April 19, 2019
From: Corporate Counsel By Phillip Bantz
Now that the European Parliament has voted overwhelmingly to approve new rules that establish uniform standards for protecting whistleblowers from retaliation, companies that do business in any of the European Union’s 28 member countries should be preparing to avoid running afoul of the forthcoming law.
The rules are slated to take effect in two years, assuming that EU ministers approve the law, which is likely—observers expect that this is essentially a done deal.
“Color me surprised if this doesn’t go,” Shon Ramey, general counsel of NAVEX Global Inc., an Oregon-based ethics and compliance software company, said in an interview Friday.
Under the EU’s heightened standards, businesses will have to implement systems that allow whistleblowers to remain anonymous while reporting their concerns internally to company representatives or externally to authorities, the public or news outlets. Companies also will be banned from retaliating against whistleblowers and bear the burden of proving that they have not retaliated.
The proposed rules aim to bring consistency to whistleblower protection standards across the EU, which currently has a “patchwork of laws and regulations concerning whistleblowers’ rights,” according to Ramey.
At the moment, only 10 EU member countries—France, Hungary, Ireland, Italy, Lithuania, Malta, the Netherlands, Slovakia, Sweden and the U.K.—have comprehensive legal protections in place for whistleblowers.
Ramey wrote in a blog post that the EU’s vote April 16 in which 591 lawmakers were in favor of the new rules and only 29 were in opposition suggests the “beginning of a European Union perspective shift on whistleblowing.”
EU Parliament member Virginie Rozière of France said in a prepared statement that whistleblowers suffer “great precariousness.”
“On the eve of European elections,” she added, “Parliament has come together to send a strong signal that it has heard the concerns of its citizens, and pushed for robust rules guaranteeing their safety and that of those persons who choose to speak out.”
The new standards will apply to all private companies with more than 50 employees or with an annual turnover of more than 10 million euros, about $11.2 million; all state and regional agencies; and all local municipalities with more than 10,000 residents.
The entities covered by the law will have to ensure that they have established systems to receive confidential whistleblower reports in writing or over the phone and acknowledge receipt of a report within seven days, according to Ramey. He said companies also have to generate confirmation report numbers and keys or pin codes for each whistleblower notification they receive.
Whistleblower reporting systems can cost a few thousand dollars for small businesses or hundreds of thousands of dollars for global companies, Ramey said.
“If I’m the general counsel or chief compliance officer of one of these companies, I want one of these [systems] because I want a reporter who has a legitimate issue, an issue that I need to be thinking about from a compliance or good business standpoint, to have the easiest path in reporting that,” he said.
He added that when it’s difficult or risky to report concerns internally, whistleblowers tend to look for help outside the company, which can prove costly for a business.
“You as a company do not want to be litigating this in the public forum,” Ramey said.