Is whistleblower protection legally available in Hong Kong?

Hong Kong does not have a single dedicated whistleblower protection statute equivalent to the United Kingdom's Public Interest Disclosure Act 1998 or Australia's Public Interest Disclosure Act 2013. Protection for whistleblowers in Hong Kong is assembled from multiple statutory and common law sources, making a comprehensive written Whistleblower Policy all the more important. The Employment Ordinance (Cap. 57) provides the primary workplace protection: Section 32B prohibits dismissal or variation of employment terms in retaliation for asserting statutory rights. An employee dismissed for making a protected disclosure may claim wrongful dismissal at the Labour Tribunal under the Labour Tribunal Ordinance (Cap. 25), seeking reinstatement and terminal payments. The Prevention of Bribery Ordinance (Cap. 201) creates a specific protection regime: Section 30 of Cap. 201 criminalises disclosure of the identity of a person who has reported corruption to the Independent Commission Against Corruption (ICAC), and Section 30A prohibits retaliation against such informants. The Securities and Futures Ordinance (Cap. 571) provides protection for persons who report misconduct in the financial services sector to the Securities and Futures Commission (SFC). Under Section 378 of Cap. 571, the SFC is prohibited from disclosing information that would identify a whistleblower, except in specified circumstances. The SFC's Whistleblowing Policy encourages reporting of market misconduct, insider dealing, and unlicensed activity.

What types of wrongdoing should a Hong Kong Whistleblower Policy cover?

A comprehensive Whistleblower Policy in Hong Kong should define reportable conduct broadly, covering both criminal offences and serious regulatory violations, to align with the expectations of the Independent Commission Against Corruption (ICAC), the Securities and Futures Commission (SFC), and the Hong Kong Stock Exchange (HKEX). Corruption and bribery: Offers or acceptance of bribes, advantages, or commissions in contravention of the Prevention of Bribery Ordinance (Cap. 201). Section 9 of Cap. 201 covers private sector corruption, making it an offence for an agent to accept an advantage without the principal's permission. Corruption reports should be directed to the ICAC, which accepts reports 24/7 at 2526 6366 or online at icac.org.hk. Financial fraud and misconduct: False accounting, falsification of records, misappropriation of company assets, and financial statement fraud. Listed companies on HKEX must comply with the Corporate Governance Code, which requires the Audit Committee to oversee fraud reporting mechanisms. The Hong Kong Monetary Authority (HKMA) expects licensed banks to maintain internal whistleblowing channels for reporting financial crimes. Market misconduct and insider dealing: Insider dealing, market manipulation, and disclosure of false or misleading information about listed securities, all regulated by the Securities and Futures Ordinance (Cap. 571) and enforced by the SFC's Market Misconduct Tribunal. Environmental violations: Illegal dumping of hazardous waste in contravention of the Waste Disposal Ordinance (Cap.

Can reports under a Hong Kong Whistleblower Policy be made anonymously?

Anonymous reporting is a critical feature of an effective Whistleblower Policy in Hong Kong, where cultural factors — concern about face, hierarchy, and employment security — may deter employees from making identified reports. The Whistleblower Policy should explicitly permit anonymous reports through designated channels: a dedicated whistleblower hotline (internal or managed by a third-party ethics provider), an anonymous email inbox managed by the Audit Committee or an independent investigator, and a physical drop-box for written reports. Third-party ethics hotline providers operating in Hong Kong — such as EthicsPoint, NAVEX Global, and Convercent — enable fully anonymous two-way communication, allowing investigators to seek clarification from anonymous reporters without revealing identity. Anonymous reports present practical investigation challenges. The Policy should acknowledge that without identifying information, the organisation may be unable to interview the reporter, seek clarification of facts, or provide feedback on investigation outcomes. For this reason, the Policy should encourage identified reporting by emphasising the strong anti-retaliation protections available and the confidentiality obligations of the investigating team. The Independent Commission Against Corruption (ICAC) accepts anonymous reports — the ICAC's anti-corruption hotline at 2526 6366 does not require the caller to identify themselves. The Securities and Futures Commission's whistleblowing platform also accommodates anonymous submissions.

