Are you prepared for the EU Whistle-blower Protection Directive?

The EU Commission continues to revamp its Governance and Compliance structures to protect employees, assets, stakeholders, and privacy. After GDPR, EPrivacy the next radical compliance implementation will probably receive its final approval, is the directive on the protection of whistle-blowers

Tenacious Whistle-blowers who exposed several scandals are, “Deep Throat”who met journalists Bob Woodward and Carl Bernstein and exposed the Watergate scandal,which changed global history in the 1970s probably the best whistle-blower example. Later the former Enron executive Sherron Watkins that released vital information on the company’s fraudulent accounting practices in the 1980’s and the most recently a whistle-blower exposed one of the largest AML scandals Danske Bank.

Blowing the whistle on sloppy, corrupt, illegal,and greedy organisations and management can have substantial effects, both positive and negative, on the whistle-blower and the stakeholders. Therefore companies must start the process on their road to compliance through a roadmap, framework and a dedicated resource center to ensure Governance, Risk Management and Compliance components when an employee or a contractor releases news of illegal, risky or unethical corporate conduct, process and or management behaviour.

Two-year cure period after adoption

By September 2021 all EU organisations with 250 or more employees must provide a channel for employees and others to blow the whistle. Companies with between 50 and 249 employees will have the usual two years to comply. Copenhagen Compliance®has since 2005 helped companies with roadmaps, frameworks, templates and tools to set-up and manage a whistle-blower channel to create the corporate culture as the platform to deliver real business benefit and protects long-term values of the organisation.

The corporate culture must be followed up by addressing the various obligations and a specific set of controls and system that focus on security, response times, data protection requirements.

Business ethics and whistleblowing

Since the whistle-blower is probably the most vulnerable person in the process,they will soon be granted more excellent protection and encourage the person to report incidents without uncertainty and stress. The roadmap and framework must provide both whistle-blower anonymity, special safe guards and personal security.

The main requirements of the EU Whistleblower Protection Directive are:

  1. Confidentiality of the identity of the whistle-blower. Network for receiving reports to ensure the privacy of the whistle-blower and prevent access to non-authorised persons.
  2. Response times: Establish procedures to follow-up the report within a seven-day acknowledgement
  3. Independent receiver(s) with the competence to follow up and communicate
  4. Due Diligence: Thorough follow-up within a reasonable timeframe to provide feedback to stakeholders
  5. Communication: Establish the conditions and procedures for disclosing the results and inform the oversight, authorities.
  6. GDPR compliance: Processing of personal data must be carried out to comply with the GDPR.
  7. Record keeping: Companies must document each report received, and ensure compliance, confidentiality, transparency and accountability.
  8. Deletion: Disposing of the data that must be deleted according to the GDPR and other relevant mandates in the right manner.

The new directive is an excellent opportunity for companies with a whistle-blower system to update The Corporate Whistle-blower Protection Program, disclose and report violations of various workplace safety, environmental, financial reform and securities laws. Update policies and procedures on employee and management conduct and behaviour. Companies that violate the whistle-blower protection laws can face fines, suspension of government contracts, civil lawsuits, and reputation damage that reduces the company’s stock value by a substantial amount.

Send us an email to receive the Whistle-blower roadmap and framework or conducting an inhouse  Training and Awareness or a whistle-blower seminar.