HOW MUCH TIME DO YOU HAVE?
After months of work, the Law on whistleblowers of 14 June 2024 was published in the Official Gazette on 24 June 2024. Most of the provisions of this Act – including those relating to whistleblower protection and internal reporting obligations – will come into force on 25 September 2024. You therefore have less than three months left to prepare for your new obligations!
WHO IS AFFECTED BY THE PROVISIONS OF THE ACT?
The provisions of the Whistleblowers Act will apply to almost all private entities regardless of the forms of employment used.
The level of employment (i.e. the number of employees and co-workers – persons providing work for remuneration on a basis other than the employment relationship, if they do not employ other persons for this type of work) will only be relevant for determining the scope of obligations incumbent on a given entity.
WHO IS A WHISTLEBLOWER?
A whistleblower will be any individual who reports or publicly discloses information about a breach of the law obtained in a work-related context. Therefore, if you use other people’s work on any basis, you may have a whistleblower!
The law directly indicates examples of the roles that a whistleblower can play in your company. It can certainly be: an employee, temporary employee, proxy, shareholder or partner, member of a body (management board or supervisory board), intern, volunteer, trainee. Remember, however, that a whistleblower can also be someone working for your contractor, subcontractor or supplier (e.g. in one of the roles identified above), as well as someone who has ended their relationship with your company or merely participated in the recruitment process for any position in your organisation.
WHAT CAN A WHISTLEBLOWER REPORT BE ABOUT?
Under the Act, whistleblowers can report a violation of the law (an act or omission that is unlawful or intended to circumvent the law) in 17 areas.
In your internal reporting procedure, you may additionally provide for the possibility of reporting violations relating to your internal regulations or ethical standards that have been established pursuant to and remain consistent with generally applicable law.
The most important areas that may be reported on are:
1) corruption;
2) public procurement;
3) financial services, products and markets;
4) anti-money laundering and countering the financing of terrorism;
5) product safety and compliance;
7) environmental protection;
8) public health
9) consumer protection;
10) protection of privacy and personal data;
11) security of ICT networks and systems;
12) financial interests of the State Treasury of the Republic of Poland, local government unit and the European Union;
13) the EU internal market (inter alia, competition rules and state aid and corporate taxation).
WHAT DOES THE WHISTLEBLOWER STATUS ENTAIL?
A whistleblower is subject to the protection set out in the Act from the moment of filing a notification or public disclosure, provided that the whistleblower had reasonable grounds to believe that the information that was the subject of the notification or public disclosure was true at the time of filing the notification or public disclosure and that it constituted information about an infringement of the law.
For example, if a person providing work for you makes a report and becomes a whistleblower you have a number of obligations, including:
– you must protect the whistleblower’s personal data from disclosure,
– you must not retaliate against them (in simple terms – actions that have a negative impact on the whistleblower’s existing rights/situation),
– you must exercise extra diligence if, for reasons other than the reporting (e.g. lack of demand for work), you want to terminate cooperation with the whistleblower (the onus will be on the company to demonstrate that this is not related to the reporting),
– in case of retaliation – you will be obliged to pay compensation (not less than the average monthly salary in the national economy in the previous year announced by the Central Statistical Office),
– you have limited possibilities of exercising your rights aimed at prosecuting the whistleblower, e.g. to disciplinary liability or liability in the case of defamation, violation of personal rights, copyrights, etc.
The person assisting the whistleblower in making the report is similarly protected.
WHAT IS THE THRESHOLD OF 50 “EMPLOYEES” ABOUT?
Pursuant to the Act, the obligation to deal with internal reporting and to have an internal reporting procedure applies – in principle – to entities for which at least 50 persons perform gainful employment.
This group does not only include employees! When determining the state of employment, we also take into account persons providing paid work on a basis other than an employment relationship, if they do not employ other persons for this type of work (i.e. all so-called ‘self-employed’ – on commission or B2B contracts).
The law describes in detail how to count this employment status and as of what date.
There are important exceptions to the employment threshold rule! A number of entities will be obliged to have an internal notification procedure regardless of the level of employment (and thus already with one employee or contractor)!
We are talking about entities carrying out activities in the fields of financial services, products and markets and anti-money laundering and terrorist financing, transport safety and environmental protection covered by the European Union acts listed in Parts I.B and II of the Annex to Directive 2019/1937.