How should a Hong Kong organisation investigate whistleblower reports?

Investigation of whistleblower reports in Hong Kong requires a structured process that ensures objectivity, preserves confidentiality, complies with the Personal Data (Privacy) Ordinance (Cap. 486), and produces findings that withstand scrutiny by regulators including the ICAC, SFC, and HKEX. Report receipt and triage: All reports — whether through the internal hotline, email, or drop-box — should be logged in a secure, access-restricted register. Within 5 business days of receipt, the designated investigation officer (typically the Head of Internal Audit, Company Secretary, or an independent Audit Committee member) should assess the report's seriousness, determine whether the matter should be reported immediately to the ICAC, SFC, HKMA, or another regulator, and decide whether an internal or external investigation is appropriate. Investigator independence: Where the reported wrongdoing involves senior management or the Chief Executive, the investigation must be conducted by or under the supervision of independent Audit Committee members (for listed companies under the HKEX Corporate Governance Code Appendix C1). External legal counsel or forensic accountants (e.g. from Big Four firms) should be engaged for complex financial fraud investigations. The Prevention of Bribery Ordinance (Cap. 201) requires that if the matter may involve criminal corruption, the ICAC should be notified promptly rather than conducting a parallel internal investigation that could compromise evidence.

What anti-retaliation protections should a Hong Kong Whistleblower Policy provide?

Anti-retaliation protections are the cornerstone of an effective Whistleblower Policy in Hong Kong. Without credible, enforceable protections, employees will not report wrongdoing — defeating the entire purpose of the policy. Statutory baseline: The Employment Ordinance (Cap. 57) prohibits dismissal in retaliation for asserting statutory rights (Section 32B). An employee dismissed after making a protected disclosure may file a wrongful dismissal claim at the Labour Tribunal within six years under the Limitation Ordinance (Cap. 347), seeking reinstatement, terminal payments, and loss of wages. The Prevention of Bribery Ordinance (Cap. 201) Section 30A specifically criminalises retaliation against persons who report corruption to the ICAC — a powerful statutory backstop. Policy-level protections: Beyond the statutory minimum, the Whistleblower Policy should expressly prohibit: demotion, salary reduction, or adverse variation of employment terms; exclusion from training, promotion, or career development opportunities; harassment, intimidation, or ostracism by colleagues or management; negative performance reviews unsupported by objective evidence; transfer to undesirable roles or locations; and constructive dismissal through intolerable working conditions. All of these constitute actionable retaliation under the Employment Ordinance.

What are the HKEX and SFC requirements for listed company whistleblower policies?

Listed companies on the Hong Kong Stock Exchange (HKEX) face specific whistleblower policy requirements under the HKEX Corporate Governance Code (Appendix C1 to the Main Board Listing Rules) and the Securities and Futures Commission's Corporate Governance Guidance. HKEX Corporate Governance Code Provision C.3.7 requires listed company Audit Committees to review arrangements for employees to raise concerns about possible improprieties in financial reporting, internal controls, or other matters. The Audit Committee must ensure that proper arrangements are in place for the investigation and follow-up of these concerns, with appropriate protection from retaliation for staff who raise concerns in good faith. This provision has been a 'comply or explain' requirement since 2005 and was strengthened in the January 2022 Corporate Governance Code revision. HKEX ESG Reporting Guide (Appendix C2) requires listed companies to disclose in their ESG Report whether a whistleblowing or reporting mechanism exists, its key features (anonymous reporting, investigation process, anti-retaliation measures), and statistics on reports received and actioned during the reporting year. Failure to disclose this information may be queried by HKEX during the annual review process. The SFC's regulatory expectations, set out in the SFC's Circular to Management Companies of SFC-authorised Unit Trusts and Mutual Funds and in various Enforcement guidance papers, require asset managers, brokers, and investment advisers licensed under Cap.

