Whistleblowing Compliance

Recognising the value a whistleblowing hotline can provide, through the early detection of employee misconduct, many regulatory bodies are choosing to introduce requirements for organisations to establish confidential internal reporting channels.

Buy Now & Get Compliant

Ensure your organisation complies with all major international Whistleblowing requirements

Safecall’s whistleblowing products are designed with best practice in mind –
as such we help your organisation to comply with all major whistleblowing regulations. This allows even large, complex, international businesses to share a single dedicated whistleblowing hotline system.

Our data resides in the UK and our system is designed to be fully
GDPR compliant.



Whistleblowing Hotlines Support

  • EU Whistleblowing Directive
  • Financial Conduct Authority (UK) SYSC 18
  • Market Abuse Regulation (MAR)
  • SOC (System and Organization Controls) 2
  • EASA
  • German Corporate Governance Code (DGCK)

EU Whistleblowing Directive (2019/1937) (EU)

The European Parliament passed a directive in October of 2019 which compels all 27 EU members states to incorporate changes to their national legislation to raise the minimum level of legal protection for whistleblowers.   

Under this directive all legal entities which employ more than 50 people are compelled to establish effective internal reporting mechanisms.  Penalties for poor handling of whistleblowing cases are likely to be significant. 

The specifics of the EU Directive can be found here.  EU Member states are likely to implement the requirements in a variety of ways, it is therefore important to monitor legislation in jurisdictions where your organisations operates. 

Financial Conduct Authority (UK) SYSC 18

The Financial Conduct Authority is the conduct regulator for nearly 60,000 financial services firms and financial markets in the UK.   

There is a requirement placed on a sub-set of FCA regulated firms (SMCR banking and insurance sector firms) to establish appropriate internal procedures for handling concerns relating to misconduct.   

Failure to comply with the requirements of SYSC 18 may call into question the fitness and propriety of the firm or relevant members of its staff. 

The specifics are laid out in Senior Management Arrangements, Systems and Controls (SYSC) 18 and can be found here and here


BRCGS (British Retail Consortium Global Standards) Issue 8 (Global)

Food safety standards agency BRCGS includes in Clause 1.1.6 a requirement to implement a confidential reporting system to enable staff to report concerns. 

Organisations involved in the food supply chain wishing to maintain their AA status will need to demonstrate their compliance with Issue 8 as part of their audit programme. 

Read more here. 

Market Abuse Regulation (MAR)

The EU introduced Market Abuse Regulation in 2016.  These regulations are designed to combat practices such as insider dealing and market manipulation.  MAR applies to all listed businesses in the UK and EU and requires such businesses to facilitate the receipt of whistleblowing reports.   

More information on the European regulations can be found here.  These rules were on-shored to the UK as part of the Brexit process and more information can be found here. 


(The Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013) (UK)

All employers are bound to keep a record of health and safety incidents and near misses, and in serious cases to in-tern report these to the Health and Safety Executive.   

Organisations in industries which carry higher risks, such as construction and manufacturing often deploy a confidential reporting system to detect and resolve breaches of health and safety policy.   

More information can be found here and here


(European Union Aviation Security Agency) Regulation (EU) No 376/2014

This aviation safety regulation outlines mandatory and voluntary reporting of health and safety incidents and near misses.   

Organisations involved in the aviation industry often deploy confidential reporting services in support of these reporting requirements. 

More information can be found here. 

SOX (Sarbanes-Oxley Act of 2002)

The Sarbanes-Oxley (SOX) act requires all publicly traded companies implement a confidential, anonymous way for whistleblowers to inform the company of suspicious accounting practices.  

You can find more detail here. 

German Corporate Governance Code (DGCK)

The German Corporate Governance Code encourages organisations to establish protected reporting channels for employees to report suspected illegal activity. 

More information available here. 



Under French anti-corruption legislation organisations with over 50 employees should implement internal confidential reporting channels.  There are enhanced requirements for organisations with over 500 employees. 

There are substantial penalties for non-compliance, specifically relating to interference with the reporting process and disclosure of confidential information. 

More information can be found here. 



SOC (System and Organization Controls) 2

This data protection standard from the AICPA, commonly held by IT service providers, requires that firms have a method where internal personnel and external users of the system can report potential fraud anonymously.   

More detail can be found here. 

UK Corporate Governance Code (2018) 

Published by the Financial Reporting Council the UK Corporate Governance Code promotes the importance of establishing a corporate culture that is aligned with the company purpose, business strategy, promotes integrity and values diversity. 

As such the code states that “There should be a means for the workforce to raise concerns in confidence and – if they wish – anonymously. The board should routinely review this and the reports arising from its operation. It should ensure that arrangements are in place for the proportionate and independent investigation of such matters and for follow-up action”. 

More information can be found here. 


BCorps are a group of businesses that have committed to business as a force for good.  Focusing on environmental, social and governance factors businesses must achieve a set standard in order to be certified as a BCorp.   

Organisations are able to benchmark themselves using a free confidential online tool here. 

BCorps recommend implementing Whistleblowing arrangements to improve corporate governance and to safeguard workplaceconditions.  More information can be found here