It can be tricky to decide which compliance hotline / whistleblowing software is best suited to your organization and will also ensure that you are compliant with the applicable laws and directives in your territory. To help you out, we’ve compiled a list of the best compliance and ethics hotline vendors and whistleblowing software providers on the market in 2023. FaceUp Whistleblowing systemG2 rating: 4.9 out of 5  G2 reviewer: "TOP Compliance & Whistleblowing Solution for any Company" Pricing: from €49 /month  FaceUp is an intuitive and easy to use whistleblowing solution and ethics hotline. FaceUp provides the absolute highest level of data protection and anonymity - it is GDPR compliant, ISO 27001 certified and offers E2E encryption and 2FA. The whistleblowing software has a rich set of features, FaceUp can easily be integrated through API with company intranet, website, or app.  Key features:    Hotline   Compliant with legal regulations and GDPR   Anonymous reporting   Voice messages   Two-way follow up communications   Completely customizable form   Advanced report management (labels, priorities, internal comments)   113 language versions   Mobile versions   Two-factor authentication   E2E encryption GlobaleaksG2 rating: 4.2 out of 5  G2 reviewer: "Loved the anonymous experience" Pricing: depends on a reseller GlobaLeaks is free, open-source whistleblowing software. Its open-source nature allows for transparency and community-driven development. If you are lost in customizing the whistleblowing platform, there have been different resellers, who can help with setting up the system for different prices. Thanks to GlobaLeaks everybody can have a secure and anonymous whistleblowing system. Key features: Manage multiple whistleblowing sites from a single dashboardExchange multimedia files with whistleblowerChat with whistleblower to discuss the reportWhistleblowing system statisticsCompliant with ISO 37002 and EU Directive 2019/1937GDPR configurable data retention policiesMultiple penetration tests with full public reportsTwo-Factor authentication (2FA) support compliant with standard TOTP RFC 6238 Convercent - Ethics and Compliance CloudG2 rating: 4.2 out of 5 G2 reviewer: "I would strongly recommend Convercent for your compliance solution." Pricing: from 135€ /month Ethics and Compliance Cloud (aka Convercent by OneTrust) is an ethics and compliance hotline provider that helps companies instill ethics at the core of their organizations. The Ethics Cloud includes: Helpline & Case Management, Campaigns, Policy Management, and Disclosures tools. The solution does not have mobile or desktop applications. Key features:    Hotline   Anonymous reporting   Reporting & Statistics   ISO 27001 certified   Incident Management   Notification for whistleblower AllvoicesG2 rating: 4.5 out of 5 G2 reviewer: "Modern and Easy to Use Tool for Anonymous Feedback" Pricing: from 100$ /month AllVoices is an anonymous reporting platform built by experts to uncover & resolve workplace issues by giving employees a safe space to speak up. The hotline is designed to help businesses encourage employees to anonymously provide feedback, ask questions, share positive input, and report various issues related to workplace bullying, harassment, bias, and other incidents. AllVoices allows organizations to secure confidential information via Advanced Encryption Standard (AES-256) standards. Key features:    Reports and statistics   Tracking and management of employee feedback   2-way communication EQS Integrity line  G2 rating: 4.7 out of 5 G2 reviewer: "Hotlines for Participant Productions" Pricing: from €129 /month  EQS Integrity Line is a secure, anonymous whistleblowing hotline used all around the world. The encrypted channel guarantees the highest possible protection for whistleblowers. The hotline platform enables managers to secure data in accordance with ISO 27001 and general data protection regulation (GDPR) compliance protocols. EQS Integrity Line allows teams to translate reports in multiple languages and gain insights into real-time case-related statistics on a centralized dashboard.  Key features:    Reporting form   Multiple language versions   Anonymous reporting   Case management Real-time statistics The importance of compliance ethic hotline and whistleblowing software have emerged as crucial tools for organizations and their employees to help build better company culture and a safe workplace. Many companies need to implement a GDPR compliant whistleblower solution, which will be fully secured and which will allow the whistleblowers to report anonymously. Are you looking for the compliance hotline solution?Get in touch with our whistleblower specialist today to arrange a free demo, or browse some of FaceUp’s whistleblowing hotline features.

