Ready for the whistleblowers?
Reporting system mandatory by the end of 2021
At the end of this year, Belgium must transpose the European directive on whistleblowers into national law. The directive regulates how companies and public authorities can report violations of certain EU regulations and how they can protect the reporter or whistleblower. The related reporting system must meet specific conditions and takes a considerable amount of time to set up.
Jean-François Bernard, Partner BDO Forensic & Litigation Support
On 23 October 2019, the European Parliament approved European Directive 2019-1937 on the protection of whistleblowers. Belgium must transpose the directive into national law by 17 December 2021. From then on, the new law will apply to all legal entities of the government, or organisations under the supervision of the government, and to all private companies with 250 or more employees. Companies with 50 to 249 employees are granted a 2-year postponement.
What does the directive require?
The organisations (companies or public authorities) involved must set up a reporting system. In concrete terms, this means they must establish specific internal communication channels and procedures for reporting infringements and for ensuring that the reports are handled anonymously and correctly.
In addition, the Directive stipulates that the competent authority (i.e. the Belgian State) must also set up an external reporting channel. The whistleblower can call on the external channel in the absence of an internal procedure. However, this means that the organisation no longer has control over crucial information that is shared.
Your reporting system sends out a clear message that illegal or unethical behaviour is not tolerated.
The whistleblower who makes the fraud public – for example, by going to the press – is not protected, unless he or she previously reported the fraud via an internal channel, or via the reporting channel of the competent authority, but was not adequately heard within the set period of 3 months.
Finally, the directive imposes the following obligations:
Anyone who does not comply with the obligations can be sanctioned. Europe leaves how that happens up to the Member States. Belgium had not yet communicated on this matter when this article was published.
What is a whistleblower?
A whistleblower is a person who, in a professional context, has information about misconduct or fraud and wishes to report this in the interest of the company and the general public in order to prevent further damage to the business. The protection of whistleblowers is currently fragmented. Only 10 EU countries have a comprehensive law on the protection of whistleblowers; Belgium does not (yet). At the EU level, only a very limited number of sectors (mainly in the field of financial services) have legislation with whistleblowing measures in place.
What can you report?
The directive focuses on infringements of EU regulations. Examples include the rules on money laundering, public procurement, environmental protection, public health, consumers or privacy. However, many companies extend the scope of application and include reports of fraud or unethical behaviour in their internal regulations.
Our survey (2019) on fraud in companies shows that 21% of the companies surveyed were victims of fraud over the past 5 years, with an average loss of about 200,000 EUR. When asked how the fraud was discovered, the majority of the respondents revealed that it was as a result of a declaration or report.
By introducing a code of conduct and a hotline, managers send out a clear message that illegal or unethical behaviour is not tolerated. At the same time, they protect themselves, and they try to limit financial losses in the event of fraud.
Which reporting channels?
The reporting channels can take different forms – ranging from an internal employee or service that receives the reports verbally or in writing, to more sophisticated forms, such as a hotline, voicemail service or online platform. In any event, the channels must guarantee the confidentiality of the reporter’s identity and that of each third party mentioned, and only authorised persons may have access to the reports.
“Rolling out a compliant reporting system often takes months.”
The disadvantage of appointing a person or internal service is that complete anonymity of the whistleblower is impossible. As a result, it is more difficult to disclose the content of the report, and access to the information must be closely monitored. Thanks to the more sophisticated channels, the whistleblower can communicate anonymously. He/She is allocated a case number and password when submitting the initial report, which allows him/her to log in anonymously to the external platform to monitor the handling of the report.
The directive stipulates that the organisation can alert its employees when a report is submitted. However, you can also inform other stakeholders as well (customers, suppliers, shareholders, etc.).
Should you manage a reporting system internally or outsource it?
You can roll out and manage the reporting system yourself or outsource it to an external provider. Outsourcing has various advantages:
BDO’s compliant reporting system
The specialists of our Forensics & Litigation Services have developed a compliant reporting system, which includes the following features:
Our solution is based on the ‘You pay for what you use’ principle. In other words, if a company or organisation opts for the BDO reporting system, it only pays for the services provided.