Whistleblowers – what next, Poland?
The European Parliament and the Council of Europe adopted a Directive on the protection of whistleblowers – Directive (EU) 2019/1937[1] (hereafter: the Directive). It was intended to protect whistleblowers, i.e. persons who report the possibility of wrongdoing or crime by an entity with which the whistleblower has a business or contractual relationship, from retaliation. The result was supposed to be an increase in whistleblowing, contributing to better compliance with the law and a reduction in financial losses.
Calendar
The directive was adopted on 23 October 2019. 17 December 2021 was the deadline for its implementation into national law (transposition). In January 2022, the Commission sent letters of formal notice to 24 Member States for failure to transpose (out of 27 countries in the EU). In turn, on 15 July, the EC announced further steps against 15 countries (including, among others: Poland, the Netherlands, France, Ireland, Italy, Hungary), which, despite an earlier call, have still not introduced national legislation implementing the directive.
Meanwhile, in Poland:
- 18 October 2021 – the Government Legislation Centre presented the first draft of the relevant law
- 30 December 2021 – more than 100 positions submitted as part of the arrangements, public consultations and opinions on the draft Polish law were published.
- 12 April 2022 – the second version of the Act appeared
- 7 July – the third version was made public
- 4 August – version 4.0 (dated 22 July) was published
- 8 August – draft regulation on whistleblowers has been sent to Parliament[2].
Effects
The Directive is still not implemented in Poland. The situation is similar in more than a dozen EU countries. Changes to the provisions of the Act in relation to previous versions of the draft, starting from version 3, are mostly editorial in nature. They do not bring significant substantive changes. At the same time, the summer intensification of activities can hardly be regarded as the result of Brussels’ admonition, as presented by some commentators. The lack of reaction to the multi-million euro fines imposed by the CJEU (e.g. the counter resulting from the Disciplinary Chamber judgment has been beating at the rate of €1 million per day for more than a year) shows that a rather formal letter can do little.
For the time being, some protective mechanisms for employees reporting violations are contained in the Labour Code. These include the possibility of claiming compensation from an employer, for example, if it has committed discrimination. The Civil Code, on the other hand, provides the basis for the protection of the whistleblower’s personal rights, while by means of a request for payment of compensation, an employee may pursue claims in connection with harassment committed as a result of reporting a violation. Similar provisions can be found in anti-money laundering and counter-terrorist financing regulations (with the group of obliged institutions to which they apply being rather limited).
What to expect
Sooner or later, however, appropriate regulations will be introduced on the basis of the directive. At that time, there will be little time to introduce appropriate procedural, organisational and technical solutions (especially for companies with more than 250 employees). Among others, the following should be borne in mind:
- setting up or adapting an existing channel for the receipt of reports that allows for their transmission in a secure manner, ensuring anonymity and confidentiality
- informing the whistleblower of the receipt of a report (up to 7 days after its submission), as well as of the manner in which the report has been dealt with or further proceedings (no later than 3 months after the submission of the report)
- designate an impartial entity competent to follow up and conduct a credible investigation
- selecting a potential external partner to assist the organisation in receiving and handling notifications, including the use of IT tools
- keeping a register of reports
- being prepared to draw the consequences provided for by law, such as referral to the relevant law enforcement authorities or disciplinary proceedings against the person responsible for the breach
- providing clear and easily accessible information on reporting procedures (internal and external)
Involved in the implementation of changes
Preparation and implementation of the necessary changes will involve multiple organisational units. The compliance officer should focus on the organisational and procedural aspects, transferring the statutory provisions to the everyday life of the organisation. The new requirements must be reflected in the management structure, control and reporting mechanisms. The human resources department will be involved in providing training and raising employee awareness in the area of whistleblowing (need and process). The IT area will probably build internal or adapt external communication channels and ensure the security of the processed data. And finally, management, especially senior management, who by their attitude and actions should encourage openness in reporting violations. Shape the organisational culture in such a way that ‘sweeping inconvenient issues under the carpet’ becomes a thing of the past, if it has happened before.
[1] https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32019L1937&from=EN