Whistleblowers – new responsibilities
In 2002, Cynthia Cooper (Worldcom), Sherron Watkins (Enron) and Coleen Rowley (FBI) were named Time’s Man of the Year. The first two exposed illegal activities that led to multi-billion dollar abuses in the companies they worked for. Rowley, in turn, reported irregularities in the investigations of people suspected of terrorism. People like them, commonly referred to as “whistleblower”, are a source of information about potential irregularities in the organizations they work for or with which they cooperate.
European directive
Currently, the implementation of “whistleblowing” mechanisms is required in Poland only in entities such as banks and obligated institutions with regard to violations of the Act on counteracting money laundering and terrorist financing (including life insurance companies). However, the Directive on the protection of persons reporting breaches of EU law[1] (hereinafter referred to as the “Directive”) should be implemented by mid-December this year.
The Directive introduces the obligation to establish procedures and channels for reporting irregularities in such areas as:
- public procurement,
- services, products and financial markets,
- prevention of money laundering and terrorist financing,
- product safety and compliance,
- transport safety, environmental protection,
- radiation and radiation protection. nuclear safety,
- food and feed safety,
- animal health and welfare,
- public health,
- consumer protection,
- protection of privacy and personal data,
- security of information networks and systems.
The new responsibilities will apply to all organizations with 50 or more employees. The deadline for implementation in companies with up to 249 employees may be postponed by an additional 2 years if the legislator so decides. Moreover, regardless of the number of people employed, public sector institutions will be obliged to implement the whistleblowing system.
Informer or concerned citizen?
According to the EU guidelines, the implementation of the Directive should be combined with an information campaign making people aware that whistleblowers do not harm the workplace or their colleagues. Their motivation is the public interest. It is the motivation that is one of the important factors in assessing whether the person reporting suspected irregularities will be covered by legal protection. The Directive expressly prohibits the punishment of an employee and any retaliation by the employer for disclosing irregularities in the company.
An often cited example of the controversial operation of whistleblowing regulations (in this case a native of the USA) is the situation of Edward Snowden. Accused of revealing state secrets, he has been hiding from the American judiciary for years. The reason is the disclosure by him in 2013 of information about mass American surveillance, breaking both US law and international agreements (including a program that allowed for mass eavesdropping on calls made via VoIP phones and the Internet).
Technical and organizational support
Entrepreneurs start looking for tools that will allow them to handle the new process. It is important to maintain the confidentiality of whistleblowers’ data and full accountability of the cases examined. Such a solution is prepared by JT Weston on the iBPMS Neula platform. The ready application allows to record reports, share information about them with authorized persons, as well as report the results of investigation activities. It is possible to adapt it to the needs of the organization. Designated employees of the company can enter information about notifications on their own. It is also possible to send suspicions via Internet channels ensuring the anonymity of the whistleblower. Even in the case of anonymous reports, there is an option of two-way communication to clarify the allegations and collect additional evidence.
Moreover, JT Weston, along with the application, offers optional services related to the independent evaluation of applications. It is an additional element ensuring protection of the reporting entity and, at the same time, reliability of service. It is an effective external support for the self-control mechanism.
[1] Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law