Better protection for whistle-blowers

The EU Council adopted a directive setting the minimum rules of protection for persons reporting corporate wrongdoings. The directive is to be transposed into Czech law by May 2021.

The submitters of the legislative proposals responded to the fact that the current legal regulation to protect whistle-blowers (i.e. persons who speak up when they encounter a wrongdoing in the context of their employment) is insufficient and fragmented. Whistle-blowers are especially vulnerable as they often depend, job- or finance-wise, on the person or entity committing the wrongdoing.  They frequently become the target of retaliation aiming to prevent or at least complicate whistleblowing.

The directive focuses mainly on the protection of EU interests, i.e. the area of public procurement, financial services, prevention of money laundering and terrorist financing, product safety, consumer protection, economic competition, privacy and personal data protection. Protected persons include employees in the public and private sectors, self-employed entrepreneurs, but also shareholders and persons in managerial bodies of companies. Reporting persons qualify for protection under the directive, provided they have had reasonable grounds to believe that the information on breaches they reported was true at the time of reporting and fell within the scope of the interests protected by the directive. Any retaliation against such persons is explicitly forbidden – typically terminations of employment, salary reductions or discrimination. The better protection of whistle-blowers should ensure a higher number of reported breaches and better protection of EU law as a whole.

The directive imposes on defined entities the obligation to establish channels and procedures for secure internal reporting and follow-up. In the private sector, this applies to companies with 50 and more employees or a turnover of more than EUR 10 million, as well organisations engaged in financial services and prone to money laundering and terrorist financing. The internal reporting system also has to be implemented by public sector entities – state administration bodies, self-governing units, etc.

The above entities must establish channels ensuring the confidentiality of the reporting person’s identity. The reporting persons shall also be informed on the follow-up on their report, within a reasonable deadline. A specialised public body should also be established to receive and review the reports and to educate in this area.

The directive will most likely be transposed into Czech law by an act on whistle-blower protection currently being prepared. The bill assumes similar reporting and whistle-blower protection systems; in fact, the work on the bill had been suspended precisely to reflect the EU directive that was at that time in preparation.

Apart from reporting under the directive, whistle-blowers may continue to report wrongdoings to investigative, prosecuting and adjudicating bodies – for some crimes, the duty to report them is even stipulated by law. Currently, establishing a system allowing to anonymously report a suspected crime is viewed as one of the measures whereby a corporate entity may free themselves from criminal liability. A number of companies have already done so. Therefore, the new legislation will mostly affect small entities that are borderline in terms of the statutory limits.