Guide to Whistleblowing

Contributing Editors

In this new age of accountability, organisations around the globe are having to navigate a patchwork of new laws designed to protect those who expose corporate misconduct. IEL’s Guide to Whistleblowing examines what constitutes a protective disclosure, the scope of regulations across 17 countries, and the steps businesses must take to ensure compliance with them.

Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.

Choose countries

 

Choose questions

Choose the questions you would like answering, or choose all for the full picture.

01. Which body of rules govern the status of whistleblowers?

01. Which body of rules govern the status of whistleblowers?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

This guide will only focus on the private sector. The federal government is working on an Act that will transpose the EU Whistleblower Directive into Belgian legislation. It will comply with the provisions of this Directive, but also offers greater protection for whistleblowers. At the time of publication, the draft legislative proposal has not yet been submitted to the federal parliament. Therefore, this guide is based on the provisions of the draft legislative proposal.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

Whistleblowing is addressed in Law 12846/2013 (Brazilian Anticorruption Act) and is also mentioned in Decree 8420/2015, which details the terms and conditions of the Brazilian Anticorruption Act.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

In Croatia, the status of whistleblowers and whistleblower protection (WBP) is governed by the Act on the protection of persons who report irregularities (WBP Act). The WBP Act came into force on 23 April 2022 and replaced the previous Croatian WBP legislation of 2019, introducing amendments to implement Directive (EU) 2019/1937 of 23 October 2019 on the protection of persons who report breaches of Union law (the Directive).

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

In France, whistleblowing was governed by Law No, 2016-1691 on transparency, the fight against corruption and the modernisation of economic life, also known as Sapin II.

A few years later, the European Parliament adopted Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons who report breaches of Union law.

The main objective of the EU Directive is to harmonise EU member states’ legislation about whistleblowing.

In France, the transposition laws of the EU Directive were definitively adopted and came into force on 21 March 2022:

  • an “ordinary” law aimed at improving the protection of whistleblowers; and
  • an “organic” law aimed at strengthening the role of the French Human Rights Defender in terms of whistleblowing.

These new local Laws comply perfectly with European standards and make numerous amendments to Sapin II.

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

The status of whistleblowers in Germany is primarily governed by European law. The relevant legislation is Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons reporting infringements of Union law (EU Whistleblower-Directive).

The EU Whistleblower-Directive should have been implemented into German law by 17 December 2021 at the latest. After initial draft legislation failed for political reasons, the Federal Ministry of Justice has recently presented a new draft bill for a Whistleblower Protection Act (HinSchG-E) on 13 April 2022. The legislative process is pending. The consultations on the draft bill in the German Bundestag and Bundesrat are expected to take place in the summer of 2022, so the bill can be expected to enter into force in the second half of the calendar year 2022.

The following responses are therefore based on the current draft bill legislation of the Federal Ministry of Justice. At this point, it also remains to be seen whether the government draft will make further amendments to the draft bill of the Federal Ministry of Justice.

If the draft bill should meet specific concerns under European law, this will be pointed out separately in the following.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

The only legislation dealing with the protection of whistleblowers in India are:

  • the Whistle Blowers Protection Act 2014 (Whistle Blower Protection Act). This Act provides a legal mechanism for the reporting of illegal, unethical and illegitimate practices by members of an organisation. However, the scope of the Act is limited to public servants and public sector undertakings. Further, please note that as of the time of writing, despite the Whistle Blower Protection Act being passed by both houses of the Indian parliament, it has not yet been enacted by the central government; and
  • the Companies Act 2013 (Companies Act), which mandates the incorporation of a whistleblower policy, but primarily only by listed companies.

To date, there are no specific laws dealing with the protection of whistleblowers applicable to private, unlisted companies or unincorporated entities and their employees. Employers are free to formulate and adopt a whistleblower policy to encourage employees (or any other person for that matter) to report matters without the risk of subsequent victimisation, discrimination or disadvantage, economic or otherwise. Accordingly, for private establishments, the whistleblowing regime remains largely discretionary and policy-driven. 

India has not yet adopted laws to improve the protection of whistleblowers across sectors or levels in the economy and establish adequate secure channels or mechanisms to enable whistleblowers to report without fear of disclosure, retaliation or victimisation.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The Whistleblower Protection Act (the Act) governs the status of whistleblowers.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The status of whistleblowers is governed by the Whistleblowing Act. The provisions of the Whistleblowing Act comply with European standards since legal requirements arising out of the EU Whistleblower Directive (EU WBD) are implemented therein.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

The status of whistleblowers is mainly governed by the Law on the Protection of Whistleblowers of the Republic of Lithuania (the Law) and other respective related Acts. They implement Directive 2019/1937 (the Directive) and comply with European standards.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

To date, the status of whistleblowers is governed by the following rules in Luxembourg:

  • Circular CSSF 12/552 on central administration, internal governance and risk management, as amended by Circulars CSSF13/563, CSSFv14/597, CSSF16/642, CSSF16/647, CSSF17/655, CSSF20/750, CSSF20/759 and CSSF 21/785, applicable until 29 June 2022;
  • Circular CSSF 12/552 on central administration, internal governance and risk management, as amended by Circulars CSSF13/563, CSSFv14/597, CSSF16/642, CSSF16/647, CSSF17/655, CSSF20/750, CSSF20/759, CSSF 21/785 and CSSF 22/807, applicable from 30 June 2022;
  • Law of 7 December 2015 on the insurance sector;
  • Law of 5 April 1993 on the financial sector, as amended;
  • Article 8 of the Law of 23 December 2016 on market abuse, as amended;
  • Criminal Code: article 140;
  • Code of Criminal Procedure: article 23;
  • Law of 12 November 2004 on the fight against money laundering and terrorist financing (articles 5 and 9), as amended;
  • Labour Code: articles L.313-1(4), L.241-8, L.245-5 and L.253-1, L.271-1 and L.271-2;
  • Law of 16 April 1979 establishing the general status of state officials;
  • Law of 24 December 1985 establishing the general status of municipal civil servants; and
  • Law of 26 June 2019 on the protection of know-how and undisclosed commercial information against unlawful obtaining, use and disclosure.

Bill 7945 (the Bill) transposing Directive (EU) 2019/1937 of the European Parliament and of the council of 23 October 2019 on the protection of persons who report violations of Union law. The bill is expected to come into force in the last quarter of 2022.

The information in this submission will therefore be based on the provisions of this Bill.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

Although there are no specific rules governing the status of whistleblowers in Nigeria, the following all provide some guidance on the subject:

  • The Nigerian Code of Corporate Governance, 2018 (NCCG), encourages all companies to have a whistleblowing policy. Also, we have some other sectoral guidelines that provide rules for governing the status of whistleblowers in Nigeria. These sectoral guidelines include Whistleblowing Guidelines for Pensions, 2008;
  • Code of Corporate Governance for Banks and Discount Houses, 2014;
  • Code of Corporate Governance for Finance Companies, 2018;
  • Investment and Securities Act 2007; and
  • Rulebook of the Nigerian Stock Exchange 2015.
Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

In Portugal, the law that governs the status of whistleblowers is Law No. 93/2021, which transposed Directive (EU) 2019/1937 of the European Parliament and the Council.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

Romanian Law No. 571/2004 (Law 571)[1] was one of the first laws in Eastern Europe to deal with the protection of whistleblowers in the public sector. As regards the private sector, discussions related to the Draft Law on the Protection of Whistleblowers in the Public Interest, which was passed by the Senate on 19 April 2022, have been tense. This Draft Law (Pl-x 219/2022)[2], hereinafter referred to as the Draft Law) was adopted on 29 June 2022 with major changes (details below) by the Chamber of Deputies and subsequently challenged in the Romanian Constitutional Court. In a ruling on 13 July 2022, the Constitutional Court stated that the Draft Law is not unconstitutional and may be promulgated by President Iohannis. Several NGOs, whistleblowers and stakeholders of civil society have addressed an open letter to President Iohannis, asking him to use the alternative option and send the Draft Law back to Parliament for re-examination. The main reason they invoke is a failure of the Draft Law to comply with the requirements negotiated by the representatives of the Ministry of Justice with the European Commission and hence, a risk of an infringement procedure against Romania. The President has taken this step and sent the Draft Law back to Parliament.

This is the status at the time of writing. Currently it is unclear when the Draft Law shall be discussed in Parliament; this is expected to take place earliest in September 2022 after the parliamentary vacation.

The Draft Law is meant to implement the EU Whistleblowing Directive (Directive (EU) 2019/1937), but differs significantly from the European regulation. It has been criticised on the one hand because important provisions regarding the protection of whistleblowers in legal proceedings (eg, for defamation, breach of copyright, breach  of secrecy, breach of data protection rules, disclosure of trade secrets) have been omitted. On the other hand, the Draft Law has been attacked for reducing the protection standard granted by the previous Law 571/2004 for the public sector (eg, by restricting the possibility of whistleblowers to report directly to the press and by eliminating the resumption of good faith in favour of the whistleblowers). The signal from the Romanian parliament to employers has been interpreted as a sign of high tolerance as regards non-compliance with the Whistleblowing Directive. For example, employers applying repetitive retaliation measures against whistleblowers will pay a reduced civil fine of 2,000 EUR, as compared to roughly 6,000 EUR as per the first proposal. Another aspect is the lack of remedies and full compensation for damages suffered by whistleblowers, which can discourage them from reporting.

 

[1] Law no. 571/2004 regarding the protection of the staff of the public authorities, public institutions and other units that notifies breaches of law, published in the Official Gazette no. 1214/ 17.12.2004.

[2] Source: http://www.cdep.ro/pls/proiecte/upl_pck2015.proiect?nr=219&an=2022 (last checked on 20.07.2022).

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

First, we must clarify that the Directive has not been transposed into the Spanish legal system yet. However, on 4 March 2022, the Council of Ministers approved a preliminary draft law transposing the Directive (the Draft). The Draft must be approved by the Spanish Cortes Generales (legislature) to become law.

This chapter will be based on the current content of the Draft.

Apart from the above, there are no other legal and regulatory obligations on employers for whistleblowing (except in certain sectors).

The most important Spanish regulations that up to now have had an impact on whistleblowing are:

  1. Section 24 of Law 3/2018, on Data Protection and the guarantee of Digital Rights authorises the creation of information systems for internal complaints regarding actions that could be unlawful and regulates some requirements that need to be met by these channels.

The content of this section has been included in the Draft and also extended.

  1. Section 31 bis of the Criminal Code states that legal entities can be exempt from liability for crimes committed by its legal representatives or persons authorised to take decisions in the name of the company (among others) if the legal entity has implemented, before the criminal offence took place, organisational and management models that include appropriate surveillance and control measures to prevent offences or reduce the risk of them occurring.
  2. Section 48.1 of Law 3/2007 on effective equality between women and men states that companies must establish workplace conditions that prevent sexual harassment. Consequently, they are required to establish procedures destined to prevent this conduct and study complaints made by victims.
  3. Section 26 bis of Law 10/2010 on the prevention of money laundering and terrorist financing establishes that entities or individuals to whom this law applies[1] must implement internal procedures that allow employees, directors, and other agents to communicate (even anonymously) relevant information regarding money laundering and terrorist financing in their company.

Additionally, entities and individuals who fall under the law’s scope must protect employees, directors or agents who report information from retaliatory, discriminatory, or unfair measures, thus establishing a soft-law mechanism.

 

[1]Section 2 of Law 10/2010 states that concerned individuals will be: credit entities; insurance companies authorized to offer life insurance or investment related insurance; investment companies; entities managing pension plans; entities managing risk-capital and risk-capital entities whose risk-capital is not managed by another entity;  mutual agreement companies; individuals who are involved in money exchanging activities; postal services regarding certain services; property developers and individuals who professionally participate in operations with a certain value; accountants, tax consultants and individuals who perform similar activities; notaries and similar public servants; lawyers; casinos; art or antiquities sellers and collectors; among others.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

In Sweden, whistleblowers are protected under:

  • the Whistleblowing Act (SFS 2021:890) addresses reports about violations of EU law or irregularities in the public interest;
  • the Discrimination Act (SFS 2008:567) addresses reports about discrimination, harassment and sexual harassment; and
  • the Freedom of the Press Act (SFS 1949:105) and the Fundamental Law on Freedom of Expression (SFS 1991:1469) address public sector employees’ freedom of communication to certain media outlets, etc.

Also, sector-specific legislation and regulation may impose a disclosure obligation on a whistleblower, such as the Patient Safety Act (SFS 2010:659).

The Whistleblowing Act entered into force on 17 December 2021 and enacts the Whistleblowing Directive (Directive (EU) 2019/1937[1]). The Whistleblowing Act, however, has a wider scope of applicability than the Whistleblowing Directive as it also protects whistleblowers who report on irregularities in the public interest.

 

[1] Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

In the UK, the legal framework for whistleblowers is set out in the Employment Rights Act 1996 (as amended by the Public Interest Disclosure Act 1998 and the Employment and Regulatory Reform Act 2013).

The UK framework does not fully comply with European standards set out in the EU Directive 2019/1937/EU (the Directive).  Especially now that the UK has left the EU, it is not known whether UK whistleblowing legislation will be amended to reflect the workers’ rights and best practices introduced by the Directive.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

There is no uniform private sector “whistleblower protection law” in the United States. Rather, the United States has enacted numerous different whistleblower statutes in the course of regulating particular industries, claims made to the government and commercial activity. Indeed, the United States has enacted whistleblower protections in areas as diverse as workplace safety and health, airline, commercial motor carrier, consumer product, environmental, financial reform, food safety, health insurance reform, motor vehicle safety, nuclear, pipeline, public transportation agency, railroad, maritime and securities laws.

