Whitepaper online

Whistleblowing

Read the contents of our white paper on the EU Whistleblower Directive & Whistleblower Protection Act online.

Whistleblower Protection Act

Why a whistleblower reporting system should be part of a compliance solution

The Whistleblower Protection Act has been passed:
Those who install a whistleblower solution only as a stand-alone application, and only to meet regulatory and legislative requirements, leave synergetic effects unused. A whistleblower system should be, at least in perspective, part of a comprehensive compliance management solution. In this way, resources can be used efficiently and even new knowledge can be generated.

Do you want to implement the Whistleblower Directive easily and effectively?

For some, whistleblowers are heroes, for others, traitors. Some see whistleblowing as an act to be punished, others as a contribution to uncovering violations that are punishable by law. Some believe whistleblowers violate confidentiality obligations, while many recognise their helpful contribution to the enforcement of corporate compliance requirements. As divided as opinions on whistleblowers are, the EU’s position is clear: “Whistleblowers play a crucial role in safeguarding the public interest,” said EU Justice Commissioner Didier Reynders, while pointing out the legal uncertainty for whistleblowers: “When they bring illegal activities to light, they often put their reputation, career and livelihood at risk.”

Because reports of violations often go unreported due to these real or even feared repressions, the European Union wants to put an end to this uncertain situation for whistleblowers. In October 2019, it adopted Directive 2019/1937 to protect people who report breaches of Union law, which entered into force on 16 December 2019. As a directive, however, it still has to be cast into national law by EU members. By the deadline of 17 December 2021, only 24 states have done so.

What the EU Whistleblower Directive regulates

In a nutshell, Directive 2019/1937 requires companies and public authorities with more than 49 employees and municipalities with 10,000 or more inhabitants to establish reliable internal reporting channels. Through them, whistleblowers working in the private or public sector should be able to report violations they have learned about in a professional context, either orally or in writing. The Directive mentions in particular breaches concerning, inter alia, public procurement, financial services, money laundering, product safety and conformity, environmental protection, food safety, consumer protection, data protection or public health.

Reports must be followed up and the appropriate measures taken and documented. The whistleblower receives final information about this. Furthermore, the directive stipulates that the whistleblower must not suffer any reprisals; not even as a threat. Also, it must be ensured that the identity of both the whistleblower and the persons concerned remains protected.
As such, Directive 2019/1937 must be transposed into national law by the individual member states. For Germany, the German Whistleblower Protection Act has came into force on July 2, 2023.

The German Whistleblower Protection Act

The German Whistleblower Protection Act took effect on July 2, 2023. It covers the areas of law specified in the Directive and supplements them in order to resolve inconsistencies with German law. The scope of application includes in particular all violations subject to criminal penalties and fines, insofar as the provision that was violated serves to protect life, limb, health or the rights of employees or their representative bodies. The scope of application is also extended in part beyond the legal acts of the European Union to be included under the Whistleblower Directive to a limited extent to national regulations from the respective regulatory area. Not only violations of European antitrust law, but also violations of German antitrust law are included in the scope of whistleblower protection.

As stipulated by the EU in the Whistleblower Directive, the Whistleblower Protection Act now requires companies with more than 249 employees and municipalities with 10,000 or more inhabitants to set up internal reporting channels. Companies with 50 – 249 employees have a transition period until December 17, 2023.

Who should look into setting up a whistleblower solution

Whistleblower systems are considered one of the most effective tools for preventing corruption, fraud, misappropriation, money laundering and other violations of corporate or government compliance rules. Therefore, the answer to the question posed is simple: every company, authority and municipality should look into setting up a whistleblower solution.

A whistleblower solution can help to uncover internal misconduct in a company – before it becomes public knowledge or develops into a criminal offence.

The argument that you do not need a reporting system because you have introduced compliance rules and also communicated them to the employees is not valid. Even the best employee training is no guarantee of 100 percent compliance by all employees and partners. It cannot completely rule out personally motivated or structurally based violations. For such cases, it is important that the company management, the compliance officer or generally the internal contact point becomes aware of a suspicion at an early stage in order to put an end to any grievances before they become a danger to the organisation.

