What do Chelsea Manning, Edward Snowdon and Sergei Magnitsky all have in common? They were all whistleblowers. Not only that, they each paid enormous personal costs for speaking up.
In the cases of Manning and Snowdon, their respective leaks involved classified information, the release of which contravened the US Espionage Act.
In the case of Magnitsky, a Russian lawyer and auditor, his allegations of fraud, theft and human rights violations levelled against the Russian state resulted in him paying the ultimate price. He died in Moscow’s notorious Butyrka prison just before he had to be legally released due to no trial.
None of these individuals acted lightly, whistleblowers rarely do, ultimately they wanted to shine a light on the most serious of wrongdoings so that positive changes might be made. For example, Snowden’s actions resulted in less secret scrutiny of normal citizens and more encryption within communication apps (looking at you, WhatsApp!). In the UK and US similar so-called Magnitsky Laws placed painful sanctions on those responsible for Magnitsky’s death.
Closer to home in the world of financial services, recent scandals such as the Panama Papers, Pandora Papers and Luxembourg Leaks highlight the incredibly important role whistleblowers play in exposing breaches.
Regulatory bodies recognise the need to ensure more protection for whistleblowers and stricter penalties for organisations that attempt to suppress genuine attempts to uncover wrongdoing that is in the public interest. On 17 December 2021 the European Union Whistleblower Directive (EUWD) was supposed to have been implemented by all 27 member states. At the time of writing, only Denmark and Sweden have implemented the EUWD, though many other member states are in the process. Also on 17 December 2021, legal entities in the private sector with 250 workers or more must have complied, whilst smaller entities with 50-249 workers have two more years to do so.
The EUWD aims to provide common minimum standards of protection to whistleblowers in the public or private sector who raise breaches of EU law with their employer and applies to at least the following areas:
public procurement
financial services, products and markets, and prevention of money laundering and terrorist financing
product safety and compliance
transport safety
protection of the environment
radiation protection and nuclear safety
food and feed safety, animal health and welfare
public health
consumer protection
protection of privacy and personal data, and security of network and information systems
breaches affecting the financial interests of the EU
breaches relating to the EU internal market
An individual who meets the conditions for protection under the EUWD is safeguarded from any form of retaliation and from threats of or attempt at retaliation, as long as they report internally or externally in an appropriate manner and have reasonable grounds to believe that the matters they report are true.
The EUWD leaves it to individual Member States to decide whether organisations and authorities are required to accept and follow up on anonymous whistleblowing reports. Whichever approach is taken, an individual who makes an anonymous report must be given the protection of the EUWD if they are subsequently identified and suffer retaliation.
All legal entities (with 50 or more workers) must establish appropriate internal and external reporting channels under the EUWD. Though that threshold doesn’t apply to financial services as they are required to have reporting channels regardless of size.
If an individual makes a public disclosure, they are only entitled to protection if they attempted to make a report internally or externally but no appropriate action was taken, or they believe the matter poses an imminent danger to the public.
Does this affect the UK?
Post-Brexit it seems unlikely that the EUWD will be implemented in the UK, although it is as yet unclear whether local legislation will be amended to incorporate the same rights to ensure that the UK keeps up with EU worker rights. However, the UK was one of the countries which the EU already deemed to grant whistleblowers comprehensive protection (under the Public Interest Disclosure Act 1998, as incorporated into the Employment Rights Act 1996).
Much of the content of the EUWD is already contained in UK law, but the UK regime doesn’t cover everything. For example, the EUWD has a wider scope than the UK in that it protects self-employed people, board members and shareholders, as well as "facilitators" (individuals connected to the whistleblower, such as colleagues and relatives, and legal entities). Another example is that there is no legal requirement in the UK for a whistleblowing policy for any size organisation, except for specific requirements applying to regulated firms in the financial sector.
Why is all this important to you or your organisation?
Providing effective protection for whistleblowers is important for employers for many reasons including risk control, avoiding unnecessary litigation, minimising reputational damage and protecting staff morale. It can also be important to avoid criminal and civil liability. It would therefore be prudent for all employers, wherever you’re located, to ensure they have appropriate, robust whistleblowing mechanisms in place as part of your AML compliance program.
If you or your organisation need advice regarding anything raised in this article, please contact corinna@coventium.com.
Comments