Skip to content

Best Practice for Whistleblowing

Elias Axelsson Björklund
6 min read
Employee Experience
Best Practice for Whistleblowing

Discover best practices for whistleblowing in our comprehensive blog. Explore key questions, solutions, and insights for fostering a transparent and accountable workplace culture.

“We need to make sure our laws are worth the paper they are written on. Protecting whistleblowers who report suspected breaches of EU law is one way of doing this…”

Frans Timmermans, European Commission First Vice-President
Financial Times

Dieselgate, Cambridge Analytica, LuxLeaks—these are a few high-profile scandals that come to mind when discussing the European Commission’s proposed legislation to strengthen whistleblower protections. The new legislation comes not a moment too late as Barclays’ CEO faces up to a £2M fine for trying to uncover their 2016 whistleblower. As noted by the Financial Times, “Faith in companies’ internal procedures for protecting whistleblowers has also been shaken.”

The proposed legislation would require extra measures from organizations, public and private, aimed to protect whistleblowers. Even companies in European countries with more advanced whistleblower protections—like the UK—would need to take extra measures under the new legislation.

Internationally, the evolution of whistleblowing (and protection for whistleblowers) seems to accelerate post massive scandals. The US securities and finance sector strengthened its whistleblower protections in the aftermath of the financial crisis in the late 2000s; under part of this strengthened whistleblower program, the US Securities and Exchange Commission (SEC) recently awarded a record $83M to three whistleblowers in relation to a Bank of America Merrill Lynch tip.

Interested in trying a whistleblower solution in your organisation?

Try Questback 14 days for free.

Send surveys and analyse reports
Get started in 5 minutes
No credit card required

Love Your Whistleblowers

The onslaught of high-profile scandals shines a spotlight on whistleblowers—and how to get best practice for whistleblowing. The key is to protect whistleblowers in today’s world laden with seemingly pandemic corporate misgovernance. It is an issue that touches organizations of all sizes in all industries. For business leaders, how can you encourage and protect whistleblowers? And how can you leverage their insight to drive higher performing organizations?

Those are the questions asked of international General Counsel and Compliance Officer, Sara Habberstad, in the webinar, “Love Your Whistleblowers.” The following are four best practices recommended as a good place to start:

Step #1: Protection

The first step absolutely required for any organization is to use best practice for whistleblowing. If an employee cannot be protected from sanction, they will not come forward with their issue. Then, the company is at risk of not getting much out of whistleblower insight; employees won’t dare to come forward!

That being said, there are examples where employees have come forward regardless of retaliation and repercussions. But, as an organization, you cannot be guaranteed that employees will take such a risk. Most don’t. As a best practice, you need to protect whistleblowers if you want employees to genuinely come forward and share their insight.

As with the proposed whistleblower legislation, protection is partly provided by legal regulations and requirements. The US, UK and Nordics, for example, have laws that protect whistleblowers and limit the ability of companies to retaliate against employees that bring forward issues. However, even where there are whistleblower regulations, it’s still important to implement your own organizational rules. Have your own Code of Conduct and your own Whistleblowing Policy. Establishing internal standards that adequately protect your employees is of huge importance. If you don’t do that, you risk not getting any input at all. Protection—that’s the baseline.

Step #2: Incentives

The next step is incentives. There should be something that encourages whistleblowers to come forward. This element might drive an individual to report an issue even if they are at first reluctant to do so. For example, the US has best practice whistleblowing incentives, monetary rewards, for some types of whistleblowing under the US SEC.

It’s not always possible for an organization to have a monetary reward, but businesses can also provide incentives in other ways such as public praise (if agreed to by the whistleblower, of course!). There are things that a company can do to create incentives for their employees. The bottom line is there needs to be a positive drive to blow the whistle. What that is can vary from market to market, company to company.

Step #3: Blowing the whistle must be possible

The third step is that it must be possible to blow the whistle. There needs to be a system in place for the person who wants to blow the whistle. There may be an employee that need to report an issue, feel safe doing so and have incentives, but they have no idea how to go forward. Who do they call? How do they send a report? There needs to be a clearly articulated method to blow the whistle.

Legislation varies by country here too. Some countries have legal requirements around whistleblowing processes. In Norway, it is a legal requirement for a company to have a system in place for employees to blow the whistle. That’s not the case everywhere. But any company can create a whistleblower policy outlining to all employees how blowing the whistle should be done.

Lastly, the whistleblowing process must be supported by systems in place whether that is internal hierarchy, internal communications or software. The crucial element is that employees must know what they need to do to report an issue—and be able to accomplish that process in practical terms. If this isn’t in place, you run the risk of not getting all issues reported.

Step #4: Blowing the whistle must be easy and safe

Finally, the fourth step is to make blowing the whistle easy and safe. The process that you have in place should be extremely easy and time efficient to use. Just like other business areas, if your process isn’t easy, there are built-in barriers which automatically lowers your adoption and usage rates. That means you are losing critical insight.

Related to step one but slightly different, the process must also ensure the safety of the employee after they blow the whistle. An employee may be protected in practical terms but feel unsafe with their manager, other colleagues, the organization, or within the work environment altogether. It’s not enough to protect employees; blowing the whistle must be safe.

In today’s environment, this basically boils down to technology. Technology can ensure ease of use, and thus adoption, as well as ensuring safety within the work environment after they blow the whistle. With technology, it is possible people within the organization might not even know who blew the whistle in the first place. To that, there’s really only one path that protects and ensures employee safety—to provide an easy system with the possibility to give anonymous reports.

Best practice for whistleblowing; The Value of Anonymity

There can be many reasons why employees want to be anonymous when blowing the whistle. Some may fear losing their job or getting laid off, others fear their manager or colleagues knowing they reported an issue. The social pressures and the types of retaliation that can occur within the work environment are very real and strong fears when employees go to blow the whistle.

Anonymous reporting is a crucial best practice for whistleblowing, though it addresses a lot of these issues around whistleblowing. It can also address the lack of legal protection. For example, anonymity overcomes a country’s lack of whistleblower protection because by its nature, it will be a lot easier for employees to come forward while being safe and protected.

How can organizations encourage, protect and leverage whistleblowers and their insight? The answer to this question is invaluable as executives everywhere look for ways to reduce their operational risk, protect the business and drive higher-performing teams. It is not enough for organizations to have a just a whistleblower policy, they need to embrace a proactive approach to whistleblowers and continuously listen to their employees throughout the organization.

As an employer, if you want to be sure that you get the information that is among your employees—insight that you need to reduce your risk, protect the organization and improve operations—these four elements are required for a successful whistleblower strategy.

Want to know more about whistleblowing? We have gathered some commonly asked questions.



Guide for high employee engagement

Find the 4 driving forces of engagement split up into 33 solid methods that you can use to be a better leader and raise your team’s performance.

More articles on this topic


Questback International Questback Finland Questback Benelux Questback Norway Questback Sweden Questback Germany


Bogstadveien 54, 0366 Oslo


Keilaniementie 1, 02150 Espoo


Millennium Tower, Radarweg 29, 1043NX Amsterdam


Bogstadveien 54, 0366 Oslo
Support:  +47 21 02 70 80
Sales:  +47 21 02 70 70


Sveavägen 59, 113 59 Stockholm
Support:  +468 440 88 21
Sales:  +468 440 88 00


Kurfürstendamm 30, 10719 Berlin

Trusted by many