There are a variety of standards and certifications which your organization can apply to ensure that your workplace and processes are ethical, transparent and responsible. Many require or suggest the implementation of whistleblowing system, such as the following:  ISO 37301ISO 37301 was introduced by the International Organization for Standardization in April 2021 and sets out guidance on implementing a compliance management system (CMS). It is based on widely accepted principles of good governance, proportionality, transparency and sustainability. One of the key aims of ISO 37301 is to outline the best practice when implementing a whistleblowing policy. These include: Timely and thorough investigation of allegations or suspicions of misconduct.A visible and accessible whistleblowing system.Confidential, anonymous reporting channels.Impartial investigations of any reports of unethical conduct.Comprehensive documentation of reports made.Recording of any lessons learnt changes to the CMS.ISO 37001Published in 2016, ISO 37001 provides guidance and details requirements for the setup and maintenance of an anti-bribery system. ISO 37001 is designed to help combat instances of bribery in the public, private and nonprofit sectors, perpetrated by individuals within the organization, as well as those acting on its behalf, plus a host of other scenarios. ISO 37001 is only intended for use as part of an anti-bribery system, but its recommendations are deliberately generic as to be applicable for any nature of organization.  The introduction of a whistleblowing system in your organization is crucial for complying with ISO37001. Requirement no. 18 specifically calls for the implementation of a whistleblowing system: ‘Implement reporting (whistle-blowing) procedures which encourage and enable persons to report suspected bribery, or any violation of or weakness in the ABMS, to the compliance function or to appropriate personnel’. IATF 16949IATF 16949 is a standard published by the International Automotive Task Force (IATF) and the Technical Committee of ISO, to be used in the creation of a quality management system to allow for ongoing improvement in the automotive industry supply and assembly process. The standard was updated in 2016 to include a stipulation for a whistleblowing policy. The updated version states: ‘[Organizations] shall define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation (whistle-blowing) policy.’ TISAXTISAX (Trusted Information Security Assessment Exchange) stipulates the standards for information security management systems within the automotive industry and is now commonplace across Europe. Its requirements are very similar to ISO 27001, differing mainly in the fact that TISAX is designed specifically for the automotive industry, whereas ISO 27001 is a more generalized standard. ISO 27001 focuses on data security within an organization, TISAX secures data throughout the supply chain. SMETASMETA (Sedex Members Ethical Trade Audit) is not a standard as such, but an audit that your organization can request to help you understand labor, health and safety, environmental and ethical standards within your workplace. After the audit, organizations receive an action plan designed to help them take corrective steps. The audit comprises two mandatory pillars, Labor Standards and Healthy & Safety. The two non-compulsory pillars are Business Ethics and Environment.  Sedex recommends providing whistleblowing hotlines across your supply chain, particularly to combat modern slavery. Other standards and certificationsRead about other standards and certifications and how they relate to whistleblowing in our previous blog posts: Whistleblowing guidelines: what you need to know about ISO 37002Whistleblowing requirements and the SA8000How whistleblowing can help improve your company's ESG scoreGet in touch and see how FaceUp can meet your whistleblowing needs. 

