation may be amended to include a separate body, whether at a central, regional or state level or a separate “Vigilance Committee” to govern these events and to ensure that the companies’ proprietary data and information is secure and appropriate resolutions may be undertaken to enforce the safeguarding of the whistleblowers and to penalise the violators.


In a nutshell, the inference may be taken that apart from the legislation, the organizations have a collective responsibility to promote, implement, execute and maintain whistle-blowing policies. The organizations must also ensure encouraging and supportive environment, backing of the management heads, and the apex level decision makers support and follow through with the vigilance mechanism and the whistle-blowing policies. The degree of whistle-blowing activity is generally expected to rely not only on the regulatory reaction to whistle-blowing but also on the legal protection given to those who do so.

Authors: Prashant Kataria ( Partner) and Shivam Shekhar ( Associate)


[1] The applicable guidelines have been elaborated further under the heading, “Framework for Protection” of this article.

More from King, Stubb & Kasiva