What is Whistleblowing: FAQ for companies

With the EU Whistleblowing Directive the topic of whistleblowing is becoming important for companies. This article contains everything you need to know.
Moritz Homann

Now that the EU Whistleblowing Directive has largely come into force across Europe, whistleblowing in the workplace has become an essential topic for companies. National interpretations of the Directive have made it mandatory for organisations to introduce reporting channels and protective measures for people speaking up. As corporate compliance standards become stricter and the legal landscape grows more complex, this what businesses need to keep in mind when it comes to whistleblowing.

Whistleblowing illustration with whistles | integrityline.com

How whistleblowing in the workplace occurs

Workplace whistleblowing occurs when an individual reports wrongdoing in an organisation, such as financial misconduct, exploitation or discrimination. This person is often an employee but can also be a third-party such as a supplier or customer.

Internal whistleblowing is when someone makes a report within an organisation. Companies in the EU with at least 49 employees are now legally required to  implement internal whistleblowing channels for this purpose so that employees and other stakeholders can speak up if they become aware of misconduct. Employees can also report to their line manager.

External whistleblowing is when a person blows the whistle publicly, either to the media, police or via social media channels.  People often choose the public option if they have little faith in their organisation’s investigation or reporting procedure, have tried speaking up internally with no result or if there is no whistleblowing system in place.

Such complaints focus on conduct prohibited by a specific law such as a criminal offence, discrimination or evidence of a cover up. Speak up policies may however cover a broader range of issues related to compliance and ethics.

Occupational whistleblowing is different to raising a workplace grievance. A grievance is a matter of personal interest and does not impact on the wider public, whereas whistleblower revelations relate to the more serious and widespread concerns as outlined above.

What are typical cases of whistleblower reports?

There are many different scenarios, but they are often cases from these following areas:

These cases can involve various major risks or consequences for employees, companies or entire countries. Therefore, unethical behaviour and grievances must be brought to public attention in order to prevent individuals or companies from illicitly enriching themselves or that other offences can be committed without any criminal consequences.

Why is whistleblowing currently a hot topic?

Reporting corporate wrongdoing has grown in importance in recent years thanks to a series of high-profile scandals and events. The global financial crisis of 2007-2008 revealed widespread mismanagement in financial institutions and the Volkswagen Dieselgate scandal in 2015 saw the car manufacturer illegally cheating emissions tests in the United States. Both of these events cost corporations billions of dollars and are viewed as exactly the kind of incidents that effective internal whistleblowing policies and channels might have helped prevent.

In 2017 the #metoo movement saw Hollywood stars blow the whistle on the widespread sexual-abuse allegations against Harvey Weinstein. This movement also supposedly led to an increase in companies putting stronger safeguards and structures in place for staff seeking to flag illegal or concerning behaviour.

The EU introduced the Whistleblowing Directive in 2019 as a response to recent scandals such as Luxleaks, the Panama Papers and Cambridge Analytica.

Well-known whistleblowing cases

Well-known examples are Edward Snowden’s revelations about the worldwide surveillance and espionage practices of secret services, the Panama Papers or Cambridge Analytica. The case of whistleblower Chelsea (formerly Bradley) Manning, who passed on secret information to Julian Assange’s Wikileaks platform and thus brought the USA into distress, also attracted worldwide attention.

And of course, one of the most famous scandals of world policy, the Watergate scandal, which forced former US president Richard Nixon to resign in 1974, would probably not have been occurred without whistleblower Mark Felt.

Well-known Whistleblowing Cases

Whistleblower & Labour Law – When workers become whistleblowers

Is there a need to be afraid of losing my job?

Employer loyalty is very important in Germany, which is why whistleblowers have a particularly hard time here. Only a few regulations explicitly protect whistleblowers from possible reprisals, such as a termination without notice. So far German legislation mandates an explicit legal requirement to set up a compliance system only for a few explicitly defined industries, such as banks and financial institutions.

Legal regulations in Europe

Historically, the US, France and the UK were pioneers in the field of legal protection for whistleblowers but the laws they passed did contain noticeable deficiencies. In Europe, the EU set out to bring the legal landscape to a comprehensive and universal standard through the EU Whistleblowing Directive. 

After numerous delays, member states finally started make noticeable progress in passing the Directive. The legislation obliges companies to establish confidential and secure reporting channels while effectively protecting whistleblowers from retaliation.

EU Whistleblowing Directive: All you need to know right now

We will show you how you can implement the requirements of the EU Directive quickly and easily in your company.

Why is whistleblowing beneficial?

Whistleblowers provide an important service to both their organisation and wider society. If matters can be resolved internally before becoming public in the press or on leak platforms, organisations can avoid reputational damage and fines that can prove substantial. Enforcement action under the US Foreign Corrupt Practices Act saw companies receive penalties totalling a record US$2.9 billion in 2019.

A whistleblowing system enables confidential reporting of irregularities. It also helps with the bottom line: experience shows that companies and organisations lose around 7 percent of their annual turnover due to violations. Internal reports can help to uncover a significant proportion of these cases and minimise financial damage as a result.

