Skip to content.

Secondary navigation

Get Your Demo
Five business professionals gather around a laptop in an office, with digital facial recognition graphics and data displayed over each persons face.

How policies and disclosures help address risk

Policies tell employees what should happen. Disclosures show what is happening. 

That distinction is becoming increasingly important as organisations face growing regulatory scrutiny, rising reporting volumes and greater expectations for governance oversight. 

Whether related to conflicts of interest, gifts and hospitality or outside business activities, disclosures provide a window into the decisions employees face every day. They reveal where policies intersect with operational reality and where governance risks may be emerging long before they become formal incidents. The latest NAVEX data analysis of 2.37 million reports across 4,052 organisations representing 77 million employees highlights a clear trend. Reporting volumes have increased by approximately 40% since 2020, with reporting rates reaching a record high once again in 2025. 

For compliance teams, this raises an important question: are you capturing enough disclosure information to understand your true risk exposure? 

Disclosures are increasing, but participation remains a challenge

Rising disclosure activity is not necessarily a sign of increasing misconduct. In many cases, it reflects stronger speak- up cultures, better awareness and greater trust in reporting processes. 

Healthy disclosure programmes happen when: 

  • Employees understand what should be disclosed 
  • Reporting processes are accessible and easy to use 
  • Managers reinforce disclosure expectations 
  • Employees trust concerns will be handled consistently

Yet participation remains a significant challenge. 

In a recent NAVEX webinar survey, 60% of respondents identified getting employees to disclose potential conflicts, gifts and other risk situations as their biggest challenge. 

Low participation can create blind spots. Employees may be unclear about disclosure requirements, unsure about grey area situations or hesitant to report concerns. When disclosures are not being raised, organisations won’t see the full picture of their risk exposure. 

The visibility gap: seeing individual cases vs. seeing patterns

 Collecting disclosures is only part of the challenge. Many organisations struggle to gain a complete view of disclosure- related risk and act on the disclosure data they do have. 

In the same NAVEX webinar survey, 74% of respondents said they had “some visibility, but gaps exist” when asked about their confidence in visibility into conflicts of interest, gifts and disclosures. 

This highlights a common problem. Organisations often know risks exist but lack confidence that they are identifying them consistently across teams, business units and regions. 

Manual processes contribute to this challenge. Email- based approvals, spreadsheet tracking and inconsistent review practices make it difficult to ensure consistent treatment across cases. As disclosure volumes increase, these approaches are harder to manage and more difficult to defend during audits or regulatory reviews. 

At the same time, disclosure data is often collected but not fully utilised. Trends go unnoticed, policy gaps remain hidden and opportunities for targeted training are missed.

Increasing volume creates increasing pressure

With reporting volumes rising across risk channels as compliance teams face growing workloads and heightened expectations for oversight, disclosure management complexity will continue to increase. 

When asked what they were seeing in their organisations, 44% of respondents in the webinar survey identified increasing disclosure volumes as their primary concern. 

This matters because disclosures are becoming more frequent, more complex and more critical to assess correctly. 

Regulators increasingly expect organisations to demonstrate not only that policies exist but that disclosure risks are actively identified, reviewed and managed consistently. 

They expect organisations to show that: 

  • Decisions are documented 
  • Reviews follow defined processes 
  • Escalations occur when required 
  • Governance controls are applied consistently 
  • Similar situations receive similar treatment 

Without standardised processes, organisations can face audit gaps, delayed decisions, incomplete documentation and increased regulatory or reputational risk. 

Turning disclosures into governance insight 

The most effective organisations treat disclosures as more than an administrative process. They use disclosure data to strengthen governance and identify emerging risks. 

That starts by making disclosures easy and expected. Clear reporting channels, practical examples and ongoing training help employees understand what should be disclosed and why it matters. 

Organisations should also use disclosure data to: 

  • Identify recurring conflicts and emerging risks 
  • Detect higher risk roles, teams or regions 
  • Reveal policy awareness gaps 
  • Inform targeted compliance training 
  • Support updates to governance controls and policies 

Equally important is standardising how disclosures are reviewed. Defined workflows, clear ownership and documented approval processes help ensure consistency and improve defensibility. 

Moving beyond policy 

Strong governance requires more than well written policies. 

It requires visibility into the risks employees encounter every day and confidence that those risks are being reviewed consistently and managed appropriately. 

Organisations that strengthen disclosure participation, standardise review processes and use disclosure data strategically are better positioned to reduce risk, demonstrate oversight and respond to evolving regulatory expectations. 

Policies establish expectations. Disclosures reveal reality. 

Organisations that connect the two gain a clearer view of risk and a stronger foundation for governance.

Webinars

Beyond Policy: Are You Capturing and Controlling Disclosure Risk?

Most UK organisations have policies covering conflicts of interest, gifts and outside activities but lack visibility into how those risks are disclosed, reviewed and managed in practice. Join us to …

You may also like…

Ready for more? Check out our latest related articles.

  • Webinars Upcoming

    What Separates a Mature Speak-Up Programme from an Effective One?

    UK organisations report just 0.69 cases per 100 employees, compared to the global benchmark of 1.65, while 66% of reports are submitted anonymously. So, what do these figures really mean?

    Join NatWest, M&G and NAVEX as they explore what the latest UK benchmark data reveals about reporting behaviour, employee confidence and speak-up culture and share practical strategies for strengthening trust, encouraging employees to speak up and improving programme effectiveness.

    Save your seat!

  • Solution

    Whistleblowing Benchmark Assessment

    Compare your speak-up program to industry benchmarks using five key metrics. Get a personalized whistleblowing report and improvement insights from NAVEX.

    Learn more

See more on similar topics: