Ethics and Compliance Glossary

Your go-to glossary for terms associated with ethics, compliance and whistleblowing. 


Process of passing information without revealing one’s identity. Remaining anonymous means that the person making a report is unidentifiable, untrackable and untraceable.


Wondering why your organization is not receiving reports?
Tips For Running An Internal Whistleblower Investigation

Translation carried out automatically from a language to another, allowing a smoother communication and removing the need to share data with third parties.
Automatic translations enable employees to report concerns in their native tongue, and the case manager to respond in the language of their choice, without disturbing the exchange.


Why Is A Multilingual Whistleblower Platform Important?


Bullying is the use of force, coercion, hurtful teasing or threat, to abuse, aggressively dominate or intimidate. The behavior is often repeated and habitual. One essential prerequisite is the perception (by the bully or by others) of an imbalance of physical or social power. Bullying is the activity of repeated, aggressive behavior intended to hurt another individual, physically, mentally or emotionally.

Bribery is the offering, giving, receiving, or soliciting of any item of value (referred to as a bribe) to influence the actions of an official, or other person, in charge of a public or legal duty. The act of bribery implies the handling of a matter in a way that suits the personnal interest of an individual, when it should have been handled objectively. bribery constitutes a crime and both the offeror and the recipient can be criminally charged.

Business ethics refers to implementing appropriate business policies and practices with regard to arguably controversial subjects.
Some issues that come up in a discussion of ethics include corporate governance, insider trading, bribery, discrimination, social responsibility, and fiduciary responsibilities.
The law usually sets the tone for business ethics, providing a basic guideline that businesses can choose to follow to gain public approval.


Software solution that allows organizations to manage incoming whistleblowing cases internally. A case management platform facilitates automatic triage of cases and investigative workflows and processes. It also allows for secure and encrypted storage of whistleblowers’ data and guarantees data confidentiality in line with personal data legislations.


Let Automations Do The Heavy Lifting In Your Whistleblowing Platform

Person in charge of investigating whistleblowers’ reports. It includes acknowledging the reception of a report, taking the appropriate actions for investigation and providing follow-ups on the report.

Change management is a systematic approach to dealing with the transition or transformation of an organization’s goals, processes or technologies.


Download our Change Management Workbook

Change Management Whistleblowing Whispli

A code of conduct is a set of rules outlining the norms, rules, and responsibilities or proper practices of an individual, party or organization as a whole.
To make the implementation of new internal reporting channels and whistleblowing system a success, you need to prepare your stakeholders for your new Compliance Program and launch awareness initiatives such as sponsorship, communication and training strategies.

Communication is a vital management component to any organization. Whether the purpose is to update employees on new policies, to prepare for a weather disaster, to ensure safety throughout the organization or to listen to the issues of employees, effective communication is an integral issue in effective management. Allowing employees to speak-up without fear and initating two-way conversations is a fundation of good corporate governance.
If your organization operates at a global scale, you need to make sure you can comply to the highest level of reglementation.


6 Tips To Help You Communicate Your Whistleblowing Program

Compliance brings together all the processes intended to ensure that a company, its managers and its employees comply with the legal and ethical standards applicable to them. Several laws and Directives around whistleblowing exist around the world to ensure whistleblowers protection and to support the value they bring both to business and society.


The compliance tick is not enough

When you report confidentially, you provide your employer or relevant authority with information about both the potential wrongdoing, observed incident or accident as well as some information about yourself. The main difference between anonymous and confidential reporting resides in the fact that the whistleblower must identify themselves when submitting a confidential report and the organization must keep this information confidential. Whereas when submitting an anonymous report, the whistleblower do not have to give away their identity.
Requirements to receive and process anonymous or confidential reports vary depending on local laws. However, accepting anonymous reports is best practice to adopt in your Compliance Program.


Importance of Whistleblower Confidentiality

Corporate governance is the system of rules, practices and processes by which a company is directed and controlled. Corporate Governance refers to the way in which companies are governed and to what purpose. It identifies who has power and accountability, and who makes decisions.

