Directors Dialogue on The Updated EU Whistleblowing Directive on the 28th of April 2021 from 14:00 to 18: 00 CEST.

All EU companies must address the new EU Whistleblowing Directive from a Compliance, Employment and Data Protection Law Perspective. People in contact with it in their work-related activities may be the first to know about and, therefore, in a privileged position to inform management to address the problem.

The purpose of the directive is to guarantee a high level of protection to persons who publicly disclose information on breaches acquired in the context of their work-related activities across a wide range of sectors. Companies have a few months until the 17th of December 2021 to bring the mandates in compliance.

The directive impacts hundreds of thousands of organisations and small and medium-sized enterprises (SMEs) right across Europe that employ more than 50 people. But it is those with 250 employees or more that will be required to comply first.

Whistleblowers, i.e. one of the most dangerous activities, are persons who report (within the organisation concerned or to an outside authority) or disclose (to the public) information on wrongdoing obtained in a work-related context, help preventing damage and detecting threat or harm to the public interest that may otherwise remain hidden. 

What does the directive mean for affected organisations?

The directive revolves around the explicit protection of a broad range of whistleblowers who report a violation of EU law. In turn, this places several legal obligations on organisations, with the adoption of safe reporting channels (such as whistleblower websites and hotlines) chief among them. The directive is explicit in specifying that such channels should be:

  • designed, established and operated in a secure manner that ensures that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protected
  • access to that by non-authorised staff members related to unlawful activities and abuse of law do occur in most organisations, big or small.

The requirement for an Independent Integrity Controller on whistleblowing processes and systems.

These non-compliance activities take form in multiple areas like bribery, corruption, fraud, businesses’ malpractice, or negligence. And if they are not addressed, it can result in serious harm to the public interest and the company’s reputation.

We look into the following areas:

  • Inform employees of the reporting options available to them
  • Put measures in place to protect whistleblowers from dismissal, demotion, and other forms of retaliation
  • Assign a competent, impartial person or team to receive and follow up on reports
  • Respond to and follow up on reports within three months
  • The protection of whistleblowers is uneven and fragmented.
  • Why are whistleblowers often discouraged from reporting their concerns for fear of retaliation?

Companies already having an internal whistleblowing system may need to change their reporting system depending on how anonymous reporting is handled, permissible subject matters and internal responsibilities. Details will, however, depend on the respective National Implementation Acts.

All EU organisations with over 50 employees and all organisations in the financial services industry of subject to anti-money laundering legislation must appoint a capable, impartial coordinator of their whistleblowing procedure as of the 17th of December 2021.