“Whistleblowing’ is the term used to define reporting of wrongdoing. It is an essential component of a good governance framework, which in turn is a fundamental pillar underlying ethical and responsible business conduct. Whistleblowing procedures, in fact, feature in the ISO 26000 guidelines on corporate responsibility.
Our current legal framework already regulates the protection of whistleblowers, to a certain extent. A Directive adopted in 2019 however, is set to extend the protection granted to whistleblowers.
Directive 2019/1937 on the protection of persons who report breaches of Union law (the Whistleblower Directive), which currently applies to companies with over 250 employees, and which will apply to all companies employing more than 50 people from 2023, comes into force this December. Here’s what you need to know about it:
1. It is aimed at granting greater protection for those who seek to expose corporate wrongdoing. In fact, the preamble to the Directive states that:
“Persons who work for a public or private organisation or are in contact with such an organisation in the context of their work-related activities are often the first to know about threats or harm to the public interest which arise in that context. By reporting breaches of Union law that are harmful to the public interest, such persons act as ‘whistleblowers’ and thereby play a key role in exposing and preventing such breaches and in safeguarding the welfare of society. However, potential whistleblowers are often discouraged from reporting their concerns or suspicions for fear of retaliation. In this context, the importance of providing balanced and effective whistleblower protection is increasingly acknowledged at both Union and international level.”
2. The persons who are to be guaranteed protection under the law will be largely extended under the Directive, encompassing workers, self-employed persons, shareholders and persons belonging to the administrative, management or supervisory body of the undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees; as well as any persons working under the supervision and direction of contractors, subcontractors and suppliers. Moreover, the measures for the protection of reporting persons shall also apply, where relevant, to facilitators; third persons who are connected with the reporting persons and who could suffer retaliation in a work-related context (such as colleagues or relatives of the reporting persons); and legal entities that the reporting persons own, work for or are otherwise connected with in a work-related context.
3. The Directive envisages a three-tier reporting structure, which means that reporting can be done either internally within the company; or externally, when for instance, such reports would be facilitated through the relevant national authorities; or publicly, via platforms such as Twitter!
4. The Directive applies to legal entities in both the private and public sector.
5. The identity of the whistleblower must be kept confidential at all times – the only exception is when the identity of the reporting person and any other relevant information has to be disclosed due to it being a necessary and proportionate obligation imposed by Union or national law, in the context of investigations or judicial proceedings. In such cases, any form of retaliation is prohibited. The directive defines ‘retaliation’ as “any direct or indirect act or omission which occurs in a work-related context, is prompted by internal or external reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person” and provides a list of actions that can be considered as such:
If a whistleblower is exposed to such reprisals after making a report (coved by the scope of the Directive), it will be assumed that the reprisals are initiated due to the report and the employer must in this case prove that the reprisals were not initiated due to report.
The European Union is adding this Directive to the portfolio of tools available to fight corruption and bad practice and to promote a culture of good governance and accountability. If your company hasn’t yet updated its policies and procedures to align itself with the requirements of the new Directive, you only have a couple of months left to comply – time to take action!
Effective communication, together with an ability to learn from failure are two essential skills business leaders need to best prepare ...
The truth is that when a brand or company chooses to be overly sober and distant, it might feel safe ...
Taking a path followed by others won’t necessarily bring you the success you seek.
The CIO shares his experience taking the reins of BOV’s IT efforts and discusses how disruptive technologies ought to shape ...