Corporate sustainability is an approach aiming to create long-term stakeholder value through the implementation of a business strategy that focuses on the ethical, social, environmental, cultural, and economic dimensions of doing business.

Corruption is a form of dishonesty or a criminal offense which is undertaken by a person or an organization which is entrusted in a position of authority, in order to acquire illicit benefits or abuse power for one’s personal gain.

Covert bullying is any repeated aggressive behaviour with an intention to harm (physically or emotionally), that is hidden from, or at the very least unacknowledged by adults or authority figures. This type of bullying in the age of the internet is more prevalent than ever before, and the majority of victims to this type of bullying are children and teenagers.


Covert Bullying in Schools: What Gen Z Faces In The Schoolyard

Cyberbullying or cyberharassment is a form of bullying or harassment using electronic means (such as social medias, online chat, emails, etc). Cyberbullying and cyberharassment are also known as online bullying. Face-to-face bullying and cyberbullying can often happen alongside each other. But cyberbullying leaves a digital footprint – a record that can prove useful and provide evidence to help stop the abuse.


When hosting data, the least restrictive concept is data residency, where an entity simply specifies the geographical location where it stores its data.

Hosting solution based on data sovereignty is more restrictive than simple Data Residency. It represents the idea that data is subject to the nation’s laws where it is collected, processed, and stored. This means that businesses have to comply with local data protection laws to avoid getting fined by the government.

Data localisation is the most restrictive concept of the three data hosting options. While data residency gives organisations a choice to specify the geographical location where its data is stored, data localisation refers to keeping the data of businesses within the borders of a country.
The concept refers to the storage and creation of the data, and some nations that have implemented data localisation laws require organisations to keep only the copy of the data within the country.
Some countries such as China or Russia only allow this level of security for data hosting.

Discrimination is the unfair or prejudicial treatment of people and groups based on characteristics such as race, gender, age or sexual orientation.
Such wrongdoing in the workplace should be addressed, and implementing safe speak-up channels as part of your internal policies is a good practice for your organization’s health.


Encryption is the method by which information is converted into secret code that hides the information’s true meaning. In order to reveal the data, the reader needs a unique encryption key.
When dealing with sensible data such as a whistleblowing report, it’s important to ensure the security of the information. Data encryption is a good way to make sure that you have full control over accessing the data, even when using a third party solution for your whistleblowing system.

ESG stands for Environmental, Social, and Governance. ESG criteria are a set of standards for a company’s behavior used by socially conscious investors to screen potential investments. ESG issues are no longer treated as an afterthought by companies, they are central to an increasing number of companies. Establishing effective reporting channels is crucial to address the three areas of ESG in an organization.

The European Whistleblower Protection Directive provides and promotes a safe and secure way for employees to speak up about misconduct in their work environment. Promulgated in 2019 and enforced since December 2021, most member states are still in the process of transposing the Directive into national law.


Forced labour, or unfree labour, is any work relation, especially in modern or early modern history, in which people are employed against their will with the threat of destitution, detention, violence including death, or other forms of extreme hardship to either themselves or members of their families. Like Modern slavery, organizations having suppliers or subsidiaries in developping countries are the most subject to this kind of behavior. It is crucial to set up ways for all employees to speak up safely about their work environment and working conditions, at all level of the supply chain.


Practical guidance on Modern Slavery compliance

Fraud is a deliberate act (or failure to act) with the intention of obtaining an unauthorized benefit, either for oneself or for the institution, by using deception or false suggestions or suppression of truth or other unethical means, which are believed and relied upon by others.


The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, replaced the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data.
Through this framework, data privacy is harmonazied in Europe by law, and as a result, GDPR will also impact how personal data is handled in whistleblowing systems. Compliance officers and other employees involved in the compliance management of their organization must follow very specific procedures when handling personal data, particularly when it is issued from whistleblowers and whistleblowing reports.

