Proposal for Whistleblower Protection Directive: unravelled
We are happy to see that the European Commission is proposing a new law to strengthen whistleblower protection across the EU. Today’s presentation of the key elements of the proposal for EU-wide rules on the protection of whistleblowers » gives a good impression of the intention of the EC concerning whistleblower protection. Let’s take a closer look at the main elements of the proposed Whistleblower Protection Directive. We comment on various elements from our perspective as a global provider of whistleblowing systems.
Which organisations are specifically mentioned in the proposed Whistleblower Protection Directive?
- private legal entities with 50 or more employees;
- private legal entities with a turnover of over €10 million;
- private legal entities with a balance sheet of over €10 million;
- private legal entities operating in the area of financial services;
- private legal entities vulnerable to money laundering or terrorist financing;
- state administrations, regions and departments and municipalities with more than 10,000 residents; and
- entities governed by public law.
Similar to the Dutch House for Whistleblowers Act (Wet Huis voor Klokkenluiders) and the French anti-corruption law Sapin II », the proposed Whistleblower Protection Directive chooses a broad scope of applicability amongst organisations. Such broad scope will most likely lead to a great number of organisations that does not adhere to the proposed law. Experience » in The Netherlands shows that a great number of organisations under the obligation to have a whistleblowing reporting channel in place did not implement an appropriate infrastructure. We believe that without an effective sanction regime in place, in which organisations who not comply with the proposed requirements will face penalties, many organisations will not be motivated to live up to the proposed law. This is why we have more confidence in the effectiveness of the French Sapin II law, in which administrative penalties can be imposed on companies and its directors who fail to implement reporting channels to report corruption.
Internal reporting before external reporting and dialogue with the whistleblower
The proposed Whistleblower Protection Directive makes internal reporting as a first step mandatory. External reporting is only allowed if:
- the organisation did not follow up on the internal report;
- the whistleblower could not know about the possibility to report internally; or
- the organisation did not have a reporting channel in place.
However, the option to directly report externally remains open in cases where the whistleblower could not be expected to use an internal reporting channel or if internal reporting could jeopardise the effectiveness of investigative actions by competent authorities. Organisations are supposed to keep whistleblowers updated on how the report is being dealt with.
Following up on reports might become more important than ever. In order for a reporting channel to be effective, it is essential that an organisation shows to be committed to following up on reports of misconduct. Now the proposed Whistleblower Protection Directive could make it mandatory to follow up on reports. In light of the above, it is important to have a whistleblowing system » in place that allows for efficient case handling and the possibility to establish a dialogue with the whistleblower.
Who should be given access to the reporting channel?
The proposed Whistleblower Protection Directive contains a wide scope of people who could be regarded as a whistleblower. The proposed law mentions workers (employees), shareholders, consultants, self-employed persons, suppliers and subcontractors, volunteers and trainees, whether paid or unpaid.
Our experience shows that offering access to a reporting channel is a matter of comfort. Our customer study » shows that although employees are the most important source for detecting misconduct and wrongdoings that should be prevented or addressed, external parties are increasingly invited to report. Nearly half of the organisations that participated in the survey said that they invite external stakeholders to report misconduct. Practically, this means that organisations should think about establishing a reporting channel that allows easy access to the large group of potential whistleblowers as envisaged by the proposed Whistleblower Protection Directive, ideally in any language.
Anonymous & confidential reporting
The proposed Whistleblower Protection Directive states that the reporting system should ensure confidentiality.
The proposed Whistleblower Protection Directive does not contain any provision on anonymous reporting. We believe that this is a great shortcoming and we are looking forward to seeing how this issue will develop in the future. We are convinced that any obstacle to report misconduct should be taken away. Therefore, although non-anonymous reporting should be encouraged, there should always be an option to report anonymously. Any organisation should give priority to hear about potential wrongdoings, whether anonymously or not. Our customer study » shows that having a whistleblowing system in place, which allows for establishing dialogue with the option to remain anonymous, is considered vital. From the perspective of a whistleblower, (fear of) the risk of retaliation is a very serious one. Although some countries have legislation in place aimed at whistleblower protection, anonymous whistleblowing » is the easiest way to avoid any repercussions. Another reason to leave the option of anonymity open is the practical issue that generally, the whistleblower does not trust the organisation sufficiently to report in any other way than anonymously.
We congratulate the European Commission with this brave historical step and we encourage all stakeholders to continue the implementation of its envisaged provisions and further improve its content.