However, practice shows that information is often not reported to the responsible office in the company because employees are afraid of retaliation or fear being labelled as traitors. A cleverly set up whistleblower reporting system that also allows anonymous reports can build trust and lower the reporting threshold.

Various laws require a reporting office

The Whistleblower Protection Act will not be the first law requiring a reporting office for whistleblowers. For example, the Supply Chain Due Diligence Act (LkSG) requires the establishment of a complaints procedure. It is intended to enable internal or external persons to point out possible violations of human rights or environmental protection laws.

The Works Constitution Act (BetrVG) and the General Equal Treatment Act (AGG) also grant employees the right to complain. Accordingly, any person may complain to the competent bodies of the company if he or she feels disadvantaged, treated unfairly or otherwise adversely affected by the employer or by employees of the company.

The Occupational Health and Safety Act (ArbSchG) in turn allows workers to inform the responsible authority if they believe that the measures taken and resources provided by the employer are not sufficient to ensure safety and health at work. The notifying parties must not suffer any disadvantage as a result.

In particular, the obligations under the Supply Chain Sourcing Obligations Act and the Works Constitution Act or the General Equal Treatment Act can be bundled into a single whistleblowing system that is able to address different contact points.

What should a whistleblowing system be able to do?

A future-proof, effective and user-friendly reporting system should enable the following functions:

Anonymity: Lack of anonymity is a reason for many potential whistleblowers not to share their knowledge with hotlines. A whistleblower solution must ensure the protection of all parties involved.
Media diversity: A reporting system should be as open as possible in terms of communication technology and be able to integrate different reporting channels. This way, each organisation can choose the appropriate medium and integrate the channels required by law and merge them into a uniform workflow. The draft of the Whistleblower Protection Act requires at least two different reporting channels: written and oral.
Multilingualism: Staff in public and private organisations are mostly international and speak many different mother tongues. This multilingualism should be reflected in a reporting system so that the person making the report can give the information in the language in which they can best express themselves.
Case management: Defined procedures help to follow up on tips appropriately and quickly. The coordination of measures lies with a single person.
Multi-client capability: It is not enough for a group or an organisation in general to introduce a reporting solution for all areas – anonymity and the need-to-know principle can otherwise hardly be ensured. A system should therefore allow each sub-organisation or sub-area to have its own reporting solution. Otherwise, there will be a proliferation of whistleblowing solutions and thus an increased administrative burden and presumably also costs.
Revision security: Companies must be able to provide detailed evidence of the processing of notices; even after months or even years. Audit-proof documentation of the processes is therefore a must.
Linking with the compliance platform: Only the integration of the reporting system into a comprehensive compliance management solution turns a simple stand-alone solution into a powerful instrument by combining information from different areas and generating new insights – of course while maintaining the guaranteed anonymity and confidentiality of the data.

Advantages of a holistic approach compared to a standalone solution

Of course, companies and authorities can implement a reporting system as an stand-alone solution. But then they do not tap the full potential of a whistleblower solution. The lack of links to existing data and information in a stand-alone solution prevents a holistic view and makes it difficult to follow up on the tips given.

Rather, it is advisable to approach the topic integrally and to see it in connection with other compliance requirements and regulatory requirements such as the Supply Chain Act. Therefore, it makes sense to integrate the whistleblower reporting system into a comprehensive compliance management platform to link it with other solutions such as supply chain risk management, business partner screening or audit management.

For those organisations that do not yet have an overarching solution for all compliance challenges, now is a good time to address the issue.

What are the concrete benefits of integrating the whistleblower system into a compliance platform?

Holistic view
With a cross-thematic platform, you get an overview of all the information you have on the topic of compliance in the company. On the one hand, this makes it easier to check the information received, as you can access information that is already available. On the other hand, you can immediately feed findings gained in the review process to other compliance management applications and process them there.

Bundling of reporting systems
The Supply Chain Sourcing Obligations Act requires the establishment of a complaints channel, and to a reduced extent, the Works Constitution Act and the General Equal Treatment Act do so. These complaint channels can be unified and bundled with a holistic platform without softening data and identity protection.

