Does your organization employ more than 50 people? In this case, you will be affected by the proposed Bill on the Protection of Whistleblowers, which is expected to enter into force in 17 December 2021.
Contents
The law transposes the EU directive into Estonian law and entails an obligation for organizations to create internal and external reporting channels for reporting internal misconduct. The infringements that whistleblowers can report are very different – breaches of procurement procedures, internal fraud, breaches of environmental requirements, and so on.
For private sector organizations with 50–249 employees, the proposed new law is not expected to apply until 17 December 2023, as allowed by the Directive. For larger organizations, the same obligation will apply earlier.
What do companies need to do?
In addition to the notification channels, the follow-up to notifications must be developed, including notification procedures, measures to ensure the confidentiality and, where appropriate, anonymity of whistleblowers, and the deadline for processing notifications. It is also mandatory to inform the whistleblower of the final outcome of the procedure and to ensure that the notifications are stored and that personal data are collected and processed properly. The IT solution used for this purpose must also be able to ensure the confidentiality of whistleblowers and meet the requirements for the protection and processing of personal data. Incoming notifications should only be handled by a designated person or group with the appropriate competence.
The whistleblower must be able to report the breach through an external reporting channel, especially in cases where it can be expected that internal reporting may put pressure on the whistleblower. Thus, the whistleblower can notify the breach immediately through an external channel and does not need to first notify through an internal channel. A competent authority that is independent and separate must be designated to receive and process external notifications.
Possibility to prevent violations
However, there are reasons other than formal requirements for introducing a well-functioning infringement notification system. According to the ACFE[i], the existence of such a system reduces the financial damage caused by irregularities by an average of 50%, and infringements are detected on average six months earlier than without such a function. In other words, a well-functioning whistleblowing channel has an important role to play in preventing irregularities in the organization and in mitigating the resulting risks.
Grant Thornton Baltic can help in all aspects of building such a system: from implementation, improvement of internal procedures and staff training to the creation of an external communication channel, case management and investigations.
Grant Thornton Baltic offers a software for managing the full process of reporting internal misconduct.
Watch the introductory video:
The video is playing.This video is playing in mini-player mode.
Grant Thornton Baltic's specialists have in-depth knowledge in areas such as prevention and treatment of conflicts of interest, money laundering, bribery and corruption, fraud, prevention and detection of accounting irregularities, as well as taxation, employment and the environment, forensic data analysis, etc.
Matters concerning evaluation of the creditworthiness of consumers have returned to the focus during the last year. Discussions revolve around consumers’ increased loan burden and share of loans in default; there is lobbying for additional support from the establishment of a positive credit registry, and the Financial Inspectorate has started getting tougher with fines on market participants who don’t abide by the rules.
Those operating in the financial sector are bound by various laws along with requirements for internal audit arising from those laws. In addition, the Auditors Activities Act governs the provision of internal audit service, defining who is allowed to be engaged in the professional activities of an internal auditor.
In their work, internal auditors often come across a situation where clients want to have an internal audit done in their organization, but since they have no previous contact with an internal audit service, they have a number of questions.