One of the most prominent and commonly invoked whistleblower protection statutes is the Sarbanes-Oxley Act of 2002 (SOX), as amended by the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (Dodd-Frank). SOX protects employees of certain companies from retaliation for reporting alleged mail, wire, bank or securities fraud; violations of the Securities and Exchange Commission (SEC) rules and regulations; or violations of federal laws related to fraud against shareholders. SOX covers employees of publicly traded companies and those companies’ subsidiaries, as well as (in some instances) contractors, subcontractors, and agents of those employers.

Dodd-Frank also contains whistleblower protection provisions (ie, anti-retaliation provisions), one specific to activities regulated under the Securities Exchange Act, and another specific to activities regulated by the Commodities Exchange Act.

In addition, Dodd-Frank established a whistleblower bounty program, which enables individuals who report original information leading to an enforcement action by the SEC that results in monetary sanctions exceeding $1 million to receive between 10% and 30% of that recovery.

The Internal Revenue Service (IRS) similarly pays monetary awards of between 15% and 30% of recovered amounts exceeding $2 million to individuals who provide information regarding alleged tax noncompliance.

Another prominent whistleblower statute is the federal False Claims Act (FCA), which allows persons and entities with evidence of fraud against federal programs or contracts to sue the wrongdoer on behalf of the United States government in what is referred to as a “qui tam” action. A qui tam plaintiff, referred to as a “relator,” is protected from retaliation and, if successful, can receive between 15% to 30% of the total recovery from the defendant, whether through a favourable judgment or settlement.

Likewise, several states have similarly enacted whistleblower statutes, including California, Illinois and New York. Many states also have their own false claims laws that allow individuals to file “qui tam” lawsuits against those who defraud the state.

Further, over half of the states in the United States recognise a common law claim of retaliatory discharge in violation of public policy, which may present a risk of punitive damages.

Last updated on 29/07/2022

02. Which companies must implement a whistleblowing procedure?

02. Which companies must implement a whistleblowing procedure?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

All legal entities, including companies, with 50 or more employees (ie, full-time equivalents (FTEs)) will have to implement an internal reporting channel. This threshold of 50 FTEs will be calculated in the same way as the rules for social elections prescribe. This means that they will look at the average employment over a reference period.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

Private companies are not legally required to have a whistleblowing procedure, but having one is an element that may benefit them in lessening the severity of sanctions imposed in anti-corruption investigations.

The only exception is financial institutions and companies subject to the authority of the Central Bank of Brazil. Such companies must set up a whistleblower channel due to administrative ordinance 4859/2020. Please refer to question 11 as regards financial institutions and other companies subject to the authority of the Central Bank of Brazil.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Under the WBP Act, a whistleblowing procedure must be implemented by:

  • any company falling within the scope of EU acts referred to in Part I.B and Part II of the Annex to the Directive, regardless of the number of employees employed by the  company; and
  • any company employing 50 or more employees.

Under unofficial interpretations by the officials of the Croatian Ministry of Justice and Public Administration (the Ministry), where applicable, the headcount threshold should take into account only persons employed with the company (ie, persons engaged by the company based on an employment contract) and ordinarily working for the company anywhere in the world (ie, it does not include persons engaged otherwise, such as temporary agency workers or persons engaged by the company’s group company).

To implement the whistleblowing procedure, the company must adopt a whistleblowing policy establishing procedural rules and appoint a person competent for receiving and following up on whistleblowing reports, communicating with the whistleblowers and conducting the protection procedure in connection with the whistleblowing report (WBP officer) and their deputy.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

The scope of the whistleblowing procedure is very broad. Companies with more than 50 employees, public-sector institutions, authorities and municipalities with 10,000 or more inhabitants must set up internal reporting channels for whistleblowers. 

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

In principle, companies that regularly employ 50 or more employees are obliged to set up an internal reporting system by the time the Whistleblower Protection Act will become effective, (section 12 (1), (2) HinSchG-E). For companies with between 50 and 249 employees, this obligation will only apply from 17 December 2023 (section 42 HinSchG-E).

For certain employers, particularly in the financial and insurance sectors or for data provision companies, the obligation to set up an internal reporting office applies irrespective of the number of employees as of the entry into force of the Act (section 12 (3) HinSchG-E).   

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

As per the Companies Act, the following types of companies are required to establish a vigil mechanism and adopt a “whistleblower policy” for directors, employees, stakeholders and any other individuals (such as auditors) to report concerns about unethical behaviour, actual or suspected fraud or violation of the company’s code of conduct or ethics policy:

  • listed companies;
  • companies that accept deposits from the public; and
  • companies that have borrowed money from banks and public financial institutions totalling more than 500 million Indian rupees.

The abovementioned companies will be hereinafter referred to collectively as “Covered Companies”.

The vigil mechanism or whistleblower policy must provide adequate safeguards against the victimisation of persons who use it. The Companies Act also requires auditors to report an offence of fraud in the company by its officers or employees if they identify or note such instances during the performance of their duties.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

Any business operator[1] that continuously employs more than 300 workers must implement a whistleblowing procedure. Any business operator that continuously employs 300 or less workers must endeavour to implement a whistleblowing procedure. (article 11, paragraph 3 of the Act).

This applies to the questions below regarding the implementation of a whistleblowing procedure.

 

[1]   “business operator” means a corporation or other organizations and an individual who engages in business.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

Companies with 50 or more employees must establish an internal whistleblowing policy and an internal reporting channel. Companies with less than 50 employees can establish an internal whistleblowing policy and reporting channels at their own discretion or implement a group reporting channel.

Companies with 50-249 employees may develop a joint internal whistleblowing system and reporting channels. This applies to private entities registered and operating in Latvia. This does not extend to entities operating abroad, including group entities (eg, two companies operating in Latvia can establish one joint reporting channel).

Companies, operating in the finance sector, the area of prevention of money laundering, terrorism and proliferation financing, and the areas of transport security or environmental protection must also establish an internal whistleblowing system if they have less than 50 employees.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

The whistleblowing procedure relating to the implementation of an internal channel must be implemented by:

  • state or municipal institutions (with certain exceptions);
  • private legal entities, other organisations, divisions of foreign legal entities or organisations (regardless of the nature of the activity) employing 50 or more employees;
  • private legal entities, other organisations, divisions of foreign legal entities or organisations, whose activity is included in the list of Acts of the European Union and Acts of the Republic of Lithuania, as approved by the minister of justice.
Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

To date, only companies in the financial and insurance industries are required to implement a whistleblowing procedure. According to the Bill, all legal entities in the private or public sector will be subject to the obligation to set up channels and procedures for internal reporting and monitoring:

  • public legal entities include any entity owned or controlled by the public sector, including municipalities with more than 10,000 residents;
  • private legal entities will only be subject to this obligation if they have at least 50 employees.
Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

The NCCG applies to all public companies (whether a listed company or not), all private companies that are holding companies of public companies or regulated entities, all concessioned or privatised companies, and all regulated private companies (private companies that file returns to any regulatory authority other than the Federal Inland Revenue Service (FIRS) and the Corporate Affairs Commission (CAC)).

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Legal persons, including the state and other legal persons governed by public law that employ 50 or more employees must implement a whistleblowing procedure. Regardless of the number of employees, entities operating in the sectoral areas referred to in Part I.B and II of the Annex to the EU Directive, including financial services, products and markets, the prevention of money laundering and terrorist financing, transport safety and protection of the environment must also introduce a process. Finally, in the public sector, local governments with 50 or more employees but with less than 10,000 inhabitants are excluded.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

As a general rule, companies with 50 to 249 employees must establish internal reporting procedures from 17 December 2023. Article 8 paragraphs 3 and 4 of the Whistleblowing Directive provides that such a threshold of 50 employees does not apply for companies acting on the capital markets, in banking, credit, investment, insurance and re-insurance, occupational or personal pensions products or securities, meaning that they will have to organise reporting channels irrespective of their number of employees. The Romanian transposition seems to have misunderstood this stricter rule, hence (even if probably irrelevant in most cases in practice) companies from these sectors with less than 50 employees do not need to establish internal channels.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

According to section 10 of the Draft, in the private sector, natural and legal persons with 50 or more workers must establish internal information systems.

Moreover, irrespective of the number of employees, legal entities falling within the scope of European Union law regarding financial services, products and financial markets, the prevention of money laundering or terrorist financing, transport safety and environmental protection, referred to in parts I.B and II of the Annex to the Directive, will be governed by their specific regulation. In these cases, the Draft will only apply to matters not covered by said specific regulations.

Political parties, trade unions, employers' organisations and foundations created by them, insofar as they receive or manage public funds, may also implement whistleblowing procedures.

Private-sector entities that do not need to establish internal information systems but decide to do so anyway must also respect the content of the Draft.

According to section 13 of the Draft, all public-sector entities must establish internal reporting channels.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

The Whistleblowing Act requires businesses (within both the private and public sector) that at the beginning of the calendar year employ 50 or more employees to establish internal reporting channels and procedures. Internal reporting channels and procedures must be implemented by:

  • 17 July 2022, where the business employs 250 or more employees; and
  • 17 December 2023, where the business employs between 50 and 249 employees.

The Whistleblowing Act also requires competent authorities to establish external reporting channels by 17 July 2022.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

There is no legal requirement in the UK for companies to implement a whistleblowing procedure or policy or any requirements as to the content or form of any procedure or policy if one is adopted. However:

  • The Department for Business Innovation and Skills has published guidance entitled Whistleblowing: Guidance for Employers and Code of Practice which identifies that it is best practice for an employer to have a whistleblowing policy or appropriate written procedure. The guidance can be found here.
  • The UK Corporate Governance Code set by the Financial Reporting Council recommends public-listed companies implement a whistleblowing procedure.
  • Financial services firms regulated by the Financial Conduct Authority or the Prudential Regulation Authority will be subject to regulatory requirements that require the operation of applicable whistleblowing procedures.
Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Section 301 of SOX requires the audit committee of publicly traded companies to establish procedures for the receipt, investigation and treatment of confidential, anonymous complaints regarding questionable accounting or auditing practices. Section 301 allows for flexibility in developing appropriate procedures in light of a company’s circumstances, so long as the required parameters are met.

Last updated on 29/07/2022

03. Is it possible to set up a whistleblowing procedure at a Group level, covering all subsidiaries?

03. Is it possible to set up a whistleblowing procedure at a Group level, covering all subsidiaries?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Companies with less than 250 employees will be able to share an internal reporting channel. Legal entities with more than 250 employees will need to have their own internal reporting procedure. The EU Commission has confirmed in an opinion that it will not allow centralised internal reporting systems for a whole group of companies. However, that does not mean that a group cannot provide the framework and policies for the internal procedures of its subsidiaries, provided employees can make reports and receive a decent follow-up at the local entity level. It is also possible to outsource the internal reporting channel to a third party.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

Yes, it is possible to set up a whistleblowing procedure at a Group level, covering all subsidiaries.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Yes, it is possible to have a whistleblowing procedure applicable at a Group level, but only in addition to an internal reporting channel. This is because the WBP Act states that each company must have its own internal reporting channel (meaning a WBP officer and their deputy appointed by the company). However, neither the Directive (as interpreted by the European Commission) nor the WBP Act prohibits the company from having a separate central reporting channel at a Group level, provided that such a channel is available in addition to (co-existing with) a reporting channel set up under Croatian law.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

The procedure for collecting and processing alerts may be common to several or all of the companies in a group, under the terms set by an application Decree to be published.

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

According to the explanatory memorandum of the draft bill of the Whistleblower Protection Act, it is legally permissible to implement an independent and confidential internal reporting office as a "third party" within the meaning of article 8(5) of the EU Whistleblower Directive at another group company (eg, parent company, sister company or subsidiary), which may also work for several independent companies in the group (section 14 (1) HinSchG-E). However, the European Commission has already announced in two statements that a group-wide whistleblower system does not meet the requirements of the EU Whistleblower Directive. It remains to be seen whether the draft law will still be amended at this point in the legislative process. If the German law ends up retaining the outsourcing of the obligation to a third party, which may also be a company belonging to the group, the question of the compatibility of the regulation with EU law will probably arise at a later stage.

The draft bill of the Whistleblower Protection Act in line with the EU Directive further provides that several private employers with between 50 and 249 employees employed on a regular basis may commonly implement and operate an internal reporting office to receive notifications. However, the legal obligation to take action to remedy the violation and the corresponding duty to report back to the person making the report has to remain with the individual employer.   

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

Yes, this may be done. Various organisations in India have adopted a whistleblowing policy at the group level and set up a common hotline channel or speak-up portal to receive complaints of unlawful or unethical conduct and other wrongdoing within group companies.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

Each Group company must establish a system for responding to whistleblowing, but it is possible to set up a point of contact at a Group level, covering all subsidiaries. In this case, each Group company must state in its internal rules in advance that a point of contact is established at a Group level and a responsible person of each Group company must be appointed for the “Whistleblowing Response Operation[1]”[2]. This may be an employee of a Group company or an employee of the parent company of the Group[3].


[1]   “Whistleblowing Response Operation” means receiving whistleblower report, investigating the reportable fact (Please see question 10) pertaining to such whistleblower report, and taking necessary rectifying measures.

[2]   Consumer Affairs Agency, Explanatory Document for Guidelines on Whistleblower Protection Act [Cabinet Office Notification No.118 (2021)] (“Consumer Affairs Agency Guidelines Explanation ”), at footnotes 13 and 18, at pp.8-9, last visited June 28, 2022.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

There are no provisions in the Whistleblowing Act that would allow for the setting up of a whistleblowing procedure at a group level.

