India: Disclosure Of Infosys Whistleblower Investigations – What Does The Law Demand?

The recent change in leadership at Infosys has thrown up interesting questions relating to the vigil mechanism in a listed company. Infosys received anonymous whistle blower complaints relating to its overseas acquisition. The Company took note of the complaints and placed it before its audit committee for consideration. Based on newspaper reports, the stock exchanges sought clarification on the complaints. The Company issued a statement that the complaints are being examined by the audit committee. It undertook a detailed investigation with the assistance of expert advisors and finally made a public disclosure that the investigations revealed no evidence supporting the allegations made in the complaints.  

One of the demands by Mr. Murthy in his capacity as a public shareholder, was that the company make a full public disclosure of the investigation report. It is interesting to examine this demand has any basis under law.

Section 177 (9) of the Companies Act and Regulation 22 of the Listing Regulations, requires that every listed company establish a vigil mechanism for directors and employees, under the aegis of its audit committee, to receive genuine concerns relating to the operations of the Company. The law does not prescribe the contents of the vigil mechanism policy. Most companies, including Infosys, have adopted a generic policy providing for the process of receiving complaints, investigation and avoidance of  victimization of the complainant.

There is no legal obligation on a company to notify the exchanges upon receipt of a whistle blower complaint. Investigation of such complaints is a sensitive matter as allegations relating to the internal operations of the company have to be adequately examined and relevant persons ought to be interviewed, to arrive at conclusions. For employees and other stakeholders to participate in the investigation without any fear of retaliation, investigations are conducted on a confidential basis. Any premature disclosure of complaints may be harmful to the interests of the company and its stakeholders.

The findings of the investigation are disclosed to the audit committee of the company for appropriate action. The audit committee takes appropriate action if any action is warranted; and may share its observations or recommendations with the board of directors if it deems fit. Where the investigation yields no evidence supporting the allegations, the committee is not required to take any further action or make any disclosure. If the investigation reveals irregularities in the operations of the company, depending on the nature of the irregularity and its impact on the business, operations and financial condition of the company, the audit committee should notify the board of directors; and the board should make suitable disclosures to the exchanges.

It is also a legal requirement for the top 500 listed companies to have a Business Responsibility Report (BRR) as part of its board report, under Regulation 34 (ii)(f) of the Listing Regulations. The BRR format requires disclosures on stakeholder complaints. It is recommended that details of stakeholder complaints received and resolved by the company under the vigil mechanism process be disclosed in this portion of the BRR.

Infosys appears to have followed the above-mentioned procedure that is in keeping with its legal obligations under the Companies Act and the Listing Regulations. The approach is also in keeping with the general principles of good corporate governance - as no tenet of corporate governance requires disclosure of confidential or sensitive information of the company unless it has a bearing on the ability of investors and stakeholders to make informed decisions. Given the above legal construct, the demand by the founder public shareholder for a public disclosure of the confidential investigation report appears to be an unreasonable one and such a demand is not based on principles of good corporate governance. Any stakeholder in Infosys should be satisfied with the existing disclosure made by the company on the investigation of the anonymous complaints - wherein details of the credentials of the investigating agency, methodology and scope of the investigation and conclusions of the investigation have been disclosed.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.