Foreword By Editor, Andrew Chilvers
Speaking Out: What impact will the EU whistleblowing law have on business transparency? In the past few years, demands have been growing around the world for more accountability by businesses and governments – particularly since the start of the Covid-19 crisis. Indeed, the global pandemic has heightened issues around whistleblowing like never before.
Nevertheless, whistleblowers often still face dire consequences – often fatal – if they report on problems their superiors would rather the world didn’t know about.
Dr Li Wenliang, in Wuhan China, was a case in point. Officially reprimanded for warning the world about Covid-19, he was then later ruthlessly silenced by the Wuhan public security bureau. In Poland, meanwhile, Renata Pizanowska, a nurse and midwife, was sacked for posting pictures on social media of her totally inadequate homemade surgical mask used by hospital staff for protection against the deadly virus.
Elsewhere, in the UK at the start of the pandemic, Linda Fairhall, an NHS nurse since 1979, was sacked after warning that the crippling workload NHS staff were under had led to a patient’s death. After she raised the alarm she was summarily dismissed for concerns about her leadership capabilities.
Theoretically, this was all set to change on December 17, with the implementation of the EU’s new whistleblowing directive that was due to be adopted into national laws by different EU states. The aim is a laudable one – to fight for more transparency from governments and organisations not just in the EU but beyond its borders. As with GDPR compliance, the hope is that there will be a positive knock-on effect with all businesses and public sector organisations that are located or have an office in an EU state.
The idea of the directive is to set up uniform minimum protection for people who want to report breaches of EU law – giving them legal security against any retaliation by companies or colleagues. Along with this minimum level of protection, each EU state is obliged to introduce a national legislation to give an added layer of security for whistleblowers. However, almost all professional services advisers agree that this added protection in the form of national laws will take time to enact given the patchwork of legislation that exists across the diverse EU member states.
What is the status of legal whistleblower protection within your jurisdiction and – if outside the EU – will there be an alignment with EU legislation because of the new law?
When it comes to compliance with new laws, I’ve noticed is that it generally takes a couple of years for a compliance market to become more or less mature.
It takes that long for people to recognise the importance of compliance programmes, from GDPR and whistleblowing to anti -money laundering laws. For whistleblowing compliance, it will take a while for people to acknowledge its importance.
In Belgium, we already have some legal protection for whistleblowers in the public sector. This protection will need to be levelled up when you compare it to the directive. In the private sector in general, apart from specific sectors such as the financial institutions, we don’t have anything in place. We won’t have anything in place by the December 17, the deadline of the directive.
Right now, we have a draft of a bill that is being discussed within the majority parties of the government, and they will only start to discuss the draft of the bill by the start of next year. The schedule is that it should be voted in Parliament by the end of June – it will only be by the end of June that we will have a legally binding document other than the directive.
Private companies are already looking at what is going to be implemented. I feel that most companies are reluctant to implement something.
For the public sector, you have four possible legal documents that should be approved and implemented to give protection to whistleblowers depending on where you are based in Belgium. For the private sector it’s less complicated because you don’t have this division between between federal and regional (Flemish, Brussels and Walloon) legislation.
We are a hub for a lot of multinational companies that have offices in Belgium and the problem for American and other companies across the world is how to comply with all these different legislations that provide for whistleblower protection. Where does this whistleblower protection exist regarding the level of the parent company, the holding structure or the different subsidiaries?
Will anonymous reporting be permitted? Will this help develop a culture of transparency?
It’s a cliché but maybe we’re making a better world with baby steps; one baby step at a time. I don’t think the directive will change the world we’re living in. It will help it change over years. A whistleblowing channel will be a tool that has to fit in a general ethical approach or a sustainable approach that should start to exist more within companies – and it already exists in companies in Belgium.
Yes, anonymous reporting will be allowed, but it will not immediately change the way Belgians think. In the long run, I feel it can make us become a bit more like the Netherlands or Nordic countries, where things are much more transparent and people are much more open to each other when it comes to giving feedback. So, this is not just about lacking ethics or whistleblowing on illegal activities. It will also help with the efficiency of an organisation.
The directive can help us to be more open minded towards each other and to engender an environment of trust. Whenever there is trust, people are willing to speak up openly and they will not use the whistle blower hotline.
Under the Directive, criminal law will remain a prerogative of each member state. How will the new legislation impact criminal law in different jurisdictions?
I do see a possible impact on everything that’s related to criminal law. I think there are two main issues in Belgium. The first one related to hacking. What we see in some of the bigger whistleblowing cases is that people obtain information and get it out to the public after accessing data that they weren’t allowed to access. Think here about Edward Snowden and WikiLeaks.
Where I see some issues is that according to Belgian criminal law, where we have different forms of hacking legally, some require a specific criminal intention and others a general knowledge of the fact that they are committing a crime. In this context, it’s important to understand that idea of the whistleblowing directive is that people are acting in in the best interests of society. By consequence, people acting in the best interest of society might not be prosecuted when no specific criminal intention is required (as is the case for certain forms of hacking).
The second thing I’ve noticed recently, and which is of huge importance, are potential issues around professional secrecy and the violation of it by whistleblowers. The general legal assumption in Belgium is that holders of a professional secrecy obligation are allowed to set aside the latter when confronted with an emergency situation. Think of a doctor treating a gangster that is informed of the fact that this gang would commit new crimes that could endanger other people. This doctor chooses then to save the physical integrity of the future victims instead of respecting his professional secrecy obligation.
Some scholars claim that the same could go for professional service providers – like many of us – advising on tax issues. When confronted with substantial tax evasions, they could (according to these scholars) set aside their professional secrecy obligation and blow the whistle to safeguard fiscal transparency. Personally, I do not agree. The fact that the issue is open for debate is already remarkable.
This then has a big potential impact on professional services providers that have some kind of legal professional privilege towards their client – the contradiction between legal professional privilege compared to full transparency, for instance, regarding tax.