Based on the guidelines prepared by the State Chancellery (the contact point for whistleblowing in Latvia) and EU WBD, one single group whistleblowing procedure is only allowed if the local entity is not required to have an internal reporting channel (if they have less than 50 employees in Latvia) or if the company has a local internal reporting channel and a group whistleblowing procedure is established in addition to it.

If both whistleblowing procedures exist, employees are allowed to use either procedure. A group procedure on its own is not allowed if the local entity has 50 or more employees.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

Divisions of private legal entities, other organisations, foreign legal entities or organisations with between 50 and 249 employees may share internal channels, subject to the principle of confidentiality.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

Private legal entities with 50 to 249 employees may share resources at the group level for receiving reports and following up on them. However, each Luxembourg entity will have to comply with the obligations set out under the Bill, namely to maintain confidentiality, provide feedback and fix the reported violation.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

There is no provision that prevents or prohibits a Group company from setting up a whistleblowing procedure at a Group level covering all its subsidiaries.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

The law does not specify so, in theory, yes provided that we are referring to the general rules of a whistleblowing procedure.

Please note that all companies with 50 or more employees should establish internal reporting channels, irrespective of the nature of their activities.

Nevertheless, in the private sector, companies with 50 to 249 employees may share resources with other legal entities as regards the receipt of reports and any investigation to be carried out.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

As a general rule (article 9 paragraph 4), companies with 50 to 249 employees (regardless of the group) should have the option to share resources as regards the receipt of reports and any investigation to be carried out. Companies with fewer employees than that or administrative bodies with less than 10,000 inhabitants cannot pool their resources together.

The Commission states that the protection of whistleblowers and a higher number of disclosures will only be achieved if each company having more than 49 employees will establish its own whistleblowing system. According to the current interpretation instructions of the EU Commission regarding the Whistleblowing Directive (dated 2 June 2021 and 29 June 2021), it is not prohibited to establish a centralised system, but such a system must be run in parallel with the mandatory local system.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

According to section 11 of the Draft, Group companies as defined in section 42 of the Spanish Code of Commerce (basically, when a company has or may have, directly or indirectly, control of another company or companies), the parent company may adopt a general policy for an internal reporting system and whistleblower protection and should also ensure its application in all entities of the Group, without prejudice to the autonomy and independence of each of the companies to establish its own corporate governance system or to introduce modifications or adaptations as may be necessary to comply with applicable regulations in each case.

The Responsible for the system and an internal information system could be unique for the Group companies or there could be one for each of the companies in the group, under the terms established above.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Yes; however, a whistleblowing procedure established according to the Whistleblowing Act can only be shared between group companies employing 50 to 249 employees at the beginning of the calendar year. Such group-wide whistleblowing procedures can only include the receipt of reports and investigations into the reported matters (save for contacts with the whistleblower).

It is, however, possible to deviate from the Whistleblowing Act as it relates to internal reporting channels and procedures to be applied concerning employees by way of a collective bargaining agreement (CBA) entered into by trade unions and employer organisations at a central level. As such, the labour market parties within the IT and tech sector have entered  a CBA that allows group-wide whistleblowing procedures to, inter alia, also cover group companies employing 250 or more employees. The CBA is only applicable to members of the relevant employer organisations party to the CBA.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

Yes. Employers can implement a whistleblowing procedure at a Group level.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Yes, this may be done. Section 301 does not expressly mandate separate whistleblowing procedures for different subsidiaries.

Last updated on 29/07/2022

04. Is there a specific sanction if whistleblowing procedures are absent within the Company?

04. Is there a specific sanction if whistleblowing procedures are absent within the Company?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

The absence of an internal reporting channel can be sanctioned with an administrative fine of up to 5% of the revenue of the company (legal entity) the previous year. The fine has to be proportionate, and the government will still create a system that will give more guidance to the administration regarding the amount of the fines (in a future royal decree).

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

No, there is no specific legal sanction for not implementing a whistleblowing procedure.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Yes, a failure by the company to adopt or implement an internal whistleblowing policy by 23 June 2022, or appoint a WBP Officer and their deputy by 23 July 2022 may each result in liability for an administrative offence and a related fine, which may be up to about 4,000 EUR for the  company, and up to about 1,350 EUR for the responsible individual within the company.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

There is no specific legal sanction for failing to create a whistleblowing procedure.

However, the absence of an internal reporting channel increases the risk for the company’s reputation as whistleblowers could use external reporting such as public disclosure in the press or social media.

Besides, any person who obstructs the transmission of a report may be exposed to criminal suit and a penalty of up to one year’s imprisonment and a fine of 15,000 EUR.

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

If there are no whistleblowing procedures in the company (ie, an internal reporting system is not implemented and operated), this constitutes an administrative offence punishable by a fine. This fine may amount to up to 20,000 EUR (section 40 (2) No. 2, (5) HinSchG-E.

At this point, it should be noted that there is a high incentive for employers to implement an internal reporting channel, since the external reporting channel is available to the whistleblower in any case. Consequently, if an internal reporting office were not implemented or operated, the whistleblower would be forced to report directly to the external reporting office. As a result, the employer would not be able to make internal corrections without the reported information leaving the company.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

For failure to adopt and implement a whistleblowing procedure, a Covered Company and every officer of that company who is responsible for such non-compliance may be punished with a fine of up to 10,000 rupees and, if non-compliance continues, a further fine of up to 1,000 rupees a day.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The prime minister:

  • may ask the business operator to submit reports or may give advice, guidance or recommendation to the business operator if necessary for the enforcement of the provisions of article 11, paragraphs 1 and 2 of the Act, such as ensuring the business operator establishes a system for responding to whistleblowing (article 15 of the Act); and
  • may disclose the company’s name if the business operator has not followed the recommendations to establish a system for responding to whistleblowing, etc. (article 16 of the Act).

Any business operator who fails to make a report or makes a false report may be fined up to 200,000 yen (article 22 of the Act).

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

No, there are no sanctions provided in the law if there is no internal whistleblowing procedure or internal reporting channel. The absence of an internal whistleblowing procedure will likely promote the use of other reporting channels, such as:

  • directly approaching the competent public authority that supervises the field or area where the breach occurred,
  • approaching the State Chancellery as the contact point for whistleblowing,
  • reporting publicly, if the requirements provided in the law are met.

To avoid risks associated with the use of external reporting channels, which may result in investigations and sanctions by public authorities, it is advisable to have an internal reporting channel and whistleblowing policy.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

Yes, an administrative fine may be imposed. This may be up to 300 EUR (or up to 500 EUR for repeated infringements) and if the infringement is related to the disclosure of the identity of the whistleblower, the fine may be up to 2,000 EUR (or up to 4,000 EUR if it is a repeated infringement).

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

Yes. If the obligations to set up internal reporting channels are not met, private legal entities will be liable for an administrative fine of between EUR 1,500 and EUR 250,000.

Nothing is specified for public entities.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

There is no sanction in place for the absence of whistleblowing procedures within a company. The NCCG and some of the sectoral codes listed above merely recommend that a whistleblowing policy be put in place by companies as part of good corporate governance practice.

However, the Investment and Securities Act (ISA) stipulates a penalty of 5 million naira on any capital market operator or public company that contravenes the provisions of the ISA on whistleblowing or disclosure.[1]

 

[1] Section 306 (10) of the Investment and Securities Act, 2007

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Entities that fail to establish a whistleblowing procedure will incur a serious penalty, with fines from 1,000 EUR to 125,000 EUR.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

There are several administrative fines for companies failing to comply with the new whistleblowers’ legislation – between 500 EUR and 5,000 EUR for not establishing internal reporting procedures.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

No. There is no specific sanction in the Draft if whistleblowing procedures are not implemented within the company. However, section 63.3.(c) establishes that “Any failure to comply with the obligations provided for in this law that is not classified as a very serious or serious infringement” will be considered a minor infringement.

Considering that the absence of a whistleblowing procedure is not expressly listed as a very serious or serious infringement, it could be argued it would qualify as a minor infringement.

According to section 65, for a minor infraction, the sanction is a fine of up to 10,000 EUR if the perpetrator is a natural person, and 100,000 EUR if it is a legal entity.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

If whistleblowing procedures, including internal whistleblowing channels, are not established according to the Whistleblowing Act, the Swedish Work Environment Authority (SWEA, being the supervisory authority) may order the business to fulfil its legal obligations subject to a fine.

Any business preventing or hindering whistleblowing according to the Whistleblowing Act (eg, by omitting to implement whistleblowing procedures) may be held liable for damages payable to the relevant persons.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

No, because there is no underlying legal requirement under the Employment Rights Act 1996 for companies to implement a whistleblowing procedure or policy.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

There is no specific, pre-designated sanction for failure to implement a whistleblower procedure. However, the lack of a clear process for raising concerns can expose an employer to significant legal and reputational risk as incidents of improper conduct will be less likely to be discovered and appropriately remedied.

Last updated on 29/07/2022

05. Are the employee representative bodies involved in the implementation of this system? 

05. Are the employee representative bodies involved in the implementation of this system? 

Flag / Icon

Belgium

  • at Van Olmen & Wynant

There has to be a consultation of the social partners for the establishment of an internal reporting procedure. This means that the employer will have to consult the works council. If there is no works council (less than 100 employees), they will consult the trade union delegation. If there is no trade union delegation either, the health and safety committee can be consulted. This right to consultation does not mean that these representative bodies have a veto right or a decision power, but they have the right to give their opinion on the proposed system. Ideally, the employer will take their remarks into consideration.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

No, employee representative bodies are not involved in the implementation of the whistleblowing procedure.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Yes, the involvement of employee representative bodies (the works council or, if there is no works council, a union trustee), provided that any such body exists with the  company, is two-fold:

  • the company must consult with the works council or union trustee regarding adoption of the whistleblowing policy – failure to do so would result in the adopted whistleblowing policy being null and void; and
  • the company must appoint the persons requested by the works council or union trustee as the WBP Officer and deputy; if no such request is made by the works council or union trustee, the  company may appoint the WBP Officer and deputy at its discretion.
Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

A company’s work council must be informed and consulted before the implementation of a whistleblowing procedure.

Indeed, work councils are informed and consulted “on all questions which are linked to the organisation, management and general running of the company and in particular on conditions of employment, professional training, working conditions and on the introduction of new technologies or any significant change in health and safety conditions or working conditions” (article L. 2312-8 of the Labor Code).

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

Although the implementation of a whistleblower system is based on a legal obligation, the works council only has to be involved under certain circumstances.

At first, the employer is, in principle, already obliged to inform the works council in good time and comprehensively about everything it requires to carry out its duties. This information requirement should enable the works council to review whether co-determination or participation rights exist or whether other tasks have to be carried out according to the German Works Constitution Act (BetrVG).

For instance, instructions concerning the orderly conduct of employees are subject to co-determination. These instructions are intended to ensure an undisturbed work process or to organise the way employees live and work together in the company.  If, in the course of the implementation of a whistleblower system, the already existing contractual obligations are extended or regulations regarding the specific reporting procedure are introduced (eg, in the form of a reporting obligation on the part of employees), the organisational behaviour would be affected and the works council must therefore be involved (section 87 (1) No. 1 BetrVG).

Furthermore, in the context of setting up an internal reporting channel, the draft bill of the Whistleblower Protection Act only stipulates that whistleblowers must be given the option of submitting a report to the whistleblowing system in text form or verbally. This could, of course, also be provided via digital channels - eg, via software- or web-based solutions. Should the introduction and use of such technical equipment in the relevant case allow the employer to monitor the behavior or performance of employees (eg, those who deal with the complaint), further co-determination rights of the works council according to section 87 (1) No. 6 BetrVG can be triggered.   

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

No, employee representative bodies are not involved in the vigil mechanism. The whistleblowing mechanism will be overseen by a Covered Company through its Audit Committee or Board of Directors, as may be relevant.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The Act does not require the involvement of employee representative bodies.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The Whistleblowing Act does not require the involvement of employee representative bodies in implementing the whistleblowing procedure. The involvement of employee representative bodies in the whistleblowing procedures is more consultative.

The Whistleblowing Act provides that trade unions and their associations, as employee representatives bodies: can provide support, including counselling, to whistleblowers to promote whistleblowing and whistleblower protection; provide support, including counselling, to its members concerning whistleblowing; and can apply to a public authority (body) or a court on behalf of a whistleblower who is a member of the trade union.

The Labour Act provides that employee representative bodies have the right to receive information from the employer and consult with the employer concerning the implementation of measures that affect or may affect the employment relationship. Therefore, it is advisable to inform or consult with employee representative bodies (if any) about the implementation of whistleblowing procedures to avoid the risk of administrative liability.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

There is no direct obligation to include employee representatives in the implementation of this system. However, since the employer must inform or consult with the works councils regarding the adoption of certain internal laws, including when they may be relevant to the social and economic situation of employees, the need to inform and consult with the works council can be inferred.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

Yes.

When establishing the internal reporting procedure, a company's staff delegation must be involved in different ways, depending on the size of the company:

  • In companies with less than 150 employees, the information and consultation procedure with the staff delegation will commence. The staff delegation will have to be informed about the intention to set up or modify the whistleblowing channel and will be entitled to give opinions and propose changes.
  • In companies with 150 employees and more, the decision to set up or modify the whistleblowing channel will have to be made jointly by the employer and the staff delegation (co-decision).

