Protection of Whistleblowers : What is the EU framework?

On March 12 2019, the European Parliament and European Union Member States made a provisional agreement on how to protect whistleblowers. This new agreement guarantees a higher level of protection for whistleblowers than the level given in the original proposition of 23 April 2018. This agreement must still be formally approved by the European Parliament and the European Council.

The call for the protection of whistleblowers responds to the numerous recent revelations shared across the media indicating there is a fundamental need to protect whistleblowers as they can play an essential role for the general interest and well-being of society. Edward Snowden's revelations on the unreasonable massive collection of data processed by the National Security Agency (NSA) without the knowledge of users shattered our beliefs of freedom for good.



A whistleblower can be defined as a person who detains insider knowledge of illegal practices occurring among the company and chooses to divulge its hidden operations for general public awareness.
The whistleblower can be an employee, supplier, contractor, client or any individual who is aware of illegal activities in the company.

Not to be confused with the simple leak of information where a leaker shares information that may be embarrassing, illicit or profitable. The whistleblower has good intentions and acts in good faith. Its objective is to disclose a state of affairs, a threat to which it's moral convictions encourage to unlawfully disclose private or sensitive information to expose illegal or condemnable schemes for the common good, and the public general knowledge and interest.

Often confused, Wikileaks and its creator Julien Assange are not whistleblowers. The primary goal of Wikileaks is to give an audience to whistleblowers and information leaks while protecting their sources.




SwissLeaks

HSBC
2015

Company

HSBC - UK-based international banking group with branches in 84 countries and territories and 60 million customers

Whistleblower

Herv? Falciani, an IT consultant working at HSBC Private Bank department

Facts

In 2009, Mr Falciani stole files on 127,000 accounts belonging to 79,000 customers of 180 nationalities. Thanks to the list of Herv? Falciani, this revelation led to the scandal of the SwissLeak: uncovered the practices of tax evasion and massive money laundering encouraged by the Swiss bank

Repercussions

Several countries impacted: Belgium, Brazil, France, UK, Tunisia, Portugal, USA,? In 2017, HSBC had to pay $ 300 million to the French authorities. In 2015, Herv? Falciani was sentenced in absentia by the Swiss Court for industrial espionage. He is refugee in Spain at the moment even if a request for extradition has been made.

LuxLeaks

The Grand Duchy of Luxembourg
2014

Country

The Grand Duchy of Luxembourg

Whistleblower

Antoine Deltour worked for PricewaterhouseCoopers as auditor

Facts

In October 2010, he resigns by taking with him confidential documents on tax rulings. Few months later, he gave these documents to Edouard Perrin, journalist of Cash Investigation. The international consortium of investigative journalists accesses documents, analyzes and publishes them in November 2014, which leads to the international scandal known as the LuxLeaks.

Repercussions

The European Union has worked for more transparency from a tax point of view, obligation of information on tax rulings between the Member States.
On December 12, 2014, the Luxembourg Justice charges Antoine Deltour for domestic theft, breach of professional secrecy, violation of business secrets and money laundering. He was facing a prison sentence and a fine that was lifted on January 11, 2018. He was relaxed by the Luxembourg Court of Cassation, which gave him the status of whistleblower.



Many other cases exist such as Panama Papers or more recently the Football Leaks project of the controversial Rui Pinto, currently assigned to residence and prosecuted for cyber criminality and extortion for having shared authentic documentation on financial statemebts of football clubs and player contracts disclosing the massive tax avoidance system in place in the football world.

In rare cases, companies can also be punished.
One of the few times that a well-placed person was sanctioned by regulators occurred in May 2018 when the CEO of Barclays, Jes Staley was fined ? 642,430 by regulators (Financial Conduct Authority and the Prudential Regulation Authority) for breaching rules by trying to identify a whistleblower.
The necessity of a professional internal alert system is important. Companies need to work on their whistleblower protection policy and create a system of escalating complaints directly or indirectly without going through the normal hierarchical channels.


