Whistleblowing is coming
Are you ready?

The upcoming Whistleblower Protection Act will affect tens of thousands of private and public organisations. It is the biggest compliance change since the implementation of the GDPR. Although the Czech Republic will probably not be able to pass the Act in time for the deadline set by the European Directive, the new whistleblowing rules will sooner or later come into force. We therefore recommend avoiding uncertainty and preparing for whistleblowing now.

The Whistleblowing Act was not passed by the Chamber of Deputies before the elections and it is therefore very likely that the Czech Republic will not meet the deadline for implementation of the EU Directive, which expires on 17 December 2021. However, after that date, the direct effects of the Directive will be activated. This will leave thousands of companies in uncertainty as to when, or if at all, they will have to implement an internal whistleblowing system that will allow people within their organisation to report unethical or illegal conduct or damage to public interests.

The proposed Whistleblowing Act envisaged such an obligation as of 31 March 2022 for employers with at least 25 employees, contracting authorities, municipalities with more than 5,000 inhabitants or financial service providers (e.g. banks, insurance companies, etc.). However, the EU Directive generally requires mandatory whistleblowing for all organisations with 50 or more employees or municipalities with more than 10,000 inhabitants.

What is certain is that sooner or later the Czech Republic will have to approve the Act; the only question now is whether it will be in the form that the previous Chamber of Deputies worked with, or whether the Act will undergo changes and be more in line with the limits set by the Directive itself. It is certainly worth not relying on the whims of legislators; if you have more than 50 employees, you had better start preparing for the new obligation early.

Who is a whistleblower?

Ensuring a safe atmosphere where employees are not afraid to use their voice will be a big challenge for many companies and organisations in the coming months. Businesses and public institutions will need to implement an internal whistleblowing system that strictly protects the identity of the whistleblower who will report suspicious behaviour within the organisation. According to the proposed legislation, a violation or failure to comply with the obligation may result in a fine of up to one million Czech crowns.

Whistleblowers are usually employees who have access to sensitive information and can be the first to detect suspicious behaviour. But don't think of the typical whistleblower as a pest – in the experience of Western Europe, it is a person who is interested in making things better. But the question is where he or she will report such suspicious behaviour. Under the draft Act, he or she will have two options – to turn to an external whistleblowing channel set up by the Ministry of Justice, or to choose his or her organisation’s internal whistleblowing system.

To ensure that employees do not report suspicious behaviour to the authorities and that organisations do not lose control of their own problem-solving, they should themselves ensure an internal system that is secure, user-friendly and trustworthy, not least because this will soon be required by law.

Why introduce whistleblowing?

1. You will be able to solve the problem

A whistleblower who is not listened to in the company will go elsewhere with the problem – perhaps to the ministry or the media. But before he or she confesses the issue to them, 90% of whistleblowers will try to resolve the issue internally within the company, according to EQS’s Whistleblowing Report. So, this is an opportunity to take matters into your own hands. With a functional whistleblowing system in place, business owners or management can learn about wrongdoing before it becomes a story on news websites or investigative programs.

2. You will avoid financial losses

The collapse of energy giant Enron, the Dieselgate affair or the leak of internal documents about how Facebook works – all of these are cases that were unleashed by whistleblowers and because of which the companies in question subsequently faced major economic losses. According to a study by the ACFE (Association of Certified Fraud Examiners), internal fraud can cost a company up to 5% of its annual turnover.

This is also confirmed by Facebook’s numbers. After its former employee Francis Haugen accused the company of not fighting against the spread of misinformation or human trafficking and prioritising profit above all, Facebook stock reacted with a sharp fall – in one trading day they wrote off 4.9%, reducing the value of Mark Zuckerberg’s fortune by USD 6 billion.

3. You will strengthen your reputation

Whistleblowing complements the overall structure of a company’s compliance and risk management functioning. A functional and trustworthy whistleblowing system is an effective tool to uncover potential deficiencies and areas for improvement that (if at all) only lengthy and costly audits can uncover. This is confirmed by the new methodology of the Supreme State Prosecutor's Office, which mentions whistleblowing as one of the measures that can avert corporate criminal liability.

The introduction of whistleblowing is gradually becoming a standard for companies with a high ethical business culture and is a necessity even for state organizations and enterprises that are under strong regulation or for companies that need a high level of compliance due to investors or foreign partners’ requirements. Our clients also benefit from the fact that if whistleblowing is part of a company’s ethics and integrity or ESG principles, then it also works as a competitive advantage, for example in tenders. And such a company is then more interesting not only for investors but also for employees.

