EU Whistleblower Directive boosts corporates’ compliance topics
Smaller companies with less than 250 employees are still granted a transition period until December 17th, 2023.
Companies with 250 or more employees are already required to have established and implemented a corresponding whistleblower protection software since December 18th, 2021.
What is the aim of the European Whistleblower Directive?
From unethical behavior in governmental and private institutions to violations of the law: With the help of the EU Whistleblower Directive, these are to be uncovered and stopped. Because this is where the people who come into contact with irregularities or are the first to notice them come into play. As a result of the directive, these “whistleblowers” (Hinweisgebende in German) require special protection and are to be encouraged to report such violations - without fear of direct or indirect punishment. Against this background, the European Union issued the Whistleblower Protection Directive in 2019. German legislation is developing a federal law (Hinweisgeberschutzgesetz) on the basis of the Directive of the European Parliament and the Council of October 23rd, 2019; a corresponding government draft dated July 27th, 2022 is available and has been published on the website of the German Federal Ministry of Justice. In Austria, a federal law (called HinweisgeberInnenschutzgesetz) is being drafted in parallel.
This directive and its mandatory implementation for private companies, legal entities in the public sector, municipalities and local authorities (in each case above a certain size) bring new requirements, but at the same time also the opportunity for greater transparency. By establishing a reporting system, it will be possible to investigate misconduct or improper actions of an organization in a structured manner and to minimize identified risks.
Why the directive has brought the topic of compliance to small and medium-sized companies
Private companies with 50 employees or more are affected by the requirements of the directive. Violations of EU laws such as consumer protection, environmental protection and product safety can occur in any company, regardless of its size.
For many smaller companies, however, the issue of compliance represents an additional challenge in day-to-day business. In most cases, smaller enterprises do not have available structures or resources to draw on: They rarely have the necessary know-how or experience in compliance management and, above all, no free personnel resources, not to mention a compliance department or trained persons of trust (e.g. a compliance officer)
The lack of knowledge can be eliminated by introducing a whistleblower protection software that covers all legal requirements. Nevertheless, responsible persons are needed in the company to contact the whistleblowers—even if anonymously via a digital reporting channel—and to seriously investigate the information internally.
Why the consistent implementation of a whistleblower protection software promotes and demands an open corporate culture
It is therefore advisable for companies to take advantage of the pressure resulting from the implementation of the directive to act and not only make their own company compliant with the Whistleblower Protection Act. Instead, any positive knock-on effects should be actively seized upon in the consistent establishment of a whistleblower protection system. Here, it makes sense to simultaneously evaluate the three levels of action: governance, risk management and compliance in the company—with the appropriate depth depending on the company structure and available resources.
An effective whistleblower protection system can be an active component of internal risk management and act as an indicator when misconduct and potential violations are identified. This involves all parties affected: employees, customers, suppliers, etc. become risk managers for their department.
In addition to the introduction of reporting software, it is also important to have a corporate culture in which integrated risk management and continuous improvement are practiced. The whistleblower protection tool must be seen by management as an active opportunity and not as an additional financial and personnel burden. Only through active use of such a system and consistent, correct processing of reports received concrete measures can be taken to avoid identified risks in practice. This requires a positive corporate culture in which any reports are welcome. Conversely, a successful whistleblower protection system contributes significantly to an appreciative and open corporate culture.