In the past few years, scandals such as Cambridge Analytica and the Panama Papers have brought the role of “whistleblower” to the forefront. But what is a whistleblower? In simple terms, the whistleblower is a person working for a private or public institution who, once made aware of legal breaches or wrongdoing, reports and exposes the infringements to the public.
The European Parliament believes that whistleblowers play a key role in safeguarding the welfare of society and deserve additional protection. Whistleblowers may be fearful of reporting concerns. The EU has passed the Whistleblower Directive which is due to be implemented at the national level by 17 December 2021. While this legislation specifically applies to businesses operating in Europe, its broad scope will have a material impact for entities operating both inside and outside of the EU.
As the Whistleblower Directive radically increases the population of those who can whistleblow (including external parties), it is highly likely that the number of whistleblower complaints will rise in the coming years. Financial institutions were already required through a number of previous measures to have internal whistleblowing policies. Nonetheless, the Directive’s requirements go further and means that entities will be required to upgrade to more sophisticated protocols.
Designing internal procedures to comply with the Directive is far from simple. While many financial services firms have established whistleblowing policies, financial institutions must enhance the procedural protections required by the Directive. The most successful firms will have a robust whistleblower system in place, embedded in a strong culture of ethics, leading to effective control of communication and follow-up actions.
Designing a successful whistleblowing policy requires far more than procedural change. Companies may wish to use this opportunity to not only comply with the Directive but also optimise the way in which whistleblowing forms a part of the overall control environment.