The Whistleblower Protection Bill will finally be passed after several years of debate. Companies and organisations will have to comply with it from the summer of this year.
The law provides for an independent investigation of suspected violations within 30 days of notification. Failure to comply could result in fines worth millions of crowns. The changes will affect not only the state administration but also thousands of companies, some of which have already set up ethics hotlines to report violations.
The law is intended to provide legal protection for people who report harm to the public interest that comes to their attention during or in connection with their employment. Planned or perpetrated violations may relate to public procurement, financial services, money laundering or even environmental protection. The new legislation brings a number of obligations. Let's go through the most important ones together.
WHO IS AFFECTED BY THE NEW OBLIGATIONS?
The new obligations will not only affect state organisations or large multinationals. All companies and organisations with 50 or more employees will have to set up an internal reporting system, as will public contracting authorities, except for municipalities with up to 10,000 inhabitants. The new obligations will thus affect most companies and organisations.
WHAT IS AN INTERNAL REPORTING SYSTEM OR ETHICS HOTLINE?
Companies and other entities will be obliged to introduce a so-called internal reporting system, or ethics hotline. An ethics hotline can be thought of as various channels and procedures for receiving, recording and investigating reports of violations.
The purpose of the ethics hotline is to allow whistleblowers to use an internal channel instead of passing on information to external control bodies. In this way, the company can detect fraudulent behaviour early, thwart it and prevent further damage, including reputational damage or the imposition of sanctions. Based on the reports received, the company should implement corrective measures to prevent similar undesirable occurrences in the future. The system must keep the identity of whistleblowers confidential and protect them from retaliation.
WHO CAN FILE A REPORT?
The range of whistleblowers, i.e. persons protected by the law, is very broad. In addition to employees, they can also be job applicants, trainees, or members of the board of directors or supervisory board. Contractors or prospective contractors can also report. It is therefore important that the possibility to submit a report is easily accessible to all these people. An effective solution is a secure online form on the company's website.
HOW CAN I FILE A REPORT AND BY WHEN MUST IT BE PROCESSED?
The report must be made in writing, by telephone or in person. The whistleblower will be entitled to know the conclusions of the investigation within 30 days of submitting their report. This period may be extended in justified cases.
Internet applications can facilitate the operation of the internal reporting system. Today's technology allows for the quick and easy introduction of an ethics hotline, which serves as a helpdesk or communication platform for filing a report. The application will help to keep track of deadlines, whether the report was made via the application or, for example, by telephone and subsequently registered in the application by an administrator. This centralisation also contributes to the protection of the whistleblower's personal data. In turn, the tool will allow them to raise issues and risks in the company via a secure form. This benefits both whistleblowers and the companies themselves by giving them more control over their risks.
HOW CAN THE NEW OBLIGATION BE USED TO IMPROVE ENTERPRISE RISK MANAGEMENT?
Scammers are using increasingly sophisticated methods to trick people. Whether it's stealing or misappropriating company assets, giving suppliers unwarranted discounts or gaining undue benefits from them, fraudsters can cost companies a lot of money and damage their reputation. The risk of fraud or other unwanted behaviour should not be underestimated.
Preventive mechanisms may not inhibit fraud in specific cases. It is therefore important that you put in place procedures to detect fraud. There are several procedures that can be used to detect fraud. I recommend that you combine them appropriately to balance benefits and costs.
One cost-effective tool for detecting fraud and unwanted conduct is to implement an internal reporting system. According to a global study by the ACFE, up to 42% of fraud is detected through employee or customer reporting. For perspective, internal auditing (which is the second most effective method according to this study) detects only 16% of cases. Companies that have established a reporting channel can detect fraud much faster and reduce the amount of potential damage by up to half.
By implementing an ethics hotline, your company will have an effective means of receiving information about potential risks or even fraud, so you will be able to respond quickly.
WHAT ARE THE OTHER BENEFITS OF FUNCTIONAL WHISTLEBLOWER PROTECTION?
Whistleblower protection is one of the important mechanisms of responsible business. It offers stakeholders the opportunity to communicate their concerns safely and easily. It helps to build trust in relationships, thereby fostering long-term cooperation and loyalty among employees, clients and suppliers.
In our whistleblower protection practice, we have encountered many cases involving workplace relationships. One such case involved a situation where a foreman vulgarly berated and humiliated three female production operators. Local management was aware of the situation but was afraid to reprimand the foreman. They feared that the foreman, for whom they had no replacement, would leave the job. However, following a complaint to the ethics hotline, the parent company intervened. It was strongly explained to the management and the foreman that such a situation was not acceptable. If this behaviour was repeated, the foreman would be fired. The foreman apologised for his behaviour and has since been civil to the female operators. I have had the opportunity to speak with these ladies on the phone several times. The first time was a very sad call and I could sense a great deal of fear and frustration in their voices. During the last phone call, once the situation had been resolved, the ladies were cheerful and relaxed, and I sensed great joy on their part. So, in the end, it worked out well for everyone. The company did not lose a single employee (and did not have to invest a lot of money in finding and training new ones) and strengthened the confidence of the existing ones.
WHAT ARE THE RISKS ASSOCIATED WITH WHISTLEBLOWER PROTECTION?
Failure to comply with the obligations under the Whistleblower Protection Act will result in heavy fines - up to CZK 1 million.
The whistleblower will also be able to appeal directly to the Ministry of Justice. For this reason, it is also in the interest of companies to make their internal whistleblowing system credible and simple. Otherwise, whistleblowers are unlikely to use it and will turn straight to the Ministry.
However, heavy fines and the threat of external audits are not the only negative impact of non-compliance. As outlined above, compliance with CSR principles and good relations with key partners and the public are increasingly important. Breaches of whistleblower protection obligations can deter existing and potential partners from working with a company and damage its reputation.