Whistleblower Policy (Hong Kong)

WHISTLEBLOWER POLICY

[Company Name] — COMPANY POLICY

Effective Date: [Effective Date] | Version: [Version] | Review Date: [Review Date]

Policy Owner: [Policy Owner]

1. Policy Statement

[Company Name] encourages employees to report any suspected wrongdoing or unethical conduct. This policy provides safe, confidential channels for reporting and protects reporters from retaliation.

2. Reportable Conduct

[Reportable Conduct]

3. Reporting Channels

Reporting channels: [Reporting Channels]

Anonymous reporting: [Anonymous Reporting: Yes/No]

Designated receiving officer: [Designated Officer]

4. Investigation and Protection

Investigation process: [Investigation Process]

Protections for reporters: [Protections]

External reporting options: [External Reporting Options] (including ICAC for corruption under the Prevention of Bribery Ordinance, Cap. 201)

5. General

This policy is governed by the laws of Hong Kong SAR and should be read in conjunction with applicable legislation and the employee's employment contract.

Company address: [Company Address]

Director / Authorised Signatory

________________

Signature

Maintained by Vladislav Sergienko, Founder·Template last modified: 2026-06-23·Report an error

What Is a Whistleblower Policy (Hong Kong)?

A Whistleblower Policy in Hong Kong establishes the rules and responsibilities that govern the conduct it addresses.

Hong Kong's anti-corruption environment is anchored by the ICAC, established in 1974 under the Independent Commission Against Corruption Ordinance (Cap. 204), which has transformed Hong Kong from a city with endemic corruption into one of Asia's cleanest jurisdictions. The ICAC's Community Relations Department actively promotes corporate anti-corruption culture and regularly audits listed companies' whistleblowing mechanisms. ICAC investigations are initiated on the basis of complaints — most of which originate from internal reports — making a well-designed Whistleblower Policy a direct contribution to Hong Kong's anti-corruption infrastructure.

Hong Kong does not yet have a single dedicated whistleblower protection statute. Protection is assembled from multiple sources: Employment Ordinance (Cap. 57) Section 32B (anti-retaliation for asserting statutory rights), Prevention of Bribery Ordinance (Cap. 201) Section 30A (anti-retaliation for reporting corruption), Securities and Futures Ordinance (Cap. 571) Section 378 (confidentiality of SFC informants), and the common law of wrongful dismissal. The absence of a unified statute makes a thorough written policy — establishing clear protections, investigation procedures, and accountability mechanisms — especially important for Hong Kong employers.

For listed companies on the Hong Kong Stock Exchange (HKEX), the Corporate Governance Code (Appendix C1 to the Main Board Listing Rules) Provision C.3.7 requires the Audit Committee to review arrangements for employees to raise concerns about financial reporting, internal controls, and other improprieties. HKEX ESG Reporting Guide (Appendix C2) further requires disclosure of whistleblowing mechanisms and annual statistics in the ESG Report. These requirements apply to all companies listed on the Main Board and the GEM Board.

The Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) both expect licensed intermediaries and authorised institutions to maintain whistleblowing channels as part of their AML/CFT compliance programmes under the Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615). The HKMA's Supervisory Policy Manual (IC-2) specifically addresses whistleblowing in the context of banks' internal controls.

The Personal Data (Privacy) Ordinance (Cap. 486) governs how whistleblower reports and reporter identity data are handled. The six Data Protection Principles require that personal data is collected only for a specified purpose (DPP 1), retained no longer than necessary (DPP 2), used only for the original purpose (DPP 3), secured against unauthorised access (DPP 4), available for data subject access requests (DPP 5 — with exceptions for ongoing investigations), and not transferred to jurisdictions without equivalent protection (DPP 6). The Office of the Privacy Commissioner for Personal Data (PCPD) has issued guidance on managing personal data in investigation contexts.

When Do You Need a Whistleblower Policy (Hong Kong)?

