The EU Whistleblower Directive enters into force in December 2021 in Finland

Finland is to enact in force the EU Whistleblower Directive ( “Directive” (EU) 2019/1937) by national Informant Protection Act. For the purpose of the Directive, protection is available to persons who wish to report that they have found a breach or suspected breach of EU law. Facilitating the reporting of irregularities would improve the various objectives of the EU budget for the prevention and detection of fraud and corruption.

The directive requires employers to set up an internal channel for reporting abuse within the organization. In addition, an external notification channel or channels must be established, and notifications must be made to the authorities to be specified.

Future deadlines Informant Protection Act | Whistleblower Act

December 16, 2019: The Directive enters into force (Directive 2019/1937)

December 17. 2021: Deadline for implementation of the Directive to the national law

Scope of application

The scope of the Directive is limited to areas where infringements of EU law may cause serious harm to the public interest, where the need to improve the enforcement of EU law has been identified and where whistleblowers are particularly likely to be required to prove infringements.

The material scope of the Directive would be determined in accordance with already adopted EU legislation in the following areas:

1) public procurement 2) financial services, money laundering and the prevention of terrorist financing 3) product security 4) transport security 5) environmental protection 6) nuclear safety 7) food and feed safety, animal health and welfare 8) public health 9) consumer protection 10) protection of privacy and personal data and the network security of information and information systems 11) competition law 12) EU financial interests 13) corporate taxation.

Who is bound by the Directive | Turnover | Balance sheet 10 milj. or 50 employees | Financial sector

In the private sector, the requirement would apply to companies with at least 50 employees or with an annual turnover or annual balance sheet of at least EUR 10 million and to all financial companies and companies vulnerable to money laundering or terrorist financing as defined in EU law, regardless of company size or turnover, as listed in the Annex to the Directive. For such companies, there is a risk to the public interest associated with their activities.

According to the Directive small and micro-enterprises would not be obliged to create notification channels.

About notification channels Informant Protection Act | Whistleblower Protection Act

The Directive lays down certain minimum requirements for internal notification and follow-up procedures. Internal notification procedures should guarantee the confidentiality of the identity of the notifier. The person or entity competent to receive internal reports should take the necessary follow-up action carefully and report such irregularities to the notifier within a reasonable time and within a maximum of three months.

On the protection of the notifier

The directive contains rules on the misconduct of whistleblowers, the subject of notification and the conditions of protection. Protection would be conditional on the notifier having reasonable grounds for believing that the information notified was correct at the time of notification and that the notification fell within the scope of the Directive.

In addition, protection would be conditional on the use of a three-tier system for reporting irregularities. The notification would be:

  1. First done for the employer using an internal notification channel;
  2. In the second stage, using an external notification channel to the competent authority; and
  3. The third step would be the disclosure of information

A step-by-step notification procedure would aim to allow for an early intervention in threats or harm to the public interest.

Prohibition of retaliation Informant Protection Act | Whistleblower Protection Act

Whistleblowers should be protected from any direct and indirect retaliation they may face when reporting irregularities. The proposal provides a non-exhaustive list of countermeasures.

Prohibited retaliation includes:

(a) dismissal, (b) compulsory redundancy, (c) dismissal, (d) reassignment, (e) suspension of promotion, (f) change of job, (g) reduction of pay, (h) negative performance appraisal, (i) damage to a person's reputation, (j) black and (k) early termination of contracts for the supply of goods and services.

The prohibition on retaliation would therefore also cover actions against, in addition to the notifier, a legal person represented by him or his relatives who, by reason of their work, are in contact with the notifier's employer.

Liability for damages

The national draft Informant Protection Act contains also a rule for compensation of damages. Compensation would cover liability for breach of notification and non-retaliation. In principle, the damage should be compensated in full. Loss of earnings due to a breach of the prohibition on retaliation, for example, would be compensated as financial damage. However, under the proposed Section 27.1§, the misery caused by retaliation would not be compensated. However, misery would be compensated in accordance with the requirements enacted in the of section 5:6§ of the Damages Act.

The provisions of Section 12:2§ of the Employment Contracts Act (55/2001) and Section 12:2§ of the Maritime Employment Contracts Act (756/2011) apply to compensation paid for unjustified termination of an employment contract. Status of legislation in Finland The government's proposal to implement the Informant Protection Act (Whistleblower Protection Act) and to implement Directive 2019/1937/EU is scheduled to be presented in week 39/2021. We are waiting the Government's Decree to be published, after which we will know in more detail the content of the domestic legislation in this regard.

To Do List | Whistleblower | Requirements of the Whistleblower Protection Act

  1. Find out if the Directive applies to your company (10 million limit / 50 people / financial sector)
  2. Check if your company operates in the scope of the industry
  3. Implement an internal reporting channel to report abuse
  4. Possible protection of notifiers
  5. Prevent possible retaliation

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.