Summary
Oliver Riehl explains that no reports do not mean no problems; they may simply show that employees lack safe channels to speak up. At Risk-!n 2026, he argues that effective whistleblowing and third-party risk screening help organisations detect issues early.
The discussion links reporting culture, regulatory expectations and supply-chain due diligence in one practical risk framework. His core message is that companies need both trusted systems and informed people to make compliance work in real life.
Insights
Why hidden risk is still risk
At Risk-!n 2026 in Zurich, Oliver Riehl, Regional Vice President Sales & Regional Manager, DACH, explained why the absence of incident reports should never be mistaken for the absence of problems. In his flash interview with Philippe Séjalon, CEO, The INGAGE Institute, he stressed that when employees lack the right channels or confidence to speak up, critical issues remain invisible until they become far more serious. For Oliver, building a strong whistleblowing culture is not just a compliance exercise; it is a practical way to surface risk early and protect the business.
From regulation to real action
Oliver pointed out that companies with 50 or more employees should have a reporting system in place, making structured reporting processes a clear operational priority for many organisations in Europe. NAVEX positions this work within a broader GRC approach, helping firms manage governance, risk and compliance in a more integrated way. The real challenge, however, is not simply installing a tool but ensuring that people know it exists, trust it and use it when it matters.
Third-party risk in the supply chain
A key theme of the discussion was third-party risk, especially when companies engage suppliers or partners without enough prior screening. Oliver highlighted the danger of working with organisations that may be sanctioned, involved in child labour or exposed to other misconduct, creating both compliance and reputational risk for the buyer. He described NAVEX’s support as a practical traffic-light model for supply chain and partner checks: green suggests it is safe to proceed, orange signals a need for deeper review, and red indicates serious concern.
Risk conversations beyond the stand
Oliver also described Risk-!n as a valuable networking forum rather than only a venue for product promotion. That fits the event’s wider focus on risk management, resilience, cyber risk, AI governance and geopolitics, all of which shaped discussions at the conference. His message was clear: better compliance, stronger cybersecurity awareness and smarter screening help organisations navigate an increasingly complex risk landscape.
Discover NAVEX
NAVEX provides solutions designed to support ethics, risk and compliance management across organisations. Its platform covers areas such as whistleblower reporting, policy management, risk assessment, compliance training and third-party monitoring.
The company presents GRC as an integrated strategy that connects governance, enterprise risk management and regulatory compliance. NAVEX also emphasises continuous oversight of third parties and vendors to reduce exposure to operational and regulatory issues.
More at NAVEX and on their LinkedIn page.
