The treatment of whistleblowers and their reports is laid down in various specific laws in Portugal.
Under Law 93/2021, a whistleblower of work-related offences must not be retaliated against. Furthermore, imposing disciplinary penalties on the whistleblower within two years after their disclosure is presumed to be abusive. The whistleblower is entitled to judicial protection and may benefit from the witness protection programme within criminal proceedings. Additionally, reports will be recorded for five years and, where applicable, personal data that is not relevant for the handling of a specific report will not be collected or, if accidentally collected, will be deleted immediately.
Corruption and Financial Crime Law (Law 19/2008)
Under Law 19/2008, a whistleblower must not be hampered. Furthermore, the imposition of disciplinary penalties on a whistleblower within one year following the communication of the infraction is presumed to be unfair.
Additionally, whistleblowers are entitled to:
- anonymity until the pressing of charges;
- be transferred following the pressing of charges; and
- benefit from the witness protection programme within criminal proceedings (remaining anonymous upon the verification of specific circumstances).
Money Laundering and Terrorism Financing Law (Law 83/2017)
Law 83/2017, which sets forth the legal framework to prevent, detect and effectively combat money laundering and terrorism financing, applies to financial entities and legal or natural persons acting in the exercise of their professional activities (eg, auditors and lawyers)(collectively, obliged entities).
According to article 20 of Law 83/2017, individuals who learn of any breach through their professional duties must report those breaches to the company's supervisory or management bodies. As a result, the obliged entities must refrain from threatening or taking hostile action against the whistleblower and, in particular, unfair treatment within the workplace. Specifically, the report cannot be used as grounds for disciplinary, civil or criminal action against the whistleblower (unless the communication is deliberately and clearly unjustified).
Legal Framework of Credit Institutions and Financial Companies (RGICSF)
Credit institutions must implement internal-reporting mechanisms that must guarantee the confidentiality of the information received and the protection of the personal data of the persons reporting the breaches and the persons charged. Under article 116-AA of RGICSF, persons who, while working in a credit institution, become aware of:
- any serious irregularities in the management, accounting procedures or internal control of the credit institution; or
- evidence of a breach of the duties set out in the RGICSF that may cause any financial imbalance, must communicate those circumstances to the company's supervisory body.
These communications cannot, per se, be used as grounds for disciplinary, criminal or civil liability actions brought by the credit institution against the whistleblower.
Moreover, article 116-AB of the RGICSF establishes that any person aware of compelling evidence of a breach of statutory duties may report it to the Bank of Portugal. Such communications cannot, per se, be used as grounds for disciplinary, criminal or civil liability actions brought by the credit institution against the whistleblower, unless the report is clearly unfounded.
The Bank of Portugal must ensure adequate protection of the person who has reported the breach and the person accused of breaching the applicable duties. It must also guarantee the confidentiality of the persons who have reported breaches at any given time.
Portuguese Securities Code (CVM)
Article 382 of the CVM states that financial intermediaries subject to the supervision of the Portuguese Securities Market Commission (CMVM), judicial authorities, police authorities, or respective employees must immediately inform the CMVM if they become aware of facts that qualify as crimes against the securities market or the market of other financial instruments, due to their performance, activity, or position.
Additionally, according to article 368-A of the CVM, any person aware of facts, evidence, or information regarding administrative offences under the CVM or its supplementary regulations may report them to the CMVM either anonymously or with the whistleblower's identity. The disclosure of the whistleblower's identity, as well as that of their employer, is optional. If the report identifies the whistleblower, their identity cannot be disclosed unless specifically authorised by the whistleblower, by an express provision of law or by the determination of a court.
Such communications may not be used as grounds for disciplinary, criminal, or civil liability action brought against the whistleblower, and they may not be used to demote the employee.
According to article 368-E of the CVM, the CMVM must cooperate with other authorities within the scope of administrative or judicial proceedings to protect employees against employer discrimination, retaliation or any other form of unfair treatment by the employer that may be linked to the communication to the CMVM. The whistleblower may be entitled to benefit from the witness-protection programme if an individual is charged in criminal or administrative proceedings because of their communication to the CMVM.