The State of Whistleblower Protection: January 2023

by: Michelle Thompson

One year after the deadline for transposing the EU Whistleblower Directive into national law, many EU Member States continue to lag behind when it comes to whistleblower protection. In November 2019, the Directive came into force. The whistleblowing EU directive includes provisions for establishing internal mechanisms for reporting wrongdoing and safeguarding against retaliation. A deadline was set for introducing the new whistleblower protection rules by December 17th, 2021, but at least five countries have so far failed to introduce new whistleblower protection laws. Many more have faced delays in their implementation.

Delays in Transposing Whistleblower Protection

As of January 1st, 2023, the state of whistleblower protection in the EU remains largely unchanged. One Member State, Hungary, has made minimal to no progress on the issue. Four additional countries, Poland, Austria, Bulgaria, and Belgium are still in the process of drafting their new whistleblowing laws. At the same time, landmark whistleblowing cases continue to surface and are investigated in the EU, making the Directive more relevant than ever. Here are the latest developments.   

Bulgaria

In recent news, the Bulgarian parliament rejected two drafts of whistleblower protection laws on December 14th, 2022. The first bill would have provided for establishing internal reporting channels and created a central authority for making external disclosures and seeking protection from retaliation. The second bill was proposing an external channel for reporting wrongdoing and making personal data anonymous. These changes to Bulgaria’s legislation would have met the requirements for transposing the EU Directive into national law. The decision risks diminishing public trust and confidence in authorities and increasing fears of retaliation for employees who report. At a recent round table organized by CEE Legal Matters, Attorney Ilya Komarevski said that the Bulgarian work culture must educate people that it is not bad to report on wrongdoings and that a lack of anonymity is to blame for the low number of cases.

Belgium

Belgium adopted whistleblowing laws for reporting breaches in financial laws and requires disclosures to be made to the National Bank of Belgium and the Financial Services and Markets Authority. The country also adopted an anti-money laundering directive, making it a legal obligation for companies to report wrongdoing to the Belgian Financial Intelligence Processing Unit. Until recently, however, the EU Directive had not been fully transposed. There is still no procedure to follow for ensuring whistleblower protection when an employee discloses misconduct through an internal channel. On November 25th, The Brussels Times reported the bill had been reviewed by parliament ad had passed but had yet to be implemented. The new rules will give more protection to whistleblowers exposed to legal action or at risk of losing their jobs.  Last week, the Whistleblowing Act was published in the Belgian State Gazette. The new law, which has yet to be implemented, will enter into force on February 15th, 2023.

Finland

The EU Directive was recently adopted in Finland. On December 14th, the Finnish Parliament approved a whistleblowing law that will transpose the Directive. The decision arrived on the heels of the EU Commission’s announcement that it intends to begin infringement proceedings against Member States who have not yet implemented the new rules. Finland had previously postponed the passage of the whistleblower protection law, which protects against individuals who report breaches such as money laundering, tax fraud, and conduct that puts consumers, the environment, and data protection at risk. The new rules provide protective measures to whistleblowers against legal liability and retaliation. Companies that violate the Act could face financial penalties.  

Long-Standing Whistleblowing Case Resolved

Danske Bank pleaded guilty to the world’s biggest money-laundering scandal on December 14th. Reuters reports the Bank pleaded guilty to fraud conspiracy and agreed to pay $2 billion (1.8 billion EUROS) as part of a settlement with the government of the United States. Danske Bank’s Estonian branch allowed more than 200 billion euros in funding to high-risk clients from Russia and other countries to enter the American financial system. Danske’s Chairman, Martin Blessing said in a statement, “we have cooperated since we were approached by the authorities and accept the terms of the resolutions”. Law firm JD Supra argued that the case proves the need for anti-money laundering whistleblower protection laws in the EU. Former Bank Manager Howard Wilkinson first reported concerns about potential money laundering internally in 2014 but was ignored. The case showed how the company’s internal controls had failed. The ruling is historic. This is the first time the U.S. has taken direct action against Denmark’s biggest bank.