Whistleblower Policy in Hong Kong is required for any organisation that has employees, contractors, or external parties who may observe wrongdoing, and is mandatory or strongly expected for specific categories of organisations under Hong Kong regulatory frameworks.

Listed companies on HKEX Main Board and GEM: The Corporate Governance Code Provision C.3.7 makes a whistleblower mechanism a 'comply or explain' requirement. Companies that do not maintain a formal policy must explain why in their annual corporate governance report — a position that is increasingly difficult to justify and that attracts negative attention from institutional investors and HKEX reviewers.

Licensed financial intermediaries: Brokers, asset managers, insurance companies, and money service operators licensed under the Securities and Futures Ordinance (Cap. 571) or the Insurance Ordinance (Cap. 41) are expected by the SFC, HKMA, and Insurance Authority (IA) to maintain internal reporting channels as part of their AML/CFT and market conduct compliance frameworks.

Authorised institutions (banks): The HKMA's Supervisory Policy Manual (IC-2) and Anti-Money Laundering guidance require banks to have mechanisms for staff to report suspicious transactions and internal misconduct. Bank employees who fail to report suspicious transactions may face personal liability under Cap. 405 (Drug Trafficking) and Cap. 455 (Organised and Serious Crimes).

Government-linked entities and statutory bodies: The Civil Service Bureau has separate guidelines for civil servants reporting misconduct to the ICAC, but government-owned enterprises listed on HKEX or operating in regulated sectors should maintain a formal Whistleblower Policy.

Large employers in construction, engineering, and infrastructure: These sectors face significant corruption risk in tendering and procurement. The ICAC's Business Ethics Advisory Centre recommends that companies with government contracts maintain active whistleblowing channels.

Any employer with 50 or more employees should implement a formal Whistleblower Policy as a matter of corporate governance established procedures, regardless of sector. The policy should be reviewed annually, updated after any significant regulatory change, and tested by the Internal Audit or Audit Committee to verify that the reporting channels function effectively.

A Whistleblower Policy is also needed following any internal fraud incident, regulatory investigation, or external audit recommendation to improve internal controls. Organisations that have recently experienced a data breach, suffered a regulatory fine, or been subject to ICAC investigation should treat the implementation of a formal Whistleblower Policy as an urgent remedial measure — demonstrating to regulators, shareholders, and employees that the governance failure has been addressed. The HKEX Listing Division and the SFC both view the presence of a functioning whistleblowing mechanism as a positive indicator of corporate culture and internal controls maturity.

What to Include in Your Whistleblower Policy (Hong Kong)

Whistleblower Policy in Hong Kong must contain specific elements to meet HKEX Corporate Governance Code requirements, ICAC expectations, and the anti-retaliation obligations under the Employment Ordinance (Cap. 57) and Prevention of Bribery Ordinance (Cap. 201).

Policy statement and purpose: A clear declaration of the organisation's commitment to ethical conduct, zero tolerance for corruption, bribery, and fraud, and the Board's or Audit Committee's oversight responsibility. The policy statement should reference Cap. 201 and the organisation's obligations as an employer under Cap. 57.

Scope of reportable conduct: A non-exhaustive list of reportable matters — corruption and bribery under Cap. 201; financial fraud and false accounting; market misconduct under Cap. 571; environmental violations under Cap. 354 and Cap. 358; workplace safety violations under Cap. 59 and Cap. 509; harassment and discrimination; PDPO violations under Cap. 486; and any other conduct that creates a risk of legal, regulatory, or reputational harm to the organisation.

Reporting channels: At least two separate reporting channels — an internal channel (dedicated hotline, email, or Audit Committee contact) and an external channel (ICAC hotline at 2526 6366, SFC whistleblowing platform, or HKMA). For organisations with more than 200 employees, a third-party anonymous hotline managed by an independent provider is established procedures.

