Parliament adopts law on Whistleblower Protection

The EU Directive 2019/1937 on the protection of persons who report breaches of Union law was adopted on 23 October 2019 and should have been transposed by all Member States by 17 December 2021. It focuses on the protection of whistleblowers against forms of retaliation and should thus encourage the identification and rectification of wrongdoings.

Luxembourg presented a draft law in January 2022 which we covered in a previous flashnews article. 

Now, Luxembourg is one of the last EU countries to adopt a law. Similar to other countries, it goes beyond the initial scope of the Directive.

Which entities are in scope?

Article 6 precises that entities in the private and public sector need to establish internal reporting channels. Private sector entities with less than 50 employees are exempt. 

Financial sector entities and firms vulnerable to money laundering have to implement the law independent from the number of employees. 

The entities in scope of the law are numerous and this is especially true of those operating in the financial sector, where current regulatory requirements have not been that detailed and strict. 

Failing to implement internal reporting channels can lead to a fine of up to 250,000 €. 

What can be reported?

Information obtained in a professional context about acts or omissions which are illegal or defeat the purpose of provisions under national or European law can be reported. Consequently, this involves all kinds of offences and is not limited to financial crime. People making false reports can receive a fine up to 50,000 €. 

Who can report?

Reports can be made not only by current employees, but also former and prospective workers, volunteers and trainees, the self-employed, shareholders and contractors, subcontractors and suppliers. The law also applies to civil servants. It will therefore not suffice to implement an internal mailbox since the audience extends beyond internal staff.

How are reports managed?

The law details various requirements for the design of the internal channels, in particular with regard to guaranteeing the confidentiality of the whistleblower’s identity. Article 7 lists specific procedures for managing reports and follow-ups, a timeframe for feedback and the appointment of an impartial person or department for the communication with the reporting person.

How are whistleblowers protected?

Reporting persons using the internal channels will be protected against any form of retaliation from their employer as detailed in Article 27, including dismissals, refusal of promotions or training. Persons who retaliate against whistleblowers can receive a fine of up to 25,000 €. 

Our teams combine experts in the handling of whistleblowing cases and the organisation of investigations as well as regulatory experts in order to help you to: 

• review your existing policies and procedures or help you elaborate them;

• support you in the design of your trainings - for all employees regarding the use of the internal channels, but also for the dedicated staff handling the reports;

• advise you on the set-up of an internal solution for your reporting channels or the choice of an external provider that fits your needs;

• assist in assessing whether an incoming alert is substantiated, meaning if it needs further investigation. In that case, we can accompany you during the entire investigation life-cycle. 

• Support you in the operation and alert handling of your whistleblowing system as a managed service with dedicated experts.  

Together with our JBR partner EQS group, a leading provider of whistleblowing software solutions, we can support you in the tool implementation and offer Managed Services for the running of your whistleblowing system and the first screening of incoming alerts in close alignment with you.