Panama Papers

HSBC
2015

Company

Mossack Fonseca, Panamanian law firm

Whistleblower

John Doe, pseudonym used by the whistleblower

Facts

The whistleblower sent to a reporter of a German newspaper, Bastian Obermayer, 11.5 million documents from the records of Mossack Fonseca about information on more than 214,000 offshore companies as well as the names of the shareholders of these companies.

Repercussions

Among the names of the shareholders, we found names of politicians, billionaires, top athletes, celebrities, Heads of State or Government, members of governments, relatives and associates of heads of governments.

NSA - Mass Surveillance

Snowden/NSA
2014

Company

NSA (National Security Agency) is a US Department of Defense government agency responsible for US-led electromagnetic intelligence and information system security.

Whistleblower

Edward Snowden was an employee of the Central Intelligence Agency and the NSA

Facts

Edward Snowden copied and leaked highly classified information from the NSA about the capture of metadata from telephone calls in the United States, as well as the internet monitoring systems of the US government's PRISM, XKeyscore, Boundless Informant and Bullrun surveillance programs . On the 6th of June 2013, this information was disclosed through the media.

Repercussions

There has not been a big financial impact. The population is aware but powerless. The massive collection of data by the intelligence services has not been questioned. However, in 2015, the United States adopted the USA Freedom Act which slightly reduces the powers of the NSA.
Edward Snowden was indicted on June 22, 2013 by the US government on charges of espionage, theft and illegal use of government property. Since July 2013, he is exiled in Russia.



If you have a keen interest for whistleblowing cases, we recommend the wikipedia historical listing cases of whistleblowers.

In the few examples quoted above, the whistleblower is rarely protected from its actions.
At the moment only few Member States have implemented a complete set of laws that protect whistleblowing initiatives. For others, the framework is simply non-existent. Historically, statutes that regulate the status of whistleblowers have appeared in Europe only recently.

Whistleblowers protection EU directive

At the moment, only eight countries in the European Union have national laws concerning whistleblowing.
United Kingdom is a pioneer in the matter; In comparison, Belgium has no single legal framework for whistleblowers protection. There are federal and Flemish provisions but only for the public sector. The Walloon Region and Brussels do not have legislation. There is no protection for private sector workers.
In that uncomfortable legal context, the new EU directive will bring harmonisation in Belgium and the other Member States to strengthen the protection of whistleblowers.


Each Member State will have to transpose this directive into national laws by January 2020. Companies can already proactively do the job. The new rules will require the implementation of safe reporting channels both within a company and with the public authorities.


There are many potential losses for someone who decides to elevate a critic of a robust hidden illegal/immoral scheme. Most of the time, it is the whistleblower who loses the most: his/her reputation, job, family situation, personal security.
Whistleblowers are in the most prominent cases subject to prosecution.

The arrival of this new directive will bring the establishment of secure channels for reporting within the company but also to the public authorities. It will adequately protect the whistleblower against all forms of retaliation (reprisals, court proceedings from the employer, the State). The new directive will increase feedback obligations for authorities and companies. Moreover, national authorities will have an obligation to inform citizens and create support for whistleblowers.
The new EU directive on the protection of the whistleblowers must still be approved within a few months. By 2020, businesses will have to be ready to comply with these new regulations. Pideeco assists companies in managing their regulatory risk exposure and elevating the culture of good governance. We support financial institutions shaping their internal organisation and design efficient and adapted business solutions and procedures.
Anastasia Bidjocka - Pideeco Network Partner
Anastasia Bidjocka Junior Consultant
0 comments
Add your comment

Related articles

What is inside RegTech or Regulatory Technology ? What is the difference with FinTech ? RegTech Compliance industry help...

Money Laundering Mon 01 April 2019

How to make business in Russia ? What are the different company types of Russia and how to conduct KYC on Russian counte...

Financial firms Mon 08 January 2018

How can financial institutions detect coronavirus related financial crimes? Learn tips and tricks to identify scams, fra...

Transparency Tue 21 April 2020

What is the value of audit trails for financial firms? How to build good audit trails and keep them safe? Are there diff...

Transparency Tue 17 December 2019
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us