The biggest reason why there are huge issues with whistleblowing compliance management software is that it is too complex for less savvy people to deal with. It takes years for someone who does not have the knowledge to understand the internal and external whistleblowers mechanisms. These systems can take a lot of time and effort from the employees and could end up doing more harm than good if not used properly. Whether you have or haven’t managed whistleblowing in business, this article is for you. We'll explain how whistleblowing compliance management software can help your organization reduce the time it takes to identify and manage complaints before they become public, as well as reduce potential risks to your organization. Legal and Regulatory NoncomplianceA whistleblower is a person who reports any form of wrongdoing from inside an organization. The term is most commonly used to refer to employees who report illegal activities by their employers or co-workers, such as fraud, corruption and tax evasion. Whistleblowing compliance is one of the biggest challenges in today’s business world, particularly to a business’s reputation and bottom line. In fact, it can lead to severe financial penalties and even jail time for those responsible, but it doesn't have to. Whistleblowers are often the first line of defense against fraud and corruption in an organization. They provide critical visibility into operations that can help identify risks early on. Fortunately, using whistleblowing compliance management software improves compliance by allowing you to identify noncompliance issues early on. It also enables you to take corrective action before they become major problems for your organization. Lack of Visibility Into OperationsAnother critical challenge to managing fraud is the lack of visibility into operations. Many companies don’t have the necessary tools or processes in place to monitor employee activities. This can lead to costly mistakes and missed opportunities for fraud prevention and control. This lack of visibility into operations is often caused by an organization’s failure to implement the appropriate technology solutions or processes. This can be a problem for businesses in any industry because fraud and corruption are present in all types of organizations. It’s difficult to know whether employees are following compliance protocols or if fraud is occurring. To combat this, organizations must find a way to monitor their employees and processes closely. When a company has limited visibility into its operations, whistleblowers serve as the eyes and ears for management to ensure compliance with laws and regulations. But with whistleblowing software in place, employees are no longer needed to report fraud or corruption. The software provides real-time data that can be used to detect and prevent fraud, so organizations no longer need to rely on whistleblowers. Organizations should implement compliance software to increase transparency and visibility into their operations. Fraud and Inaccurate ReportsFraud and inaccurate reports can be costly for an organization, especially in regulated industries. It’s estimated that fraud costs the U.S. economy hundreds of billions of dollars each year, and it can be difficult for companies to detect this type of wrongdoing. With a whistleblowing app, organizations can readily eliminate these issues by providing real-time data on operational processes and transactions. Real-time information can be used to identify potential problems early on and prevent them from happening again. This allows organizations to uncover fraud before it gets too far along. Customer information is an example of commonly-compromised company data, even for small businesses. If your CRM tool doesn’t have reliable security to safeguard customer information, your CRM system can be susceptible to fraud. This is why you should choose a crm software for small business with robust security features to help prevent fraud and safeguard customer information. Mishandling of a whistleblower complaintSometimes, companies need to deal with whistleblower complaints. If a whistleblower is accusing an organization of violating the law, it’s important for the business to handle these cases correctly so that it doesn’t face any legal repercussions. Compliance software can help organizations manage whistleblower complaints by providing them with real-time data on how often they receive them, who submitted them, and why. This data can also be used to identify trends in their industry and find ways to prevent violations from occurring again. Whistleblower complaint mishandling can also be prevented by training employees on how to handle these complaints. Compliance software can help with this by providing training materials that can be accessed by all employees to ensure everyone is on the same page. If a whistleblower complaint is submitted, the company can easily search its database for similar complaints and use that information to determine how to handle the case. If a case is not being handled properly or there are any signs of retaliation against an employee who filed a complaint, this information can easily be flagged and reported to human resources or other relevant departments within the organization. A whistleblower suffers retaliationEmployer retaliation is illegal under the Sarbanes-Oxley Act and can lead to serious consequences for the company, including fines of up to $100,000. The legal whistleblowing system protects a whistleblower from retaliation by an employer in the form of losing his or her job, demotion or other adverse action. Retaliation may take various forms, but the most common retaliation is a reduction in pay or hours of work. Under the law, employers are prohibited from taking certain actions against whistleblowers. However, reasons such as the “onlooker effect” and fear of retaliation prevent 75% of employees from reporting corporate fraud. To address any form of retaliation, you can use whistleblowing compliance management software to help you manage the reporting of fraud, waste and abuse. This tool can also enable your employees to anonymously report fraud or misconduct without fear of retaliation. It can also automatically locate relevant information related to the incident and store it in a secure location.  