In an era where transparency and accountability are increasingly emphasized, whistleblowing has emerged as a vital mechanism for identifying and addressing breaches of law within organizations. With the introduction of Directive (EU) 2019/1937 from the European Commission, all EU member states establish a strong legal framework to protect whistleblowers and ensure that breaches are reported and addressed appropriately. Specifically in Cyprus, this Directive has been transposed into Cypriot national law through the “Protection of Persons Who Report Breaches of Union and National Law”, Law of 2022 (Law 6(I)/2022).
What Is Whistleblowing?
Whistleblowing refers to the act of reporting information regarding breaches of national or European Union (EU) law that have been obtained within a work-related context. Its objective is to hold organizations accountable for unlawful activities such as criminal offenses, breaches of legal obligations, or actions that threaten public safety, health, or the environment.
Who Is Protected?
Under the new law, whistleblowers, referred to as "reporting persons," are granted robust protections against retaliation. The protection extends to employees in both the public and private sectors and to self-employed individuals, volunteers, shareholders, trainees, and individuals who were previously employed or engaged with the organization in question. Individuals involved in recruitment or pre-contractual negotiations are also covered.
The law also protects individuals connected to the whistleblower, including facilitators who assist in the reporting process, colleagues, and relatives. Legal entities associated with the whistleblower are similarly covered, ensuring that no form of retaliation can occur, directly or indirectly.
Scope of Reports
The law outlines specific areas where breaches may be reported. These include criminal offenses, breaches of lawful obligations, threats to safety or health, environmental damage, and violations within key EU sectors such as public procurement, financial services, money laundering, terrorist financing, and consumer protection, among others.
However, it is important to note that not all reports are covered. Certain breaches related to defense, security, or specific EU financial regulations are excluded from the law's protection.
Reporting Mechanisms
Whistleblowers can submit reports through three primary channels: internal reporting, external reporting, and public disclosure.
- Internal Reporting: Whistleblowers may report breaches within their organization through designated internal channels. Employers are required to establish clear procedures for receiving, investigating, and following up on these reports. Employees must be informed of these procedures, and confidentiality must be maintained throughout the process.
- External Reporting: If internal reporting is not feasible or effective, whistleblowers can report breaches to a national authority responsible for investigating the specific issue. This provides an additional layer of protection and ensures that breaches are addressed by the appropriate external body.
- Public Disclosure: In cases where both internal and external reporting fail to address the issue, or when there is an imminent risk to public health, safety, or the environment, whistleblowers may opt for public disclosure. This could involve sharing the information with the media or social platforms. However, strict conditions must be met for the whistleblower to receive protection under the law, including prior attempts to report through internal or external channels.
Specifically:
a) before making a public disclosure, the whistleblower must have submitted either an internal or external report, but no action has been taken within 3 months of the submission of the report; or
b) the whistleblower has reasonable grounds to believe that-
i. the public interest or public health is threatened by an imminent or manifest danger or a risk of irreversible damage or there is another serious emergency, or
ii. in the case of external reporting, there is a risk of retaliation or there is a low prospect of the breach being effectively addressed due to the circumstances of the case, such as those where evidence may be concealed or destroyed or where an authority may be in collusion with the perpetrator of the breach or involved in the breach.
Employers' Obligations
The law places significant responsibilities on employers, including the establishment of internal reporting channels. More specifically, there is an obligation to establish internal reporting channels by December 17, 2023, for the following entities:
- All public and private sector entities with 50 or more employees.
- Public organizations with more than twenty-five (25) employees are required to create such channels.
- Entities in high-risk sectors, such as financial services or those involved in money laundering prevention, regardless of employee count.
Employers must designate specific individuals or departments to receive and follow up on reports, such as compliance officers, HR personnel, or legal departments. Third parties, such as external auditors or trade union representatives, may also be authorized to receive reports.
Confidentiality and Data Protection
A crucial aspect of the law is the protection of the whistleblower's identity. Employers are obligated to ensure that any information that could reveal the identity of the whistleblower or others involved in the report remains confidential. Unauthorized disclosure of such information is strictly prohibited unless explicit consent is obtained, or disclosure is required by law in the context of an investigation.
Additionally, any personal data collected during the whistleblowing process must be handled in compliance with data protection regulations, ensuring that irrelevant or unnecessary data is deleted promptly.
Enhancing Corporate Accountability and upholding Ethical Standards.
The implementation of Directive (EU) 2019/1937 aligns with broader principles of transparency, accountability, and social responsibility. It promotes ethical conduct within organizations and contributes to the integrity of the EU’s internal market. By adhering to the directive, businesses not only comply with legal obligations but also demonstrate their commitment to ethical practices and corporate social responsibility.
In summary, Directive (EU) 2019/1937 represents a significant step forward in the EU’s efforts to create a safer and more transparent business environment. It empowers employees, strengthens corporate governance, and reinforces the ethical foundation upon which successful businesses are built. As such, it is an essential mechanism for any organization committed to maintaining the highest standards of integrity and ethical conduct.
Find out more:
Contact Infocredit Group today to learn more about how our Whistleblowing solutions can be tailored to your unique needs, helping you stay ahead in a rapidly changing business landscape.
Source: Infocredit Group
Write a comment