Governance under pressure: Boards, whistleblowers and the cost of courage

By Nqobani Mzizi

In corporate governance theory, whistleblowing is presented as a noble act. It is the final alarm bell when internal controls, risk systems and ethics programmes fail to deter wrongdoing. But in practice, whistleblowers often pay the price for their courage. They are labelled disloyal, isolated, retaliated against, quietly restructured out, or, in the worst case, wiped out. The real shame is that this frequently happens under the watch of boards of directors that claim to uphold integrity and accountability.

Boards often approve whistleblowing policies and list them in their governance reports. Hotlines are set up, ethics posters are displayed, and employees are encouraged to “see something, say something.” But what happens after that initial call is made? Who follows up or protects the whistleblower? More often than not, boards delegate these responsibilities to management, assuming that the existence of a policy equals its effective application.

The collapse of Steinhoff still looms large in South Africa’s corporate memory. In hindsight, the signals were there. The whistleblowers were present. But the oversight mechanisms weren’t responsive, and the board didn’t appear to act with the urgency required. Whether due to denial, delay or deference to management, the board failed to heed the warnings early enough to prevent disaster. The cost was not just reputational as it ran into billions of rand, with long-term implications for employees, pensioners and shareholders.

In some public institutions, whistleblowers have been vilified not because they were wrong, but because they were inconvenient. The tragic murder of Babita Deokaran after flagging suspicious payments at a Gauteng health department is a chilling reminder of the extreme risks whistleblowers can face when protection fails. Cynthia Stimpel, who raised the alarm about procurement at South African Airways, was sidelined and forced out despite acting in the public interest.

When concerns are raised about procurement irregularities, fraud or abuse of power, the organisational response is often to question the motives of the whistleblower rather than to interrogate the substance of the claim. Some are suspended, others demoted, and others subjected to counter-investigations. The message is clear: speak out and you may become the problem.

Boards must reject this culture. Silence in the face of wrongdoing is not neutrality; it is complicity. A board committed to ethical governance must treat whistleblower protection as a fiduciary duty, not an optional HR function.

Importantly, boards must also be alive to the reality that whistleblower mechanisms can be misused. There are instances where anonymous tip-offs are submitted not in the interest of organisational integrity, but to settle internal scores, advance factional interests or harass others anonymously. This too undermines trust, erodes morale and clogs investigative resources. A strong whistleblowing framework must therefore guard against both suppression and abuse, ensuring allegations are assessed objectively, with mechanisms to weed out malicious or frivolous claims without deterring genuine disclosures.

Equally critical is whistleblower confidentiality. Identity exposure, whether intentional or accidental, can lead to harm, isolation, or even threats. Confidentiality must be non-negotiable. Boards must ask whether internal channels are secure, whether data protection is enforced, and whether only a limited and trusted set of individuals handle sensitive complaints. When confidentiality fails, so too does trust in the system.

This is not a matter of sentiment. It is a matter of effective risk governance. Whistleblowers are often the first line of defence against fraud, corruption and ethical breaches. If they are not protected, wrongdoing festers in silence until it is too late. The reputational, financial and legal costs that follow are far greater than the discomfort of dealing with a difficult internal report.

So what can boards do differently?

First, boards must insist on a whistleblowing policy that is not only compliant with the law, but also independent of management influence. Too often, the function is buried under HR or legal departments that report to the same executives who may be the subject of complaints. Instead, it should be ring-fenced under the board’s audit or social and ethics committees, with direct reporting lines and regular oversight.

Second, anonymous and secure reporting channels must be in place and adequately resourced. A poorly managed ethics line that goes unanswered or is not followed up sends a message louder than any poster: this organisation does not care. External service providers should be considered where trust in internal systems is low, but they, too, must be visibly independent and trusted by employees.

Third, the board must receive direct reports on whistleblower activity. This includes tracking the number and nature of reports, resolution timelines, retaliation claims, and outcomes. Boards should not accept diluted summaries. They should demand insight into patterns, root causes and systemic risks arising from disclosures. And where high-risk complaints involve senior leadership, these must be escalated outside of normal management channels.

Fourth, boards should ensure they hear directly from internal audit, risk and ethics officers, unfiltered by the CEO or other executives. These functions exist to serve the board’s need for independent assurance, not management’s comfort.

Most importantly, boards must set the tone. That tone is not set by policies or statements in annual reports. It is set by action. When a whistleblower is protected and vindicated, the message reverberates. When one is attacked or marginalised, the message spreads faster.

Protecting whistleblowers is not just about compliance. It is about protecting the organisation from itself. And the responsibility lies squarely with those at the top. To govern well is not just to oversee budgets and plans, but to hold space for truth, especially when it is uncomfortable.

So, to board members, ask yourselves:

• Would a whistleblower in your organisation feel safe coming forward?
• Can your board confidently say that whistleblowers are protected from retaliation inpractice, not just on paper?
• Are you confident your own boardroom culture invites truth rather than filters it?
• And do you truly understand the risks of doing nothing when the next alarm bellrings?

Accountability does not begin with law. It begins with courage.

* Nqobani Mzizi is a Professional Accountant (SA), Cert.Dir (IoDSA) and an Academic.

** The views expressed do not necessarily reflect the views of IOL or Independent Media.

BUSINESS REPORT