With a compliance management software solution, you can protect yourself and your organization from legal action. This is done by monitoring whistleblowers and taking steps to ensure they’re not retaliated against for reporting fraud. Low Employee MoralePoor employee morale can be a huge problem in any organization, and it can have a significant impact on the success of your business. It can lead to disengagement, higher turnover rates, and lower productivity, which costs companies money. A 2021 Gallup survey on employee engagement found that 74% of American workers are actively disengaged in their work. Research also shows that low employee morale can lead to increased absenteeism, higher turnover rates, lower productivity and even fraud. If employees are not happy with their job or management, they will likely not perform well. Workers' morale, productivity, and loyalty to a company can improve if they feel empowered by having an anonymous way to report wrongdoing and know their reports are being acted upon. Compliance management software can also help ensure your employees know what they can and cannot do with respect to whistleblowing, as well as how to handle any issues that may arise. Witnessing fraudulent business activities adversely affects employee morale. To keep people engaged and loyal, you must create an excellent workplace environment. This involves providing extensive financial and non-monetary benefits. Career advancement opportunities like training and development programs are proven efficient in fostering employee engagement. To ensure you use the right LMS solution for these initiatives, it’s best to consult trusted software marketplaces and read unbiased iSpring, Dacedo, or TalentLMS reviews. Image from Unsplash. Whistleblowing compliance management software is an absolute mustWith a whistleblower compliance management system like FaceUp Whistleblowing System, employees can handle their company’s sensitive information without having to worry about leaking it. They can easily report allegations of wrongdoing and violations of company policy instead of keeping them to themselves.  The software helps you to manage your company’s data, reduce the risk of security breaches, and make sure that your employees know what they can and cannot do when it comes to whistleblowing. So if you want to keep your company safe from these disasters, then using compliance management software is an excellent idea.

Whistleblowing is most often associated with the fight against corruption, but there is much more to it. It helps companies establish a healthy and ethical environment, gain an edge over competitors, and protect themselves against reputational damage.  Whistleblowing also has significant societal benefits, protects the public interest, and has prevented a number of unpleasant situations in recent years. Let's take a look at the top five reasons why it's worth your while to implement a whistleblowing system.  1. Protect your company's reputation Unless employees have a tool that allows them to easily, safely, and anonymously raise concerns about unfair or illegal conduct, they will usually keep quiet about such issues or go public with the information, no matter how serious. While financial losses can be made up, damage to a company's reputation can be irreversible. And yet, most problems can be easily resolved through a reporting channel, meaning that management becomes aware of it in good time. A whistleblowing platform helps prevent a media storm and poor reviews on a company review portal.   2. Save money According to research by NAVEX Global, companies lose an average of 5% of their revenue due to internal fraud. A properly implemented whistleblowing platform will uncover 3x more fraud than much more costly internal audits and is one of the most effective tools for detecting unfair practice.  The benefit of a whistleblowing system is that you can learn of problems ahead of time, so that you can resolve them without paying out huge sums and avoid further financial damages. In addition, the very introduction of a whistleblowing system acts as a preventive measure. The fact that there is such a system in place in a company can deter some people from acting illegally or unfairly in the first place. 3. Reduce employee turnover Most people who decide to change jobs have a compelling reason to do so. Surprisingly, the most common reason is not the amount of financial compensation, but dissatisfaction with the atmosphere in the workplace. Whether it's the attitude of management, relationships between colleagues or other related issues, detecting them early can prevent employees from leaving. If you have a well-established whistleblowing platform, you send a strong signal that you care about employee satisfaction. They can raise their concerns with a view to having them alleviated before they decide definitively to leave their role.  4. Avoid criminal liabilityIn many countries, a properly implemented and functioning whistleblowing system helps a company to satisfy the conditions necessary to escape corporate criminal liability. Moreover, with an effective whistleblowing system, a company can obtain a range of certifications, from ISO to CSR, and it also increases its credibility in the eyes of stakeholders and international business partners. 