This article first appeared in The Sunday Business Post on 30 June 2019.
On 16 April 2019, the European Union Parliament adopted the Directive on the Protection of persons reporting on breaches of Union Law (the ““Whistleblowing Directive”). This is a significant development for whistleblowing protection in Europe. Once the Directive is implemented in member states it will allow a more uniform approach to whistleblowing across the EU by providing “safe channels” for an individual to air certain grievances in relation to EU law.
Recent scandals such as Cambridge Analytica and the Panama papers have shown the benefit to the general public of an individual “blow the whistle” and that citizens should not be fearful of retaliation for exposing wrongdoing.
In many respects the Directive does not diverge greatly from the Protected Disclosures Act 2014 (the “2014 Act”) Act so the system is already familiar to us. Indeed in a press release from 11 July 2018 in advance of the adoption of the Directive the Department of Public Expenditure and Reform stated that Ireland already had “comprehensive” whistleblowing measures under the Protected 2014 Act in being and was “well placed” for the Directive.
There are 3 key differences:
- the Directive relates to breaches of European Union law only and in this regard differs from the current protections available under the 2014 Act. It includes protections where a disclosure is made in relation to breaches of corporate tax rules or arrangements whose purpose is to defeat the object or purpose of the applicable corporate tax law, product safety, transport safety, financial services, and prevention of money laundering among others.
- the 2014 Act provides protection to workers however, the Directive goes further than this and provides for protection and redress to shareholders who may be retaliated against for whistleblowing.
- both public and private entities will be required to have internal reporting procedures. Currently, under the 2014 Act only public bodies are required to have procedures to facilitate protected disclosures.
The reporting system under the Directive is structurally similar to Ireland - internal reporting, external reporting and public disclosure. The Directive envisages, in most cases, a report would be made internally first.
Under the Directive, private entities with 50 or more employees are required to have internal procedures to deal with reporting. Entities with between 50-249 employees can share resources regarding receipt and potential investigation of such reports. It is mandatory, regardless of size, for entities in the areas of financial services, prevention of money laundering or terrorist financing to have internal reporting channels. Additionally, member states can require entities with less than 50 employees, after completing the appropriate risk assessment, to create internal reporting channels.
The internal report procedures must facilitate employees making reports in writing, orally or on request in person. The Directive further states channels for receiving reports must be secure and ensure confidentiality of the reporting person and third parties mentioned in the report.
Internal reporting can be sidestepped where the reporting person has valid reasons to believe he or she will suffer retaliation, the competent authorities are best place to take effective action, there is risk evidence might be concealed or destroyed, or internal report could jeopardise subsequent investigations. Further, a person can report externally where the entity does not respond within the three months or internal channels are exhausted and no appropriate action was taken.
To make a public disclosure, the reporting person must first follow the adopted approach or can go public directly where there is an imminent danger to the public interest.
Although the Directive has yet to be approved by the Council of Europe (from that time member states will have 2 years to implement the Directive), companies coming within the scope of the Directive should begin reviewing their policies to look to implement appropriate reporting channels where necessary. Companies should further consider whether any existing policies could be potentially deemed retaliatory under the Directive.
Redress and Impact
It is unclear how redress will be measured in Ireland where a shareholder is retaliated against for making a report or disclosure. Generally, in the employment context compensation is calculated based on wages which will be different to establishing appropriate shareholder compensation. It will be interesting to see how the Irish whistleblowing legislation will be amended in light of the Directive. It is clear however that there is a mindset change towards whistleblowers and an acknowledgement at an EU level of the public value that they bring.
For further information, please contact Anne Lyne email@example.com at Hayes solicitors.Back to Full News
Share this article:
About the Author
Anne is a partner in the Employment team at Hayes solicitors. She has considerable experience advising and representing employers and employees on all aspects of the employment relationship from pre-employment matters to termination.