How should whistleblowing work in a company?

Under the draft Act, companies and organisations will be obliged to create a secure communication system where employees can report wrongdoing. The whistleblower should be able to make a report orally, in writing and, on request, in person, and the system should strictly guarantee his or her anonymity. Therefore, we consider the best solution to be a web-based platform that allows the whistleblower to make a report from anywhere, while remaining anonymous and having subsequent communication with the organisation.

It is also necessary to designate the person responsible for dealing with reports and to create a system for recording them. In any case, the report should always be followed by a proper examination and, if it proves to be justified, appropriate remedial action should follow..

The appointment of a so-called ‘responsible person’ is therefore crucial. This person is the only one authorised to know the identity of the whistleblower (if the whistleblower has provided it) and is responsible for protecting it. He or she conducts the subsequent communication with the whistleblower and assesses the report. This person can be someone within the organisation or also an external person; however, it is always important to separate this function from normal internal procedures to avoid conflict of interest and suspicion of retaliation. For these reasons, it may therefore be more efficient to choose an external professional, not least because of the use of their experience and substitutability. Given that the draft Act provides for fines of up to CZK 100,000 in the case of misconduct by the responsible persons, it is also appropriate to consider insuring the risks associated with the performance of this function.

Myths around whistleblowing

Do you tell yourself that you are already solving your internal problems and you can get by without an ethics line? That is certainly a sign of well-functioning relations within the organisation. But are you sure you are learning about all the cases that could be efficiently resolved? According to an ACFE study, a functioning whistleblowing system is by far the most efficient tool for detecting fraud within a company, with up to 43% of cases being detected.

In the Czech Republic, we also still encounter negative perceptions of whistleblowers and fears that such people will abuse the system. Properly designed and set up whistleblowing, however, prevents possible abuse. Data in the EQS study show that after the system is introduced, a company receives, on average, over 50 whistleblowing reports per year of which one in two is relevant and justified.

If whistleblowing becomes a normal part of internal processes and is supported by management, such an optimal solution can be achieved. However, if you think that putting the trust box on the wall will be enough, or if you opt for a “we'll do it somehow” solution, we would like to disabuse you of that notion. It is not trivial to create a functional and trustworthy reporting system under the draft Act and will take time on the order of weeks to months. Employee training cannot be omitted, either. It is therefore advisable to start preparing early.

FairWhistle Solution
As experienced compliance professionals, we know what a functional and efficient whistleblowing solution should look like. That is why we have created FairWhistle, a comprehensive turnkey solution for businesses.

We will help you select the right reporting channels, provide state-of-the-art web-based platforms from reputable technology partners, and prepare all the documentation, including the communication and education that should accompany the system.

We also offer follow-up support in dealing with reports, including taking over the role of the so-called ‘responsible person’. We will implement the entire system and take over its complete management and operation. We can create a trustworthy system that will be the first choice for whistleblowers.

FairWhistle key contacts for whistleblowing:

Robert Nešpůrek|Founding Partner

Robert has extensive experience in corporate transactions, M&A and advising on technology law, IP, data protection and GDPR. He focuses on the legal aspects of sustainable business and compliance and the use of information technology for compliance activities.

Michal Smrček |counsel

Michal offers companies and organisations comprehensive advice on compliance. He also engages in defining rules to prevent corruption or conflicts of interest. In investigations, he specializes in detecting, preventing and uncovering both internal and external fraud with an emphasis on maximizing the protection of business assets.

Richard Otevřel|Counsel

Richard manages FairData Professionals, a sister company of HAVEL & PARTNERS, which helps clients independently manage compliance risks. As a recognized data protection expert, he provides comprehensive services to companies and organizations and ensures the implementation of the ethics line in companies is GDPR compliant.

Petra Sochorová |counsel

Petra is a specialist in employment law, compliance and internal investigations. She has extensive experience in advising through complex investigations, including those regarding employee conduct and complaints via the ethics line. She also provides comprehensive compliance support in follow-up proceedings or internal procedures arising from these investigations.

Pro bono
It is the biggest compliance change since the implementation of the GDPR
Jaroslav Havel:
What the tax authority can and cannot do when conducting an on-site investigation
Whats new with us
About us