Under the current regime, whistleblowing channels are mostly implemented unilaterally by employers in the financial and insurance sectors, but the previous consultation process with the staff delegation or, in larger companies, co-decision, should be respected.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

The Nigerian law is silent on the employee representative bodies’ involvement in the implementation of whistleblowing policies. However, the companies with whistleblowing policies do not involve employee representative bodies in the implementation of their system.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

No, but the provisions of Law No. 93/2021 do not affect the right of employees to consult their representatives or trade unions and the protective rules associated with the exercise of this right, and the right of trade unions, employers' associations, and employers to conclude a collective bargaining agreement.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

The previous proposal of the law implementing the EU Whistleblowing Directive provided for employee representative bodies (ie, generally speaking trade unions, if they exist, or employee representatives) to be consulted when establishing the reporting procedures. The approved version as of 29 June 2022 does not provide for such consultancy procedure anymore; however, it remains recommendable.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Yes. Section 5 of the Draft states that the management body or governing body of each entity or body that must establish “internal information systems” will be responsible for their implementation, after consultation with the employees´ legal representatives.

Moreover, collective-bargaining agreements may also establish certain obligations in this regard.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

There is no obligation to include employee representative bodies in the implementation of whistleblowing procedures.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

There is no specific legal requirement in the Employment Rights Act 1996 for employee representative bodies to be involved in (or otherwise agree to) the implementation of a whistleblowing procedure or policy. However, the rules in place with existing employee representative bodies may require consultation on any new policy or procedure and, in any event, it is best practice to involve employee representatives in the implementation of a whistleblowing system.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Employers with unionised employees may have a duty to bargain with the union if the whistleblower program can be deemed to affect the terms and conditions of employment of the union members.

Last updated on 29/07/2022

06. What are the publicity measures of the whistleblowing procedure within the company?

06. What are the publicity measures of the whistleblowing procedure within the company?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

The company needs to provide clear information regarding the use of the internal reporting channel. This can be done in a written policy or even in the internal work rules (but this is not necessary). The company should also inform workers about the possibility of reporting externally to the competent authorities.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

There is no reference in Brazilian law as to how the whistleblowing procedures must be implemented. However, it is good practice that the procedure be included in a Code of Integrity and Ethics that is widely accessible to employees and third parties, for example by including a link to the reporting channel on the company’s website, and that companies give regular training on internal regulations on the matter.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

The WBP Act does not contain rules on how the whistleblowing policy should be communicated to employees and other eligible whistleblowers, other than stating that the policy should be easily accessible to all persons within the work environment (as defined in question 12), understandable, and effective in encouraging the primary use of internal reporting channels or systems for reporting breaches or irregularities. In light of this, the publication of the whistleblowing policy should be made following the provisions of Croatian labour legislation.

Under the Croatian Employment Act and implementing regulations, any employment-related policy (which would include the whistleblowing policy) must be signed by the management of the company and published on a bulletin board in the company’s premises (specifically stating that the policy will come into force on the ninth day after publication, at the earliest). It is recommended that all eligible whistleblowers (ie, both employees of the company, and persons not employed by the company) are notified of the company having in place a whistleblowing policy and that they can receive a copy of such policy upon their request.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

From 1 September 2022, the internal regulation applicable within the company must mention the whistleblowing process and protection.  The internal regulations will be brought to the attention of all persons having access to the workplace.

Moreover, if there is implementation or modification of the whistleblowing process, we recommend informing employees by all means.

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

The draft bill of the Whistleblower Protection Act does not oblige the company itself to publish any information regarding the internal reporting office or the internal reporting channel implemented. However, the internally implemented reporting office must have clear and easily accessible information available on the external reporting procedure and relevant reporting procedures of European Union institutions, bodies or agencies (section 13 (2) HinSchG-E).

The current explanatory memorandum to the draft bill also contains the more detailed, but not legally binding, reference that the information can be made available via a public website, company intranet or a bulletin board that is accessible to all employees. In this context, it is recommended that the company also refers to the internally implemented reporting office or the internal reporting channel in the same way. This helps to counteract the risk that potential whistleblowers will report primarily via the external reporting channel.

Furthermore, the German Supply Chain Due Diligence Act (LkSG) also provides for the implementation of complaint mechanisms so that the regulatory requirements of companies can also be met through a uniform reporting system. Within its scope of application, the LkSG also provides for the publication of procedural rules for such a reporting system in text form as well as for annual reporting obligations on what measures the company has taken as a result of complaints.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

Details of the whistleblowing policy and the mechanism thereof will have to be disclosed by the Covered Company on its website as well as in the Board of Directors’ annual report filed with the competent regulatory authority.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The publicity measures of the whistleblowing procedure are not set out by the Act. The business operator may inform the whistleblowing procedure through various forms, such as company intranet, in-house training, distribution of intra-card and advertisement goods, and displaying of posters[1].


[1]   Consumer Affairs Agency Guidelines Explanation, supra note 3, Section 3 II (3)(i)(c), at p.19

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The Whistleblowing Act does not allow companies to use publicity measures regarding a commenced, pending or finished whistleblowing case. The employer must ensure the confidentiality of information, not only to protect the interests of the whistleblower but also to protect the identity of the perpetrator.

Publicity measures are applied in cases of whistleblowing in public institutions. In such cases, the whistleblower can include in its report whether he or she consents to the results of the investigation being published, if a breach is established.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

Certain concrete information provided by law, such as information on the whistleblowing procedure and the investigation thereof through the company's internal channels; the designated competent body (including its contacts); and the rights and guarantees of the whistleblower must be provided through the institution's internal and external (if any) communication channels. In principle, companies must adopt an internal policy for the reporting of breaches (providing all information required by law) and communicate it.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

The legal entity is required to provide information on the reporting procedures in place:

  • to the competent authorities;
  • to workers; and
  • to all persons who come into contact with the entity in the course of their professional activities (eg, service providers, distributors, suppliers, business partners).

Communication of the procedure can be done through posters in a visible place accessible to all these persons, on the website of the legal entity, through the company's internal regulations if they exist, by a reference in the employment contract to an internal document, etc.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

Typically, the company is required to put in place an effective reporting channel that protects the confidentiality of the information disclosed and the anonymity of the disclosing party. It could either be through a reporting link or platform set up for that purpose or a suggestion box to be used anonymously.

Companies are required to notify their employees and stakeholders of the existence of a whistleblowing policy and the mechanism for reporting applicable within the company.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

There are no specific publicity measures for the whistleblowing procedure within companies (as long as the whistleblowing procedure rules are not considered an internal regulation of the company, as this would entail publicity).

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

According to article 10 paragraph 2 of the Draft Law, employees are informed about the reporting procedures, including the person or department designated to receive such reports, both through the website of the company and through announcements at its headquarters, provided that there is a visible location accessible to all employees.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Section 25 of the Draft states that the company should provide appropriate information, in a clear and accessible way, on the use of internal reporting channels (or information systems, following the name given in the Draft), as well as on the essential principles of the procedure to be followed. If the company has a website, said information should be reflected on the homepage, in a separate and easily identifiable section.

Moreover, competent public authorities are also subject to publicity measures regarding whistleblowing procedures, including: conditions to be eligible for the protection reflected in the Draft; contact information regarding external channels; management procedures;  confidentiality; remedies and procedures for protection against retaliation; and the availability of confidential advice.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

An internal whistleblowing channel and procedure established under the Whistleblowing Act must be made available for persons who are active within the business, including employees, volunteers, trainees, persons otherwise performing work under the supervision or direction of the business, the self-employed who perform services, members of the business’s administrative, management or supervisory bodies and shareholders operating within the business.

In addition, businesses must provide clear and easily accessible information on:

  • how to report via the internal reporting channel;
  • how to report via external reporting channels (both national and EU bodies); and
  • as applicable, the whistleblowers’ constitutional rights in respect of freedom of speech, freedom of communication and freedom to procure information.
Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

According to the Whistleblowing: Guidance for Employers and Code of Practice published by the Department for Business Innovation and Skills (BEIS), it is best practice for the whistleblowing policy or procedures to be in writing and easily accessible to all workers. BEIS also recommends that awareness of the policy or procedures is raised through all available means such as staff engagement, intranet sites and other marketing communications.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

There is no specific legal requirement to publicise an employer’s whistleblower procedure. However, it is best practice to notify employees in as many places as possible (eg, in the employee handbook, code of conduct or website) of the employer’s anti-retaliation policy and mechanisms for raising complaints, including doing so anonymously.

Last updated on 29/07/2022

07. Should employers manage the reporting channel itself or can it be outsourced?

07. Should employers manage the reporting channel itself or can it be outsourced?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

The reporting channel can be outsourced to a third party (eg, to a payroll provider, compliance experts or lawyers). However, the employer will remain legally responsible for the implementation and use of the system.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

There is no statutory requirement in this regard. Accordingly, employers can manage the reporting channel directly or outsource it to an external supplier.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Under the WBP Act, the internal reporting channel is a WBP officer and their deputy, as appointed by the company. This officer and deputy are solely authorised to receive the whistleblowing reports and conduct investigations (ie, the conduct of these actions cannot be outsourced to any third person).

However, the WBP Act does not preclude companies from appointing individuals employed or hired by an external service provider as a WBP officer or deputy (noting, however, that the company may make such appointment at its own discretion only if these appointments have not been proposed by either the works council, or, if there is no works council, the union trustee, or if there is no works council or union trustee, by at least 20% of the  company’s employees).

Even if the company appoints individuals employed or hired by an external service provider, the appointed persons must keep confidential the identity of any whistleblowers and any information contained in the whistleblowing report, and will not be able to directly involve external service providers in the investigation without express consent from each whistleblower. However, the  company may engage an external service provider to indirectly assist these appointed persons (regardless of whether the individuals appointed are employed by the  company or by the external service provider, and regardless of whether the whistleblower provides express consent for disclosure of his or her identity and the content of the report), if such assistance will not lead to disclosure to that provider of the identity of the whistleblower and any information contained in the whistleblowing report.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

Employers can subcontract the management of the whistleblowing procedure to an external supplier, which will be in charge of:

  • setting up the reporting channel available;
  • receiving complaints; and
  • investigating the reported facts.

In practice and as an example, the external supplier can set up a telephone hotline or an email address for the collection of reports. These are then transmitted to the employer to decide on any action to be taken.

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

In principle, the draft bill of the Whistleblower Protection Act intentionally does not specify which persons or organisational units are best qualified to carry out the tasks of the internal reporting office or to manage the corresponding reporting channel. However, the internal reporting office may not be subject to any conflicts of interest and it also must be independent. The EU Whistleblower-Directive mentions, for instance, the head of the compliance department or the legal or data protection officer as possible internal reporting offices.

If, in addition to the (internal) persons responsible for receiving and processing internal reports, other (external) persons have to be involved in a supporting activity, this supporting activity is legally only permissible to the extent that is necessary for the supporting activity. This applies, for example, to IT service providers that provide technical support for reporting channels.

It is also legally permissible to appoint a third party to carry out the tasks of an internal reporting office, including the reporting channel (section 14 (1) HinSchG-E). Third parties may include lawyers, external consultants, trade union representatives or employee representatives.

However, engaging a third party does not relieve the employer of the obligation to take appropriate action to remedy a possible violation. In particular, for follow-up actions to check the validity of a report, there must be cooperation between the commissioned third party and the employer.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

While the reporting channel may be outsourced, in respect of Covered Companies, the mechanism should be overseen by the Audit Committee or Board of Directors, as applicable.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The business operator may outsource the establishment of a point of contact to a third party, such as a subcontractor or parent company[1].


[1]   Id, Section 3 II (1)(i)(c), at p.7.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The Whistleblowing Act allows employers to use third-party services for whistleblowing procedures. Therefore, the management of a reporting channel can be organised by outsourcing management service providers. On the other hand, such outsourcing cannot be used to implement group whistleblowing procedures (eg, to use a reporting channel established at a group level or in a related company).

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

Companies may outsource internal channel administration services to other companies providing such services or external third parties, provided that they ensure that the principles of independence, confidentiality and data protection are observed. Administrative services provided by third parties do not include the investigation of information about the breach and any subsequent decision-making.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

The legal entity may subcontract the monitoring of reports (articles 6 and 7 of Bill 7945).

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

The reporting channel can either be internally managed or outsourced for transparency and objectivity.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

The internal reporting channels may be operated internally or externally, and independence, impartiality, confidentiality, data protection, secrecy and the absence of conflicts of interest must be guaranteed.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

Both options are available for companies. At first glance, internal channels controlled by its own employees (auditors or compliance officers, in-house legal counsel or even an internal hotline) may be more effective for companies, since this ensures that potential wrongdoings are checked internally and do not compromise the image of the company. However, whistleblowers may not trust internal channels that allow easy identification of the individual whistleblower and are usually established to act in the best interest of the company (and not necessarily the whistleblower). Groups of companies must give more thought to the organisation; in many cases, outsourcing to third parties (eg, a recognized law firm) may be a better and more cost-effective solution.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Yes, the management of internal reporting channels can be outsourced as established in section 6 of the Draft. However, a third party managing the reporting channel must provide adequate guarantees of respect for independence, confidentiality, data protection and secrecy. This third party would be considered a “data processor”, whereas the person or persons appointed by the company as “responsible for the system” will still be responsible for the reporting channel, even when it is outsourced.

Management of an internal information system by a third party should not undermine the guarantees and requirements established for this system in the Draft.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Businesses may choose to manage reporting channels in-house or to outsource the management of reporting channels to third parties. Regardless, businesses should designate independent and impartial persons or departments (including third-party entities) to receive reports, maintain communication with whistleblowers, follow-up on reports and provide feedback to whistleblowers.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

The reporting channel can be outsourced. Where an employer’s whistleblowing policy or procedure authorises disclosure to a third party (eg, an external hotline), UK law will treat a disclosure to the third party the same as a disclosure to the employer.

