Whistleblowing system as a protective shield

Modern whistleblowing system: early warning system and protective shield for your company

A whistleblowing system acts as a protective shield! As an entrepreneur, managing director and executive, you have followed the scandals of the last few years at Tönnies, Wirecard, or also Wilke, VW and Facebook in the news. You therefore know that such incidents can cause great reputational damage. Often, however, only large corporations have the financial resources of getting off lightly.

The question for every righteous, medium-sized entrepreneur is: how can you reduce the risk of an employee putting the fate of your company at risk or endangering the future of your company with conscious or unconscious violations of the law?

For known, quantifiable risks, very complex risk management systems exist, depending on the size of the company and its business model. At the very least, however, there is a “Plan B” in the drawer, which one hopes will never be needed. But what about the wide range of unknown risks due to misconduct that are rather unlikely but, if they occur, can have the consequences of a tsunami for the company? 

In the following article, you will learn how a whistleblowing system that complies with the guidelines can serve as an early warning system and protective shield against scandals and violations of the law within your company.

What risks are avoidable for companies using a whistleblowing system?

Potential environmental or health hazards, product liability cases due to quality defects, corruption, bribery, fraud, accounting and balance sheet offences or even serious economic crime: they all fall under the risks for which there is usually no plan B in your company. They come as a surprise and no one would have thought it was possible before. Small and medium-sized enterprises or family businesses with proven cooperation based on trust and short decision-making paths are often particularly at risk here. There is a fine line between great trust and blind trust. In lack of appropriate control mechanisms, the gateway to abuse is left wide open.

The earlier risks can be identified, the more efficient and favourable the corrective measures will be to prevent a scandal from determining the future of your company. Serious reputational damage due to negative press or massive financial losses not only lead to sensitive turnover losses for small and medium-sized enterprises, but often also to insolvency and personal liability on your behalf – the management.

An example of financial damage:


The unrestricted trust of the owner family of the worldwide known security company abus in their former authorised signatory enabled him to divert more than 16 million euros to his private accounts. After spending the stolen money, he confessed. However, the company suffered massive financial damage that could only be repaired with the private assets of the owner family.

An example of reputational damage:


In the Tönnies case, a whistleblower, an employee of the canteen operator, was concerned that violating the minimum distance of 1.5 m in the canteen would encourage the spread of COVID-19. Her video went viral and she was terminated. She sued, but there was no final court settlement. The spread of the virus in the region and the devastating press on working conditions at Tönnies contributed to lasting reputational damage and heavy financial losses.

An example of corporate secrets:


The case of Brigitte Heinisch, who pointed out inhumane conditions in nursing to her employer Vivantes – Netzwerk für Gesundheit GmbH – went through all the legal instances. Due to a lack of staff, nursing home residents had to lie in their excrement and urine until the afternoon. Services were billed that were never provided in this form. After Vivantes did not react, Brigitte Heinisch could not reconcile this fraud with her conscience and called in the public prosecutor’s office.

The Federal Constitutional Court had already decided in 2001 that employees may also report their employer if there are criminal law concerns (Ref: 1 BvR 2049/00). Ms Heinisch was dismissed. Her persistent fight through the courts ended after six years at the European Court of Human Rights in Strasbourg. On 21 July 2011, the Court pronounced a judgement (Ref.: 28274/08) limiting the protection of company secrets: 

  1. The “disclosure of grievances” is covered by freedom of expression. 
  2. The “public interest in information about shortcomings” outweighs a company’s interest in protecting its reputation and business interests.

Since 2019, the German Trade Secrets Act (Geschäftsgeheimnisgesetz) has expanded the legal situation to the effect that unethical conduct on the part of a company or its management is sufficient for an employee to be able to publish company or trade secrets. The prerequisite for this is that the publication is suitable to protect the general public interest. Thus, the Oldenburg Higher Regional Court acquitted a whistleblower who disclosed trade secrets of a company to the media. The company lawfully exported a chemical for lethal injections for the execution of the death penalty in the USA with the permission of the authorities.

Legal requirements for early warning systems

Early warning systems come in varying degrees of complexity. From the minimum of compliance with legal requirements to comprehensive risk management systems and comprehensive compliance programmes. The goal of all systems is the prevention of violations in order to exclude image damage and reduce liability risks. Furthermore, they serve to detect misconduct as quickly as possible in order to be able to react to it efficiently and consistently.

In the case of small and medium-sized enterprises, there is often the approach of simply fulfilling the minimum requirements necessary to avoid criminal proceedings or liability for damages, and which, for example, allows them to participate in the tendering process for public contracts.

But what is the minimum? There are around 2,000 laws and around 3,500 regulations with over 75,000 legal standards in Germany. In addition, there are EU directives and other legal requirements as soon as the company is also active outside of Germany.

However, until today there have only been recommendations and no explicit “compliance” law that regulates which measures you as an entrepreneur must implement. With the EU Directive for whistleblower protection dated 16.12.2019, a mandatory, cross-industry core element of compliance programmes was established for the first time.

The whistleblower system according to the new EU Directive

The EU Whistleblowing Directive states that all companies with 50 or more employees must set up secure channels for reporting breaches. Companies with up to 249 employees have an extended implementation period until the end of 2023. The whistleblowing must then be handled professionally and confidentially.

