EU Commission Approves New Whistleblower Protections

shon-ramey.png

As stated in the Commission’s official announcement, the new rules are intended to "protect and encourage reporting of breaches of EU law."

It appears we are at the beginning of a European Union (EU) perspective shift on whistleblowing. After almost a year in the proposal process, lengthy negotiations, and a final vote on Tuesday, April 16, the EU Commission approved a single, heightened standard for whistleblower protection across all of its 28 member countries. As stated in the Commission’s official announcement, the new rules are intended to “protect and encourage reporting of breaches of EU law.”

This is significant because prior to yesterday’s directive, EU countries had a patchwork of laws and regulations concerning whistleblowers’ rights. Today, only 10 EU countries provide full legal protection for whistleblowers. The remaining offer varying degrees of protection, some only applying to specific industry sectors or types of employee.  

The recognized need for EU-wide rules came into sharp focus in early 2018. Leading up to that time, whistleblowers played key roles uncovering corruption schemes like the Panama Papers, Danske Bank money laundering, and the Facebook–Cambridge Analytica data scandal. These violations were brought to light thanks to the persistence and courage of citizen whistleblowers. The new legislation is designed to lower the level of personal risk and exposure that has previously suppressed would-be reporters.

Key aspects of the newly approved protections include:
  • A ban on all forms of retaliation
     
  • A three-tier reporting system that ensures confidential reporting channels for:
     
    1. Internal reporting within an organization
    2. External reporting to authorities
    3. Reporting to the public or media
       
  • The burden of proof to be on the organization, which must prove that it is not acting in a retaliatory way against the whistleblower
     

I am especially encouraged to see the new regulations specifically extend protection to those who report internally. As General Counsel of a sizable company, I can vouch for the value of encouraging employees to report internally. Any well run organization with integrity should want to know about issues or suspected violations, so they can be addressed and fixed without external intervention. But this will only happen if people know they are protected from retaliation when they do report.  

Research also found that companies with greater internal reporting use had significantly lower legal exposure than those where the hotline is little used or ignored. 

Beyond the obvious value of better employee engagement, recent research from George Washington University shows a correlation between increased internal hotline use and positive business results. Specifically, the research found that companies with robust hotline use were more profitable. Perhaps more importantly, the research also found that companies with greater internal reporting use had significantly lower legal exposure than those where the hotline is little used or ignored. 

I am a firm believer in the value of an internal hotline and have written about it in this space before. As such, I applaud the Commission’s directive and what it implies for organizations all across the EU. Any step we can take, as business leaders or legislators, to protect those brave enough to report wrongdoing when they see it, is a positive one indeed.


Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.


A Warning on "Meaningful" Compliance With FTC Orders

The Federal Trade Commission (FTC) wants more detail in the compliance reports companies are submitting as part of consent decrees. Let's discuss what this means for compliance officers' day-to-day management of their compliance programs.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

State-Specific Data Privacy Laws for Online Businesses

To be a competitive player in the modern data-driven marketplace, companies need to ensure they are keeping up with changing data privacy laws. From California to Vermont, let's look at how the General Data Protection Regulation (GDPR) has affected state laws and how to best comply with these new regulations.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.

Comments