The Department for Business Innovation and Skills guidance on whistleblowing identifies that larger UK organisations may have a designated team who can be approached to make a disclosure. The guidance recommends that smaller organisations should have at least one senior member of staff as a point of contact for whistleblowers. However, the guidance also acknowledges that there are commercial providers who can manage a whistleblowing process on behalf of the employer.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

A reporting channel can be managed internally or outsourced.

Advantages of an internal reporting channel include:

  • better understanding of the organisation; and
  • better understanding of the context in which complaints may arise and be escalated.

Advantages of a third-party reporting channel include:

  • increased independence and transparency; and
  • broader expertise in handling whistleblower reports.
Last updated on 29/07/2022

09. What precautions should be taken when setting up a whistleblowing procedure?

09. What precautions should be taken when setting up a whistleblowing procedure?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Companies should draft a clear and accessible policy that outlines the procedure. The deadlines of the procedure need to be respected and the policy should clarify which situations fall under the scope of the procedure and the fact that reports will enjoy certain protections against retaliation. To implement the procedure itself, bigger companies are advised to use a digital reporting tool as it could be too complicated to use a non-digital system for a large number of employees, which could lead to errors in the procedure and missing deadlines. There are lots of tools out there, from quite simple ones to very intelligent (but also expensive) ones. The company will have to do some market research to find the tool that meets its specific needs.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

Brazilian law does not explicitly govern this matter, but it is good practice that the whistleblowing procedure must:

  • clearly indicate what type of conduct is subject to whistleblowing;
  • indicate who can make a report, how, when and where to do it – it is recommended to have at least two reportinng channels and it must be clear that reports can be made in a local language;
  • allow anonymous reports;
  • guarantee, to the extent possible, the confidentiality of the proceedings;
  • list the steps of the proceedings and the responsibilities and rights of each involved party (whistleblowers, witnesses, investigators, etc);
  • guarantee non-retaliation against whistleblowers or any person contributing to the investigation; and
  • indicate possible outcomes after the conclusion of the investigation.
Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

The following precautions should be taken into account by the company when setting up a whistleblowing procedure:

  • Language of the whistleblowing policy – even though the WBP Act does not explicitly provide that the whistleblowing policy must be available in Croatian, the WBP Act requires that information on the internal whistleblowing procedure must be easily accessible, understandable and effective. If the whistleblowing policy is not prepared in Croatian, the company may run the risk of: the employee claiming that he or she did not properly understand the policy; or in the case of inspection or dispute, the inspection body or court holding that a policy made only in English, or a language other than Croatian, is null and void as not being easily understandable.
  • Appointment of WBP officer and deputy – given that a company must appoint a WBP officer and their deputy at the request of either the works council, union trustee, or 20% of employees of the company (if there is neither a works council nor union trustee), it is advisable that the  company provides in the whistleblower policy that any candidate should be a person of trust and competent to conduct the duties of a WBP officer.
  • WBP officer’s resources – the company must ensure that the WBP officer and their deputy have the resources required to effectively perform their duties, such as providing the officer with a personal computer or laptop and a separate email address for receiving whistleblowing reports, a direct telephone line for receiving whistleblowing reports, a dedicated office for conducting meetings with whistleblowers, and equipment for keeping records of reports.
Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

During the processing of the report, the procedure implemented must guarantee the confidentiality of the identity of its authors, the persons concerned and any third party mentioned within.

Moreover, the company must respect guarantees of independence and impartiality in the treatment of reports. These guarantees must be specified in a published application decree.

Companies are also required to comply with GDPR obligations. In this regard, the French Data Protection Authority (CNIL) has published a frame of reference to help public and private organisations implement whistleblowing procedures in compliance with data protection regulations (CNIL deliberation dated 18 July 2019).

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

The reporting channels must be designed in such a way that only the persons responsible for receiving and processing the reports as well as the persons assisting them in fulfilling these tasks have access to the incoming reports. It must, therefore, be ensured that no unauthorised persons have access to the identity of the person making the report or to the report itself. This has implications for the technical design of the internal reporting channel.

Also, the persons entrusted with running the internal reporting office must indeed be independent in the exercise of their activities and the company must ensure that such persons have the necessary expertise. Therefore, smaller or medium-sized companies should especially assess whether it will be more efficient to assign an experienced external ombudsperson to receive and initially process incoming reports. However, the ombudsperson who takes the call in this case is a witness bound to tell the truth, even if this is, for example, a company lawyer.

As per the present draft bill, there is no legal obligation to design the reporting channels in such a way that they enable the submission of anonymous reports. Companies should therefore assess carefully whether they provide systems that enable anonymous reports, as this may increase the number of abusive reports and make enquiries impossible. On the other hand, some ISO standards require the receipt of anonymous reports. Therefore, should a company seek certification according to these ISO standards, the whistleblower procedure to be set up must allow for the processing of anonymous reports.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

Key aspects that should be borne in mind while formulating a whistleblower policy or procedure are:

  • a special or distinct committee or channel must be created for receiving and handling disclosures, giving the whistleblowing mechanism a separate institutional framework;
  • the reporting mechanism should be systematic, simple and straightforward to facilitate an early and easy disclosure of any wrongdoing. The procedure for disclosure must be easily comprehensible and should be accessible by all employees or individuals associated with the organisation;
  • the policy should provide adequate assurances and comfort regarding confidentiality of the identity of the whistleblower, continuity of association with the organisation, and the steps that the organisation will take to ensure that the whistleblower is not victimised, discriminated against or adversely impacted in any manner according to the disclosure (including facilitating legal assistance at the organisation’s cost, if necessary);
  • the policy should ensure that no action will be taken against whistleblowers who make disclosures in good faith and even allow for anonymous reporting; and
  • identification of what matters may be reported under the policy, the persons against whom such matters can be reported, the process that should be followed by the organisation, remedial measures, details of persons with whom reported information will be shared, and an overview of the mechanism for protecting whistleblowers and persons cooperating with an investigation, etc.  
Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The business operator must appoint a person in charge of handling the whistleblowing (article 11 of the Act).

The business operator may provide internal rules, including matters required under the Consumer Affairs Agency Guidelines on the Whistleblower Protection Act[1].


[1]   Consumer Affairs Agency, Guidelines for promoting appropriate and effective implementation of the due measures by the business operators based on Article 11, Paragraphs 1 and 2 of the Whistleblower Protection Act (“Consumer Affairs Agency Guidelines”) [Cabinet Office Notification No.118], , Section 4 (3)(iv) ,at p.4, last visited June 28, 2022.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The whistleblowing procedure should be established to avoid potential conflicts of interest. Usually, there are one or several employees responsible for the review of whistleblowing reports, or a combination of internal and third-party whistleblowing is used. Companies should avoid situations where, for example, responsible persons might encounter a conflict of interest upon review of whistleblowing reports (ie, if there is no alternative reporting channel and employees would have to report to the perpetrator, who is also the responsible person in the company). In any case, responsible persons who review or analyse whistleblowing reports should be someone with a good reputation and trust in the company.

The principle of data minimisation and confidentiality should be observed throughout the whole procedure.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

When setting up an internal channel for reporting breaches, it is worth considering who will be responsible for its administration, the investigation of information and how the confidentiality of individuals will be protected.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

As follows:

  • The establishment of channels for the receipt of reports that are conceived, set up and managed securely and guarantee the confidentiality of the identity of the author of the report and any third party mentioned, and protect these channels from unauthorised persons;
  • an acknowledgement of receipt sent to the author of the report within seven days of receipt of the report;
  • designation of an impartial person or service competent to follow up on reports;
  • diligent follow-up by the designated person or service;
  • a reasonable time to provide feedback, not exceeding three months from the acknowledgement of receipt of the report or, failing that, three months from the end of the seven-day period following the report; and
  • provision of clear and easily accessible information on the report procedures and their use to the competent authorities.
Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

The precautions that must be put in place when setting up a whistleblowing procedure are anonymity of the whistleblower, effective and reliable processes for investigating anyone accused of unethical conduct and protection of the whistleblower, among others.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

The completeness, integrity and preservation of the complaint, the confidentiality or anonymity of the complainants and the confidentiality of any third parties mentioned in the complaint must be guaranteed. Unauthorised access must also be prevented.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

The big challenge is to create a system that would strike a balance between better protection and an increased incentive for the whistleblower to notify breaches. As mentioned in question 7, employers need to make a thorough analysis and decide whether to handle the whistleblowing channel from within the company or outsource it to a specialised provider that is known in the Romanian market and trusted by employees.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Some requirements must be met in the implementation of whistleblowing procedures: easy-to-follow guidelines, confidentiality, and good practice for monitoring, investigation and whistleblower protection.

These precautions are bolstered by sections 18 and 20 of the Constitution. These sections consolidate the rights to privacy, information and freedom of speech that influence Law 3/2018 on Data Protection and the guarantee of Digital Rights, and the Draft.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Businesses should ensure that personal data processed through a whistleblowing channel is handled according to the GDPR and the Whistleblowing Act, meaning the personal data controller should implement sufficient technical and organisational safety measures to protect personal data.

Further, employees and other impacted persons should, as a general rule, be informed upfront of any processing of personal data that may take place.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

The Department for Business Innovation and Skills guidance on whistleblowing recommends, as best practice, several practical considerations when setting up a whistleblowing procedure, including, but not limited to:

  • employers should provide training to all workers on how disclosures should be raised and to managers on how to deal with disclosures;
  • organisations should ensure that there are a range of alternative persons who a whistleblower can approach if a worker feels unable to approach their manager; and
  • any clauses in any settlement agreements or non-disclosures agreements (including confidentiality clauses in the employment contract) must not prevent workers from making disclosures in the public interest.
Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Key elements of an effective whistleblowing procedure include:

  • repeated and consistent messaging from senior leadership regarding the employer’s commitment to creating a “culture of compliance” and encouraging employees to bring forth good-faith complaints without fear of retaliation;
  • policies and procedures for receiving, investigating and addressing employees’ complaints;
  • policies and procedures for receiving, investigating and addressing complaints of retaliation;
  • anti-retaliation policies and related training for employees and managers; and
  • program oversight through ongoing monitoring and periodic audits.

Employers should continuously review and update their policies and procedures to ensure that they keep pace with developments in the business, legal and regulatory landscape.

Last updated on 29/07/2022

10. What types of breaches/violations are subject to whistleblowing?

10. What types of breaches/violations are subject to whistleblowing?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Belgium has copied the list of the EU directive, but has expanded this with some very important domains. The breaches in the following fields of law (domains) fall under the material scope of the Whistleblower Act:

  • public procurement;
  • financial services, products and markets and the prevention of money laundering and terrorist financing;
  • product safety and compliance;
  • transport safety;
  • environmental protection;
  • radiation and nuclear safety;
  • food and feed safety, animal health and welfare;
  • public health ;
  • consumer protection;
  • protection of privacy and personal data and security of networks and information systems;
  • combating tax fraud; and
  • combating social fraud.

Compared to the EU Directive, the two last fields were added. For employers, the social fraud domain is especially interesting as this includes (non-exhaustively) all breaches of the Social Penal Code and all breaches of the statute of independent workers. The Social Penal Code provides for sanctions for breaches of almost all provisions of social law (employment law and social security law); moreover, article 1 of the Social Penal Code defines social fraud as any breach of social legislation that falls under the competence of the federal government. This means that almost all breaches of social laws will fall under the scope of the whistleblowing procedure.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

In addition to violations of the company’s Code of Conduct, Compliance Policies, etc, companies should focus on the prevention of government corruption, such as the examples listed in the Brazilian Anticorruption Act (main examples below):

  • promise, offer or give, directly or indirectly, an undue advantage to a public agent, or a third party related to that agent;
  • finance, fund, sponsor or in any way subsidise the practice of illegal acts referred to in this Law;
  • use an intermediary, natural or legal person, to hide or disguise real interests or the identity of the beneficiaries of the acts performed; and
  • with regard to bids and contracts:
  • frustrate or defraud, through adjustment, combination or any other expedient, the competitive nature of a public bidding procedure;
  • prevent, disturb or defraud the performance of any public bidding procedure;
  • remove or seek to remove a bidder, through fraud or the offering of an advantage of any kind;
  • defraud a public bid or a contract resulting therefrom;
  • fraudulently or irregularly create a legal entity to participate in a public bid or enter into an administrative contract;
  • fraudulently obtain an undue advantage or benefit from modifications or extensions to contracts entered into with public bodies, without authorisation by law, in public bids or the respective contractual instruments; or
  • manipulate or defraud the economic-financial balance of contracts entered into with public bodies.

Also, conduct related to unfair competition, money laundering, harassment, and discrimination have been included as violations that can be reported in whistleblower channels.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

The material scope of the WBP Act encompasses the following breaches or violations (under the WBP Act they are named “irregularities”):

  • related to the scope of application of the EU Acts listed in Part I of the Annex to the Directive;
  • affecting the financial interests of the EU, as stated in article 325 of the Treaty on the Functioning of the European Union and further defined by relevant EU measures;
  • relating to the internal market, as stated in article 26(2) of the Treaty on the Functioning of the European Union, including breaches of EU rules on competition and state aid, and breaches of corporate tax rules or arrangements to create a tax advantage contrary to the applicable corporate tax legislation; and
  • relating to other rules of Croatian law, the breach of which undermines the public interest.

The WBP Act defines the term “irregularities” as actions or omissions that are unlawful and relate to or are incompatible with the goal or purpose of the above-stated legislation.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

The list of breaches and violations provided by the law is very wide. It covers:

  • crime and offences;
  • threat or harm to the public interest;
  • violation of an international commitment duly ratified or approved by France, or of a unilateral act of an international organisation taken based on such a commitment; and
  • a violation of the law of the European Union, or its regulations. 

