Reporting corruption


This section provides guidance in relation to the requirement that the organisation should implement procedures which enable personnel to report suspected or actual corruption or breach of the anti-corruption programme in a safe and confidential manner (measure 18 of the Anti-Corruption Programme).

A proper reporting system is necessary to enable an organisation to prevent and detect corruption.   It will also provide personnel with some assurance that the organisation intends to implement its anti-corruption policy properly.

Features of a corruption reporting procedure

  1. Personnel should be required or encouraged to report to the organisation as soon as reasonably possible any suspected or actual corruption or breach of the anti-corruption programme.
    1. Personnel can be informed about the reporting procedure by it being:
      • communicated to all personnel (electronically or in hard copy);
      • published on the organisation’s web-site;
      • displayed on the notice board at each of the organisation’s offices.
    1. Personnel can be further informed and reminded about the reporting procedure:
      • by it being referred to in training;
      • by issuing personnel with periodic reminders (e.g. annually) from an appropriate manager (preferably the chief executive or equivalent) emphasising the organisation’s commitment to ethical practice and requiring or encouraging personnel to report any concerns so as to help the organisation comply with its commitments.
    1. If any jurisdiction in which the organisation operates has a legal duty to report corruption or suspicion of corruption, then this legal duty, and the consequences of any breach of this legal duty, should be clearly notified to personnel.

  1. The reporting procedure should identify to whom reports should be made. There are several alternative methods:
    1. The procedure may nominate one specified person to whom personnel should report (e.g. the compliance manager).
    2. The procedure may require personnel to report in the first instance any concern to their line manager, and only to escalate the report to the compliance manager or other appropriate manager in the event that:

      • personnel have no confidence in the integrity or reliability of the line manager, or
      • the line manager is the subject of or is implicated in the report; or
      • the line manager fails to take appropriate action.
    3. The system may require or enable personnel to report to an external reporting facility. If the report is to an external reporting facility, the organisation must ensure that the external reporting facility as soon as possible passes the report to an appropriate senior person within the organisation to deal with the issue. If the compliance manager is not the recipient of reports, then the compliance manager should be notified of all reports.

  1. The reporting procedure should identify how reports should be made. There are several alternative methods:
    1. in person
    2. by e-mail
    3. by telephone
    4. by an on-line contact form
    5. by letter.

As the system should (unless prohibited by law) allow anonymous and confidential reporting (see below), then at least one of the reporting options available should permit anonymity.


  1. The reporting facility should be available and easily accessible to all personnel.

  2. Anonymous reporting should be permitted (if and to the extent that applicable laws allow this).

  3. The organisation should keep the identity of personnel who make a report, and those named in the report, confidential unless:
    1. the organisation is required by law to disclose this information;
    2. the person making the report, or named in the report, agrees to disclosure of his/her name.

  1. The reporting facility should inform the person reporting that they can seek advice from a specified person or organisation:
    1. on what to do if faced with a concern or situation which could involve corruption;
    2. on how and when they can report to appropriate external authorities, such as criminal investigation authorities.

This advice could be provided by the compliance manager or other appropriate person within the organisation, or by a third party advisor. (See Dealing with corruption - Individuals).


  1. The procedure should ensure that any report received is passed on as soon as possible to an appropriate person within the organisation for investigation and appropriate action (see measure 19 Investigating and dealing with corruption). The person who has the responsibility to deal with these reports could be the compliance manager, or other appropriate manager or the board. This person should be independent of any issues which are the subject of the report.

  2. The organisation should ensure that:
    1. personnel who made the report are protected from retaliation after raising a concern in good faith; and
    2. it is a disciplinary offence for personnel to retaliate against someone who raises a concern in good faith.

  3. The organisation should ensure that all reasonable steps are taken to protect the safety of any individual who raises a concern in good faith.

  4. The individual who made the original report should be kept informed of the action being taken to the extent that this information does not prejudice any investigation or endanger anyone’s safety.

  5. The reporting procedures, and any reports made under them, should be documented by the organisation.

  6. These reporting procedures can be stand-alone anti-corruption reporting procedures, or may be the same as, or form part of, those used for the reporting of other issues of concern (e.g. safety, discrimination, bullying).

Implementation checklist for Measure 18


  1. The organisation should prepare a written reporting policy which is compliant with the above requirements.
  2. The organisation should appoint a suitable person(s) to receive reports, and a suitable person(s) to investigate reports. This could be the same person for both functions, or different persons. The persons appointed could be internal or external.
  3. The organisation should publish the policy to its personnel, by e-mail or in hard copy, and on the organisation’s notice board. A copy should be published on the organisation’s web-site or intranet. Reminders should be sent out periodically to personnel.
  4. The organisation should follow up appropriately on all received reports.
  5. The compliance manager should review any reports received and the outcomes to ensure that the system is working appropriately.
  6. A summary of any reports received and outcomes should be sent to the board annually.


Most recent update on 17th February 2016

Page first published on 1st May 2008

© 2018 GIACC