Governance, risk and compliance (GRC) refers to an organization’s strategy for handling the interdependencies between the following three components:

  • corporate governance policies
  • enterprise risk management programs
  • regulatory and company compliance

Any size organization can use GRC. Developing a GRC discipline is especially important for large organizations that have extensive governance, risk management and compliance requirements and where programs to meet these requirements often overlap.


Illegal behaviour towards a person that causes mental or emotional suffering, which includes repeated unwanted contacts without a reasonable purpose, insults, threats, touching, or offensive language. By encouraging a Speak-Up culture in your organization, you can start a continuous cycle of improvement to fight harassment in the workplace and make it easier for victims and witnesses to report these kind of harmful behaviors, so they can rapidely be addressed internally.

Server hosting refers to the outsourcing of an organization’s server placement and platform to a third-party Managed Hosting Provider (MSP). This means that the data is storred by an external hosting solution. When dealing with sensitive and personnal information, it’s important to make sure that the hosting solution complies with the local requirements regarding the level of security required. Since the highest level of security remains data localisation, having the option to chose a local hosting solution will ensure that you can meet the majority of security requirements for data storage.

A direct telephone line in constant operational readiness so as to facilitate immediate communication. Hotlines are one of the way to allow whistleblowing in your organization. However, this reporting channel has a lot of roadblocks to its utilization both for employees and case managers. For instance, not everyone feels comfortable reporting sensitive issues with a phone call, there can be language barrier issues, or a difficulty to remain anonymous if the whistleblower’s voice is atypical or has a distinct accent. When choosing a whistleblowing solution, it’s important to assess which one is best suited for the specific needs of your organization.


Interactive Voice Response (IVR) is an automated phone system technology that allows incoming callers to access information via a voice response system of pre recorded messages without having to speak to an agent.
IVR solutions allow whistleblowers who prefer speaking up through a phone call to raise concerns whithout having to share sensitive information with a third party like a hotline service. This way, personal information and sensitive data remain within the organization. Since the whistleblower speaks to a machine instead of a human being, it can alleviate some fears or concerns associated with speaking up. Whistleblowers can record their report, modify their voice and listen to their report before sending it through the system. 

Internal whistleblowing refers to the reports made by employees through the internal reporting channels set up by their own organization. Under most legislation, when an employee feels unsafe using the internal reporting channels, they will turn to external third parties or directly to the press, making their report public. In these cases, organizations have little to no control over the situation and how it escalates. Having effective and attractive internal reporting channels will encourage employees to use them prior to turning to external solutions.

ISO/IEC 27001 is an international standard on how to manage information security.
It is worth noting the difference between being ISO 27001 compliant and ISO 27001 certified. A certification guarantees the utmost level of security, since being certified means that the certification is performed by an “accredited” certification body, or auditor. Being “accredited” means the auditors have themselves been audited against an ISO standard for how they conduct audits and certifications.
On the other hand, any organization meeting requirement points of the ISO 27001 standard can claim to be compliant, but their word for it constitue their only source of proof.


Whispli Is Certified ISO 27001


Encryption key management software role is to generate, exchange, import, store, use, destroy, and replace keys. It also allows to manage SSL/TLS certificates. This allows to choose and manage Encryption Keys to access and manage the sensitive data stored within your whistleblowing system. This way, no one can access your data, including your whistleblowing platform provider.


The definition of modern slavery is when people are exploited and not allowed to refuse or leave work due to abuse of power, threats, violence, deception, or coercion. Examples of modern slavery include child labour, human trafficking, forced labour, deceptive recruiting, debt servitude, and of course, slavery. This practice is often observed in supply chains based in developping countries. Modern Slavery Acts, such as the one passed in Australia in 2018, aim to ensure that organizations are taking the necessary steps to stamp out these practices in their supply chain. By publicly reporting how they are combating modern slavery, it shines a brighter light on the subject and encourages better behaviour through their supply chain partners.

Multi-Tenant – Multi-tenancy means that a single instance of the software and its supporting infrastructure serves multiple customers. Each customer shares the software application and also shares a single database. Each tenant’s data is isolated and remains invisible to other tenants.
Having a multi-tenant environment for your whistleblowing system means than several case managers can access and be assigned reports. This become extremely convenient when local case managers are appointed in subsidiaries or different office locations, as it it sometimes required by some legislations.


