Group-wide whistleblowing systems not enough for the European Commission

In this guest article from Havel & Partners, authors Robert Nešpůrek and Michal Smrček give an excellent explanation of why group-wide whistleblowing systems are not sufficient under the EU Whistleblowing Directive.   

The EU Whistleblowing Directive (Directive (EU) 2019/1937 of the European Parliament and of the Council) requires private entities with more than 50 employees and most public entities to introduce reporting channels and processes for handling internal whistleblowing. The implementation deadline of 17th December 2021 has now passed. 

Numerous global and major national companies already have centralised group-wide reporting systems in place. They are relying on these global solutions as being sufficient beyond 17 December 2021. The European Commission has clearly rejected this interpretation. 

A group-wide whistleblowing system is not sufficient  

The idea of a centralised reporting system was rejected by the European Commission in its interpretation guidelines in response to a joint letter from industry associations from several Member States. 

The Commission explained that the Directive makes it clear that any private entity with more than 50 employees is required to implement an internal reporting system, regardless of whether or not the entity is part of a corporate group. Any other interpretation would be contrary to the law. 

The Directive does not prohibit centralised group-wide whistleblowing systems, but these can only exist in parallel to reporting systems at the level of individual companies.  

The Commission has justified its opinion on the grounds that the system is more efficient if the problem is dealt with at the level of the company where the case was reported, and by the different legal regulations that will be adopted at the national level.  

All Member States will have to respect this interpretation in implementing the Directive. Therefore, if you have more than 50 employees, you should start preparing for the implementation of your own whistleblowing system. This applies even if you already have a global system in place within your group. 

Sharing of resources within a group is allowed, but only to a limited extent 

Where subsidiaries have up to 249 employees, they may, in accordance with the Directive, pool the resources for investigating a report with their parent company. However, the following conditions must be complied with, as interpreted by the Commission: 

• The whistleblower must be able to report at the subsidiary level, i.e. the subsidiary’s internal whistleblowing channels must be active and functional. 
• The whistleblower must be informed of who at the parent company’s level, will have access to the report to carry out the investigation. He or she must always have the option to refuse the parent company’s investigating the reported misconduct and request an investigation of the whistleblowing in the subsidiary’s whistleblowing system. 
• The responsibility for maintaining the confidentiality of the report, for providing the whistleblower with feedback and for taking corrective action in relation to the reported misconduct always remains with the subsidiary. 

Resource pooling is not possible for subsidiaries with more than 249 employees 

For larger companies, i.e. the subsidiary has more than 249 employees, resource pooling is not allowed. Each such company must establish its own internal whistleblowing system that is independent of the group’s central whistleblowing system, and have sufficient available capacity to deal with notifications. 

How to deal with whistleblowing cases that concern the whole group 

Even if you don’t have systematic investigation sharing in place within the group, there may be situations in which dealing with reported breaches at the parent company level is the only effective solution.  

These are situations where the report relates to a structural problem within the group or multiple companies within the group and where the company at which the breach was reported does not have the competence to effectively resolve the problem. In such cases, as the European Commission explains, the whistleblower should be informed of this fact and asked to agree to the case being transferred within the group to an entity that is competent to resolve the problem.  

However, this entails considerable risks.  

If the whistleblower does not agree to the transfer of the reported matter, he or she must be allowed to withdraw the report and submit it through external channels. This, for example, in the Czech Republic will be through the newly established office within the Ministry of Justice.  

The group therefore risks losing control of the reported case and faces the related potential reputational damage, material and non-material damage, high costs, protracted litigation, and other adverse consequences. 

Revision of existing group-wide whistleblowing systems is necessary 

For many global organisations, the Commission’s interpretation is surprising. The centralisation of whistleblowing systems allows for a concentration of practices and experiences, a consistent approach to whistleblowing across the group, and efficient problem-solving at a lower cost. 

Although the European Commission’s interpretation is not binding, it will be interesting to see whether individual states will oppose this interpretation and transpose the Directive into their legal systems more benevolently.  

It is already clear, however, that organisations with more than 50 employees that do not put a workable whistleblowing system in place for their employees will risk whistleblowers making reports externally, to the authorities or sometimes directly to the media. And that is always the most painful solution for a company. 

Havel & Partners therefore recommend that all groups review their centralised whistleblowing systems, decentralise them or implement new whistleblowing systems at the level of individual subsidiaries to comply with the requirements of the Directive. We believe that for smaller players a whistleblowing system can always be set up in a cost-effective and proportionate manner, taking into account the cost and size of the company and its internal workings. It will be good to use permitted forms of group-wide resource sharing. Sometimes it will make sense in terms of cost and competences to outsource the management of the whistleblowing systems to a third party. 

About Havel & Partners 

Havel & Partners, the largest Czech-Slovak law firm, provides comprehensive legal services and tax advice to international as well as domestic clients.    

Havel & Partners offers a complete set of services for whistleblowing. This includes implementation of whistleblowing channels and processes and outsourcing of the receipt, assessment and handling of whistleblowing reports.  

One of Havel & Partners services is ensuring the implementation of whistleblowing channels and processes, for receiving and verifying reports for its clients. The company also acts as the party responsible for receiving reports and handling the whistleblowing process. 

For more information on the company’s full range of whistleblowing services, please visit the Havel & Partners website. 

About the authors 

Robert Nešpůrek is one of the founding partners of Havel & Partners. He currently manages the firm’s Commercial, IP & TMT practice group. 

Michal Smrček is a partner of Havel & Partners and specializes mainly in compliance, financial services and insurance.  

Are you interested in learning more about a whistleblowing service and safe internal reporting channels? Read more about the EU Whistleblowing Directive here and at EUR-Lex.

Are you looking for a safe and secure whistleblowing solution or would you like to discuss a whistleblowing system for your organisation? Please contact us or book a free demo!