Why are whistleblowers feared? - 5 myths under the microscope

There are many myths  that make companies, governments and other organisations sceptical – or even fearful – about implementing a whistleblowing system. Many worry that whistleblowers will have a negative effect on their reputation, or that their reporting channels might be abused by disgruntled employees to send unfounded accusations. There is also the fear that the system might be “too effective” and they will be flooded with reports.

Luckily these fears are unjustified. If a company has an effective internal whistleblowing system, very few reports are ever raised externally. And while there are certainly individuals whose intentions are questionable at best, the reality is that most whistleblowers are simply trying to do the right thing. Studies show that companies receive an average of 34 reports per year (cf. Whistleblowing Report 2021). The larger the company, the greater the probability that concerns will be reported, but this might not be a bad thing: it simply means there is a healthy speak-up culture in place in the organisation.

Whistleblowers only harm companies if they report corporate misconduct directly to the public or the media. It is therefore important that organisations encourage individuals to report their concerns internally. Companies are advised to set up internal whistleblowing channels and actively communicate these so that employees and other stakeholders are aware of them. They mean that employees can report their concerns directly to the appropriate department to help identify and remedy issues at an early stage. This reduces the risk of reputational damage.  

If a whistleblower reports their concerns directly to an external body (e.g. the media), they may be liable to prosecution if, for example, they disclose corporate secrets. Exceptions apply if the person in question acts in the public interest. Such exceptions are, for example, enshrined in the reporting procedure detailed in the new EU Whistleblower Directive. All whistleblowers that use internal company channels such as a digital software to report concerns shouldn’t have anything to fear.

According to the Whistleblowing Report 2019, which surveyed nearly 1,400 companies from Germany, France, the UK and Switzerland, less than 9 percent of reports received by companies were aimed at harming individual employees or the company. The study shows that half of all reports refer to compliance-related issues and the remaining complaints usually reveal other problems in the company. Nevertheless, it is important when introducing whistleblower systems to clearly communicate that abusive usage will not be tolerated.

Studies show that companies receive an average of 34 reports per year (cf. Whistleblowing Report 2021). The larger the company, the greater the probability that concerns will be reported. However, receiving lots of reports is not necessarily a bad sign. While it may indicate that there are widespread issues within the company, it may also simply mean that employees have confidence in the whistleblowing arrangements and feel comfortable reporting.

Similarly, a small number of reports can indicate that there are very few issues but it can also be a sign that the reporting system doesn’t work as it should, employees have no confidence in the channel or simply do not know where they should report misconduct. Organisations should therefore transparently communicate their reporting channels and handling processes in order to reduce barriers to raising concerns.

If the whistleblower provides their name when reporting, the employer must keep the individual’s identity confidential (as far as possible). If the identity of the individual is for some reason disclosed, the employer must provide protection from retaliation. The European Union also explicitly includes the protection of whistleblowers (including bullying and intimidation) in the Directive adopted in April 2019.

In reality, however, low levels of bullying are difficult to both detect and prevent while employees may fear their name getting out. Allowing anonymous usage can provide an additional level of security that helps employees feel comfortable reporting, especially on highly sensitive issues. It’s also still possible to communicate with anonymous individuals to collect more information with modern whistleblowing systems.

When is a whistleblower protected?

Whether someone chooses to speak up when they see wrongdoing is a personal decision. Many whistleblowers are motivated by wanting to do the right thing. However, even though employers are prohibited from seeking revenge after an employee has exposed wrongdoing, a whistleblower’s career may still suffer. Low-level workplace bullying is difficult to detect. Whistleblowers often stand alone and friends they thought they could trust in their workplace might turn their back on them in order to protect their own reputation. Even if an anonymous system is in place, those exposing wrongdoing still need courage and determination.

Many European countries currently only have partial legal protections in place for whistleblowers. However change is underway in Europe and the new Directive contains broad free speech protections for whistleblowers in both the public and the private sectors in all  member states of the European Union. 

It prohibits direct or indirect retaliation such as dismissals, demotions and other discrimination against current and former employees, applicants, supporters of the whistleblower and journalists. The protection applies only to the reporting of irregularities relating to EU law, such as tax fraud, money laundering or offences relating to public contracts, product and transport safety, environmental protection, public health, and consumer and data protection (the EU does, however, encourage national legislators to extend this scope in national law).

The whistleblower can choose to report an incident internally first within the organisation or directly to the relevant supervisory authority. If nothing is done in response to such a report or if the whistleblower has reason to believe that there is a public interest, they can also go directly to the public. They are protected in all of these cases. Member states had until mid-December 2021 to transpose this Directive into their national laws and only a handful managed to do so ahead of the deadline. The process is still ongoing. 

When can whistleblowers be prosecuted?

The issue of whistleblowers exposing wrongdoing publicly has started a debate about the need for government secrecy versus the public’s right to know. The US Espionage Act, for example, has been used several times to charge federal employees for leaking sensitive information. In summary, whistleblowing can often be illegal if the exposed information threatens national security.

