New in whistleblowing - Are you compliant?
Businesses have a clear interest in ensuring that the right whistleblowing framework and culture is in place – it is better to retain control of the process and investigate potential wrongdoings internally at an early stage, in order to prevent issues from arising and growing.
On 16 October 2017 and 3 January 2018, new obligations on whistleblowing procedures came into effect for persons and entities falling under the scope of the anti-money laundering law or subject to financial supervision by the Financial Services and Markets Authority (FSMA).
Below is a summary of the new measures introduced in Belgium and an update on developments at the European level. You will also read the key findings of "Whistleblowing is on the rise", a global survey on whistleblowing commissioned by Freshfields.
Until recently, formal whistleblowing procedures were only required in the public sector (by the Federal and Flemish authorities) - There was no general legislation on whistleblowing in Belgium’s private sector, aside from function specific rules and obligations. Two whistleblowing procedures applying to the private sector have now been recently introduced.
The Law of 31 July 2017 introduced a legal framework for the reporting of actual or suspected infringements to the financial laws and regulations of which the compliance is supervised by the FSMA by amending the Law of 2 August 2002 on the supervision of the financial sector and financial services (the Financial Supervision Law). The scope of these financial laws and regulations include, inter alia, rules regarding transactions in financial instruments, market abuse rules, rules regarding asset managers and investment advisors, rules regarding insurance companies and intermediaries, rules regarding financial intermediaries and occupational pensions providers. For the one part, the new whistleblowing rules are a result of the implementation of several EU Directives and Regulations (Market Abuse Regulation, MiFID II, UCITS Directive, Insurance Distribution Directive, PRIIP’s and SFTR), but the Belgian legislator went a step further by extending the scope of application of the whistleblowing rules to all areas under the supervision by the FSMA.
Effective 3 January 2018, the amended Financial Supervision Law imposes on the regulated persons and entities that are in scope of the financial supervision of the FSMA (such as financial institutions and financial intermediaries) to put in place appropriate internal reporting mechanisms.
On 24 November 2017, the FSMA issued a circular (NL / FR) to further clarify this obligation. The circular sets out that the internal reporting of breaches should be encouraged and that the staff should be aware of these internal procedures. This obligation should be implemented taking into account the proportionality principle (e.g. in smaller undertakings reporting could be done to the effective leaders). The procedures should provide follow-up actions in case breaches are reported and these follow-up actions should be registered. Lastly, the procedure should be compliant with the privacy legislation.
Since these new obligations on internal whistleblowing proceedings applied as of 3 January 2018, regulated entities that fall under the supervision of the FSMA should assess whether their existing whistleblowing regime (if in place) is compliant.
Actual or suspected infringements of the financial rules can be reported to the FSMA. The newly introduced rules provide protection to all whistleblowers, irrespective of whether they are employees or self-employed. The confidentiality of the whistleblower’s identity is guaranteed by the FSMA and a whistleblower who has reported an (alleged) infringement in good faith cannot be subject to any civil, criminal or disciplinary claims or professional sanctions as a result of the reporting. Reporting through this channel will also not be considered as a breach of any confidentiality or non-disclosure obligations to which the whistleblower is bound (there is an exception to this rule for external lawyers in respect of information received from their clients or about their clients in connection with the defence, representation or advice of such clients).
Whistleblowers who have made a notification in good faith to the FSMA are, in addition, protected against acts of retaliation, discrimination and other forms of unfair treatment. Provided it can be reasonably presumed that the employer (or principal) was aware that the employee blew the whistle, the Law also provides that it is up to the employer (or principal) to prove that the above mentioned acts or treatments, if taken within 12 months after the employee blew the whistle, are unrelated to the whistleblowing. In case of breach of this prohibition by the employer (or principal) of the whistleblower, the latter is entitled to ask his/her reintegration or claim damages against his / her employer (or principal).
The procedures for handling reports by whistleblowers were further set out by the FSMA in a set of rules approved by Royal Decree on 24 September 2017.
Anti-money laundering and counter-terrorist financing
Effective 16 October 2017, the Law of 18 September 2017, implementing the Fourth Anti-Money Laundering EU Directive, provides three alternative options to blow the whistle on breaches of the anti-money laundering and counter-terrorist financing (AML / TF) provisions and on suspicious client transactions.
The entities subject to the rules (e.g. financial institutions, auditors, etc.) need to have appropriate procedures in place for staff members, agents and distributors to report breaches of the obligations under this law. They also need to ensure that individuals reporting on suspicious client transactions or internal failure to comply with the AML obligations are protected against any threat or hostile action, including against adverse or discriminatory actions by the employer (or principal).
Reports are to be directed to the AML Compliance Officer (AMLCO) or the AML Manager through a specific, independent and anonymous channel.
