Whistleblower Report
An encrypted internal reporting channel for employees to report workplace misconduct, fraud, harassment, or ethics violations — anonymous or identified, with structured fields for incident detail.
About this template
This template provides organisations with a structured, encrypted internal reporting channel — sometimes called a whistleblowing hotline — that allows employees, contractors and third parties to report workplace misconduct, fraud, bribery, harassment, safety violations, or other ethics concerns.
What it collects
- Reporter's identity (optional — anonymous reporting supported)
- Category of concern (fraud, harassment, safety, etc.)
- Description of the incident — who, what, when, where
- Names of people involved or witnesses
- Whether the concern has previously been raised and with whom
- Supporting evidence or documents available
No retaliation policy
Swiss employment law (Art. 321a OR) and international standards require organisations to protect whistleblowers from retaliation. Reports submitted through this channel are encrypted end-to-end and accessible only to designated compliance personnel. The reporter may remain anonymous.
How to use it
Use this template
Click 'Use template' to create a copy in your dashboard.
Assign to compliance personnel only
Configure access so that only designated compliance officers or audit committee members can decrypt and view reports.
Communicate the channel to employees
Share the form link in your employee handbook, intranet, and onboarding materials so staff know it exists.
Why organisations need an encrypted internal reporting channel
Workplace misconduct that goes unreported causes significant harm — financial losses from fraud, ongoing harm from harassment, reputational damage from regulatory violations. The reason most employees do not report concerns is fear of retaliation. An encrypted, optionally anonymous reporting channel removes that barrier by giving employees a credible, safe way to speak up.
In Switzerland, the revised Code of Obligations and the new Data Protection Act (nFADP) reinforce the importance of proper internal escalation. The EU Whistleblower Protection Directive (2019/1937) — now transposed into national law in the EU — has raised expectations globally for what a compliant internal reporting system looks like. Swiss companies with EU subsidiaries or operations must comply with the Directive.
What the EU Whistleblower Directive requires
- A dedicated, confidential reporting channel
- Acknowledgment of receipt within 7 days
- Feedback to the reporter within 3 months
- Prohibition of retaliation, including demotion, dismissal, or negative performance reviews
- Ability to report anonymously (optional under the Directive but best practice)
Categories of concern this form supports
- Financial fraud, embezzlement, accounting irregularities
- Bribery and corruption (private or public)
- Harassment and discrimination (sexual, racial, other)
- Workplace health and safety violations
- Data protection and privacy breaches
- Conflicts of interest not disclosed
- Environmental violations
- Regulatory and compliance breaches
Anonymous vs identified reporting
| Anonymous report | Identified report | |
|---|---|---|
| Reporter protection | Maximum — identity never captured | Identity known to compliance team only |
| Follow-up possible | Only via the form's reference number | Direct contact possible |
| Evidential value | Can still trigger investigation | Supports more detailed investigation |
| Legal protection | Protected under nFADP / ECHR | Additional employment law protections apply |
Common mistakes to avoid
- Using a shared email address — reports are visible to admins who may be the subject of the report.
- Not acknowledging the report — reporters who hear nothing assume nothing happened and may escalate externally.
- Failing to protect anonymity — a form that logs IP addresses is not truly anonymous.
- No documented investigation process — each report should follow a documented triage and escalation procedure.
Frequently asked questions
Can reports be submitted anonymously?
Yes. The reporter's name and contact details are optional. Anonymous reports are still processed and can trigger a full investigation if sufficient detail is provided.
Who can see the reports?
Reports are encrypted end-to-end. Only the designated compliance officer(s) or audit committee members with the decryption key can read them. The IT team, line managers, or the subjects of reports cannot access the data.
What happens after a report is submitted?
The organisation's compliance team reviews the report, acknowledges receipt (if the reporter left contact details), triages urgency, and commences an investigation according to its internal procedures.
For more context, see our overview of whistleblowing systems for Swiss companies, our guide to EU Whistleblower Directive compliance, and our HR use-case page.