However, facts, information or documents, covered either by national defence, medical or lawyer/client confidentiality are excluded from the whistleblower rules. This means that it is not possible to divulge that kind of information. If the whistleblower does it anyway, he or she will not benefit from whistleblower protection.

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

The draft bill´s material scope of application goes beyond European legal requirements. It extends the material scope of application to all violations that are subject to punishment (section 2 (1) No. 1 HinSchG-E). Additionally, violations subject to fines are included insofar as the violated regulation serves to protect life, body, health or the rights of employees or their representative bodies (section 2 (1) No. 2 HinSchG-E). The last alternative covers not only regulations that directly serve occupational health and safety or health protection, but also related notification and documentation requirements, for example under the Minimum Wage Act. Thus, as a result, section 2 (2) No. 2 HinSchG-E covers the majority of administrative offences in the context of employment.

Finally, the draft bill also provides for a list of infringements that predominantly correspond to the relevant areas of law according to the recitals of the EU Whistleblower Directive.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

As per the Whistle Blower Protection Act, a whistleblower may make a complaint or disclosure relating to:

  • the committing of or an attempt to commit an offence under the Prevention of Corruption Act 1988 by a public servant;
  • wilful misuse of power or wilful misuse of discretion by which demonstrable loss is caused to the government or demonstrable wrongful gain accrues to the public servant or any third party; and
  • the committing of or an attempt to commit a criminal offence by a public servant.

The Companies Act only states that stakeholders of a company may report “genuine concerns” under the vigil mechanism. While the definition of “concerns” has not been provided for under the Companies Act, it would be a prudent assumption that it covers instances of suspected fraud and non-compliance with applicable laws, rules and procedures or any other wrongdoing that would adversely affect the organisation or stakeholders at large (financially or otherwise).

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

The Act covers whistleblowing of a “reportable fact” as defined in article 2, paragraph 3 of the Act) which is:

  1. a fact of an occurrence of a criminal act under the laws listed in the Appended Table of the Act[1], (including orders based on the laws) concerning the protection of individual lives and security of the person; consumer interests; environmental conservation; fair competition; lives, personal security and property of citizens; and other similar interests (“Appended Table Laws”), or a fact forming the grounds for an administrative fine provided for in the Act or Appended Table Laws; or
  2. a fact which is the reason for a disposition such as an order of a competent authority in the case where a violation of a disposition pursuant to the Appended Table Laws constitutes a fact in item (i) above (including the fact which is the reason for a different disposition or recommendation, in the case where the reason for disposition is the fact which is in violation of a different disposition or the fact which is not complying with a recommendation, etc. under the Appended Table Laws )[2].
 

[1]   The Appended Table of the Act lists the following:

  1. Penal Code;
  2. Food Sanitation Act etc.;
  3. Financial Instruments and Exchange Act;
  4. Act on Japanese Agricultural Standards,
  5. Air Pollution Control Act;
  6. Waste Management and Public Cleansing Act;
  7. Act on the Protection of Personal Information; and
  8. Other laws designated by cabinet order as laws concerning the protection of individual lives and security of the person; consumer interests; environmental conservation; fair competition; the lives, personal security and property of citizens; and other similar interests.

[2] An example of a reportable fact in the case of (ii) would be a violation of Food Labeling Standards under the Food Labeling Act. To be more specific, a violation of Food Labeling Standards itself does not constitute a criminal act, but if there is a violation of Food Labeling Standards, the prime minister may instruct the violator to comply with the Food Labeling Standards, and if after receiving the instruction, the violator does not take the measures pertaining to such instruction without just cause, the prime minister may order such violator to take the measures pertaining to such instruction. A violation of such order constitutes a criminal act. Therefore, a violation of Food Labeling Standards would be included in a reportable fact under this clause (Consumer Affairs Agency, Handbook for whistleblowing, at p.8), last visited June 28, 2022).

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The Whistleblowing Act allows the reporting of any violations related to the public interest, while specific attention is drawn to the following areas in the law:

  • inaction, negligence, abuse of office or other unlawful acts of public officials;
  • corruption, violations of the rules on financing political organisations (parties) and their associations and restrictions on pre-election campaigning;
  • embezzlement of public funds or property;
  • tax evasion;
  • public health threats;
  • threat to food safety;
  • threat to building or construction safety;
  • threat to environmental safety, including actions affecting climate change;
  • radiation protection and nuclear safety;
  • threat to occupational safety;
  • threat to public order;
  • violation of human rights;
  • infringements in the field of public procurement and public-private partnerships;
  • infringements in the financial and capital market sector, including fraud and other illegal activities affecting the financial interests of the European Union;
  • money laundering and the prevention of the financing of terrorism and proliferation;
  • infringements of competition law and business support rules;
  • infringements in the field of the provision of goods and services, including safety and compliance;
  • infringements in the field of transport safety;
  • infringements in the field of the internal market;
  • infringements in the field of animal welfare;
  • consumer protection; and
  • protection of privacy and personal data and security of network and information systems.
Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

According to the Law, a “breach” means a criminal act, administrative offence, official misconduct or breach of work duties, or a gross violation of the mandatory norms of professional ethics, an attempt to conceal said infringement or any other breach of the law posing a threat or causing harm to the public interest. It is a breach if it has been planned but not implemented, is being committed or has been committed at the company. Whistleblowers may become aware of the breach through his or her present or former service, employment or contractual relationship (eg, counseling, contracting, subcontracting, internships, volunteering) with this company, including through recruitment or another pre-contractual relationship.

The list of areas of breaches is not definitive, which means that it covers all possible areas for the protection of the public interest, not just those listed in article 2(1) of the Directive.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

While the directive only covers certain acts and policy areas of the European Union, the government has decided, in line with its coalition programme [2018-2023], to extend the scope of Bill 7945 to all national laws.

The scope of whistleblowing in the current regime in the financial sector, the insurance sector, the public sector and the Labour Code, includes:

  • Insurance sector: potential or actual infringements of the laws and regulations listed in articles 303 paragraph 1, and 304 or other conduct referred to in articles 303 paragraph 1, and 304 (article 4, a) of the law of December 7, 2015, on the insurance sector (ie, any infringement of the law of 7 December 2015 on the insurance sector and its implementing regulations; any infringement of the law of 27 July 1997 on insurance contracts, as amended, and its implementing regulations; any failure to comply with the instructions of the Commissariat Aux Assurances);
  • Financial sector: any suspicion or reasonable grounds to suspect that money laundering, a related predicate offence or terrorist financing is taking place, has taken place or has been attempted; any potential or proven violations of the law of 5 April 1993 on the financial sector or the law of 30 May 2018 on markets in financial instruments; and any significant and legitimate concerns related to the internal governance of the institution or to internal and regulatory requirements in general;
    • Labour Code: bribery, influence peddling and unlawful taking of interest regarding their colleagues, their employer or anyone senior in rank, as well as an external person; any work situation which can reasonably be suspected to present a serious and immediate danger to health and safety and any flaw in protective systems; and any discrimination or sexual harassment;
    • Public sector: equal treatment, direct or indirect discrimination, sexual harassment, unlawful taking of interest, bribery, influence peddling, bribery of judges and acts of intimidation committed against persons holding public office.
Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

All illegal or unethical dealings of a company, an employer or director of a company are subject to whistleblowing.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

For this law, the following shall be considered an infringement:

  1. anything contrary to rules contained in the Acts of the European Union referred to in the Annex to Directive (EU) 2019/1937 of the European Parliament and the Council, or any national rules implementing, transposing or complying with such acts or to any other rules contained in legislative instruments implementing or transposing them, including those providing for criminal offences or administrative offences, concerning the fields of:
    • public procurement;
    • financial services, products and markets and the prevention of money laundering and financing of terrorism;
    • product safety and compliance;
    • transport safety;
    • environmental protection;
    • radiation protection and nuclear safety;
    • food and feed safety, animal health and animal welfare;
    • animal health and welfare;
    • public health;
    • consumer protection; and
    • the protection of privacy and personal data and security of network and information systems;
  2. anything contrary to and detrimental to the financial interests of the European Union referred to in article 325 of the Treaty on the Functioning of the European Union (TFEU), as specified in the relevant Union measures;
  3. anything contrary to the internal market rules referred to in article 26(2) TFEU, including competition and state aid rules, as well as corporate tax rules;
  4. violent, especially violent and highly organised crime, as well as the crimes provided for in article 1(1) of Law No. 5/2002 of 11 January establishing measures to fight organised and financial crime; and
  5. anything contrary to the rules or provisions covered by paragraphs (1) to (3).

Although it is not expressly foreseen in EU and domestic legislation, it is debatable whether breaches or violations of employment law rules are subject to whistleblowing.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

The proposed Romanian implementation follows encouragement by the EU to extend the list of sectors (public procurement, financial services, money laundering, product and traffic safety, public health, consumer and data protection) subject to whistleblowing procedures and stipulate a general protection for reports on any breaches of law, including specific rules on ethics and codes of conduct for certain professions. Such an extension of the scope of application, combined with vague exclusions (see question 11) and the refusal to analyse anonymous reports, may, however, have the opposite effect and discourage whistleblowers from reporting any wrongdoing.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Section 2 of the Draft establishes that “this law protects the natural persons who report, through any of the procedures provided for therein”:

  • Any action or omission in breach of European Union law as defined in the Annex to the Directive, regardless of the categorisation they receive under national law, and provided that they affect the financial interests of the Union as referred to in section 325 TFEU or have an impact on the internal market as referred to in section 26 (2) of the TFEU.

    This scope corresponds with that of the Directive.
  • Any action or omission that may constitute a serious or very serious criminal or administrative offence or any violation of the rest of the legal system, provided that it directly affects or undermines the public interest and does not have a specific regulation. In any case, the public interest is deemed affected when the action or omission involves economic loss for the Treasury.

    This is an expanded scope introduced by the Draft.

    Section 2 also refers to particular cases where the protection of the Law transposing the Directive will apply (for example, in reports regarding infractions of occupational hazards regulations, even if there is a specific regulation) or not (classified information, among others).
Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

As a starting point, any breach, violation, irregularity or misconduct, as well as any personal grievance, may be subject to whistleblowing.

That said, the Whistleblowing Act only applies to whistleblowing in a work-related context concerning:

  • violations of EU law as per the Whistleblowing Directive; and
  • irregularities in the public interest.

Irregularities in the public interest include any act, omission, accident or other occurrence, whether intentional or negligent, ongoing or historical that may harm the public at large. Whistleblowing concerning other irregularities and misconduct, such as personal grievances or concerns related to the reporting person’s working conditions, are not protected under the Whistleblowing Act. Instead, such whistleblowing may be protected under, for example, the Discrimination Act.

Also, note that the Whistleblowing Act does not apply to whistleblowing concerning certain matters of national security.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

In the UK, only certain “protected disclosures” will be protected under the Employment Rights Act 1996. There are several conditions, one of which is that the disclosure of the information must “tend to show” that one or more types of failures or wrongdoing has occurred or is likely to occur (each a “relevant failure”):  

  • a criminal offence has been committed, is being committed or is likely to be committed;
  • a person has failed, is failing or is likely to fail to comply with any legal obligation to which he or she is subject;
  • a miscarriage of justice has occurred, is occurring or is likely to occur;
  • the health or safety of any individual has been, is being or is likely to be endangered;
  • the environment has been, is being or is likely to be damaged; or
  • information tending to show any matter falling under the categories above is being or is likely to be deliberately concealed.

There is no requirement that the qualifying disclosure must relate to a relevant failure or failures of the employer. The disclosure can relate to a relevant failure of the employer, an individual employed or engaged by the employer or a third party.

There is also no requirement that the relevant failure occurs or would occur in the UK. It could occur, or be occurring, outside of the UK.

The other conditions are set out in question 14.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Whistleblowing protections under federal law apply to complaints concerning a broad array of subjects, including, but not limited to:

  • Fraud and Financial Issues
    • Anti-Money Laundering Act;
    • Consumer Financial Protection Act;
    • Criminal Antitrust Anti-Retaliation Act;
    • SOX;
    • Taxpayer First Act;
  • Employee Safety
    • section 11(c) of the Occupational Safety and Health Act (OSH Act);
  • Environmental Protection
    • Asbestos Hazard Emergency Response Act;
    • Clean Air Act;
    • Comprehensive Environmental Response, Compensation and Liability;
    • Energy Reorganization Act;
    • Federal Water Pollution Control Act;
    • Safe Drinking Water Act
    • Solid Waste Disposal Act;
    • Toxic Substances Control Act;
  • Consumer Product, Motor Vehicle, and Food Safety
    • Consumer Product Safety Improvement Act;
    • FDA Food Safety Modernization Act;
    • Moving Ahead for Progress in the 21st Century Act;
  • Transportation Services
    • Federal Railroad Safety Act;
    • International Safe Container Act;
    • National Transit Systems Security Act;
    • Pipeline Safety Improvement Act;
    • Seaman’s Protection Act;
    • Surface Transportation Assistance Act;
    • Wendell H Ford Aviation Investment and Reform Act for the 21st Century
  • Health Insurance
    • Affordable Care Act
Last updated on 29/07/2022

11. Are there special whistleblowing procedures applicable to specific economic sectors or professional areas?

11. Are there special whistleblowing procedures applicable to specific economic sectors or professional areas?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

The Act provides for an extra strict enforcement mechanism for companies active in financial services, products and markets and for rules for the prevention of money laundering and terrorist financing. So the financial and banking sector is under additional scrutiny. However, the procedures stay mostly the same.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

Yes. As a result of the Brazilian Anti-Money Laundering law, the Central Bank has issued an administrative ordinance (4859/2020) that determines that financial institutions and other businesses subject to its authority have a whistleblower channel. Among other obligations, they must inform the Central Bank of operations that may indicate potential money laundering conduct. Non-compliance with such obligations will expose the companies and their officers to penalties such as warnings, fines, temporary bans from working as an officer of a company subject to the Central Bank’s authority or even closing of the business.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Yes, the WBP Act specifically excludes its application in the matters of defence and national security, except where such matters are covered by Union acts listed in Part I of the Annex to the Directive. Furthermore, the governmental bodies competent for matters of defence and national security must regulate the protection of whistleblowers and the reporting procedure in the areas of key security and defence interests (specifically the protection of key security and defence interests). To our knowledge, there are still no adopted or publicly available regulations covering WBP and reporting procedures in the areas of key security and defence interests.

