Article:

Internal Whistleblowing System – What an Entrepreneur Should Know

29 May 2019

The Whistleblowing Law entered into force in Latvia on 1 May 2019.

At the same time, approval of the Directive of the European Parliament and of the Council on the protection of persons reporting on breaches of Union law (the Whistleblowing Directive) is pending. One of the main goals of these laws and regulations is to protect whistleblowers from potentially adverse effects of whistleblowing by encouraging reports of breaches in the workplace.

Preconditions for whistleblowing include the truthfulness of the information provided, harm to public interest and acquisition of information on breaches in a work-related context. Following the Whistleblowing Law’s entry into force, there has been much debate about the rights, guarantees and procedures for whistleblowers’ protection in Latvia. The effects of the Whistleblowing Law on legal entities that are subject to the Whistleblowing Law remain unclear.

The Whistleblowing Directive and the Whistleblowing Law require all public authorities and private law entities with 50 or more employees to have an internal whistleblowing system. Although, at first glance, the law appears to cover every organisation, there are actually a couple of, perhaps, unintended gaps. The Whistleblowing Law, for instance, has narrowed down the range of affected entities to public authorities and legal persons governed by private law with more than 50 employees.

Within the meaning of the State Administration Structure Law, public authorities include all institutions that act on behalf of a public person and that have the competence in the public administration provided for by law, as well as financial resources allocated for the implementation of their activities, and that employ their own personnel. Whereas private law entities are legal entities which are subjects of the private law and are registered as such in the Register of Enterprises of the Republic of Latvia. Partnerships and corporations are considered legal entities in accordance with the Commercial Law, whereas, for example, a law firm does not have the status of a legal entity pursuant the Advocacy Law. 

It may be concluded that under the Whistleblowing Law the obligation to have an internal whistleblowing system in place does not apply to law firms, even if they have more than 50 employees. There may also be cases where several departments of the same company are registered as separate legal entities. In this case, if the number of employees in each of these departments does not exceed 50, the obligation to have an internal whistleblowing system would not arise despite the fact that all departments have the same owner(s) and area of activity.

According to the Whistleblowing Directive, an internal whistleblowing system must also be established by private law entities whose annual turnover and annual balance sheet total reaches or exceeds EUR 10 million. The same applies to private law entities operating in the financial services field.

According to the Whistleblowing Law, the internal whistleblowing system must determine the reporting procedures and the report review procedures; it must also protect the anonymity of whistleblowers and the confidentiality of the persons reported.[1] Furthermore, the Whistleblowing Directive, which will have to be implemented in Latvia within two years after being approved by ministers of the European Union countries, imposes an additional obligation to appoint an impartial responsible person (unit) to evaluate the reports.

The State Chancellery has developed Best Practice Guidelines for the development of an internal whistleblowing system to assist organisations in applying the requirements of the Whistleblowing Law and the Whistleblowing Directive. One of the main objectives of the internal whistleblowing system is to establish effective channels within the company for reporting internal breaches.

If the goal of the Whistleblowing Law is to protect whistleblowers against possible retaliation on whistleblowers reporting on breaches, the question remains as to why institutions and companies with a higher risk of whistleblowing (employing more than 50 employees) are required to first resolve the alleged breach internally.

It is presumed that, in an employment relationship the employee is subordinate to the employer, so there is some inequality between the employee and the employer.

For example, in the General Data Protection Regulation context, it has been emphasized that, given the imbalance of power, for the majority of data processing at work, the lawful basis cannot and should not be the consent of the employees due to the nature of the relationship between employer and employee.[2]

Judging by the European Parliament and Council’s position, the relationship between the employer and the whistleblowing contact person in the company can be interpreted similarly. Namely, the duties of a whistleblowing contact person will most likely be imposed on an existing employee of the company.

The Directive does not require employing an external (impartial) employee to carry out these duties. With this in mind, it is reasonable for doubts about the whistleblowing contact person’s independence to arise given its subordination to the employer. Perhaps it is necessary to provide protection not only for whistleblowers, but also for the contact persons of whistleblowers to ensure their independence within the whistleblowing procedure.

In any case, a whistleblowing contact person should be entitled to an increase in remuneration for performing additional work duties. When implementing an internal whistleblowing system and paying a whistleblowing contact for additional work, the employer must take into account the additional expenses. According to the provisions of the Whistleblowing Directive and the Whistleblowing Law, the employer is obliged to provide employees with an opportunity to safely report breaches and guarantee their protection.

An effective way for public law entities to fulfil their obligations under the Whistleblowing Law and Whistleblowing Directive would be to outsource the development and operation of the whistleblowing system to a third party. This would ensure independence, impartiality and confidentiality, as well as address situations where a whistleblower would like to report a breach involving the whistleblowing contact person himself.

 

[2] Article 29 Working Party, Guidelines on Consent under Regulation 2016/679. Available on https://ec.europa.eu/newsroom/just/document.cfm?doc_id=48849