When a tragic event almost happened in organisations.
Though no immediate injury or damage occurs, near misses represent potential threats to the safety of the office and its employees and should be reported as soon as they occur. Reporting a near miss helps ensure that future incidents and injuries are avoided and can reduce medical expense costs, workers’ compensation payments, time lost due to injury, accident investigation costs and equipment replacement costs.


Fostering a culture of workplace safety by reporting near-miss events


Personal data, also known as personal information or personally identifiable information, is any information related to an identifiable person.
Reporting irregularities in organizations opens up many questions regarding the processing of personal data of the whistleblowers, those affected by the whistleblowing, and witnesses. Data privacy rights play a key role in the design of whistleblowing procedures, and organizations need to take into account the penalties they can face in case of non-compliance with existing regulations (such as the GDPR).

The Personal Information Protection Law (PIPL) regulating use of personal data has now come into force in China.
This legislation affect every business, inside and outside of China, managing and processing personal data from employees based in China.
One of the strictest privacy laws now on the books, complying with the PIPL includes the obligation to store sensible and personal data on servers located on Chinese territory.

Privacy (and Data Protection) by design and by default is written into Article 25 of the EU GDPR. Privacy by Design states that any action a company undertakes that involves processing personal data must be done with data protection and privacy in mind at every step. “Privacy by default” in turn, means that the “privacy by design” principle should be incorporated by default into any system or business – so that personal data is automatically protected without any action from the data subject.
Under these conditions, a particular importance must be given to the way your whistleblowing system process and handles the personal data of employees and those included in reports.

Privacy Shield was an informal agreement between the U.S. and the EU intended to ensure compliance with European data protection standards for data transfers to the U.S. It was invalidated in 2020, and in March 2022, European Commission’s President Ursula von der Leyen and United States’ President Joe Biden reached common ground and announced a new agreement for transatlantic data privacy and transfer framework.

Pseudonymization (or pseudonymisation, the spelling under European guidelines) is one way to comply with the European Union’s new General Data Protection Regulation (GDPR) demands for secure data storage of personal information. Pseudonymisation of data (defined in Article 4(5) GDPR) means replacing any information which could be used to identify an individual with a pseudonym, or, in other words, a value which does not allow the individual to be directly identified.
This way, the identity of whistleblower who wishes to remain anonymous is protected, and it is their choice to reveal their identity to their organization if they wish and feel confident to do so.


6 Steps To Make Your Whistleblower Program Truly Anonymous

When a whistleblower decide to take their report to the public domain, by contacting the press, medias, posting on their social media accounts, etc.
Whistleblowing legislations such as the EU Directive extend protection to whistleblowers who make the choise to disclose informations publicly.
Organizations can limit public disclosures by implementing efficient and attractive internal reporting channels, through which employees feel safe to make reports and are actively taking action to address the issues reported.


Give a spoken or written account of something that one has observed, heard, done, or investigated.
The scope of what can be reported as a misconduct or wrongdoing in your organization should be clearly stated and defined in your internal Whistleblowing Policy. It should also be mentionned how an employee can submit a report and the steps following its submission.

The reporting channels refer to the different ways an employee can submit a report.
Internally, it can take the form of a telephone hotline, an email adress, a postal adress or a digital platform. External reporting channels can include lawyers, the media, law enforcement or watchdog agencies, or other local agencies.


In a single-tenant environment, a whistleblowing software will allow only one person to have access to its data and case management features. If another person would want to have the same access, they would have to purchase a separate license or switch to a multi-tenant environment.
Depending on the size of your organization, it’s good to assess how many people need to have a full access to your whistleblowing platform.

SSO (Single Sign On) is a system that allows users to login on a Portal within their
company and then access the Whistleblowing platform or app without having to log in again.
This feature makes the experience of the whismtleblower easier, and aleviate some of the steps to submitting a report. By allowing an SSO system for your Whistleblowing platform, communication with the whistleblower is facilitated since it’s easy for them to access their reports even after being sent.


