Skip to content

Is Whistleblowing Central to ESG?

Is Whistleblowing central to ESG?

Esg and whistleblowing - whistleblowing software and aml risk solutions

In this article we answer the question, is whistleblowing central to ESG?

Firstly, it’s important to briefly explain what ESG actually is. ESG stands for Environmental, Social, and Governance. It is a framework used to evaluate the sustainability and ethical impact of companies or organisations.

Environmental (E). This aspect focuses on how a company’s operations impact the environment. It includes factors such as carbon emissions, energy efficiency, waste management, water usage, and efforts towards sustainability and environmental conservation.

Social (S). The social dimension evaluates a company’s relationships with its employees, customers, suppliers, and communities. It encompasses issues like labour practices, human rights, diversity and inclusion, employee relations, community engagement, and product safety and quality.

Governance (G). Governance refers to the systems and structures that guide and oversee a company’s operations. It involves factors such as board diversity, executive compensation, transparency, ethics, anti-corruption measures, shareholder rights, and adherence to legal and regulatory standards.

ESG criteria are used by customers, suppliers, governments, investors, and financial institutions to assess the long-term sustainability and societal impact of businesses. Companies that perform well on ESG metrics are often seen as more resilient, responsible, and better positioned to manage risks and capitalise on opportunities in a rapidly changing global landscape.

Integration of ESG considerations into investment, buying and selling decisions is increasingly common as stakeholders seek to align businesses with their values and contribute to positive social and environmental outcomes while using/investing/governing said businesses.

Whistleblowing prevents crime in your firm - whistleblowing software and aml risk solutions

“A recent study of over 5,000 firms shows that 40% of companies surveyed suffered from serious economic crimes that averaged over $3m each in losses (Devine 2012). Whistleblowers exposed 43% of these crimes, which means that whistle-blowing was more effective than all the other measures combined: corporate security, internal audits and law enforcement.”

Dr Wim Vandekerckhove, Prof. Marianna Fotaki, Prof. Kate Kenny.

ESG Whistleblowing

Nowadays people are connected to each other and the wider web by lightening fast web portals and social media. Firms that don’t provide ways for stakeholders to report wrongdoing risk that wrongdoing being leaked to the media be it social or professional. Socially conscious businesses can be damaged significantly by this leakage and while they seek to retain good quality ESG principles, at the speed of light this can be damaged as a leak either internal or external goes viral. The key to management of this is providing reporting platforms that allow concerned stakeholders, internal and external, to report anonymously to the business. This then helps the business to resolve issues and maintain an ESG positive profile.

There are many examples of poor reporting. From the BBC’s handling of the Hew Edwards story, to McDonalds and the sexual assault scandal.

Alistair Macrow, McDonald’s CEO, said that since July 2023, McDonald’s had received 407 complaints “of all types of sexual offence” within its restaurants and between its staff. Of those complaints, 157 had been fully investigated and 75 had led to disciplinary action, including 18 dismissals. There were 17 confirmed cases of sexual harassment and 27 under investigation, as well as nine bullying cases and one related to racism. He said some had been reported to the police by individuals, but did not know how many. This example, one of many, highlights the importance of trusted reporting mechanisms to allow staff to report internally…

The McDonalds case started with just two complainants talking about it on social media.

Companies that do not have reporting channels are essentially outsourcing their dirty washing to social media. And even more important than ‘just any’ reporting channel, is to put in place reporting channels that guarantee anonymity. What we see frequently, is businesses claiming their systems are anonymous when they are not. For a system to be truly anonymous it must not be hosted on the business servers, or hyper-link directly to an external system, via the web.

Why? Because if it is hosted internally, the business can know the IP address of the reporting person, and then who was logged into that computer when the report was made.

If it is hosted externally but linked to from the business network, the business IT department can trace who clicked the link at the time the report was made.

The best businesses follow the principles laid out by Transparency International. In this report, TI explain the most important aspects of a ‘trusted’ whistleblowing platform – their report includes the importance of anonymity.

Transparency International say this on Anonymous Whistleblowing…

At least one internal whistleblowing channel should enable anonymous reporting.

  • A safe channel should enable communication between anonymous whistleblowers and the person handling their report – for example, through an online reporting platform or an external party.
  • The system should explain to potential whistleblowers that the protection offered by anonymity is not absolute, highlighting practical issues, for example:
    • If the organisation is very small, or if before making a report the whistleblower has mentioned their concerns to colleagues, there is a risk that the report will be traced back to them.
    • As anonymity means the person handling the case does not know who they are protecting, it can be more difficult for them to prevent the whistleblower’s identity from being discovered.
  • Regardless of whether an organisation itself receives and follows up on anonymous reports, it should protect whistleblowers who report information on wrongdoing anonymously – internally, externally or via public disclosure – and who are subsequently identified.

Do we under estimate employee intelligence?

All good businesses of medium to large size will have a whistleblowing policy. Yet many fail to promote them ‘from the top’ and drive the wider business culture to encourage trust in the system. Without visible and credible support to staff, staff will not trust reporting mechanisms as anonymous nor that they will be protected from retaliation for reporting something. Staff will more likely believe the culture of the business through the things they witness every day; than a company policy that claims support of employees while there is no tangible proof of that.

This is seen in study after study of why stakeholders don’t report wrongdoing. Most frequently it is to do with trust in the system, and being able to remain anonymous. The fact is, people don’t want ’embroiling’ in a situation that then impacts them personally, or worse, the company retaliating against them for reporting something. Most studies claim statistics that are remarkably similar across them. That over 40% of employees know of wrongdoing but don’t report it, chiefly because they don’t believe the company will support them if they report.

An un-named bank manages whistleblowing by dividing the roles between ‘investigator of the concern’, and HR. This is to provide ‘someone’ on the side of the reporting person, that they communicate with. HR is frequently seen as the department that disciplines and holds people to account, so isn’t always perceived as the best department to manage a case.

Anonymous source - whistleblowing software and aml risk solutions

‘…when a report [from a whistleblowing employee] comes in,
[the Special Investigation Unit]
is always the first point of
contact we would make, and
they’re effectively the internal
professional investigators. We
have a very strong protocol
around protecting the individual
by checking their comfort
levels…So [we are] keeping a very
distinct split between the case
manager, who typically will…
be someone in HR, someone like
me…and the investigator. [We
have] very, very clear divisions of
responsibility.’ Bank employee.


Whistleblowing can be emotive. It isn’t a linear procedure that people can be herded through. It takes personal commitment from the senior team. That comitment needs to be set from the top and consistently advertised throughout the organisation. Only then will staff begin to report things. Trust is the central issue, trust from the senior leaders that the system will benefit the firm, and trust from the staff to use it.

For companies that want to bolster their ESG profile, it is essential they facilitate reporting mechanisms. For those reporting mechanisms to be independently hosted outside the companies servers and for staff to be able to report in anonymity.

Talk to one of our team to help you implement a supportive culture and whistleblowing system that will benefit your business.