What is Whistleblowing: FAQ for companies

With the EU Whistleblowing Directive the topic of whistleblowing is becoming important for companies. This article contains everything you need to know.

Moritz Homann


With the EU Whistleblowing Directive the topic of whistleblowing is becoming increasingly important for companies. Companies across the EU are being required to provide whistleblowing channels and protections for whistleblowers are increasing. Within this context, we go through everything companies need to know.

Whistleblowing illustration with whistles | integrityline.com

What is whistleblowing?

Whistleblowing is when an individual reports wrongdoing in an organisation, for example financial misconduct or discrimination. This person is often an employee but can also be a third-party such as a supplier or customer.

Internal whistleblowing is when someone makes a report within an organisation. Often companies implement whistleblowing channels for this purpose so that employees and other stakeholders can speak up if they become aware of misconduct. Employees can also report to their line manager.

External whistleblowing is when a person blows the whistle publicly, either to the media, police or via social media channels.  People often opt to blow the whistle publicly if they have little faith in their organisation’s investigation or reporting procedure, have tried speaking up internally with no result or if there is no whistleblowing system in place.

Whistleblowing complaints focus on conduct prohibited by a specific law such as a criminal offence, discrimination or evidence of a cover up. Speak up policies may however cover a broader range of issues related to compliance and ethics.

Whistleblowing is different to raising a workplace grievance. A grievance is a matter of personal interest and does not impact on the wider public, whereas a whistleblowing report relates to more serious and widespread concerns as outlined above.

Why is whistleblowing currently a hot topic?

Several recent scandals and events have raised the profile of whistleblowing. The global financial crisis 2007-2008 revealed widespread corporate mismanagement in financial institutions and the Volkswagen Dieselgate scandal in 2015 saw the car manufacturer illegally cheating emissions tests in the USA. Both of these events cost corporations billions of dollars and are viewed as exactly the kind of events that effective internal whistleblowing policies and channelsmight have helped prevent.

Whistleblowers more prominent in 2017 when the #metoo movement saw Hollywood stars blowing the whistle on the widespread sexual-abuse allegations against Harvey Weinstein. This movement also supposedly led to an increase in companies putting stronger safeguards and structures in place for staff seeking to flag illegal or concerning behaviour.

The EU introduced the Whistleblowing Directive in 2019 as a response to more recent scandals such as Luxleaks, Panama Papers and Cambridge Analytica. Once EU countries implement the directive, all companies with more than 50 employees will be required to establish a whistleblowing policy and system and legal protection is afforded to those individuals seeking to expose wrongdoing.

Why is whistleblowing beneficial for companies?

Whistleblowers provide an important service to both their organisation and wider society. If matters can be resolved internally before becoming public in the press or on leak platforms, organisations can avoid reputational damage and fines.Fine can be substantial. Enforcement action under the US Foreign Corrupt Practices Act saw companies receive penalties totalling a record US$2.9 billion in 2019.

A whistleblowing system enables confidential reporting of irregularities. A whistleblowing system also helps with the bottom line: experience shows that companies and organisations lose around 7 percent of their annual turnover due to violations. Internal reports can help to uncover a significant proportion of these cases and thus minimise financial damage.

Why do companies fear whistleblowing? - 5 myths under the microscope

There are many myths about whistleblowing which make companies sceptical – or even fearful – of implementing a whistleblowing system. Many worry that whistleblowers will have a negative effect on their reputation, or that their whistleblowing system might be abused by disgruntled employees to send unfounded reports. There is also the fear that a whistleblowing system might be “too effective” and they will be flooded with reports.

Luckily these fears are unfounded. If a company has an effective internal whistleblowing system, very few reports are ever raised externally. And while there are certainly whistleblowers whose intentions are questionable at best, the reality is that most whistleblowers are simply trying to do the right thing. Studies show that companies receive an average of 34 reports per year (cf. Whistleblowing Report 2021). The larger the company, the greater the probability that concerns will be reported, but this might not be a bad thing: it simply means there is a healthy speak-up culture in place in the organisation.

