As per our previous posts, which can be accessed here, the Whistleblowing Protection Directive states that a protected disclosure is made if a reporting person reports a breach where he or she has reasonable grounds that the information regarding the reported breaches was true at the time of the reporting and it was made in line with internal, external or public disclosure procedures. This leaves us with the question: to whom can these reports be made?
In this post of our 4 part series, we will be focusing on the procedures set out in the Directive in terms of internal and external reporting and public disclosures. However, in this post we will be focusing on the role of the Whistleblowing Reporting Officer (or Unit) in relation to the internal reporting of breaches or unlawful actions.
Each entity that falls under the remit of the Whistleblowing Protection Directive must appoint an impartial person or department for the management of the internal reporting process.
As per the Whistleblowing Protection Directive, the choice of the most appropriate persons or departments within an entity to be designated as competent to receive and follow up on reports depends on the structure of the entity, but, their function should be such as to ensure independence and absence of conflict of interest. In smaller entities, this function could be a dual function held by a Company Officer well placed to report directly to the Organisational Head, such as a Chief Compliance or Human Resources Officer, an Integrity Officer, a Legal or Privacy Officer, a Chief Financial Officer, a Chief Audit Executive or a Member of the Board.
In the Maltese legislation (Protection of the Whistleblower Act (CAP. 527) of 2013), this role is filled by the appointment of a Whistleblowing Reporting Officer or Whistleblowing Reporting Unit.
Their Officer’s or Unit’s role and responsibilities will include:
- Receives reports and maintains communication with the reporting person (including requesting additional information);
- Acknowledgement of receipt of the report to the reporting person within seven (7) days of that receipt;
- Provide feedback to the reporting person within a reasonable time, but not longer than three months; and
- Provide clear and easily accessible information regarding the procedures for internal and external reporting, as well as public disclosures.
Once the Whistleblowing Reporting Officer or Unit receives a report, it should be decided what the appropriate action should be with regards to the reporting of the breach; whether this includes further investigation, referral to an external authority (example the MFSA or police for criminal investigation) or the closing of the matter.
The next post in the series will deal with the procedures that should be in place for internal, external reporting as well as the what the process and requirements should be for public disclosures.
For more insights, support and additional information on the application of Whistleblower Protection Directive, training to the Whistleblowing Reporting Officers and Units, outsourcing of the Whistleblowing Reporting function or ongoing Whistleblowing Reporting function support, reach out to us by contacting [email protected] or [email protected].