The legislation on Whistleblowing and its practical implication for Board Members

The whitepaper EU Directive 2019/1937 and the National Law compiled by the Fraud and Integrity Working Committee gives an overview of the practical implication for Board Members of the legislation on Whistleblowing.

This Law protects whistle-blowers working in the private or public sector from retaliation when reporting unlawful activities or actions contrary to European or national law.

As part of their oversight responsibilities, Boards of Directors should review the effectiveness of the whistleblowing system put in place and request regular updates about its management and implementation.

The Board of Directors should also foster a corporate culture that promotes safe and secure reporting channels. Continuous communication, training, and a clear crisis management plan are essential to maintaining trust in the whistleblowing process.
The whitepaper proposes that Boards address the following questions to ensure their whistleblowing procedures are effective and compliant.

1. Is our current procedure compliant and effective?
A thorough gap analysis should be conducted to update existing policies as the scope of the new Law goes far beyond previous legal requirements in Luxembourg. Governance, operational procedures, tool implementation, communication channels, investigation protocols and GDPR implications must be evaluated.

2. Do we have the right people managing the channel?

Ensure the reporting process is overseen by trained individuals and consider outsourcing to increase impartiality.

3. How involved should the Board be?
The Board should actively oversee the whistleblowing process, potentially involving members in investigations and communication campaigns. The Board has also an important role in setting the tone at the top which is crucial for promoting a “speak up” culture.

4. Are conflicts of interest and high-profile cases adequately managed?

A conflict-of-interest procedure must be in place to route such cases to an independent assessor. High-profile investigations might require a different level of authority than cases at lower levels.

5. Do we protect reporting persons and sanction misconduct and abusive behaviour?
Protections for whistle-blowers should be robust, and sanctions for misconduct, including abuses of the system, should be consistently applied.

6. How do we ensure effective remediation?
Clear action plans should be established for remediation, with regular reporting to the Internal Audit and Risk Management and, for serious cases, to the Board.

7. What can we learn from the information we get and don’t get?
Boards should review reports to assess system effectiveness, trends, and issues, even when no reports are made.

8. Do we need a crisis plan in place?
A crisis management plan should be prepared to handle worst-case scenarios.

9. How do we continuously communicate and raise awareness?
Ongoing communication and adequate training are essential to maintain a "speak-up" culture and keep stakeholders informed.

10. How should we deal with abuses of the Whistleblowing channel?
Mechanisms should be in place to handle the misuse of the system, for example reporting matters that do not relate to illegal activity or false information, while maintaining the credibility and trust of the system.

READ THE WHITEPAPER


Key Governance Developments - September 2024