We now know the content of the bill on the protection of whistleblowers (the“Whistleblower Protection Bill” and the “Whistleblower Protection Act”) after its adoption by the lower chamber of the Polish Parliament (Sejm). The Whistleblower Protection Bill is to require the implementation of local procedures and confidential channels for reporting violations of the law by, among others:
- private entities employing at least 50 persons;
- entities operating in the financial sector, regardless of the number of employees (including, but not limited to, banks, investment funds, insurance companies, reinsurance companies, mutual funds, pension companies, pension funds, brokerage houses and investment fund companies); and
- public entities, regardless of the number of employees (excluding offices or organisational units of a municipality (gmina) or district (powiat) with fewer than 10,000 inhabitants).
Although the discussions on the bill were heated, in the end, only one significant change was included. A change that supposedly makes things easier for capital groups. But is it really? A paragraph was added to the Whistleblower Protection Bill according to which private group entities may establish a collective procedure for internal reporting, provided such procedure complies with the Whistleblower Protection Act. What will this mean in practice? Unfortunately, not much.
The paragraph was, in fact, introduced without taking into account the context of the Whistleblower Protection Act, which distinguishes between:
- “receiving reports“, which can be done by a company subject to the Whistleblower Protection Act itself, as well as by an entity external to it, such as a parent or sister company (even from abroad); and
- “taking follow-up action“, which can only be done by a company subject to the Whistleblower Protection Act itself.
This means that although a group may have a single procedure, it is still the responsibility of each individual company in the group to take follow-up actions separately.
In addition, the Whistleblower Protection Act allows for “common rules” for receiving and reviewing internal reports and conducting investigations. This possibility is reserved only for entities in which at least 50 but no more than 249 persons are gainfully employed.
This means that companies with more than 249 employees that are part of a group may have a single procedure, but may not share “common rules” governing such procedure.
At present, therefore, the Whistleblower Protection Act includes at least four terms that overlap in scope and are also partly exclusive, but which regulate the same process of using group resources for receiving and processing reports. It is therefore difficult to say that the introduced amendment improves anything in this respect.
The Whistleblower Protection Bill needs systemic changes, for which there is unfortunately neither the time, nor the will. The penalty imposed on Poland by the European Commission this month for failing to implement the EU Whistleblower Directive is still accruing, so the Whistleblower Protection Bill is now only awaiting the Senate’s vote and the President’s signature. Unfortunately, both whistleblowers and companies the corporate systems of which have been functioning effectively for a number of years will suffer. This is because the systems currently in place will have to be adapted to the realities of the new law, which may result in the current systems not guaranteeing the same level of protection they currently provide.
The proposed effective date for the new legislation for private parties is three months from the date of publication of the Whistleblower Protection Act in the Journal of Laws.