5. Ensures EU companies meet their legal obligationsThe European Whistleblowing Directive came into force on 17 December 2021 and as such, EU companies with more than 50 employees must do the following: introduce appropriate internal and external whistleblowing channelsdesignate a person or persons to receive and assess whistleblowing,allow suppliers, candidates for employment in the company, freelancers and other similar persons who might not be deemed ‘workers’ but who may find themselves in a position of economic vulnerability in the context of their work-related activities to also submit whistleblowing reports and for the whistleblower to be notified in writing within 7 days of receipt.assess the notification and notify the reporting person of the outcome in writing within 30 days (2 extensions possible)prevent possible retaliation against whistleblowers and accept anonymous notifications.It should also be taken into account that a whistleblowing platform cannot be implemented overnight. It will take time to establish a functional and credible whistleblowing platform, train staff, and ensure that there is sufficient awareness of its existence.  Do you have any questions about whistleblowing system? Would you like to see FaceUp in action? Schedule a no-obligation consultation with one of our whistleblowing specialists. 

A trustee, ombudsman or delegated person. All of these terms you may encounter refer to one and the same thing, namely the so-called "competent authority", who is a key function in the internal whistleblowing system.  Companies implementing a whistleblowing system are therefore faced with the important question of who to assign to this function. In the following, we look at what responsibilities are associated with the function, how to select the right person and whether it is more appropriate to choose an internal employee or an external delegate for this role. Who is the competent authority and what are his/her duties?One of the main duties associated with the forthcoming Whistleblower Protection Act is the appointment of a 'competent authority' who: receives and assesses the reasonableness of a notification made through the internal whistleblowing system,proposes corrective measures following a notification,maintains confidentiality; andacts impartially.The person who receives and deals with the notification must be of good repute, of the utmost trustworthiness, independent, free from conflicts of interest and properly trained. It is extremely important to keep the whistleblowing system as credible and efficient as possible through a sufficiently knowledgeable competent authority, thus avoiding the risk of the whistleblower disclosing information. A whistleblower may disclose information when they do not have sufficient confidence in the whistleblowing system or when they feel that the firm is not adequately handling the disclosure (they may get this feeling from a mere lack of communication). What are the steps to be taken by the competent authority once a notification has been made?The competent authority is obliged to receive the oral or written notification via the internal notification system. If the whistleblower requests it, the competent authority is also obliged to receive the notification in person.The competent authority must notify the notifier in writing of the receipt of the notification within seven days of the date of receipt.The competent authority shall assess the validity of the notification and inform the notifier in writing of the results of the assessment within thirty days of receipt of the notification. (In complex cases, this period may be extended by up to thirty days, but not more than twice.)If the notification is assessed as substantiated, the competent authority shall propose measures to prevent or remedy the unlawful situation and shall inform the notifier in writing.If the notification is not found to be justified, the competent authority shall inform the notifier in writing.Is an internal employee the appropriate person to receive and evaluate the notification?The head of the legal department, the compliance officer or someone from the human resources department are usually suggested as the appropriate person. However, this is a rather demanding and very responsible position which involves a large number of responsibilities. In addition, the person chosen must be sufficiently independent to avoid a conflict of interest in the investment of the notification. Last but not least, they must reliably maintain confidentiality, prevent anyone from having access to the content of the notification and must not provide anyone with any information that could defeat the purpose of the notification. A violation of these duties of the competent authority is punishable by a fine. If the company does not have a suitable candidate to perform this function, it is possible to appoint an external person who guarantees independence and professionalism in dealing with the notification and proposing effective measures.  See a comparison of the benefits of an external and internal competent authorityExternal competent authority: less administrative burden for the companythe investigation is guaranteed to be objectiveno risk of conflict of interestnotifications are better evaluated by a professional with experience in receiving and dealing with notificationslower risk of disclosure of the identity of the whistleblowerInternal competent authority:  better knowledge of the company and internal processeslower financial costseasier accessibility for verbal notificationsWho receives and evaluates the notification can be quite crucial to the fate of the entire incident. Failure to properly carry out the duties of the person in charge jeopardises the credibility and functionality of the entire notification system. The company is then at risk that the employee will either not file a report at all and the problems will accumulate, or will disclose their information, causing the company to lose control of the situation, but more importantly, the company may suffer devastating reputational or financial damage.

