Whistle-blowers for real
Did you know the deadline for implementation of the Whistleblower Protection Directive by EU members was 17 December 2021?
There’s a directive so…what now?
The new regulations will apply to public entities and entrepreneurs with at least 50 employees. The Directive introduces a number of obligations, the non-fulfilment of which will be subject to severe penalties. First of all, procedures must be adopted for reporting irregularities, with particular emphasis on the follow-up of the report. Moreover, internal reporting channels must be introduced to ensure the anonymity of the whistle-blower.
Importantly, member states may also oblige smaller companies to establish internal whistleblowing channels. But what decision will Polish legislators take?
Poland still lacks specific regulations
In Poland, very little action has been taken so far to implement the Directive. So far, the only step carried out has been the appointment of the minister responsible for drafting the act. Interestingly, the work will be conducted by the Ministry of Development, Labour and Technology.
It is difficult to say whether the Polish legislators will transpose the regulations of the Directive into the Polish act without any significant changes, or whether they will put more stringent solutions into place (as was the case, inter alia, in the anti-money laundering and terrorist financing act, or in the draft act on the liability of collective entities).
Regardless of the approach to the new regulations, it is clear that entrepreneurs will encounter a number of problems in the process of applying them in their business. Even those entities that have whistleblowing systems or procedures already in place will need to adapt them to the new regulations. Worryingly, those who have to implement the regulations from scratch will face sociological as well as technical and technological problems.
Whistleblowing channels
According to the Directive, it will be crucial for entrepreneurs to introduce internal whistleblowing channels that will provide whistle-blowers with complete anonymity.
In our experience, most entrepreneurs who have a whistleblowing procedure in place currently allow employees and other persons to report irregularities via dedicated e-mail addresses, by letter, or by putting information in a box placed in the workplace. Such solutions may be sufficient for the time being, but they do not always mean that whistle-blowers remain anonymous.
In Poland, the word ‘whistle-blower’ can still, at times, be synonymous with the word ‘snitch’ (which, fortunately, is slowly but surely beginning to change). As a result of the stigma attached, we often hear that employees avoid the above-mentioned channels of reporting in the belief that their anonymity is merely illusory. This is because it is always possible to verify who sent an e-mail; or perhaps another employee can associate other correspondence with the whistle-blower’s letter; or maybe surveillance recordings from the vicinity of a mailbox can be checked.
Is there anything that could convincingly dispel a whistle-blower’s doubts and assure him or her that they will not be identified? Cloud-based IT tools enabling complete anonymity are increasingly appearing on the market. These tools feature encryption of the whistle-blower’s data on the external server side, while access to the programme on the employer’s side is extremely limited.
One such program is Whistlink, a tool created by Olesiński i Wspólnicy in cooperation with IT service provider, Deviniti.
Whistlink for compliance
Whistlink is an easy-to-use tool that grants whistle-blowers the power to report, investigate and document irregularities.
Whistle-blowers can report via Whistlink in a number of ways – including completely anonymously, without giving any personal information. By these means, the whistle-blower can be certain that whoever is using the tool will not discover his or her identity. The program will even facilitate an ongoing dialogue with the anonymous whistle-blower.
An important function of Whistlink is the option to conduct investigations, as has been emphasised in the Directive. The person responsible for receiving whistle-blower reports can assign them to specific categories (depending on the type of irregularities they concern). The program delivers the capacity to contact the whistle-blower; in this way, the circumstances of the case can be inquired about (and the whistle-blower can still remain anonymous when answering questions!). The person in charge of these reports can also commission specific people, and collect and save information obtained in connection with an ongoing investigation.
Whistlink also allows the whistle-blower to be kept up-to-date about the commencement of an investigation, about actions taken, and about the outcomes of these actions. Thanks to this function, the whistle-blower knows that his/her report has been analysed, and appropriate action has been initiated.
In non-standard cases (e.g. when the report concerns the person receiving the report), the Whistlink user can, via the system, direct the report to a supervisor, e.g. members of the Management Board or Supervisory Board, which further ensures that the report will not be ignored.
In addition, Whistlink allows reports to be generated, based on the notifications being made, which can be especially important for listed companies. Currently, the Warsaw Stock Exchange and the Financial Supervision Authority recommend that the Supervisory Board participate in the irregularities management process, during conferences or training sessions. Helpfully, the reports generated by Whistlink can be submitted to the Supervisory Board and represent a valid part of the reporting process.
The future of reporting: machine learning
For the future, the developers of Whistlink have set themselves the goal of complementing the existing tool with numerous solutions based on machine learning. Features will be implemented to maximise the automated handling of submissions, achieved by having the system “learn” the programme’s submission standard. Furthermore, Deviniti is working on improving reporting so as to eventually provide ready-made, fully personalised summaries. Functionality is also being developed to analyse a whistle-blower’s activity before submitting a report: including time spent on the form, editing a prepared report, etc., while fully respecting the right of the whistle-blower to remain anonymous.
Author:
Justyna Papież
Olesiński & Wspólnicy
Senior Associate
Dział prawny
justyna.papiez@olesinski.com
Tomasz Wróblewski
Olesiński & Wspólnicy
Senior manager
Adwokat
tomasz.wroblewski@olesinski.com
Last Updated on February 18, 2021 by Karolina Ampulska