Who, for example, will be required to have an internal notification procedure regardless of the number of employees? Among others, these are:
– credit providers, including consumer credit, real estate credit, factoring or forfeiting,
– parabanking institutions,
– leasing providers,
– entities distributing insurance,
– entities providing advice to businesses on capital structure, industrial strategy and related issues, as well as advice and services relating to mergers and the acquisition of businesses,
– accountants and accounting firms,
– real estate agents,
– lawyers: solicitors, barristers, notaries,
– currency and cryptocurrency exchange offices,
– all entities accepting payments in cash with a value equal to or greater than EUR 10 000.
Entities employing less than 50 persons and not covered by the exceptions (inter alia, not belonging to the above-mentioned groups), may introduce the internal notification procedure on a voluntary basis. This is worth considering and is recommended by us for the following reasons. Whistleblower status is granted irrespective of the employment status of the legal entity in question – this means that legitimate whistleblowers can make external notifications and public disclosures (and obtain protection therefrom) bypassing the internal notification channel. Its absence may therefore be a direct reason for the whistleblower to use external channels (which may potentially be undesirable for the entity concerned).
A voluntary internal reporting procedure may provide an incentive for the whistleblower to report possible irregularities internally. This gives the legal entity in question a chance to manage a crisis situation resulting from a possible violation more efficiently, also in terms of image.
HOW TO PREPARE FOR THE NEW RESPONSIBILITIES?
Preparation for the new obligations should include the following:
- determining whether we are subject to the obligation to introduce an internal reporting procedure (if not – deciding whether we are introducing a voluntary procedure),
- identifying the key elements of internal reporting:
– whether we stay with the statutory catalogue of legal violations or expand it to include additional areas,
– what channels and forms will be used to receive reports (including whether anonymous reports are allowed),
– who will accept reports and who will implement follow-up measures (whetherthiswill bedone internally or, where possible, outsourced to a specialised entity – e.g. a law firm),
- drafting the necessary documents on whistleblowers – list below,
- verification and adaptation of the labour law documents already in place in the company (NDAs, confidentiality clauses, termination templates, RODO documents),
- consulting the procedure with employee representatives,
- formally introduce the procedure,
- training of responsible persons to receive and handle notifications,
- train HR/People&Culture departments and managers on the rights of whistleblowers and their impact on recruitment and dismissal procedures for employees/co-workers.
WHAT DOCUMENTS NEED TO BE PREPARED?
Whistleblower documentation is not only an internal reporting procedure! The documents to be developed and implemented will include:
- an internal notification procedure,
- information for job/co-worker advertisements with information on the whistleblowing procedure (provided at the start of recruitment or pre-contract negotiations),
- template for acknowledgement of receipt of an internal application,
- template (framework) for feedback to the whistleblower,
- authorization and NDA for persons accepting and processing reports,
- alternatively, an agreement with the Firm as an external entity involved in the acceptance or recognition of notifications,
- register of reports (structure),
- separate procedure for investigation and follow-up (recommended).
IF I DO NOT HAVE TO AND DO NOT WANT TO VOLUNTARILY ADOPT THE PROCEDURE, DO I HAVE ANY OBLIGATIONS?
Of course yes! This is because you are still subject to the provisions of the Act. People working for you can still be whistleblowers – they can make external and public reports, or they can, for example, make an internal report at your contractor (if they discover a breach there).
If this is the case, the scope of your preparation for the implementation of the Whistleblower Protection Act should include, at the very least, the verification and adaptation of the company’s existing employment law documents (NDAs, confidentiality clauses, model termination notices, RODO documents) and the training of HR / managerial staff.
HOW CAN WE HELP YOUR COMPANY?
We assist both in comprehensive implementations (including offering standard implementation packages for obliged entities subject to AML), as well as in selected areas including:
– preparation and implementation of an internal reporting procedure,
– audit of a previously operating whistleblowing procedure (implemented e.g. under good practice, certification or sectoral legislation) – and its adaptation to the requirements of the Whistleblower Protection Act,
– preparation of other required documents,
– a full whistleblowing intake service and handling of internal whistleblowing (to the extent permitted by the Act) or support in the intake and handling of whistleblowing by an internal unit – depending on the model adopted,
– training for HR/People&Culture and managers on whistleblower rights, receipt and handling of reports, follow-up, etc.
– audit and adaptation of hiring and termination procedures to address risks arising from whistleblower legislation,
– awareness training for employees.
If you have questions, we are happy to answer them!
