New obligations for entities having 50 or more employees
A new version of the bill on the protection of persons reporting breaches of law (referred to as whistleblowers) has recently appeared on the website of the Government Legislation Centre. The proposed act imposes on certain entities an obligation to implement local procedures and confidential channels for reporting breaches of law, including:
- private entities having 50 or more employees;
- entities active in the financial sector regardless of the number of employees they have (including, but not limited to, banks, investment funds, insurance companies, reinsurance companies, trust funds, pension companies, pension funds, brokerage houses, and fund management companies); and
- public entities regardless of the number of employees they have (excluding offices or organisational units of municipalities or districts with fewer than 10,000 inhabitants).
When to expect the new obligations to come into force?
The fact that the new Minister of Family, Labour and Social Policy commenced work on the new bill right at the beginning of her term of office is a good sign for the process of implementation of Directive (EU) 2019/1937, which has already been delayed for over 2 years. It is evident from the information published yesterday that the Ministry is aware of the urgency of this matter as it proposes using a separate procedure for working on the act and submitting the bill for consideration directly to the Standing Committee of the Council of Ministers. The plan is that the Council of Ministers should approve the bill as early as in the first quarter of 2024!
The new bill also sets an earlier date for the act to enter into force, namely one month from its promulgation. After that, the relevant entities will only have one more month to implement the required reporting channels, which gives them only two months in total from the promulgation of the act in the Journal of Laws to comply with it.
What does it mean for you?
The Ministry has only slightly changed the bill that has been discussed so far and apparently it will try to implement it promptly. This means that whistleblowing is the issue you should address as soon as possible since the proposed act will impose very specific obligations on Polish private and public entities. If you are:
- an entity having 50 or more employees – you will have to implement an internal reporting procedure, designate an impartial body to be in charge of receiving the reports, and establish a confidential and secure channel for receiving reports.
- Be careful! If you are part of a capital group, it may turn out that the solutions currently adopted by the group are insufficient and inconsistent with the proposed bill. For example, persons working at the headquarters who are not employed by a local company may not accept or process reports unless it is done in a strictly defined manner. Therefore, it would be wise to assess your system right now, discuss the matter with your management team and give them specific recommendations that would mitigate the risk of individual criminal liability provided for in the act.
- an entity active in the financial sector regardless of the number of employees you have – you will also have to take into account the need to comply with sector requirements for reporting violations, for example the AML Act or Banking Law requirements.
- a public entity – in addition to the internal channel, you will also have to establish an external channel, for example a channel through which you will be receiving reports of violations of law that occur in other entities in the areas that are within your scope of operations. A report so received may trigger the requirement to initiate audit proceedings or explanatory proceedings, and sometimes even the requirement to submit a suspected crime report.
What is new in the bill?
First, it will be the Commissioner for Human Rights (in Polish: Rzecznik Praw Obywatelskich) and not the State Labour Inspection (in Polish: Państwowa Inspekcja Pracy) who will act as the central governmental body supporting public entities in the process of receiving reports. Also, the Police and the Prosecutor’s Offices are no longer designated as entities competent to receive crime reports covered by the bill. Accordingly, in this regard, the version of the bill developed after inter-ministerial agreements, opinions and public consultations was restored.
Second, certificates of being subject to protection under the proposed act may be issued to external reporting entities, but this is not obligatory. This is a step in the right direction because the previously proposed requirement to issue such certificates raised many concerns regarding the length of the protective period for whistleblowers and the obligation on the part of whistleblowers to submit declarations of their reports being true and accurate under sanction of penalty for false depositions.
Judging from the proposed changes, it is the public sector obligations and not the private sector requirements that are being most fiercely being debated. This is another argument in favour of why the private sector should become interested in implementing the required procedures right now. Please note that the bill imposes fines and penalties of limitation of liberty and even imprisonment of up to three years for failing to comply with certain requirements. Our experience shows that it is better to implement and test the reporting system before legal sanctions for failure to comply with the legal requirements actually come into force.