The typical global organization with operations in Nigeria offers a well-resourced and technically functional hotline for employees to make internal reports about wrongdoing. Trouble is, the country’s laws don’t yet protect such individuals from retaliation. Legal and governance researcher Obongodu Paul Unanam explores what this important distinction means for Western companies operating in the country.
Most multinationals deploy internal reporting infrastructure as a uniform global system. A hotline number, a web portal, perhaps a third-party vendor and a policy document that promises confidentiality and no retaliation. The assumption behind this architecture is that the legal environment in each country creates roughly the same conditions for it to function. In the US, the UK and South Africa, that assumption may be defensible. In Nigeria, it is not.
This doesn’t show up in your program on paper. Your Nigerian subsidiary will have the hotline number, and your Nigerian employees will technically be able to access it. What the program cannot replicate is the legal backstop that makes using it a rational act for someone who has witnessed serious wrongdoing.
One reason for that is there is no statutory whistleblower protection law in Nigeria. The government launched a whistleblowing policy in December 2016 that offered financial rewards of 2.5% to 5% of recovered funds for tips leading to asset recovery, but it created no legal protection against retaliation. It is a policy document, not legislation. It cannot guarantee anonymity, cannot compel agencies to act and cannot stop an employer from dismissing the person who used it.
A compliance program that does not account for this is not simply incomplete. It is producing false assurance.
Real-world implications
Yisa Usman was a deputy director at Nigeria’s Joint Admissions and Matriculation Board. He reported procurement fraud and administrative irregularities within the agency through official channels. He was dismissed from his position in July 2023. Criminal charges followed. Usman reported that police then tried to abduct him from his home in July 2025 while multiple lawsuits arising from his disclosure were still before the courts. Subsequently, he was named runner-up for the Ellsberg Whistleblower Award, an international honor named after Pentagon Papers whistleblower Daniel Ellsberg. Because of legal proceedings against him, Usman was unable to travel to receive the honor.
Usman’s case highlights the documented outcome of a system that rewards tips and offers nothing else. The chairman of Nigeria’s Economic and Financial Crimes Commission (EFCC) recently called on the National Assembly to pass a whistleblower protection law, noting that of the 15 members of the Economic Community of West African States (ECOWAS), only Ghana and Senegal have enacted legislation that protects people who report wrongdoing.
When a compliance officer at a multinational tells employees in a Nigerian subsidiary that the company’s internal reporting channel is safe to use, they are making a promise the law does not back up. The risk calculus facing an employee in Lagos who witnesses procurement fraud is different from the one facing an employee in Chicago or London. The channel may be technically anonymous, but the law provides no remedy if the company or a connected government agency decides to make the employee’s life difficult afterward.
The information most useful to a compliance program is exactly the kind most likely to be suppressed in this environment.
Are Your Anonymous Reporting Channels Hiding a Bigger Problem?
When a friend is the target of a report, resist the urge to disrupt established processes
Read moreDetailsThe paternalism problem hiding in plain sight
There is something worth naming directly here, because it shapes a lot of the compliance thinking about markets like Nigeria: the assumption that program design is primarily a US or UK enforcement problem and that local legal environments are mostly background noise.
That assumption carries a corollary that rarely gets said out loud — that the way things work in the US or UK is the baseline, and deviation from it is a deficiency in the local market rather than a genuine design constraint the program needs to accommodate. The global compliance framework was built in Washington and London. It travels outward with the expectation that legal environments elsewhere will eventually catch up.
This framing is not just intellectually lazy, but it produces concrete compliance failures. If you treat the Nigeria gap as a temporary local anomaly rather than a structural feature of the operating environment, you will not redesign your program to account for it. You will deploy the standard infrastructure, note the gap in a risk register somewhere and move on.
The employee in the Nigerian subsidiary who sees something and says nothing is not failing your compliance program. Your compliance program is failing them.
What compensating controls actually look like
None of this means a compliance program in Nigeria is impossible. It means the program has to be designed for the environment it is operating in, not for the environment headquarters is familiar with.
First, the program needs to be honest about what a hotline can and cannot do. Training materials and communications to Nigerian employees should not repeat standard language about legal protection against retaliation. That protection does not exist in Nigerian law. Saying otherwise is not just inaccurate. Rather, it is the kind of misrepresentation that destroys credibility when an employee who relied on it faces consequences.
Second, the program should actively track the legislative environment. A whistleblower protection bill has been introduced in Nigeria’s National Assembly on multiple occasions; while it has never passed, that could change. A CCO with Nigerian operations should be monitoring that development and should understand what a statutory protection regime would mean for their program design.
Third, the program should not rely on a single reporting channel. Where the domestic legal environment offers no backstop, the external channel matters more. Some multinationals have implemented anonymous reporting pathways that route directly to international compliance infrastructure rather than to local management precisely because the risk of local retaliation is real and documented.
Fourth, ask the due diligence question before the next Economic Financial Crimes Commission (EFCC) investigation arrives, not after. The EFCC recorded 4,111 convictions in 2024 and recovered hundreds of thousands in currencies. Nigerian enforcement is not hypothetical. If your subsidiary’s reporting infrastructure cannot reliably surface procurement concerns from within, you are operating blind in an environment where the enforcement consequences of doing so are documented and recent.
The due diligence question CCOs are not asking
The standard third-party due diligence questionnaire for Nigerian operations asks about anti-bribery policies, training records and code of conduct acknowledgment. Almost none of them ask what happens to an employee at a Nigerian counterparty who reports internally.
That is the question that tells you whether the reporting infrastructure is real or ceremonial. A counterparty that has no answer to it, or whose answer is a policy document with no legal teeth, is a counterparty whose internal reporting environment has the same structural limitations as the national one. Kickback arrangements in Nigerian federal contracting historically run through intermediaries who are one or two steps removed from the primary counterparty. If no one in the chain has a working reason to report, the arrangement persists.
The fix is not complicated. It requires acknowledging that the compliance infrastructure you built for a legally protected environment does not transfer intact to one where the protection does not exist. It requires asking what an employee in your Nigerian subsidiary actually risks by using your hotline, and designing around the honest answer.
Yisa Usman is still litigating. The whistleblower protection bill is still pending. Your next EFCC inquiry is not waiting for either.


Obongodu Paul Unanam is a legal and governance researcher on anti-corruption law and compliance risk in West Africa. He is a former public intern at Akwa Ibom State Ministry of Justice and holds a legal degree from the University of Uyo in Nigeria. 