Until now, in Germany, as in most EU countries, whistleblowers were not protected. Reporting an incident represented a high personal risk. The directive therefore demands that anyone who notices possible compliance violations in the course of their professional activities should be able to report them without having to fear consequences under civil and labour law. Specifically, these are e.g. suspension or dismissal, shifting of tasks or transfer, reduction of salary or issuing of a bad reference, mobbing or discrimination, disadvantage or unequal treatment.

This also includes job applicants, trainees and former employees. The directive reaches even further: If the whistleblower suffers reprisals, he or she has an additional right to claim compensation.

What does it look like in reality today?

The variety of reporting channels and systems used in practice today is large, as there are no legal requirements for the design of such whistleblowing solutions so far. Today, whistleblowing systems are mainly found in internationally operating companies with comprehensive compliance programmes. In these, whistleblowing is seen as an important contribution to effective compliance.

Some companies deliberately reject whistleblowing systems. They are convinced that their open communication culture does not require special reporting channels or they fear that this would create a culture of mistrust.

“Does the catfight go on anonymously and digitally now?”

The fact is that in future, as an entrepreneur, you will be obliged to react to reports within the period of one week and follow up on them accordingly. 

What should be reported according to the EU Directive? The scope looks manageable at a first glance, but can get quite complex and challenging in the areas of detail: 

  • Violations against consumer protection
  • Infringements against the protection of the environment 
  • Infringements against the financial interests of the Union 
  • Infringements of competition law  
  • Infringements of tax and money laundering law

Each country in the EU can, however, extend the scope. It could therefore be that German or Austrian legislation will include further legal matters.

As a manager, the best way to prevent abuse is to clearly inform your employees about what tips you hope to receive. Clarity and orientation is also provided by a so-called code of conduct, which defines how everyone in the company should behave. 

Here, “simple, short, concise and lived” is better than “complex, long and in a drawer”. A good guideline is the principle: always act as you would want to read about it in the newspaper (or in the media).

The best prevention against abuse is clear, transparent and open communication as well as constructive handling of mistakes.

So who are whistleblowers? Are they particularly loyal or do they want to harm the company?

Überwachung im Unternehmen

Actually every employee has the duty to inform his or her employer about wrongdoings. However, the delivery of bad news is seldom thanked. If taboo, silence and turning a blind eye prevail in the company, the messengers are often called denunciators or traitors. Superiors who do not want to be confronted with mistakes or are reluctant to admit them turn the tables and interpret the discussion as a loss of trust.

However, when it comes to violating standards that pose a danger to the organisation, the employees or the environment, the duty of loyalty to the company must be valued more highly than the supposed loyalty to the superior. Employees who dare to draw attention to grievances are therefore acting in the interest of your company. They take responsibility and make improvements possible.

Which whistleblowing systems are existing on the market today?

A variety of different options can be found on the market today: internal or external ombudspersons, persons of trust, mailboxes, telephone and email solutions, digital whistleblowing solutions and other internal or external contacts. All of them help to increase transparency in the company and to use reports as an early warning system.

But with which of the different whistleblowing systems do you also fulfill the requirements of the EU Whistleblowing Directive?

Which risks you run without using a whistleblowing system

It is tempting to ignore the directive, hoping that nothing will happen and you won’t be discovered. Yet alone with around 100,000 companies in Germany, one won’t be noticed, right?

In addition to the risk of non-compliance, the EU directive creates another, far more serious risk: if a company offers its employees an internal anonymous way to report, the employees must use this internal channel first. If they go public immediately, they face consequences under labour and criminal law. 

If the company does not observe the prescribed deadlines for reports received or does not offer a confidential communication channel in the first place, employees may turn directly to the public. Experience shows that the resulting financial damage or damage to the company’s reputation due to bad press is significantly higher than the penalty to be expected as a result of the violation.

With the favourable prices for whistleblower systems, you are therefore saving on the wrong side if you do not set up such a reporting channel. The potential damage caused is disproportionate to the cost of a whistleblowing system.

Who can help choosing the right whistleblowing system?

Lawyers, compliance advisors, auditors and tax advisors can be considered. They can advise you on the selection of a suitable whistleblowing system that fits your requirements. Above all, your company size and business activities, labour and data protection requirements as well as a possible integration into an existing compliance management system must be considered.

Would you like to quickly and easily select a suitable whistleblowing system as a protective shield for your company? Get an overview of the most important decision criteria for the selection of a whistleblowing system.

Conclusion: Why should you implement a whistleblowing system?

The answer is simple: to use this early warning system to protect your company, your reputation, your employees and your stakeholders from risks.

Will you wait until the last day of the deadline according to the EU Directive or are you already taking advantage of the opportunities it offers your company? The sooner you integrate a whistleblowing system into your company’s processes, the more you contribute to increase integrity and transparency in the corporate culture. 

As a next step, download “Your guide to comply with the Whistleblowing Directive in your company“. Or contact one of our experts for a personal consultation.

Why wait any longer?

Compliant in 5 minutes

Our solution fits to your clients?

Join our partner program