In addition, if the Union acts listed in Part II of the Annex to the Directive provide for separate rules on reporting irregularities, the WBP Act restricts its application only to matters that have not been regulated by such separate rules.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

There are special whistleblowing procedures for some areas, including banking and insurance; these industries which may offer additional advantages, such as a simplified reporting procedure.

For instance, the Financial Market Authority (FMA) has deployed a whistleblowing system reserved for persons looking to provide the FMA with strictly confidential information concerning infringements of European legislation, the Monetary and Financial Code or the FMA General Regulation. 

A whistleblower who has learned of such events in his or her working life or business relationships can report them in writing (in electronic format or on paper), verbally by phone, or by meeting in person with specialist members of the staff in the offices of the AMF.

An acknowledgement of receipt is sent within seven days.

Guarantees apply to whistleblowers who report infringements accurately:

  • the originator of the report, the person targeted and the information collected are strictly confidential during receipt and processing; and
  • the whistleblower would also not be subject to dismissal, punishment or discriminatory measures, whether direct or indirect, notably concerning compensation or career development, or any other unfavourable measure, for having in good faith reported an infringement to the FMA.

(DOC-2018-13 – Procedures for whistleblowers reporting infringements of the regulations to the FMA; Act 2016-1691 of 9 December 2016 on transparency, anti-corruption and economic modernisation, article L.634-1 of the Monetary and Financial Code)

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

The draft bill of the Whistleblower Protection Act itself does not distinguish between different sectors regarding the internal reporting process. However, it contains an enumerative list of regulations from other statutes that take precedence over the Whistleblower Protection Act for the reporting of information on violations; these regulations are therefore lex specialis compared to the Whistleblower Protection Act (section 4 (1) HinSchG-E). Priority special provisions are, among others, regulated by the Money Laundering Act, the Banking Act, the Insurance Supervision Act and the Stock Exchange Act.    

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

The Whistle Blowers Act of 2014 targets public servants and is intended to prevent corruption, misappropriation of assets and misuse of power in the public sector. Further, provided a whistleblower makes full and true disclosure of all material facts, the settlement commissions established under the Income Tax Act 1961 and the Goods and Services Tax Act 2016 have the power to grant them immunity from those statutory penalties. Similarly, the Competition Commission of India established under the Competition Act 2002 possesses the power to award a reduced penalty to an informant who is a part of an anticompetitive cartel and makes a full, true and vital disclosure.  The Securities Exchange Board of India also rewards whistleblowers who are themselves guilty of violating securities law by granting anonymity and a pardon for their complete cooperation.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

No, there are no special whistleblowing procedures applicable to specific economic sectors or professional areas.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

Latvian law does not provide for special whistleblowing procedures. Whistleblowing is subject to special procedures only in cases where such special procedures are established specifically in law.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

No.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

There are special procedures currently in place in the financial sector or for state and municipal employees.

In such cases, the provisions of the Bill will supplement the less favourable provisions of these existing procedures.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

Yes. Some of the Codes and Guidelines with whistleblowing procedures that are industry-specific have been stated in question 1.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

According to article 116-AA of the Legal Framework of Credit Institutions and Financial Companies, credit institutions must implement specific, independent and autonomous means for receiving, processing and filing reports of serious irregularities related to their administration, accounting organisation and internal supervision, and any serious signs of breaches of the duties provided for in the Legal Framework or Regulation (EU) No. 575/2013 of the European Parliament and the Council.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

Appendix 1 to the Draft Law contains references to the special procedures applicable both EU-wide and at a national level (ie, stock-listed companies, the insurance sector, managers of alternative investment funds and offshore oil businesses). Specialists have particularly drawn attention to the fact that the vague wording of article 1 paragraph 4 of the Draft Law may exclude a large spectrum of companies involved in national defence and security from the mandatory protection of whistleblowers.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Yes, for example in the finance sector (anti-money laundering) and antitrust.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Yes, there are sector-specific regulations that have precedence over the Whistleblowing Act, such as within the financial services sector.

Also, certain professionals can be held liable for any wilful breach of qualified secrecy applicable by law.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

The UK Corporate Governance Code recommends public-listed companies implement whistleblowing procedures.

Financial services firms regulated by the Financial Conduct Authority or the Prudential Regulation Authority will be subject to regulatory rules and requirements that govern the terms and operation of their whistleblowing procedures.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Different whistleblower statutes employ different procedures. For example, an employee cannot file a SOX whistleblower claim in a federal district court before filing a complaint with the Occupational Safety and Health Administration (OSHA) and exhausting all administrative remedies. An employee alleging retaliation under Dodd-Frank, by contrast, need not first file a complaint with OSHA; they may proceed directly to court. Similarly, many state whistleblower statutes do not erect any administrative hurdles.

Last updated on 29/07/2022

13. Who can be a whistleblower?

13. Who can be a whistleblower?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

The personal scope is very broad: it can be employees (workers); independent workers; shareholders; members of administrative, management or supervisory bodies; volunteers and interns (paid or unpaid); any person working under the supervision and direction of contractors, subcontractors and suppliers; ex-employees; or employment candidates. However, companies do not have to make their internal reporting channels accessible to persons other than their employees (the other persons can use the external system).

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

A whistleblower can be any person defined as such in the company’s Code of Ethics and Integrity, Whistleblower Procedure or equivalent document: employees, former employees, applicants, contractors, suppliers, clients or any persons that have information about inappropriate conduct.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Any person that acquires knowledge of or information on irregularities within their work environment and reports such irregularities under the prescribed reporting procedure may be considered a whistleblower. This includes:

  • persons within an employment relationship;
  • persons with the status of a self-employed person;
  • holders of stocks in a joint-stock company or holders of shares in a limited liability company, as well as persons who are members of the administrative, management or supervisory body of a company, including non-executive members, volunteers, and paid or unpaid interns;
  • persons working under the supervision and direction of contractors, subcontractors and suppliers; and
  • persons that in any way participate in the activity of the legal or natural person.
Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

To benefit from whistleblower protection, the individual can be:

  • an employee;
  • a former employee when the information was obtained in the course of his or her employment;
  • applicants for a job;
  • shareholders or partners of the entity concerned;
  • external and occasional employees of the entity; and
  • contractors and subcontractors.
Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

Whistleblowers may be employees, but also, for instance, self-employed persons, volunteers, members of corporate bodies or employees of suppliers. In addition to persons who obtain knowledge in advance, such as in a job interview or during pre-contractual negotiations, the scope of protection also includes those for whom the employment or service relationship has been terminated. As a result, the status of a whistleblower is not dependent on formal criteria such as type of employment.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

There are no limitations or qualifications on who can be a whistleblower. Any person with knowledge of a breach or wrongdoing may report it and qualify as a whistleblower.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

A worker[1], dispatched worker[2], a worker of a business partner (eg, a counterparty under a service agreement), and officers[3] of juridical persons and a worker, a dispatched worker and a worker of business partners who quit within 1 year after resignation can be a whistleblower (article 2, paragraph 1 of the Act).


[1]   A worker means a worker as provided for in Article 9 of the Labor Standards Act (Act No. 49 of 1947).

[2]   A dispatched worker means a worker in Article 2, Item (ii) of the Act on Securing the Proper Operation of Worker Dispatch Business and Improvement of Working Conditions for Dispatched Workers (Act No. 88 of 1985).

[3] “officer” means an executive officer, operating officer, accounting advisor, auditor, director, inspector, liquidator, or any person other than those persons who engage in the management of a corporation based on the provisions of laws and regulation (excluding accounting auditor).

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

Only natural persons, if they comply with the definition of whistleblower as provided in the Whistleblowing Act (please see question 12).

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

Please see question 12.

It could be added that “a person who provides information on a breach” is a natural person who provides information about a breach in a company, which he or she learned about from his or her service, employment or contractual (consulting, contracting, subcontracting, internship, traineeship, voluntary activity, etc) relationship with that or during recruitment or other pre-contractual relationship. It may also include a self-employed person who reports the breach, shareholders or members of the administrative, management or supervisory body of the company (including non-executive members, as well as volunteers and paid or unpaid trainees), or any natural person employed by contractors, subcontractors or suppliers.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro
  • Workers:
    • private-sector employees;
    • public-sector employees and civil servants,
    • trainees and volunteers;
    • former employees; and
    • persons involved in recruitment processes.
  • Business partners:
    • self-employed workers,
    • employees of subcontractors and suppliers;
    • former co-contractors; and
    • persons in pre-contractual negotiations;
  • Members of corporate governance:
    • shareholders;
    • members of the administrative body; and
    • members of the supervisory body.
Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

A whistleblower can either be an employee or a stakeholder of a company.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

The following may be considered whistleblowers: employees in the private, social or public sector; service providers, contractors, subcontractors and suppliers, as well as any persons acting under their supervision and direction; and shareholders and persons belonging to administrative or management bodies, or supervisory or controlling bodies of legal persons, including non-executive members and volunteers and interns, remunerated or unremunerated.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

The term includes:

  • workers;
  • self-employed persons within the meaning of article 49 TFEU;
  • shareholders and persons belonging to the administrative, management or supervisory body of an undertaking, including non-executive members, as well as volunteers and paid or unpaid trainees; and
  • any persons working under the supervision and direction of contractors, subcontractors and suppliers.

Moreover, former employees or persons who have acquired information during the recruitment process or other pre-contractual negotiations may be whistleblowers.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

The definition given by the Draft is very similar to the one in section 4 of the Directive, namely:

  • civil servants and workers;
  • self-employed;
  • shareholders and persons belonging to the administrative, management or supervisory body of an undertaking, including non-executive members; and
  • any persons working under the supervision and direction of contractors, subcontractors and suppliers.

The Law will also apply to persons when they report or publicly disclose information on breaches obtained in a work-based relationship that has since ended, volunteers, trainees (regardless of whether they are paid or not) and persons whose employment relationship is yet to begin in cases where information on breaches has been obtained during the recruitment process or other pre-contractual negotiations.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Please see question 12.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

Whistleblowing legislation in the UK protects a wide range of individuals. The following individuals can be a whistleblower:

  • employees;
  • employee shareholders; and
  • an extended definition of workers, including:
    • agency workers;
    • self-employed medical practitioners in the NHS and student nurses/midwives;
    • police officers;
    • homeworkers and freelancers; and
    • trainees.

The level of legal protection will depend on the status of the individual (please see question 23).

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

SEC Rule 21F-2 provides: “A whistleblower must be an individual. A company or other entity is not eligible to be a whistleblower.”

Although SOX generally applies only to publicly traded companies, the Supreme Court held in Lawson v FMR LLC (2014) that SOX’s whistleblower protections extend to employees of a publicly traded company’s contractors and subcontractors.

Although typically applied in the employer-employee context, the courts have held that the SOX whistleblower protections also extend to shareholders who provide information to the SEC.

Last updated on 29/07/2022

14. Are there requirements to fulfil to be considered as a whistleblower?

14. Are there requirements to fulfil to be considered as a whistleblower?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

The reporting should happen in a work-related context (except for financial fraud). There are two main conditions for receiving protection as a whistleblower. First, the reporter needs to have a reason to believe that the reported information on infringements was correct at the time of reporting and the information has to fall within the material scope of the Act. This will be assessed in light of a person with a similar situation and knowledge and the protection will be granted even if the reported information is later proven to be wrong. Second, the whistleblower has to follow the legal procedure for internal or external reporting or disclosing information publicly.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

There are no statutory requirements in Brazilian law. However, it is good practice that the whistleblower is a person acting in good faith and not seeking direct financial compensation.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Yes, persons reporting or publicly disclosing irregularities will be considered to be whistleblowers if they:

  • had a legitimate reason to believe that what they report or publicly disclose is true at the time of making the report or disclosure;
  • had a legitimate reason to believe that the information falls within the scope of the WBP Act; and
  • make the report or public disclosure as per the rules set by the WBP Act.
Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

A whistleblower must fulfil the following requirements:

  • Be a natural person. It excludes legal entities such as Companies, Works Councils or associations.
  • Act in good faith.
  • Do not research any direct financial compensation.
Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

To be qualified as a whistleblower, the person providing the information must have obtained the information in the context of his or her professional activity or in the preliminary stages of professional activity.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

Not applicable.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

Please see question 12.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

Yes, certain preconditions need to be met:

  • a person must submit a whistleblower’s report;
  • the whistleblower's report must contain information regarding a possible infringement detrimental to the public interest;
  • the information provided in the report must be obtained during the performance of work duties, or during the process of establishment of work relationship, including traineeship or other types of legal relations related to professional activity;
  • the whistleblower’s report cannot be anonymous.