Anonymity and confidentiality: Express permission for anonymous reports; confidentiality obligations on all persons who handle reports; prohibition on attempts to identify anonymous reporters; PDPO (Cap. 486) compliance for handling reporter personal data under DPP 3 (use limitation) and DPP 4 (security).

Investigation process: Intake and logging procedure; triage and escalation criteria; investigator independence requirements (no investigator with a conflict of interest); evidence preservation obligations; timeframes for acknowledging receipt (7 days), completing preliminary investigation (30 days), and final resolution (90 days for complex matters); feedback to the reporter on investigation outcome.

Anti-retaliation protections: Express prohibition of demotion, dismissal, salary reduction, harassment, intimidation, adverse performance review, or transfer in retaliation for good-faith reports; separate reporting channel for retaliation complaints; disciplinary consequences for perpetrators of retaliation; cross-reference to Cap. 57 Section 32B and Cap. 201 Section 30A statutory protections.

Record keeping and reporting: Secure, access-restricted register of all reports received; quarterly summary to Audit Committee; annual review of policy effectiveness; disclosure in HKEX ESG Report (Appendix C2) of statistics on reports received and resolved.

Governance and board accountability: The Board of Directors or senior management should formally adopt the policy by resolution and review it annually. Listed companies should disclose the policy's existence and key features in their annual ESG Report under HKEX ESG Reporting Guide Appendix C2. The Audit Committee Chair should receive quarterly whistleblowing activity reports summarising the number of reports received, categories of concern, investigation outcomes, and any systemic issues identified.

Training and awareness: The policy must be communicated to all employees, contractors, and agents at onboarding and annually thereafter. Training should cover how to use reporting channels, what constitutes a protected disclosure, and the consequences of retaliation. ICAC's Business Ethics Advisory Centre offers free ethics training resources for Hong Kong companies.

External reporting options: The policy should direct employees to external bodies when internal channels are compromised — ICAC at 2526 6366 for corruption, SFC for market misconduct, HKMA for banking violations, EPD for environmental offences, and the Labour Department for employment law breaches.

Forms-legal.com provides a complete Hong Kong Whistleblower Policy template incorporating HKEX Corporate Governance Code Provision C.3.7 compliance, ICAC-aligned reporting channels, Cap. 201 anti-retaliation provisions, and PDPO data protection obligations for reporter identity data.

Related documents include the Employee Handbook (for incorporating the policy into broader HR documentation) and the Data Protection Policy (for PDPO-compliant handling of whistleblower personal data).

Sources & Citations

Statutory citations link to official government sources.

Independent Commission Against Corruption Ordinance (Cap. 204)HK official
Employment Ordinance (Cap. 57)HK official
Prevention of Bribery Ordinance (Cap. 201)HK official
Securities and Futures Ordinance (Cap. 571)HK official
Anti-Money Laundering and Counter-Terrorist Financing Ordinance (Cap. 615)HK official
The Personal Data (Privacy) Ordinance (Cap. 486)HK official
Insurance Ordinance (Cap. 41)HK official

Cite this page

Reference this free template in an article, syllabus, or research note:

APA

Forms Legal. (2026). Whistleblower Policy (Hong Kong) (Hong Kong) [Legal document template]. Forms Legal. https://forms-legal.com/hong-kong/employment/hr-forms/whistleblower-policy-hong-kong

MLA

"Whistleblower Policy (Hong Kong) (Hong Kong)." Forms Legal, 2026, https://forms-legal.com/hong-kong/employment/hr-forms/whistleblower-policy-hong-kong.

BibTeX

@misc{formslegal-whistleblower-policy-hong-kong,
  author       = {{Forms Legal}},
  title        = {Whistleblower Policy (Hong Kong) (Hong Kong)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/hong-kong/employment/hr-forms/whistleblower-policy-hong-kong}},
  note         = {Free legal document template. Based on Employment Ordinance (Cap. 57)}
}

Also available for these jurisdictions:

Frequently Asked Questions

Based on Employment Ordinance (Cap. 57) — Template last modified June 2026Verify the source →

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know