A whistleblower system is legally required for many organizations and best practice in compliance, governance and risk management for all others.
Obligation according to the EU Whistleblowing Directive, Sarbanes-Oxley Act (SOX), Dodd-Frank Act and Whistleblower Protection Act (HinSchG):
- All companies with 50 or more employees
- All public bodies with a population of 10,000 or more
- All financial service providers – regardless of the number of employees (Banks, insurance companies, asset managers, investment management companies, pension funds, fund providers, etc.)
Recommended for:
- Companies with increased compliance risk
- Companies with supply chain obligations (Swiss Supply Chain Act/ESG)
- Organizations with international locations
- Companies that want to minimize reputational risks
- Companies that want to identify internal problems early on
Short:Every company that takes compliance seriously benefits from a whistleblower system.

A modern online whistleblower system offers significant advantages over ombudsman offices, telephone hotlines or email mailboxes – both legally, organizationally and financially.
1. Cost Advantages Compared to Ombudsman Offices
Online systems are significantly cheaper than traditional ombudsmen, who often charge high annual flat fees or hourly rates. A digital system incurs no additional costs per report, no consultation hours, and no external investigations. This significantly reduces ongoing compliance costs, while simultaneously increasing the quality of case handling.
2. Simple and Fast Setup
An online whistleblower system is ready for immediate use without any IT installation. The RiskFox online system can be individually branded and configured. Companies need neither a server nor a software rollout, and the solution can be activated in a very short time. Employees and external stakeholders access the system via a secure web address, while the internal reporting office works via a browser-based dashboard. This reduces implementation effort and completely relieves the compliance and IT departments.
3. Audit-proof, auditable, and legally compliant
Digital systems automatically meet legal requirements:
- 7-day confirmation of receipt
- 3-month feedback
- Documentation and retention obligations
- GDPR compliance
- Access controls & role models
- Audit trail for every action
This makes internal and external audits easy, and companies can demonstrate their compliance at any time.
4. External Reporting Platform + Internal Case Management
An online system combines two legally required elements:
External Reporting Platform
- Accessible via the website
- Anonymous or non-anonymous
- Multilingual
- Available 24/7/365
- Encrypted communication
Internal Case Management
- Structured case management
- Secure communication with whistleblowers
- Role and rights management
- Documentation of all steps
- Deadline management
This ensures that the entire process – from reporting to action – is digitally, transparently and legally compliant.
5. Structured processes and clear workflows
An online system guides the reporting office through all steps of the legal process. Cases are automatically categorized, deadlines are monitored, and those responsible are informed. This reduces errors, prevents missed deadlines, and ensures consistent, transparent processes throughout the entire company.
6. Anonymity and protection of the whistleblower
Digital systems enable genuine, technically secure anonymity – something that ombudsman offices or email inboxes cannot guarantee. Whistleblowers can communicate anonymously, answer follow-up questions, and exchange documents without revealing their identity. This increases the motivation to report and strengthens the compliance culture.

RiskFox's whistleblower system includes both the "external reporting page" and the "internal case management":
1. External Reporting Page
The external reporting platform is the public, secure, and anonymous channel through which whistleblowers submit their reports. It is accessible to employees, suppliers, customers, and other third parties and serves as a digital "door" to the whistleblower system. The platform must be accessible 24/7/365, GDPR-compliant, usable anonymously, and technically protected. The external reporting platform is usually hosted on the company's website and can be accessed and submitted directly by the whistleblower. The sole purpose of the external reporting platform is to receive reports and facilitate confidential communication with the whistleblower – without requiring them to disclose their identity. The company typically provides a structured questionnaire to obtain the most detailed report possible and to derive internal analysis and investigations from it.
2. Internal Case Management
Internal case management is the non-public, internal workspace where authorized personnel (e.g., from Compliance, Legal, or HR) review, document, and process incoming reports. Here, deadlines are monitored, actions are planned, internal investigations are conducted, and all steps are recorded in an audit-proof manner. Case management is therefore the "engine" of the system: it ensures that every report is handled in a structured, traceable, and legally compliant way. Case management includes workflow and email functionalities to integrate the right contacts and reviewers within the company.

The demo version can be started directly via the "Request Demo" button. You will go through a simplified login process – the free demo version includes one user for a period of two weeks. Data and structures are already implemented, which can of course be individually configured in the production version. The demo version includes the "external reporting page" and the "internal case management".

After clicking on “Buy Now”, select the desired modules and users, accept the terms and conditions and privacy policy, and complete the order via our secure checkout.
For paid packages, payment is processed via Stripe. Your account will be activated automatically, and you can log in and get started immediately.

RiskFox is hosted in the Oracle Cloud. The Oracle Cloud meets the highest IT and data security standards. Two-factor authentication is also available.
In addition, companies can individually control roles, permissions and access levels, so that only authorized people can view or edit content.

RiskFox offers a transparent, modular pricing model. You choose the modules you need and the number of users. Billing is done monthly via Stripe. No hidden costs, no installation fees, no long-term commitments.

Yes. The responsible user (e.g., power user, administrator) can individually configure and map organizational structures (locations, departments, subsidiaries, etc.) and responsibilities. Even complex corporate structures, matrix organizations, or group-wide governance models can be easily integrated. The unique feature of the RiskFox whistleblower system is that the power user or administrator can independently configure all questions (external reporting page) and evaluations (internal case management).

You can start immediately after registration – no installation, no IT effort required. Our standard version includes pre-configured master data and content that, for example, the administrator can modify and configure independently (-> Standard version).
Upon request, we can provide you with a customer-specific configuration (-> Enterprise Version) which you can edit, modify, or customize at any time.

RiskFox is the first fully online whistleblower system that is ready to use immediately, without installation, IT effort, or complex projects. While traditional Excel tools, email systems, or the use of ombudsman offices (law firms) are often expensive, cumbersome, and technologically outdated, RiskFox relies on a modern, cloud-based architecture that optimally combines speed, user-friendliness, and security.
Thanks to its consistently digital approach, the total costs are approximately 50–90% lower than alternative solutions such as ombudsman offices, email systems, or individual Excel tools – while simultaneously offering greater flexibility and significantly faster implementation. Companies benefit from a system solution that seamlessly adapts to individual structures, is infinitely scalable, and practically reflects regulatory requirements.
RiskFox is backed by a team with many years of experience in the regulatory environment, possessing both theoretical expertise and practical experience gained from projects with banks, insurance companies, industry, and public institutions. This expertise is directly incorporated into the ongoing development of the system solution – technically sound, technologically leading, and consistently aligned with real business needs.