Whistleblowing has become a very relevant topic in the last years ever since major whistleblowers have paved the way for regulation and protection of whistleblowers in Europe and N. America. In the year 2021 Germany will implement new regulation which will require companies of certain sizes to provide methods for whistleblowing and also ensure that such channels are made available to employees of the organization.
The main purpose of the regulation is to ensure that whistleblowing is encouraged and allows employees to identify potential corruption, fraud or similar cases of breach of law.
The main purpose of the regulation is to ensure that whistleblowing is encouraged and allows employees to identify
Whistleblowing has been regulated in the European Union by the Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law. This directive required EU member states to implement protection of whistleblowers into local regulation by EU member states, whereby it clearly states that already existing protective measures should not be reduced in member states, where such or better protective measures were already in place.
The directive needs to be implemented by 17 December 2021. What does that mean for member states and companies operating in these countries?
There is a separation between 2 types of legal entities in that case – based on employee headcount on what they need to implement or what are the main requirements for such organization types, predefining the foundation for local regulation:
“For legal entities in the private sector, the obligation to establish internal reporting channels should be commensurate with their size and the level of risk their activities pose to the public interest. All enterprises having 50 or more workers should be subject to the obligation to establish internal reporting channels, irrespective of the nature of their activities, based on their obligation to collect VAT. Following an appropriate risk assessment, Member States could also require other enterprises to establish internal reporting channels in specific cases, for instance due to the significant risks that may result from their activities.” and allows an option to also affect smaller organizations, by defining: “This Directive should be without prejudice to Member States being able to encourage legal entities in the private sector with fewer than 50 workers to establish internal channels for reporting and follow-up, including by laying down less prescriptive requirements for those channels than those laid down under this Directive, provided that those requirements guarantee confidentiality and diligent follow-up.”.
For many compliance managers this has resulted in the need to find ways on how to implement such channels within the organizations, depending on the level on which that is seen as relevant by organization management. Several compliance managers struggle as there is much flexibility on what needs to be provided within the organization to be able to allow for requirements but also to actually provide and implement a functioning, usable and used system for whistleblowing, also reducing the risks of the misuse of anonymous channels within the organization. After all a compliance manager with no compliance issues most probably acts in an environment that does have such issues, but they are not identified and managed well, neither are the employees encouraged enough to participate in identification of such issues.
The selection of safe and secure communication channels and methodology vary greatly from organization to organization and many have implemented very effective ways on managing and reporting compliance issues.
The first issue if of course also the selection of the whistleblowing platform and technology to be used. A whistleblowing software solution, such as ShakeSpeare Legal can be implemented in a fast way allowing a “self service” portal via the intranet or internet (including also external parties for example) as a fast and cost-efficient platform which internally defines the compliance reporting and management process within the software itself to allow for better tracking, reporting, auditing, and managing the issues themselves.
In one of our main markets – Germany – which has been on the forefront of Personal data protection and similar regulations, the legislation has not yet been passed, but it is expected. How the actual procedures and processes can be improved has been the topic of many working groups, but what was established that such channels need to be intuitive, available, anonymous (optional to the user) and auditable. Of course most of all need to go hand in hand with the organizational norms and regulations as well as stimulating employees to participate in order to ensure that the organization is compliant in order to reduce risks for the organization itself. An efficient compliance organization has been shown to help organizations avoid relevant risks and, in several scenarios, also identify fraud, intentional negligence and even risks to human life.
If you would like to know more about how ShakeSpeare Legal Software solutions are applied in compliance and help organizations achieve a higher level of compliance by the use of modern and cost effective tools with adaptable workflow management to adjust and improve the process, please contact us via the webform and we will be happy to present some best-practice examples and success stories from several EU countries.