ICQ Log -  Financial Crime:  

Update on the EU 'Whistleblowing' Directive 

 

Last Updated: 10 September 2021

Stephanie Casey, Integrity at Work Programme Manager at Transparency International Ireland, provides an overview of the new measures to protect whistle blowers, including reporting channels and procedures, three-tier reporting systems and protection from penalisation.  

The Government recently published the General Scheme of the Protected Disclosures (Amendment) Bill which, when enacted, will transpose the EU ‘Whistleblowing’ Directive into Irish law by December this year.

The EU ‘Whistleblowing’ Directive was created in response to a series of scandals uncovered in recent years by whistleblowers, such as the LuxLeaks case. Recognising that whistleblower protection across EU member states was fragmented, in October 2019, the European Council approved new EU-wide standards to provide greater protections for those who seek to expose wrongdoing in the public interest.

Ireland is one of just ten EU Member States that already has comprehensive whistleblowing legislation in the form of the Protected Disclosures Act 2014 (PDA). The PDA will be amended to give effect to the Directive and to further enhance and strengthen the protections it provides.

Reporting Channels and Procedures

The Directive will oblige private sector companies with 50 or more employees to establish formal channels and procedures for receiving and following up on reports. Previously, only public sector employers were obliged to do so.

Organisations with 250-plus employees must comply with this requirement by December 2021 and organisations with between 50 and 249 employees must comply by the end of 2023.

However, entities falling under EU law relating to financial services, products and markets, prevention of money laundering and terrorist financing, transport safety and protection of the environment will be required to establish reporting channels irrespective of the number of employees employed.

Organisations will be required to provide a variety of reporting channels for anyone wishing to report wrongdoing, including phone lines, online reporting, post, third party hotlines, voice messaging systems and/or in person meetings. Reporting channels must ensure confidentiality of the identity of the reporting person and prevent access to non-authorised staff members.

Staff in legal and compliance departments will need to be assigned and trained in how to handle reports. This should include understanding how to respond to reports, who to inform and how to maintain confidentiality. Staff will also be obliged to keep accurate records of all reports. All personal data relating to disclosures must be handled in accordance with the GDPR.

The Directive will impose a tighter timeframe on organisations who receive disclosures to acknowledge receipt of a disclosure within seven days and to ‘diligently follow-up on disclosures’. Feedback, which might not necessarily be the outcome of an investigation, will be required within three months (with a possible extension to six months in complex cases).

Three-tier Reporting System

Organisations are expected to provide clear, easily accessible and transparent information about reporting channels to facilitate reporting. The Directive provides for three potential avenues for workers to make a disclosure which remain largely the same as in the PDA.

In the first instance, the Directive seeks to encourage disclosers to report a disclosure internally to the person’s employer or a third party nominated by the employer. In the case of a public body, a report may also be made to the relevant government minister.

The second reporting option will be to ‘competent authorities’. These would include bodies such as regulators and ombudsmen (referred to as ‘prescribed persons’ under the PDA).

The third reporting option is a ‘public disclosure’, such as through media or other public means. Under the PDA, there are very specific criteria to be met by the worker in choosing to report in this way. Similarly, the Directive proposes that this channel is suitable in cases involving imminent danger to the public interest, or where there is a risk of retaliation or failure to deal with the worker’s concerns in the required timeframe.

Protection from Penalisation

The PDA is designed to protect ‘workers’ including employees, consultants, agency workers, and contractors. The Directive will extend protections to people that are not currently included in the definition of ‘worker’, such as volunteers, nonexecutive members and shareholders.

Protections will also apply to those who have not yet commenced employment where information concerning a breach has been acquired during the recruitment process or other pre-contractual negotiation. Those assisting whistleblowers, who could be affected by a disclosure, are also protected.

Under the PDA, employers are required to protect whistleblowers from any form of retaliation or penalisation. If a worker is penalised by their employer, or where their employer causes or permits another person to penalise them, they have a right to pursue damages in the Workplace Relations Commission (WRC).

The current definition of penalisation is “any act or omission that affects a worker to the worker’s detriment” including unfair dismissal, unfair treatment and harassment. The Directive proposes a further extensive definition of penalisation including (but not limited to) negative performance assessment or employment references, withholding of training, ostracism, blacklisting and early termination or cancellation of a contract for goods and services.

In cases relating to detriment suffered by a whistleblower, the Directive presumes the detriment was made in retaliation to the report. This means that the burden of proof will rest with employers to prove that any alleged detriment was based on ‘duly justified grounds’.

Key Takeaways

The EU Whistleblowing Directive presents compliance teams with a valuable opportunity to improve their systems for receiving disclosures, in addition to reviewing and updating protected disclosures policies and procedures. It will also be important to establish effective reporting channels and processes. The Integrity at Work survey, carried out by Transparency International (TI) Ireland in 2016, shows that 90% of employees would prefer to raise concerns internally with a senior manager or Board Member within their organisation. This shows that by putting effective arrangements in place, organisations can identify and deal with potentially serious issues before they escalate.

TI Ireland provides specialised training and workshops on the PDA and the Directive and will host a virtual Integrity at Work conference in November, which will explore the practical implications for employers in implementing the Directive. The conference will present a range of perspectives from different sectors, include first-hand accounts from people who have spoken up about wrongdoing, and discuss how supporting whistleblowing can foster both individual and organisational integrity. If you would like to find out more, visit www.integrityatwork.ie where you can sign up to our newsletter and keep up to date. You can also contact us at (01) 554 3938 or email [email protected]

Lawyer Photo

Author: Stephanie Casey

Integrity at Work Programme Manager at Transparency International Ireland

ICQ Autumn Edition 2021

This article was taken from the ACOI's ICQ Autumn Edition 2021