The Protected Disclosures (Amendment) Act 2022 ("2022 Act") comes into effect on 1 January 2023. The changes it makes to the Protected Disclosures Act 2014 are outlined in our previous client update.

Of primary note, the 2022 Act requires that all entities initially in scope must have and maintain internal reporting channels and investigation procedures that comply with its requirements from 1 January 2023.

Entities Initially in Scope

By virtue of (i) prescribing a wide range of EU regulated entities to be in scope and (ii) the regime now applying to a more extensive range of individuals connected to a relevant entity, most Irish regulated entities will be subject to the new whistleblowing obligations from 1 January 2023.

Regulated Entities

Without reference to specific legal structure, the 2022 Act applies, in its initial phase, to any 'employers' that are entities who fall within the scope of a prescribed list of EU laws. This list covers a wide range of areas of financial services regulation, including EU directives / regulations applicable to the following, non-exhaustive list of Irish authorised entities:

  • UCITS management companies;
  • AIFMs;
  • Externally managed ICAVs and PLCs authorised as UCITS or AIFs;
  • MiFID investment firms; and
  • Payment services and e-money firms.

The list also covers entities that fall within the ambit of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021 ("CJA").

Individuals Connected to a Relevant Entity

An entity will be an employer where it has a 'worker'. As well as covering employees, contractors, shareholders and other individuals, a worker includes non-executive directors.

Therefore, entities cannot avoid the 2022 Act obligations if they have a board of directors and no employees. The presence of the directors and shareholders alone will bring these entities (such as externally managed ICAVs) into scope.

Existing Whistleblowing Requirements

It should be noted that many regulated entities have existing legislative obligations to establish reporting channels and report contraventions of financial services law to the Central Bank of Ireland including, for example, rules applicable to UCITS management companies and those in scope of the CJA.

Those obligations will continue to apply in addition to the 2022 Act requirements.

Action Required

Entities initially in scope of the 2022 Act must ensure they have a framework in place that captures the new requirements. They should therefore take appropriate steps to establish and maintain secure and confidential internal reporting channels and investment procedures for protected disclosures.

Our Financial Services Regulatory and Employment Groups have been working closely with regulated entities to assist in developing or updating their internal written framework to ensure they comply by 1 January 2023.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.