Introducing the Whispli App & new Safe Inbox


Transparency implies openness, communication, and accountability.
Being transparent on processes in regards for whistleblowing within your organization will help you build trust with your employees. They will be more enclined to submit reports if they know what wills become of the information they are sharing and what steps they can expect from submisson to closing the case.


A virtual private cloud is an on-demand configurable pool of shared resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations using the resources.
By having your own Virtual Private Cloud for your organization means that all the data you store on it cannot be accessed by third parties.


A whistleblower is a person, often an employee, who reveals information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe or fraudulent.on a person or organization regarded as engaging in an unlawful or immoral activity.
By reporting wrongdoings, they’re expose themeselve to considerable risks of retaliation or identification.
Whistleblowers are more and more recognized as an essential actor to good and sustainable governance, and numerous new legal framework are being introduced to grant them protection.

A Whistleblower communication channel is a tool that allows you to communicate, in a confidential manner, the potentially irregular activities and behavior that could lead to a breach of the Code of Conduct and / or the possible commission of a criminal offence. Being able to have 2-ways conversations with whistleblowers allows you to conduct better investigations and solve issues at their source.

Putting in place protection measures for whistleblowers is a way to encourage employees to report wrongdoing and to protect them when they do, is essential for corruption prevention in both the public and private sectors. Employees are usually the first to recognise wrongdoing in the workplace. Empowering them to speak up without fear of reprisal can help authorities both detect and deter violations.

A lot of new legislation reinforcing whistleblowers protection are being introduced around the world, such as the EU Whistleblowing Directive, the Japanese Whistleblowers Protection Act, the Whistleblowing protection Bill in New Zealand, Australia’s whistleblowing legislation, and many more.


Encourage a Speak Up Culture


How to empower your staff to speak up?

The act of Whistleblowing consists in reporting informations on incidents, wrongdoings, unlawful or harmful behavior, that the whistleblower was a victim or witness to. An efficient and compliant whistleblowing framework is beneficial to both the employees and organizations.

Your Whistleblowing policy, or Whistleblowing guidelines, is an internal document detailing the framework of your Whistleblowing System. It should give clear information about whistleblowing procedure, reporting matters, the role and resposibilities of persons or departements in charge of handling reports, the protection granted to whistleblowers, and governance guidelines for whistleblowing.
Your whistleblowing policy should be unique to your organization, taking into account its specific structure and processes.

A Whistleblowing System encompasses the ways available to a person to make a report to its organization. To differentiate the many Whistleblowing channels available such as a mailbox or a telephone hotline, a Whistleblowing System usually refers to a software or digital solution.
There are many advantages that come with choosing a software solution as your Whistleblowing System, including a better management of the data security, the possibility to extract data from reports to leverage it for risk management or corporate governance, a secure way to preserve the anonymity of whistleblowers, easier communications and follow-ups on reports, etc…

Whistleblowing Assessment Template

Misconduct in the workplace refers to any behavior that goes against your code of conduct or other policies that dictate how employees should behave at work.

This might include unethical, unprofessional, or even criminal behavior that takes place within a workplace setting.

General Misconduct is behaviour that is inconsistent with employee obligations or duties; a breach of company policy or procedure; or generally unacceptable or improper behaviour.

You're in Good Company

Whispli is an award-winning platform recommended by partners and clients alike

Read our Latest Customer Success Story: VodafoneZiggo

"Whispli is hands down the most watertight way to catch and manage wrongdoing in your organization. If you're not using it, then you're not serious about preventing fraud or corruption."

"I have had the opportunity to implement this type of tool in the past and this is the first time I have worked with a partner who knows how to turn this sensitive subject into an opportunity. The platform is clear, modern and easy to use."

"Exceptional Client Service. Whispli product and customer success teams are its biggest asset. They are flexible, always available for support and ready to stretch beyond their roles to help the clients."