Knowledge creation
A platform allows access to data from different areas and opens up the possibility of linking them together to create new knowledge. For example, information from supply chain risk management quickly provides starting points for examining tips from the whistleblower system. In turn, the information from the whistleblower solution can be used beneficially for audit management.

Reduced IT effort
One solution for the Supply Chain Act, one for compliance management and one for meeting the regulatory requirements regarding whistleblowers: This quickly creates a proliferation of applications that must be managed, maintained and serviced. A modular digital solution that covers all relevant topics in the compliance environment and can be tailored to the needs of the respective company is much more efficient and reduces the administrative effort.

What does compliance solutions offer?

The whistleblowing software from Compliance Solutions makes it possible for companies of any size to securely and confidentially transmit information about breaches of the rules.

A protected web form ensures the protection of the whistleblower’s identity up to and including their anonymity. Via a dialogue function that maintains confidentiality, the persons responsible for processing can ask any necessary questions to the whistleblowers. The complete dialogue is integrated into the workflow and documented in an audit-proof manner.
The whistleblower system from Compliance Solutions is multilingual and used worldwide.
It guarantees technical security and access protection from third parties in accordance with the standards of the General Data Protection Regulation (DSGVO).

Clearly defined roles for employees are stored in the case management system. A user-friendly guided process with detailed work instructions guarantees structured, audit-proof processing of whistleblower cases.

Advantages of the Compliance Solutions whistleblower system

Simple implementation of the Whistleblower Directive
Intelligent questionnaires
Over 20 languages and translations
Case management
From the top provider of compliance solutions
Secure reporting system for compliance violations
Anonymity of the whistleblower
Secure hosting in Germany
Adapted to legal requirements Requirements of the EU countries
Revision security
Multi-client capability for rolling out in groups and for addressing different reporting offices
Timely confirmation and feedback on notifications

The Compliance Solutions whistleblowing system:

The whistleblower solution from Compliance Solutions is available in different variants: as a cost-effective basic version that fulfils the regulatory requirements; as a turnkey standard solution with an extended range of functions that goes beyond the pure regulatory requirements; or as a customised enterprise solution. The whistleblower system can be operated as a stand-alone solution or as a subsystem within the MCS Compliance Platform.

Basic Solution:
With our basic solution, you enjoy a lean variant with all the advantages of structured case management and clear internal role management.

Standard Solution:
With our standard solution, in addition to our clearly structured case management, you opt for a guided workflow that guides you through risk management, investigations, action tracking and case costs. All information is graphically illustrated in our comprehensive reporting dashboard.

Enterprise Solution:
With our enterprise solution, you can adapt the standard solution to your company’s needs and use the concentrated knowledge of our product developers.

About Compliance Solutions

Compliance Solutions is a leading provider of digital legal and compliance solutions. Our core product is the powerful MCS Compliance Platform, which digitally represents all relevant areas of corporate compliance featuring a selection of over 20 innovative IT systems. With offices in Stuttgart, Cologne, Zurich, Salt Lake City and Singapore, Compliance Solutions operates its servers exclusively in the EU in compliance with the GDPR. Its solutions are used worldwide by global companies such as Mercedes-Benz Group AG, E.ON SE, Schaeffler SE, Metro AG, Deutz AG, TK Elevator, Telia Company, Marel and Phoenix Group.

You can also download the white paper as a PDF here:

Back to the library

Contact & Initial Consultation

Get in touch with us

If you are considering implementing a digital compliance solution or would like a product demonstration of our systems, we look forward to hearing from you. Arrange a consultation with our compliance experts and find out how Compliance Solutions can support you in implementing the EU Whistleblowing Directive or the Whistleblower Protection Act.

¹ published in Federal Gazette 46 of 22.7.2021
² website of the BMZ, UN guiding principles for business and human rights; accessed 10.8.2020
³ Research Report 543; Respect for human rights along global value creation chains; July 2020
⁴ School of Management and Law, Business & Human Rights Resource Centre: Respect for human rights; a short assessment of the largest German companies

Source Table 1: Research report 543: Respect for human rights along global value creation chains