Myth 1: Whistleblowers harm the company's reputation

Whistleblowers only harm companies if they report corporate misconduct directly to the public or the media. It is therefore important that companies encourage whistleblowers to report their concerns internally. Companies are advised to set up internal whistleblowing channels and actively communicate these so that employees and other stakeholders are aware of them. Internal whistleblowing channels mean that employees can report their concerns directly to the appropriate department in the company and help to identify and remedy issues at an early stage. This helps to reduce the risk of reputational damage.

Myth 2: Whistleblowers end up in court

If a whistleblower reports their concerns directly to an external body (e.g. the media), they may be liable to prosecution if, for example, they disclose corporate secrets. Exceptions apply if the whistleblower acts in the public interest. Such exceptions are, for example, enshrined in the reporting procedure detailed in the new EU Whistleblower Directive. All whistleblowers that use internal company reporting channels such as a digital whistleblower system to report concerns shouldn’t have anything to fear.

Myth 3: Employees use whistleblower systems to anonymously send unfounded reports about their colleagues

According to the Whistleblowing Report 2019, which surveyed nearly 1,400 companies from Germany, France, the UK and Switzerland, less than 9 percent of reports received by companies were aimed at harming individual employees or the company. The study shows that half of all reports refer to compliance-related issues and the remaining reports usually reveal other problems in the company. Nevertheless, it is important when introducing whistleblower systems to clearly communicate that abusive reports will not be tolerated.

Myth 4: Anyone who sets up a whistleblower system will be flooded with reports

Studies show that companies receive an average of 34 reports per year (cf. Whistleblowing Report 2021). The larger the company, the greater the probability that concerns will be reported. However, receiving lots of reports is not necessarily a bad sign. While it may indicate that there are lots of issues within the company, it may also simply mean that employees have confidence in the whistleblowing arrangements and feel comfortable reporting.

Similarly, a small number of reports can indicate that there are very few issues but can also be a sign that the reporting system doesn’t work as it should, employees have no confidence in the channel or simply do not know where they should report misconduct. Companies should therefore transparently communicate their reporting channels and handling processes in order to reduce barriers to raising concerns.

Myth 5: Whistleblowers should fear retaliation from colleagues

If the whistleblower provides their name when reporting, the employer must keep the individual’s identity confidential (as far as possible). If the identity of the whistleblower is for some reason disclosed, the employer must protect the whistleblower from retaliation. The European Union also explicitly includes the protection of whistleblowers (including bullying and intimidation) in the Whistleblower Directive adopted in April 2019.

However, in reality low levels of bullying are difficult to detect and prevent and employees may fear that their name might get out. Allowing anonymous reporting can provide an additional level of security that helps employees feel comfortable reporting, especially on highly sensitive issues. It’s also still possible to communicate with anonymous whistleblowers to collect more information with modern whistleblowing systems.

When is a whistleblower protected?

Whether an employee chooses to speak up when they see wrongdoing is a personal decision. Many whistleblowers are motivated by wanting to do the right thing. However, even though employers are prohibited from seeking revenge after an employee has exposed wrongdoing, a whistleblower’s career may still suffer. Low-level workplace bullying is difficult to detect. Whistleblowers often stand alone and friends they thought they could trust in their workplace might turn their back on them in order to protect their own reputation. Even if an anonymous whistleblowing system is in place, whistleblowers still need courage and determination to expose wrongdoing, potentially exposing colleagues or the organisation they have worked for over many years.

Many European countries currently only have partial legal protections in place for whistleblowers. However change is underway in Europe with the EU Whistleblowing Directive which contains broad free speech protections for whistleblowers in both the public and the private sectors in all member states of the European Union.

The Directive prohibits direct or indirect retaliation such as dismissals, demotions and other discrimination against current and former employees, applicants, supporters of the whistleblower and journalists. The protection applies only to the reporting of irregularities relating to EU law, such as tax fraud, money laundering or offences relating to public contracts, product and transport safety, environmental protection, public health, and consumer and data protection (the EU does, however, encourage national legislators to extend this scope in national law).