What are the ethics of whistleblowing?

The ethics of whistleblowing can be seen as a tricky matter. It often brings two moral values, fairness and loyalty, into conflict. On the one hand doing what is fair and right (i.e. speaking up about misconduct) can sometimes conflict with loyalty (i.e. having worked for an organisation for many years). Whistleblowing might also be viewed as a breach of trust. Many whistleblowers decide to report because they place the value of fairness and doing what is right over loyalty to their organisation.

Whether a whistleblower is a “hero” or a “traitor” is purely down to their intentions. Are they doing it to right a wrong? Is it to protect the public? Or is the basis for the action the pursuit of self-interest or financial gain? In some countries, certain whistleblowing is financially incentivised. Hollywood also glorifies and romanticises high-profile whistleblowers in films (including Edward Snowden and Julian Assange) which could make the practice attractive to those wanting to make a name for themselves.

One way to discourage “unethical” whistleblowing is to offer an internal, anonymous channel for reporting wrongdoing. The presence of such a system means whistleblowers’ identities are kept secret and they are less likely to report externally to the press where they could seek to make a name for themselves.

How does data protection legislation relate to whistleblowing?

Following the EU General Data Protection Regulation (GDPR), compliance officers are now required to follow very specific procedures when handling personal data, particularly as it pertains to issues of whistleblowing reports and reporters.

The GDPR has had a direct impact on the subject of confidentiality in whistleblowing. It states that companies may not collect personal information without the subjects being informed about how their data will be processed. This means that companies are obliged to inform accused persons of whistleblowing reports against them. If the GDPR is strictly interpreted, the accused would also have the right to know the name of the whistleblower which means confidentiality is lost. This could act as a deterrent to potential whistleblowers and could lead to fewer reports.

To ensure whistleblower identities are kept confidential, the data protection authorities recommend using digital systems that allow anonymous reports. This is because if a report is anonymous, the accused only has to be informed that a report (anonymous) has been received about him or her. The identity of the whistleblower remains protected.

Why is whistleblowing currently in the news?

In June 2020, Watson.ch reported that in Switzerland the government whistleblowing reporting office, located at the Swiss Federal Audit Office (SFAO), is seeing increasing numbers of reports year-on-year. Interestingly the majority this year came from outsiders such as suppliers, contractors or subsidy recipients rather than employees. 148 reports were anonymous, which makes up almost 80 percent of cases.

In October 2020, the UK Financial Conduct Authority reported a 61 percent jump in the number of complaints about the whistleblowing procedures at financial services companies. This rise has been attributed to greater awareness of whistleblowing protection and procedures along with employees finding it more difficult to figure out how to access their companies’ internal whistleblowing channels during the COVID-19 pandemic.

Whistleblowing has also become an important subject in times of COVID-19. German newspaper Süddeutsche Zeitung reported that Stephan Kohn, an employee in the German Federal Ministry of the Interior, had publicly labelled the Government’s pandemic measures as a “false alarm”. Disciplinary proceedings have been opened against Kohn, and it is currently being clarified whether Kohn is guilty of official misconduct.

How can whistleblowers be helped and better protected?

The implementation of a whistleblower system is one of several ways to help uncover possible risks in time: before and not afterwards, when it is often too late.

A whistleblower system enables the systematic and confidential transmission of information from employees and suppliers, a protected dialogue with the anonymous whistleblower and the processing and documentation of reports.

Whistleblower systems are thus among the most effective instruments for preventing and investigating corruption and maladministration. Around 39 percent of fraud cases in companies and organizations worldwide are revealed by whistleblowers (ACFE: Report to the nations, 2016).

“More than half of all whistleblowers make use of internet-based reporting channels”

The EU Whistleblower Directive will enter into force in 2021

The EU Whistleblower Directive is therefore considered a milestone in the fight to protect whistleblowers, as it obliges all companies with more than 50 employees, public institutions as well as local authorities of 10,000 inhabitants in the EU to introduce internal reporting channels for whistleblowers. The EU law provides a three-stage reporting system.

Therefore, companies should prevent this risks in time by using effective whistleblower systems.

Did you know that...

...almost 40 percent of companies are affected by any kind of maladministration? This can be either the falsification of financial figures, corruption, industrial espionage, fraud, theft, embezzlement, bullying or even sexual harassment. Not infrequently, damages in excess of 100,000 euros are revealed.
...around 90 percent of all whistleblowers first try to address the observed grievances internally before they contact authorities, the media or the public - provided they find suitable channels and an open culture within the company?
...some studies even show that a strong whistleblower culture helps companies to be financially more successful in the long term?

Guide to the Introduction of Whistleblowing Systems

How to successfully implement a whistleblowing system in your organisation.

Share this blog post on

Moritz Homann contact image | integrityline.com
Moritz Homann
Managing Director Corporate Compliance | EQS Group
Moritz Homann is responsible for the department of Corporate Compliance products at EQS Group. In this function, he oversees the strategic development of digital workflow solutions tailored to meet the needs of Compliance Officers around the world.