Finally, this whistleblower’s report has to be recognised as such, otherwise the person would lose whistleblower status.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

Just the ones described in questions 12 and 13. It also must be assessed whether the notification is made to protect the public interest or if there is a threat to the public interest.

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

The following requirements must be met:

  • compliance with the form of reporting required by law (use of correct reporting channels);
  • respect for the hierarchy of the reporting channels; and
  • good faith.
Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

There is no requirement to be fulfilled to be considered a whistleblower in Nigeria. Once an employee or a stakeholder has reasonable grounds to believe illegal or unethical conduct on the part of his or her employer, the management or directors of a company has occurred, the employee can disclose the illegal and unethical behaviour to the relevant body or authority stipulated in the company’s whistleblowing policy.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Only persons who report or divulge infringements based on information obtained in the course of their professional activity will be protected as whistleblowers. However, the fact that the complaint or public disclosure of an infringement is based on information obtained in the course of a professional relationship that has since ended, or during the recruitment process or other pre-contractual negotiation stage of an existing or unincorporated professional relationship, does not preclude the person from being regarded as a whistleblower.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

To qualify as a whistleblower and benefit from the protection envisaged for these persons, the individual must:

  • belong to the category described in question 13;
  • have reasonable grounds to believe that the information reported was true at the time of reporting and the reporting is necessary; and
  • have filed an internal or external reporting or public disclosure.

Romanian NGOs have criticised the wording of the second condition regarding the whistleblower verifying whether the reporting is necessary without any indication what is “necessary”.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

This is described in questions 12 and 13.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Please see question 12.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

Yes. In the UK, only certain “protected disclosures” will be protected under the Employment Rights Act 1996. A protected disclosure must satisfy three main conditions. It must:

  • be a disclosure of information;
  • be a “qualifying disclosure”, meaning that in the reasonable belief of the worker making the disclosure it is made in the public interest and tends to show that one or more types of failures or wrongdoing has occurred or is likely to occur (for details of relevant failures or wrongdoing please see question 10); and
  • be made under the specific methods of disclosure depending on the recipient of the disclosure.

Regarding the “methods” of disclosure (ie, to whom disclosure is made), the disclosure requirements range from limited requirements for an internal disclosure to an employer up to more stringent requirements for external disclosures to a third party outside of the employer’s organisation.

Minimum Requirements

A qualifying disclosure is made where the worker makes the disclosure to:

  • the employer;
  • a third party authorised by the employer to receive qualifying disclosures;
  • their legal adviser in the course of obtaining legal advice; or
  • to a Government minister if the worker’s employer is a statutory appointed individual or body (for example, an executive non-departmental public body or an NHS body).

In such cases, there are no additional requirements over and above the general conditions 1 and 2 set out above.  

Moderate Requirements

A qualifying disclosure is made where the worker makes the disclosure to:

  • a responsible person. In this instance, the worker must reasonably believe the relevant failure relates solely or mainly to:
    • the conduct of a person other than the employer; or
    • any other matter for which a person other than the employer has responsibility; or
  • any “prescribed persons” named in a relevant order. This includes, but is not limited to, HM Revenue and Customs, The Office of Communications (Ofcom), the Financial Conduct Authority and the Health and Safety Executive. However, in this instance, a worker must reasonably believe that:
    • the relevant failure is within the remit of the prescribed person; and
    • the information disclosed and any allegation contained in it is substantially true.

Stricter Restrictions

Under UK law, a worker may make an external disclosure to a third-party organisation (eg, the press, and union officials); however, for such disclosures to be protected four additional conditions must be met.

The worker must:

  • reasonably believe that the information they have disclosed and any allegation contained in it is substantially true;
  • not have made the disclosure for personal gain;
  • either:
    • reasonably believe (when they made the disclosure) that they will be subjected to a detriment by their employer if they make a disclosure to the employer or prescribed person;
    • (where there is no prescribed person) reasonably believe that if they were to make the disclosure to the employer, it is likely that evidence surrounding the relevant failure will be concealed or destroyed; or
    • have already made a disclosure of substantially the same information to their employer or a prescribed person.
  • The fourth and final test is that, in all the circumstances of the case, it must be reasonable for the worker to make the external disclosure.

However, where an external disclosure relates to an “exceptionally serious” failure the conditions are slightly less stringent. The conditions are:

  • the worker must reasonably believe that the information disclosed, and any allegation contained in it, is substantially true;
  • the worker must not make the disclosure for personal gain;
  • the relevant failure must be of an exceptionally serious nature (eg, rare cases of extreme public concern); and
  • in all the circumstances, it is reasonable for the worker to make the external disclosure. 
Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Yes, though the answer to this question will depend upon the context. To qualify as a whistleblower for purposes of collecting a bounty award under Dodd-Frank, the individual must provide original information that leads to successful enforcement action.

For purposes of the anti-retaliation provisions in many whistleblower protection statutes, the individual must: engage in “protected activity” as defined under the various whistleblower statutes; suffer an adverse employment action (such as a demotion or termination); and demonstrate that the protected activity was the cause of the adverse employment action.

Last updated on 29/07/2022

15. Are anonymous alerts admissible?

15. Are anonymous alerts admissible?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

Companies with under 250 employees can choose whether or not they will allow anonymous internal reporting. Companies with 250 or more employees will have to allow it. In any case, reporters can always anonymously report externally to the competent reporting authority.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

Yes, anonymous alerts are admissible and a recommended practice in Brazil.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

Yes, anonymous whistleblowing reports are admissible, but the company is not legally required to investigate an anonymous report. This is because the WBP Act states that a whistleblowing report must contain information on the identity of the whistleblower, and the company may deem that an anonymous report does not represent a qualifying whistleblowing report. In any case, the WBP Act extends its protection to persons who submitted an anonymous report if the identity of that person becomes known.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

French law allows anonymous whistleblowing reports.

The processing of anonymous alerts is subject to the same rules as for identifiable alerts. However, provisions requiring feedback from the author of an internal or external alert are not applicable in the case of an anonymous alert.

The CNIL states that anonymous reports are the exception, not the rule, and should be managed with particular guarantees.

It means that when an employer receives an anonymous alert, it is preconized: to establish the seriousness of the reported violation, to establish the existence of detailed factual elements, to subject it to prior examination by the first recipient of the report before the initiation of further investigations and also to make clear, during any transmission relating to this alert, that it is anonymous.

The anonymous whistleblower is covered by the same protections as an identified whistleblower. It means that if an employer refuses to process an anonymous alert, it could be subject to an obstruction:

  • Interfering with the transmission of an alert is a criminal offence punishable by up to one year of imprisonment and a fine of 15,000 EUR.
  • In parallel, according to the law the maximum civil fine for any dilatory or abusive procedures against a whistleblower due to the information reported or disclosed is 60,000 EUR. 
  • In addition to these fines, the author of the obstruction may be ordered to pay damages to the whistleblower.

 

Last updated on 29/07/2022

Flag / Icon

Germany

  • at Oppenhoff
  • at Oppenhoff

The draft bill of the Whistleblower Protection Act does not state that the employer must set up reporting channels in such a way that anonymous reports are admissible (section 16 (1) HinSchG-E). Also, external reporting offices do not have to process anonymous reports (section 27 (1) HinSchG-E). However, employers are entirely free to choose whether to provide systems that allow for the submission and processing of anonymous reports or not.

Last updated on 29/07/2022

Flag / Icon

India

  • at Khaitan & Co
  • at Khaitan & Co

As per the Whistle Blower Protection Act, a complaint is only acted upon by the competent authority if the complainant discloses their identity in the complaint. Complainants providing false identities or anonymous complaints are not recognised.

However, there is no embargo under the Companies Act against anonymous reporting concerning the activities of companies. The Audit Committee or Board of Directors may independently assess the contents of the anonymous complaint and take necessary action or attempt to reach out to the whistleblower for further information and cooperation. Leading business organisations in India allow anonymous complaints and have put in place processes to safeguard the identity of whistleblowers, and ensure the confidentiality of the investigation process.

Last updated on 29/07/2022

Flag / Icon

Japan

  • at City-Yuwa
  • at City-Yuwa
  • at City-Yuwa

Yes, anonymous whistleblowing is admissible[1].


[1]   Consumer Affairs Agency Guidelines Explanation, supra note 3, Section 3 II (1)(iii)(c), at p.10.

Last updated on 29/07/2022

Flag / Icon
Latvia

Latvia

  • at Ellex Klavins
  • at Ellex Klavins

The Whistleblowing Act does not provide such an option, but the company may accept anonymous alerts at its own discretion. However, it should be borne in mind that whistleblower protection is not possible in these cases. If the whistleblower is subsequently identified, he or she is covered by statutory protection, including against adverse consequences.

Last updated on 29/07/2022

Flag / Icon
Lithuania

Lithuania

  • at Ellex Valiunas

A person may submit an anonymous report via an internal channel, but in this case, he or she will not be subject to the protection, encouragement and support measures provided for in the Law. Also, for a person who has provided information on the breach to be recognised as a whistleblower by the competent authority, he or she must be identified (ie, the personal data requested in the notification form is necessary for the identification of the person by the competent authority when deciding whether to grant the status of whistleblower).

Last updated on 29/07/2022

Flag / Icon
Luxembourg

Luxembourg

  • at Castegnaro
  • at Castegnaro

Yes.

Last updated on 29/07/2022

Flag / Icon
Nigeria

Nigeria

  • at Bloomfield LP

Anonymous alerts are admissible under whistleblowing policies. However, the weight to be attached to such anonymous alerts will be determined by the whistleblowing policy of the company in question.

Last updated on 29/07/2022

Flag / Icon

Portugal

  • at Cuatrecasas
  • at Cuatrecasas

Not only are they admissible, but internal reporting channels must guarantee the anonymity of whistleblowers or else they will face severe penalties.

Last updated on 29/07/2022

Flag / Icon

Romania

  • at STALFORT Legal. Tax. Audit
  • at STALFORT Legal. Tax. Audit

One of the major criticisms brought to the Draft Law in the form sent for promulgation is the fact that it has restricted anonymous reporting. In the previous wording (adopted by the Senate on 19 April 2022) anonymous reports were accepted and analysed as long as they contained sufficient information for verifying the alleged wrongdoing. According to the current version of the Draft Law, anonymous reports need not be analysed (article 11 paragraph 1b), since a report needs to formally bear the name and signature of the whistleblower.

It seems like the Romanian political class is still very reluctant to implement verification obligations in anonymous cases. Some critics invoke a connection with the communist past and a society in which “everybody sneaked on everybody”[3]

 

[3] On the historical sensitivity of such topic, Radu Ogarca in: “Whistle Blowing in Romania”, 2009, accessed on 20.07.2022.

Last updated on 16/08/2022

Flag / Icon

Spain

  • at Cuatrecasas
  • at Cuatrecasas
  • at Cuatrecasas

Under the Draft, anonymous alerts are authorised. Precisely, section 7.3 establishes that “internal channels should allow the submission and processing of anonymous reports”. Moreover, as per external channels, section 17 also reflects that “communication can be carried out anonymously”.

Last updated on 29/07/2022

Flag / Icon

Sweden

  • at Lindahl
  • at Lindahl
  • at Lindahl

Yes; however, a business is under no obligation to accept anonymous reports and can demand that whistleblowers identify themselves in connection with reporting.

Last updated on 02/08/2022

Flag / Icon

United Kingdom

  • at Proskauer
  • at Proskauer
  • at Proskauer

Yes. The Department for Business Innovation and Skills  guidance on whistleblowing recognises that it is good practice to have a facility for anonymous reporting. However, it recommends that workers should be made aware that if a disclosure is made anonymously it may be more difficult for the individual to qualify for protection as a whistleblower. There will be no documentary evidence linking the worker to the disclosure for an employment tribunal to consider.

Last updated on 29/07/2022

Flag / Icon

United States

  • at Proskauer
  • at Proskauer

Yes. Section 301 of SOX requires covered employers to implement mechanisms for the submission of anonymous employee complaints.

Whistleblowers seeking bounty awards according to Dodd-Frank can also make anonymous complaints. However, an anonymous whistleblower must be represented by an attorney in connection with their submission of information and claim for an award, and must disclose their identity to the SEC before any award will be paid.

Protection of the identity of FCA whistleblowers is more limited. They can file a lawsuit under seal initially, but the seal typically will only remain in effect for 60 days if the government agrees to pursue the case.

Last updated on 29/07/2022

16. Does the whistleblower have to be a direct witness of the violation that they are whistleblowing on?

16. Does the whistleblower have to be a direct witness of the violation that they are whistleblowing on?

Flag / Icon

Belgium

  • at Van Olmen & Wynant

There is no such condition.

Last updated on 01/08/2022

Flag / Icon

Brazil

  • at CGM
  • at CGM
  • at CGM

There is no legal requirement that the whistleblower must be a direct witness of the violation.

Last updated on 29/07/2022

Flag / Icon
Croatia

Croatia

  • at Babic & Partners
  • at Babic & Partners

No, the WBP Act expressly provides that the information on the irregularities (i.e., breaches/violations) contained in the whistleblowing report may also include reasonable doubt on actual or potential irregularities that occurred or are very likely to occur, or on attempts to cover-up such irregularities.

Last updated on 29/07/2022

Flag / Icon

France

  • at Proskauer
  • at Proskauer

The law distinguishes two situations:

  • information obtained in the course of professional activity: in this case, indirect knowledge is sufficient; and
  • Information not obtained in the course of professional activity; in this case the whistleblower must have personal knowledge of these facts.

For example, if a person said to a co-worker that he had witnessed some illegal behaviour within the company, the co-worker could make a report through the intern alert channel even if he had not directly witnessed the facts.

Last updated on 29/07/2022