On 17th December 2021, the European Union unveiled the Whistleblower Directive (EUWD). It ensures common minimum standards of protection are in place in all 27 member states to protect those who Speak Up about breaches of EU laws from retaliation or recrimination.
If you’ve yet to implement changes in your business to comply with the Directive, here are the top 10 things you need to know.
1. Who is considered to be a ‘whistleblower’?
In the context of the EUWD, anyone who reports a breach of Union law that is harmful to the public interest is considered to be a ‘whistleblower’. This includes board members, consultants and contractors, volunteers, and even job applicants. They may choose to report internally to stakeholders within their organization or to an external body such as a regulator or the Ombudsman. Whistleblowers, therefore, play a key role in exposing and preventing breaches and in safeguarding the welfare of society.
2. Why the directive is necessary
The European Commission introduced the Directive because whistleblowers in the EU were considered to have insufficient protection against retaliation from their employers.
Potential whistleblowers are often discouraged from reporting their concerns or suspicions for fear of retaliation in the form of dismissal, harassment, or even physical harm. The importance of providing balanced and effective whistleblower protection is increasingly acknowledged at both the EU and international levels.
3. Reporting is composed of three tiers
Under the Directive, a three-tier reporting structure has been introduced whereby employees can report their concerns through:
- Internal reporting channels: facilitated by the organization either through its own developed channels or supplied by external providers, such as Vault Platform. Reporting through internal channels should be directed to an internal dedicated team.
- External reporting channels: facilitated by the relevant national authorities or the appropriate EU institutions. Reporting through external channels should be directed to the designated authorities.
- Public reporting channels: such as going directly to the media, or via a public forum such as Twitter.
4. Which organizations are affected by the change?
As of December 2021, all organizations with more than 250 employees working in the EU must comply with the EUWD, including those headquartered outside of the Union but with operations in EU jurisdictions.
5. The Directive will expand in 2023
In December 2023, the Directive will be extended to entities with between 50 and 249 employees working in the EU.
6. It’s up to the EU Member States to determine what changes need to be made
Each EU member state must define how to establish the necessary protection for whistleblowers, such as the channels available to them. The only stipulation in the Directive is that the potential whistleblowers’ identities are kept confidential.
7. The Directive is a step-change
The new Directive does not provide a completely new form of protection. For example, there is a requirement for whistleblower schemes in financial services. The main difference is that the EUWD imposes an obligation to set up whistleblower schemes for a much wider group of enterprises than before, regardless of the type of business.
The Directive is also meant to act as a minimum standard. The EU Commission encourages member states to go beyond this standard and establish even more comprehensive frameworks for whistleblower protection based on the same principles. Several countries have already opted to go beyond the minimum standards, including Denmark and Sweden where the law protects individuals reporting breaches of EU law, breaches of national law and ‘serious matters’ in Denmark, and ‘any misconduct in the public interest’ in Sweden.
8. The Directive helps organizations as well as their employees
While the key objective of the Directive is to protect whistleblowers from retaliation, it also helps organizations by:
- highlighting the serious nature of fraud, corruption, discrimination, and harassment in the workplace
- encouraging openness and accountability in government and corporate workplaces
- allowing them to build ethical, forward-thinking brand reputations
Our ‘Trust Gap’ survey revealed that office-based employers in the UK and US are likely to have spent over $20 billion in re-hiring costs. Organizations that fully embrace the Directive can make it clear that they will support whistleblowers from retaliation. This action can establish concrete trust with their employees, resulting in a boost in retention and engagement, and could save the organization from the growing costs of rehiring.
9. Organizations face a number of hurdles
It may be challenging for organizations that operate cross-border to implement the Whistleblowing Directive, as they must take into account both new and existing whistleblowing laws across multiple regions. They’ll also need to decide whether to apply a single whistleblowing framework or adopt a country-by-country approach.
Another potential challenge once a framework is in place relates to communication and training. Teams such as HR and E&C will need to be familiar with any changes to ensure they are fully implemented and understood by teams working in each region the organization operates in.
10. Vault can help your organization comply
Organizations with more than 250 employees based in the EU can use Vault Platform to drive operational efficiencies. Vault is fully compliant with GDPR and is ISO 27001 certified, and doesn’t rely on incident reporting via a third party, such as outsourced hotline solutions.
The Vault mobile app is a trusted and highly accessible way of capturing all relevant details of an incident, which creates a frictionless experience to make people feel safe and encouraged. Thanks to automated triage and easy collaboration between teams, Ethics and Compliance professionals can connect the dots and identify risk patterns before they become problems.
Revolutionize misconduct reporting and resolution for your EU-based employees by booking a demo today.
