Whistleblowers’ report management

Why is it important to manage non-compliance risk in case of whistleblowers’ tips

Under the Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law all covered legal entities in the private and public sector need to establish channels and procedures for internal reporting if misconduct and for follow-up of these reports.

Required actions

Pursuant to article 9 of the Directive the required framework includes:

  • channels for receiving the reports which are designed, established, and operated in a secure manner that ensures that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protected, and prevents access thereto by non-authorised staff members
  • acknowledgment of receipt of the report to the reporting person within seven days of that receipt
  • the designation of an impartial person or department competent for following-up on the reports, which will maintain communication with the reporting person and, where necessary, ask for further information from and provide feedback to that reporting person
  • diligent follow-up, where provided for in national law, as regards anonymous reporting
  • a reasonable timeframe to provide feedback, not exceeding three months;
  • provision of clear and easily accessible information regarding the procedures for reporting externally to competent authorities pursuant to Article 10 of the Directive.

The whistleblowers’ reporting channels described above shall enable reporting in writing or orally, or both. Oral reporting shall be possible by telephone or through other voice messaging systems, and, upon request by the reporting person, by means of a physical meeting within a reasonable timeframe.

How can we help?

  • training on the compliant incident management in case of a whistleblowers’ tip
  • support in setting up or revision of whistleblowing management programs
  • advice in following-up on reported incidents and, where necessary, in development and implementation of remedial actions.