Private sector companies will soon be covered by the so-called Whistleblower Act (the „Act”). Polish lawmakers are still working on the final wording of the Act, which according to the Whistleblower Directive ((EU) 2019/1937), should enter into force no later than December 17th, 2021. Although it is now obvious that this deadline will not be met, it is already worth considering how to adapt the functioning of companies to the upcoming changes and be prepared once the Act is finally in force
Deadlines for implementing the whistleblowing system
Each company with at least 50 employees will be required to adopt internal whistleblowing system for reporting violations of the law. Under the draft Act, companies with at least 250 employees will have to establish internal whistleblowing channels after a 14-day vacatio legis period and companies with between 50 and 249 employees will have time to do so until December 17th, 2023.
Companies will be obliged to involve employees in the process of establishing whistleblowing regulations, either through consultations with trade unions or (where there are no trade unions) with employees’ representatives. Consequently, creation and implementation of whistleblowing procedures and policies will have to be carried out with an active and documented participation of employees. Implementation of the internal whistleblowing system will also require that the employees be effectively familiarized with how this system works.
Scope of legal protection
A whistleblower can be any person who reasonably suspects a violation of the law in his/her professional environment and (in good faith) reports such violation. Protection will be granted to employees (also former employees), job candidates, persons providing services on a B2B basis, trainees, volunteers, shareholders, members of governing bodies, staff of subcontractors or suppliers. Protection will also be available to persons who assisted a whistleblower in making the report (such as the whistleblower’s relatives).
The scope of infringements that can be subject to whistleblowing will cover areas indicated by the Act, to include public procurement, product or transport safety, consumer and competition protection, personal data protection, IT safety, AML, and environmental protection. Individual cases will not be subject to’ protection under the Act; however, the draft Act allows for a broader catalogue of protected violations, which may include employment law, internal regulations or ethical standards applicable in a given company.
Internal reporting regulations
Companies will be required to have internal reporting regulations setting out an internal procedure for reporting and following up on violations. The regulations will come into effect 2 weeks after they have been communicated to employees in a manner adopted by the company.
Reports can be made orally or in writing. According to the draft Act, the identity of a person making an internal report will be protected as confidential, but not anonymous; however, a company will be able to decide to accept anonymous reports. Implementation and management of the reporting channel and handling on whistleblowers’ reports can also be outsourced (for example to a law firm).
Companies will be obliged to confirm the receipt of the whistleblower report within 7 days of its receipt and to provide a whistleblowers with a feedback no later than within 3 months from the acknowledgement of the report receipt.
The companies will be also required to maintain a register of internal notifications and the data will have to be stored for a period of 5 years from the report receipt.
External and public reporting channels
The draft Act does not provide for a priority of reporting through internal channels. It also offers two other methods of reporting:
- external reporting – available through the relevant state authorities,
- public disclosure – available through traditional or social media.
Therefore, it seems particularly important to introduce effective internal procedures that guarantee confidentiality so that employees are encouraged to use internal channels first and foremost. An early detection of existing violations of the law will enable a company (respectively its officers) potentially exposed to liability to take advantage of, for example, the voluntary disclosure, a criminal law institution that allows to avoid (or reduce) liability for committing a prohibited act.
In the case of a public disclosure, a whistleblower will be able to benefit from protection, provided that he/she first used internal or external reporting channels, but no timely action has been taken in response to such report. The above shall apply in case a whistleblower has reasonable grounds to believe that the violation may pose an immediate or obvious threat to a public interest or he/she can expect retaliation or the violation is unlikely to be effectively remedied.
Protection against retaliation
Whistleblowers will be protected against retaliation for reporting, in particular against disciplinary action, termination of employment or other legal relationship, change of employment conditions to less favorable ones, harassment or discrimination as a form or reprisal, civil suits for defamation, damages or infringement of personal rights.
In the case of retaliation or other unfavorable treatment, the whistleblower will be able to claim compensation in an amount not lower than the statutory minimum gross wage (in 2022 it will be PLN 3,010). The company will bear the burden of proof that the actions taken against the whistleblower were not in retaliation for the report made.
The draft Act provides for criminal sanctions (a fine, restriction of liberty, imprisonment of up to 3 years) for failure to establish or properly establish internal reporting procedure, obstructing reporting, breaching the confidentiality of a whistleblower’s identity, taking retaliatory action against a whistleblower.
The draft Act does not specify who will be held liable for the above actions. Therefore, it should be assumed that it will be the top management and relevant employees, in accordance with the scope of their responsibilities (e.g. representatives of legal or HR departments). In this perspective, the proper division of responsibilities in the process of establishing the whistleblowing system seems to be all the more important.
It is worth mentioning that a person making a false report is also threatened with up to 3 years imprisonment.
Entry into force
The draft Act is currently in the public consultation stage. It provides that the regulations will come into force 14 days after the act is promulgated, potentially giving very little time to implement the relevant internal procedures. However, the employers employing up to 250 employees will not be obliged to establish internal whistleblowing channels until December 17th , 2023.