• Home
  • Blog
  • 3 Things You Should Know About the New EU Whistleblower Protection Directive

3 Things You Should Know About the New EU Whistleblower Protection Directive

This blog article was written prior to LEO Learning becoming part of GP Strategies.

With headline-grabbing cases involving all sectors, from healthcare to Hollywood and financial services to manufacturing, whistleblowing is rarely out of the media. As a result, the encouragement and protection of whistleblowers is a priority for legislators and organizations across the globe.

Whistleblowing is a complex area that spans law, regulation, and culture. The complexity is increased for organizations with a global presence, staff, and policies. The cost of non-compliance is high for everyone involved, especially for the whistleblowers themselves.

This article focuses on the new EU Whistleblower Protection Directive (the Directive) and highlights three facts that all organizations need to know in order to prepare for its implementation next year.

What Is the EU’s Whistleblower Protection Directive?

In October 2019, the EU’s Whistleblower Protection Directive was adopted by the European Council. The Directive’s central aim is to provide better protection for those who seek to expose, corporate wrongdoing. These protections are extended to anyone working in the public or private sector who could acquire information about wrongdoing in a work-specific context.

These protections don’t just cover employees. They’re also in place to protect job applicants, former employees, supporters of the whistleblower, and journalists. The protections are there to support again dismissal, retaliation, and any other form of discrimination, such a being denied training or receiving poor evaluations as a result of whistleblowing.

While the scope of the Directive is limited to wrongdoing specific to EU law, it’s still broad. It includes:

  • Tax evasion
  • Money laundering
  • Public procurement offices
  • Product and road safety
  • Environment protection
  • Public health
  • Consumer and data protection

Beyond the scope of the Directive, national legislators are encouraged to extend the coverage to cover their national laws as well.

Below are three facts all organizations need to know about the EU Directive.

1. It Applies to All Organizations Operating in the EU

The directive will impact all private and public sector organizations with over 50 employees operating within the EU. It covers all sectors, including financial services, pharmaceutical, manufacturing, and hospitality. Non-EU organizations that operate within the EU will also be affected, including UK organizations post-Brexit.

Relevant organizations with over 250 employees must comply with the Directive (in the form it has been implemented through relevant national legislation) from the end of 2021. There is, however, an extension on this deadline for organizations with between 50 and 250 employees.

2. It Requires Real Change

The Directive requires organizations to make material changes to their whistleblowing arrangement and policies. For some, this may simply be updates. For others, it will require setting up an entirely new framework for reporting and processing disclosures.

Reporting channels must be in place for individuals to make reports, either in writing (through an online reporting platform, email, or letter) or orally (via a telephone hotline, voice messaging, or in person). These channels must be clearly outlined in policies and processes that inform individuals how their report will be handled. This includes:

  • What an investigation looks like
  • Who will conduct the investigation
  • Who will decide if wrongdoing has occurred

Organizations will then have a window of three months, or six in exceptional cases, in which to respond to and follow up on reports.

Protective measures must also be put in place relating to confidentiality. These must prevent an individual’s identity from being disclosed without their consent to anyone beyond authorized staff members. The Directive leaves it to each Member State to decide whether anonymous reports should be accepted and, therefore, anonymity will be subject to local legislation.

3. Communication and Training Are Vital

Affected organizations must also provide clear, easily accessible, and transparent information about their whistleblowing arrangements to employees about the reporting channels open to them and the process that they should follow.

Line managers, HR, legal/compliance departments, and those involved in any whistleblowing investigations must receive tailored training regarding the handling of reports. This training should include:

  • How to respond to whistleblowing reports
  • Who to inform once a report has been made
  • How to ensure confidentiality (and, if applicable, anonymity)

More widely, organizations are expected to take steps to encourage reporting by promoting a supportive and open culture. This may involve:

  • Reviewing Codes of Conduct
  • Considering ‘tone from the top’ messaging
  • Undertaking cultural surveys

It’s Important to Act Now: What Are The Next Steps?

These procedural and cultural changes will take time to implement. We encourage organizations to start as soon as possible to make sure they can meet the implementation deadline.

Put simply, you need to act now. Whistleblowing arrangements and processes are fast becoming a global GRC priority. They are vital to protect employees, whistleblowers, customers, and other stakeholders as well as meeting your legal and regulatory obligations.

Are you looking for expert-led support on whistleblowing to support your organization’s learning goals? Our friendly team is on hand to offer fully tailored support to match your needs. Get in touch.

About the Authors

Liz Hornby
Liz joined the GP Strategies Learning Experience team (previously LEO Learning) 13 years ago and acts as an in-house compliance content specialist. After studying at Nottingham and Cambridge Universities, Liz qualified as a barrister and went on to work for both the London Stock Exchange and The Securities Association (a predecessor of the Financial Conduct Authority). She then moved into compliance, working for Nomura International plc and Goldman Sachs, before becoming a compliance consultant in 1994. As a consultant, she advised and worked with a broad range of financial services firms. Liz has a Masters Degree in International Business Ethics and Corporate Governance from the University of London and a PhD on whistleblowing in the UK banking industry. Liz was Deputy Chairman of the Compliance Forum Committee of the Chartered Institute for Securities and Investments (CISI) for many years and is a part-time lecturer in Corporate Governance and Ethics at the University of London.

Get in touch.

Learn more about our talent transformation solutions.

Transformation doesn’t happen overnight if you’re doing it right. We continuously deliver measurable outcomes and help you stay the course – choose the right partner for your journey.

Our suite of offerings include:

  • Consulting Services | Aligning vision and strategy to deliver integrated and systemic business results to drive growth and change through people.
  • Learning Services | Modern learning strategies, content, experiences, and delivery approaches that optimise workforce performance.
  • Technologies | An ecosystem of learning and talent tools, systems, platforms, and expertise that enable learning and talent transformation.






Powered by Translations.com GlobalLink OneLink Software