The whistleblower can choose to report an incident internally first within the company or directly to the relevant supervisory authority. If nothing is done in response to such a report or if the whistleblower has reason to believe that there is a public interest, they can also go directly to the public. They are protected in all of these cases. Member states have until 2021 to transpose this directive into their national laws.

When can whistleblowers be prosecuted?

The issue of whistleblowers exposing wrongdoing publicly has started a debate about the need for government secrecy versus the public’s right to know. The US Espionage Act, for example, has been usedseveral times to charge federal employees for leaking sensitive information. In summary, whistleblowing can often be illegal if the exposed information threatens national security.

How does data protection legislation relate to whistleblowing?

Following the EU General Data Protection Regulation, compliance officers are now required to follow very specific procedures when handling personal data, particularly as it pertains to issues of whistleblowing reports and reporters.

GDPR has had a direct impact on the subject of confidentiality in whistleblowing. GDPR states that companies may not collect personal data without the data subjects being informed of how their data will be processed. This means that companies are obliged to inform accused persons of whistleblowing reports against them. If GDPR is strictly interpreted, the accused would also have the right to know the name of the whistleblower which means confidentiality is lost. This could act as a deterrent to potential whistleblowers and could lead to fewer reports.

To ensure whistleblower identities are kept confidential, the data protection authorities recommend using whistleblowing systems that allow anonymous reports. This is because if a report is anonymous the accused only has to be informed that an (anonymous) report has been received about him or her. The identity of the whistleblower remains protected.

What are the ethics of whistleblowing?

The ethics of whistleblowing can be seen as a tricky matter. Whistleblowing often brings two moral values, fairness and loyalty, into conflict. On the one hand doing what is fair and right (i.e. speaking up about misconduct) can sometimes conflict with loyalty (i.e. having worked for an organisation for many years). Whistleblowing might be viewed as being a breach of trust. Many whistleblowers decide to report because they place the value of fairness and doing what is right over loyalty to their organisation.

Whether a whistleblower is a “hero” or a “traitor” is purely down to their intentions. Are they doing it to right a wrong? Is it to protect the public? Or, is the basis for the action the pursuit of self-interest or financial gain? In some countries, certain whistleblowing is financially incentivised. Hollywood also glorifies and romanticises high-profile whistleblowers in films (including Edward Snowden and Julian Assange) which could make the practice attractive to those wanting to make a name for themselves.

One way to discourage “unethical” whistleblowing is to offer an internal, anonymous channel for reporting wrongdoing. The presence of such a system means whistleblowers identities are kept secret and they are less likely to report externally to the press where they could seek to make a name for themselves.

Why is whistleblowing currently in the news?

In June 2020, Watson.ch reported that in Switzerland the government whistleblowing reporting office, located at the Swiss Federal Audit Office (SFAO), is seeing increasing numbers of reports year-on-year. Interestingly the majority of these reports this year came from outsiders such as suppliers, contractors or subsidy recipients rather than employees. 148 reports were anonymous, which makes up almost 80 percent of cases.

In October 2020, the UK Financial Conduct Authority reported a 61% jump in the number of complaints about the whistleblowing procedures at financial services companies. This rise has been attributed to greater awareness of whistleblowing protection and procedures and employees finding harder to find out how to access their companies’ internal whistleblowing channels during the COVID-19 pandemic.

Whistleblowing has also become an important subject in times of Corona. The Süddeutsche Zeitung that Stephan Kohn, an employee in the German Federal Ministry of the Interior, had publicly labelled the Government’s Corona measures as a “false alarm”. Disciplinary proceedings have been opened against Kohn, and it is currently being clarified whether Kohn is guilty of official misconduct.

Guide to the Introduction of Whistleblowing Systems

How to successfully implement a whistleblowing system in your organisation.

Share this blog post on

Share on linkedin
Share on twitter
Share on facebook
Moritz Homann contact image | integrityline.com

Moritz Homann

Managing Director Corporate Compliance | EQS Group
Moritz Homann is responsible for the department of Corporate Compliance products at EQS Group. In this function, he oversees the strategic development of digital workflow solutions tailored to meet the needs of Compliance Officers around the world.