Since these new obligations on internal whistleblowing proceedings entered into force on 16 October 2017, entities subject to the AML Law of 18 September 2017 should assess whether their existing whistleblowing regime (if in place) is compliant, and ensure that (potentially anonymous) whistleblowers notifications are received by an AMLCO and, as a best practice, are collected in a separate register. It is also important to adequately inform staff and other relevant persons of the new whistleblowers procedure in place in order to enhance its accessibility.
In addition to the internal reporting possibility, whistleblowers have two external channels to report non-compliance issues or AML / TF suspicions:
Reporting to the supervisory authority
Any individual can blow the whistle on non-compliance issues to the supervisory authority of the entity subject to the rules, which is, depending on the entity, a competent authority (e.g. the Minister of Finance, the FSMA, …) or a self-regulatory body (e.g. the Supervisory Institute for Auditors). These supervisory authorities are required to set up adequate and generally accessible whistleblowing procedures.
The supervisory authority receiving the information is bound by confidentiality and cannot disclose the whistleblower’s identity. If the whistleblower is a staff member or a representative of the obliged entity and acted in good faith, he or she is protected against any civil, criminal or disciplinary claim or professional sanction with respect to the reporting.
Also, the Law prohibits any adverse or discriminatory treatment, including termination of the employment or representation mandate, in consequence of the reporting.
Reporting to the Financial Intelligence Unit (CFI / CTIF)
Whistleblowers can also report suspicions with respect to AML / TF issues to the CFI / CTIF. As a general principle, and with exception of certain obliged entities, notifications to the CFI / CTIF are made by the AMLCO on behalf of the obliged entity. However, in the event that this is unfeasible or inadequate, employees or representatives of most obliged entities may notify the CFI / CTIF directly.
Such disclosure of information done in good faith by a director, employee, agent or distributor does not constitute a breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision. It cannot involve their liability in any kind or result in adverse or discriminatory actions by the employer or principal (special rules apply to lawyers and their staff because of their confidentiality obligation with respect to client information: notification is restricted to non-protected information and is addressed by the AMLCO or lawyer exclusively to the president of the Bar (not the CFI/CTIF)).
If the CFI / CTIF submits the information to judicial or other investigating or enforcing authorities, it will anonymise the notification and the authorities involved will take all necessary measures to protect the whistleblowers against any threats or acts of aggression.
In case of breaches of the protection of whistleblowers, administrative fines may be imposed on the entity subject to the rules and on the members of its board of directors, executing committee or senior management who are responsible for the infringement.
Maximum amounts of the fines vary, depending on the type of obliged entity (financial institution, auditor, …), from EUR 1.25M over EUR 5M to 10% of the annual net turnover. In certain cases, the levy of an administrative fine, the nature of the infringement and the identity of the entity and persons involved can be published on the supervisory authority’s website.
The introduction of these measures show that whistleblowing is currently at the top of the political agenda in Belgium.
Whistleblowing was put back on the European agenda recently in the aftermath of a number of tax evasion scandals, and members of the European Parliament (EP) have been pushing for a proper EU-wide protection of whistleblowers. During its plenary session on 24 October, the EP adopted a non-legislative resolution, which included recommended steps that could be taken by the European Commission to implement an EU-wide whistleblowing programme.
This resolution provides that Member States and the EU institutions should promote a speak-up culture and the positive and important role that whistleblowers play, in particular through awareness-raising and protection campaigns, communication and training.
The EP also recommended that:
- the European Commission should propose EU-wide legislation on the protection of whistleblowers that provides a high level of protection and covers both the public and private sectors;
- a public website is launched where whistleblowers can submit complaints anonymously;
- a new body is created that would be responsible for whistleblowing at EU level; and
- whistleblowers should also have the right to review and comment on the outcome of the investigation related to their disclosure.
It is not sure whether the European Commission will take forward these recommendations, but the continued conversation around whistleblowing in the EP (see also the non-binding resolution adopted in July 2016) will add to the pressure on the European Commission to consider additional protection for whistleblowers.
It should be noted that rules to protect whistleblowers in certain circumstances have also recently been enacted in France, the UK and Italy.
In this context, Freshfields published the results of a global survey on whistleblowing that our firm commissioned, where 2500 business managers from different countries and sectors were polled: Whistleblowing is on the rise.
According to the survey’s findings, the whistleblowing culture within businesses has evolved. While this survey shows increased levels of engagement in whistleblowing around the world, it also reveals that office culture is still deterring large numbers of business managers from engaging in it at all. 55 per cent of managers participating in the 2017 survey state that they and their co-workers would be deterred from whistleblowing by concerns that it would damage their career prospects or reputation.
Although there is still a long way to go before a EU harmonised set of rules concerning whistleblowing is enacted, the above shows that there is growing interest across the EU around whistleblowing as a valid alternative to silence or to the communication with the hierarchy when the latter is not practicable.
If you would like to discuss any aspects of this briefing and/or wider issues pertaining to your business, please let any of your contacts at Freshfields know, or get in touch with the lawyers below.