Introduction
We encounter whistleblowing more often than one might
think. Think of Al Pacino in the movie Serpico, where he played a cop who
refused to adopt his colleagues' practice of taking bribes from New York
criminals. But it is not just the subject of famous Hollywood films like
Serpico or the equally popular Erin Brockovich, but also media-famous cases
like the Panama Papers or Cambridge Analytica. Even covid-19 has become more
widely known thanks to a Chinese doctor and whistleblower Li Wen-liang.
Currently, unlike in the United States, where
whistleblowing is a common part of corporate culture, there is no tradition of
whistleblowing regulation in Europe and the regulation in the individual EU
Member States is not yet uniform and of sufficient quality. The European Union
is responding to this with Directive 2019/1937[1], which aims to set minimum
standards for whistleblowing policies.
Whistleblowing in European law
The aim of whistleblowing, as the Directive deals with
it, is to protect the public interest and prevent the negative impact of
economic crime on society. It does not cover complaints of a personal nature,
reports of bullying, harassment, and so on. The subject matter is therefore
infringements of legislation in the areas of public procurement, financial
services, products and markets and the prevention of money laundering and
terrorist financing, product safety and compliance, transport safety, environmental
protection, nuclear safety, public health, consumer protection, privacy and
personal data protection, and others.
Whistleblowing and authorized entities
The essence of whistleblowing itself is to report
conduct that is contrary to any of the areas mentioned above, both in the
public and private sectors. According to the Directive, whistleblowers are
primarily workers, i.e., in the eyes of European case law, people who, for a
certain period, carry out activities for another person and under their
direction for which they receive remuneration. However, the regulation does not
apply only to workers, but covers a relatively wide range of subjects. These include, for example, self-employed
people, shareholders, people serving on corporate bodies, as well as volunteers
and trainees. All whistleblowers enjoy the same protection against the risks
that whistleblowing may pose to them.
Why do we need whistleblowing?
The need for whistleblowing stems from the fact that
violations in the above-mentioned areas are often hidden from law enforcement
authorities and the necessary information is difficult to access. Internal
scrutiny by employees and others is therefore an effective tool for overcoming
information asymmetries and dealing with violations within the structures of
companies and institutions.
Internal and external whistleblowing
According to the Directive, internal reporting
channels are to be set up individually in each of the obliged entities, but an
external state-coordinated unit is also expected to be established. The
notifier can choose which of these channels to turn to. In the interests of the
entities subject to this legislation, it is desirable to have a
well-functioning internal system. It is also undoubtedly more convenient for
whistleblowers and less demanding in terms of evidence to contact the company
directly. Indeed, surveys in the United States show that only 18% of
whistleblowers choose to report outside the company as their first option. Only
after internal whistleblowing has failed do 84% of whistleblowers subsequently
use external means.[2] Therefore, if it is possible to cover risks
to the public interest internally, we recommend doing so also to protect
reputation, which is very valuable and vulnerable. As a significant proportion
of whistleblowers have been shown to use the internal route first, companies
and institutions should be adequately prepared for the internal implementation
of whistleblowing.
What should you not forget when creating an internal
notification system?
The first step is to choose a suitable platform. The
options are to create a purely internal channel, use an existing compliance or
similar department, or use an external service. Notification can then take
place via electronic forms, a telephone line, a face-to-face meeting, or even
postal correspondence. The choice of the appropriate platform should depend on
the size of the company as well as the mix of employees and others. For
international companies, it is necessary to keep in mind the different language
versions and to ensure availability due to time delays. In all cases, the
identity of the whistleblower and their position must be protected. Providing
legal advice to potential whistleblowers on whistleblowing issues is also an
effective tool.
If a notification is made, the identity of the
notifier and the data collected must first be secured in a secure repository.
Then assess whether a breach has occurred and take appropriate action. All
notifications should be treated equally and subject to the same review. The
progress of the procedure should be communicated to the notifier in a timely
manner, the Directive gives a reasonable time limit of maximum 3 months.
Shorter time limits increase the confidence of whistleblowers in the corporate
notification system.
Czech legislation
EU Member States are required to transpose the
Directive by the 17th of December 2021. Czech legislation must
therefore ensure that whistleblowers are protected against retaliation[3] when reporting
infringements by that date. Unfortunately, the institution of whistleblowing
still evokes negative connotations in our environment, and therefore the
perception of whistleblowers needs to be improved and their rights
strengthened.
Currently, the Chamber of Deputies is debating two bills
on the protection of whistleblowers - a government bill (submitted by the
Ministry of Justice)[4] and a parliamentary bill[5]. According to the
government bill, a mandatory internal whistleblowing system is to be introduced
for specified entities (in addition to public authorities, e.g., employers with
at least 25 employees on average in the past calendar quarter) and a
specialized body of the Ministry of Justice is to be created to serve not only
as an external whistleblowing point, but also as an informative and advisory
point.
According to the explanatory memorandum of the
government proposal, the protection of whistleblowers should consist, among
other things, in shifting the burden of proof to the defendant. Thus, if
whistleblowers encounter retaliation and defend themselves in court, it will be
up to the one who was the target of the notification who should have taken the
retaliatory measure (i.e., the defendant) to prove that it was not retaliation.
Conversely, the companies and other entities that are subjects to
whistleblowers may defend a false report through the courts or by filing a
criminal complaint for defamation or false accusation.
The MP's legislature proposal makes the establishment
of internal reporting channels mandatory, especially for larger public sector
institutions (e.g., the state or its organizational unit, a public university,
a health insurance company). For other employers, it leaves the establishment
on a voluntary basis. Instead of an external reporting point, the whistleblower
will, according to the proposal, contact the law enforcement authorities or the
competent administrative authorities.
Conclusion
We can already see a certain degree of protection for
whistleblowers in the current Czech legislation. However, there is no
comprehensive whistleblowing regulation in our legal system, despite many
efforts to enforce whistleblowing in Czech law. This is now to be done through
a European Union directive, which provides a sophisticated basis and provides
our legislator with minimum standards. However, the real need for and benefit
of new comprehensive whistleblowing legislation for the Czech legal environment
is questionable and we can only wait for the final form of the Whistleblower
Protection Act and its application in practice.
[1] Directive (EU) 2019/1937 of the
European Parliament and of the Council of 23 October 2019 on the protection of
whistleblowers.
[3] According to the Directive,
retaliation is any direct or indirect act or omission occurring in a work
context that is triggered by an internal or external communication or
disclosure and that causes or is likely to cause unjustified harm to the
whistleblower.