Skip to content

Whistleblowing: The Loneliest Line of Defence

Whistleblowing

Whistleblowing: The Loneliest Line of Defence

South Africa has many problems, but a shortage of compliance frameworks isn’t one of them. Many of our biggest companies have boards of directors who diligently review governance registers, risk managers who map out internal control matrices, and procurement departments that use the latest tracking software.

Yet none of that stops them losing around 5% of their revenue to fraud every year. It’s a problem that’s not unique to South Africa, costing companies an eye-watering $5.5 trillion globally – because even the best oversight structures fail once systemic corruption or sophisticated asset misappropriation take hold.

This is why, in an age where we worship at the altar of everything AI and technology driven, the best and most effective accountability system is not an automated red flag warning or a scheduled audit. It’s a brave human being who’s decided to speak up and speak out.

Data from a recent report from the Association of Certified Fraud Examiners (ACFE) reveals that whistleblowers are dramatically more effective than traditional governance tools. Their tips – often given at great personal risk – uncover 45% of fraud cases.

External audits account for just 5%.

Whistleblowers are so effective – and so vitally important – for two key reasons:

  1. They bypass the compromised structures that allow prolonged schemes to bleed organisations dry.

  2. Over half come directly from within an organisation’s own workforce.

The second point is particularly significant.

Employees see the daily anomalies that software algorithms miss. They notice off-contract split invoicing designed to slip just under threshold limits, and pick up unauthorised modifications to vendor master data. They question their colleagues’ sudden, unexplained lifestyle changes, and their understanding of operational nuances mean they can spot when an executive bypasses standard verification protocols.

These insider instincts and insights are invaluable in our fight against fraud and corruption, which is why the glaring lack of meaty protection we offer these brave men and women is shameful, embarrassing, and a real indictment on our country’s commitment to good corporate governance.

Africa as a whole is dangerously patchy when it comes to safeguarding whistleblowers, with fewer than 15 countries having adopted dedicated protection laws.

But even where frameworks exist, independent investigations are frequently weakened or blocked by political interference. South Africa, Ghana and Kenya in particular are notorious for failing to act when journalists and whistleblowers come under legal and/or physical threat.

We are all too familiar of the high cost of looking the other way. Our recent history is uncomfortably full of names that highlight the brutal personal cost of speaking out: Babita Deokaran, Athol Williams, Jimmy Mohlala, Cynthia Stimpel, Martha Ngoye, and Mpho Mafole, to name just a few.

Traditional, paper-based whistleblowing channels are simply not fit for purpose in an environment where confidentiality is a life-and-death issue. They fail to guarantee true anonymity, non-traceability, or the secure transmission of data.

These glaring weaknesses were heavily highlighted by both the Zondo Commission and the National Anti-Corruption Advisory Council (NACAC), yet to date, it appears to have made little difference.

A faint glimmer of hope came in April this year, when the Minister of Justice and Constitutional Development, Mmamaloko Kubayi, released the new Protected Disclosures Bill for public comment. The Bill makes significant changes to the current, failed legislation, which has unclear procedures, weak protections, and limited support. It draws on local recommendations and international best practices, and aims to strengthen protections, prevent retaliation, and introduce support and incentive measures.

But as organisations like OUTA point out, a law on paper will always struggle against institutional power. A revised bill cannot automatically stop an employer with friends in high places trumping-up disciplinary charges, or instigating protracted legal battles that exhaust a whistleblower’s resources.

Once again, this is not just a South African problem.

The global EY Global Integrity Report highlights the massive international issue: despite enhanced protection policies, 54% of respondents who reported wrongdoing said they felt intense pressure not to report.

The new Protected Disclosures Bill is encouraging, but regardless of what our government may or may not do, real change has to come from much lower down the food chain. Businesses and organisations must act independently to foster a speak-up culture, creating an environment where people not only feel safe to do so, but also confident that their concerns will be acted upon.

Companies must also address another critical vulnerability: how reports are handled on the ground. Frequently, whistleblowers choose to report directly to someone within their organisation rather than using a formal hotline. In a third of all instances, this is a direct supervisor, meaning a company’s defence is only as strong as its frontline management.

Everyone must be trained on what to do if they suspect fraud, how fraud allegations are handled within the organisation, and exactly what to do if they’re notified about any suspected misconduct.

So, what could that actually look like?

  • Insulated intake channels – We know employees overwhelmingly prefer encrypted email and web portals, so let’s move away from classic telephone hotlines toward secure, anonymous digital platforms. All reporting lines must be completely removed from internal management oversight so that no implicated executive can intercept or suppress the data.

  • Visible, non-retaliation policies: Managers who attempt to marginalise or discipline employees who raise legitimate concerns must be penalised. Audit committees should have direct oversight of all whistleblower files, bypassing executive leadership entirely to avoid conflicts of interest.

  • Human insights, AI analytics: If automated systems could flag duplicate invoices, out-of-sequence checks, and unauthorised master data modifications, whistleblowers would have the objective data trail they need to substantiate their reports quickly.

We have to operate with the mindset that no organisation is immune to fraud, and believing that you are creates a dangerous operational blind spot that could do untold financial and reputational damage. It’s a bitter pill to swallow, but executive teams must assume fraud is either happening right now, or being actively planned within their operation.

Effective leadership means committing aggressively to detecting fraud as soon as possible. This is why whistleblowers remain South Africa’s most potent weapon against corporate collapse; they have the ground-level visibility to expose rot before it becomes catastrophic.

Protecting whistleblowers cannot be seen simply as a regulatory box to tick. It is a baseline requirement for the financial survival of the organisation and, most importantly, the physical and emotional survival of the people who risk everything to do the right thing.