Whistleblowing

Regulatory Framework Governing Whistleblower Protection

The Whistleblower Protection Act establishes a comprehensive and multilayered regulatory framework applicable to both private and public-sector entities, reshaping the prevailing standards of corporate compliance and governance.

The legislation covers an extensive spectrum of areas, including corruption, public procurement, environmental protection, anti-money laundering, consumer protection, and the security of network and information systems.

Any individual acting in a work-related context — irrespective of the legal basis of their engagement — may qualify as a whistleblower, materially expanding the personal scope of protection and the obligations imposed on organisations.

The Act introduces rigorous confidentiality requirements, reinforced by a categorical prohibition of retaliatory measures.

Breaches of these duties carry significant legal exposure, including criminal liability and custodial sanctions for individuals responsible for unlawful retaliation or unlawful disclosure.

Corporate Obligations and Business Impact

Companies subject to the Act are required to implement a coherent and operationally robust internal reporting framework. This obligation extends far beyond the formal adoption of a written policy.

It encompasses the effective communication of procedures across the company, comprehensive training for relevant personnel, the appointment of a competent internal unit responsible for receiving and handling reports, and the maintenance of a statutory register documenting all reports and follow-up actions.

Companies must establish secure, trusted, and accessible reporting channels — both written and oral — and adopt investigative processes that ensure objectivity, impartiality, and procedural fairness.

Particular emphasis must be placed on accurate documentation and auditability at every stage of the reporting lifecycle, as these elements are essential to demonstrating compliance in the event of oversight or regulatory review.

Non-compliance may expose companies to a range of significant legal and operational risks, including:

  • criminal and administrative liability,
  • substantial reputational damage and erosion of stakeholder confidence,
  • deterioration of employee relations and increased internal tensions,
  • heightened exposure to employment disputes and litigation,
  • disruption of critical operational and compliance processes.

Viewed in this context, a well-designed whistleblowing framework is not merely a statutory obligation but a strategic governance tool — strengthening corporate resilience, enhancing risk management capabilities, and embedding a culture of integrity across the company.

Our Advisory Support and Integration into Corporate Processes

We provide end-to-end advisory support in the design, implementation and ongoing operation of whistleblower protection frameworks, tailored to the organisational structure, risk profile and industry context of each client.

Our services include:

  • drafting and harmonising internal procedures and policies compliant with statutory and regulatory standards,

  • establishing secure and legally compliant reporting channels, including written, oral and technology-based mechanisms,

  • preparing documentation, registers and internal governance tools essential for managing reports and follow-up actions,

  • delivering specialised training to personnel responsible for receiving, assessing and investigating reports,

  • supporting clients in the conduct of impartial internal investigations and in the documentation of the investigative record,

  • advising on integration of whistleblowing systems with existing corporate functions such as compliance, HR, information security, procurement, risk management and corporate governance,

  • providing ongoing legal and operational support in the day-to-day management of reports.

Our objective is to build a whistleblower protection framework that is not only fully compliant with the statutory regime but also enhances organisational integrity, promotes transparency and provides durable protection to individuals reporting misconduct — thereby safeguarding the long-term interests of the organisation.

Contact Us