Frank Hülsberg

Burkhard Fassbach

In the following guest post, Frank Hülsberg, a Partner for Governance, Risk, Compliance & Technology at Warth & Klein Grant Thornton AG in Düsseldorf, and Burkhard Fassbach, a D&O-lawyer in private practice in Germany, take a look at the EU’s new Whistleblower Directive. I would like to thank Frank and Burkhard for allowing me to publish their article. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Frank and Burkhard’s article.

**********************

The aggressive tax avoidance models of a Big Four accounting firm in Luxembourg, money laundering at Danske Bank or the stretching of cancer drugs by a cytostatic pharmacist in the German city of Bottrop – three very different cases that would not have been discovered, or would probably have been discovered much later, without whistleblowers.

The gratitude shown to whistleblowers by their employers and the judiciary remained within reasonable limits – many have paid for their reports with the loss of their jobs, high legal fees and sometimes even prison sentences. While other EU countries such as Italy, France or Sweden offer at least basic protection through national laws, there is no protection for whistleblowers in Germany so far.

Now the German legislator has to put up a protective umbrella for whistleblowers within the next two years after the European Parliament passed the EU-Whistleblower Directive in April 2019.

According to the Directive, companies with more than 50 employees or a turnover of more than EUR 10 million p.a. as well as financial service providers and regional / state administrations must ensure that an internal whistleblower reporting channel is set up to protect the whistleblower’s identity. This internal reporting channel can expressly also operated by a third party.

In principle, a whistleblower must first select the internal message path. If this was unsuccessful or no satisfactory response was received within three (maximum six) months, or if the internal report would endanger the clarification, the whistleblower can also contact the competent authority directly. According to the Directive, the authorities also have extensive obligations for reporting channels similar to those of companies. If the official channels have not been successful or if the public interest is acutely endangered, the whistleblower should also be able to address the public directly.

The aim is to protect all whistleblowers who, as part of their “work-related activities,” have privileged access to information on infringements which may cause serious damage to the public interest”. This also covers trainees, applicants, shareholders and even employees of suppliers.

The protective measures envisaged include a ban on sanctions against the whistleblower, whereby the burden of proof – e.g. in the event of dismissal – lies with the employer that it was not pronounced as a retaliatory measure. Under the Directive, companies or persons acting on behalf of the company who obstruct the submission of information or expose the whistleblower to reprisals shall be subject to adequate and dissuasive sanctions.

The Directive applies only to infringements of EU law and not to infringements of German law such as tax law or criminal offences under the Criminal Code. Although the Directive thus covers a large part of the critical areas, such as money laundering, consumer protection or public procurement, the potential whistleblower will not want to check first whether the reported infringement and thus his protection falls within the scope of the EU Directive. Here the German legislator is called upon to create clarity.

The Directive quickly triggered a controversial, sometimes heated debate on the following fundamental questions:

(1) Is the predefined message path (initially internal reporting) the correct one?

(2) Is there potential for conflict with other standards?

(3) How expensive and time-consuming will this be?

(4) What is the moral dimension of whistleblowers?

The first two questions are answered quickly – in case of doubt, a look at the original sources will help. The guideline offers sufficient exceptions to skip the internal reporting path. The Prima Facie conflicts concerning the German Act Establishing the Federal Financial Supervisory Authority (FinDAG) (direct notification to the authorities), the German Trade Secrets Act (GeschGehG) – noble attitude vs. suitability to preserve the public interest – and the EU General Data Protection Regulation (GDPR) (right to information also on whistleblower data, State Labor Court of Baden-Wuerttemberg in December 2018) can be resolved with a glance at the law or the judgement: Pursuant to section 5 No. 2 GeschGehG, the acquisition, use or disclosure of a trade secret is justified if it takes place to uncover an unlawful act or a professional or other misconduct and if the acquisition, use or disclosure is suitable to protect the general public interest. The whistleblower must act only to detect an unlawful act or professional or other misconduct.  The “good will” of the whistleblower alone is not sufficient, but an actual misconduct must be uncovered. The bona fide whistleblower, however, is protected by the general rules on error. According to the landmark decision of the Baden-Württemberg state labor court, Daimler must give a dismissed employee full access to the data collected about him – including information about internal investigations. The plaintiff was granted the right to inspect his personnel file and the data collected by the Business Practises Office (BOP) department. Daimler, on the other hand, opposes the classification of the BOP file as part of the personnel file because this would reveal the identity of whistleblowers. According to the ruling, experts expect a wave of lawsuits. Daimler filed an appeal so that the next instance to decide on the case will be the Federal Labor Court (BAG). Question 3 can be solved in a way that is compatible with established standard solutions.

With regard to question 4 the discussion about the moral dimension remains, where the camps are currently facing each other almost irreconcilably. Denunciation, block-keeper mentality and the destruction of the culture of trust are the dominant terms for whistleblowers. However, experience with whistleblower systems shows that the abuse rate is very low and that massive misconduct would not have been uncovered without whistleblowing. The protection now to be created was overdue. The change of attitude towards the issue is also overdue and must now be achieved in objective debates.