At the end of July 2021, the International Organisation for Standardisation published ISO 37002:2021 (ISO 37002 Whistleblowing management systems - Guidelines). This standard is a guide for the effective implementation of an internal whistleblowing and  management system related to this. Together with previously published standards (in particular ISO 37302), it forms the first global standard to fully address whistleblowing.  The new ISO 37002 provides guidance for establishing and maintaining an effective whistleblowing system based on the principles of trust, impartiality and protection. The standard can therefore prove to be a very useful guide for employers in establishing and using internal whistleblowing systems in accordance with legislative requirements (the EU Whistleblowing Directive and the forthcoming Czech Whistleblower Protection Act). However, unlike the legislation, it does not focus so much on whistleblowers, but targets organisations directly. It seeks to minimise the negative impact of any possible wrongdoing. According to ISO 37002, the important elements are: information securityensuring an anonymous dialogue with the whistleblowerprotection of whistleblowers The FaceUp platform is fully compliant with all current legislative requirements and the recommendations of the new ISO 37002 standard. What can ISO 37002 help you with?While the legislative requirements generally tell you what you need to do, ISO 37002 provides very specific and detailed instructions on how to do it. The standard can be implemented in any private, public or not-for-profit organisation, regardless of size or business sector. It is a broadly applicable standard - it emphasises consideration of the context, needs and expectations of the organisation and adapts the whistleblowing management system to these actualities.  According to ISO 37002, you should devote plenty of time and attention to the  preparation and planning of an internal whistleblowing system, from securing all resources, allocating responsibilities, determining how to communicate through an ethical line or other whistleblowing channel, to documentation, etc. The standard sets out the content of the obligations for employers, defining individual roles, responsibilities and authorities. A substantial part of the standard is devoted to the actual process of managing the whistleblowing notifications received, which is naturally the most important part of the whole whistleblowing management system. On the other hand, the standard also emphasises the importance of other consecutive follow-up  (e.g. planning or subsequent evaluation of the effectiveness of the system).  The whole whistleblowing management process is divided into several key steps: Receipt of the notification of the violation,Assessment of the notification ,Management of  the whistleblowing - this  also includes providing protection and support to whistleblowers,Closing the case.According to ISO 37002, it is also necessary to focus on assessing the effectiveness of the internal whistleblowing system and to address its monitoring, analysis and subsequent evaluation. The recommendation is to conduct regular internal audits, the findings of which should help improve the whistleblowing management system. At the same time, it foresees that the system can be adapted at any time during its use to better suit the needs of your organisation and to be truly effective. Certification options and other standards for compliance management systemsAs stated directly in the title of the new ISO standard (Whistleblowing management systems - Guidelines), it is one of the so-called guidelines, i.e. standards of a more general nature, and therefore cannot be certified. However, you can certify your internal whistleblowing channel as part of a complete compliance management system according to ISO 37301 Compliance management systems - Requirements with guidance for use. In the context of whistleblowing, the (also certifiable) ISO 37001 Anti-bribery management systems standard, which deals with the protection against corrupt behaviour and establishes anti-corruption management systems, is also frequently referred to. Implementing these standards will ensure that your organisation's internal whistleblowing channel is truly effective and in line with all international standards. Interested in implementing ISO 37002 or any of the other ISO standards? We would be happy to explain the specific requirements and help you with the certification process. Let's talk.