How to meet the EU Whistleblowing Directive requirements?

There are a variety of standards and certifications which your organization can apply to ensure that your workplace and processes are ethical, transparent and responsible. Many require or suggest the implementation of whistleblowing system, such as the following:  ISO 37301ISO 37301 was introduced by the International Organization for Standardization in April 2021 and sets out guidance on implementing a compliance management system (CMS). It is based on widely accepted principles of good governance, proportionality, transparency and sustainability. One of the key aims of ISO 37301 is to outline the best practice when implementing a whistleblowing policy. These include: Timely and thorough investigation of allegations or suspicions of misconduct.A visible and accessible whistleblowing system.Confidential, anonymous reporting channels.Impartial investigations of any reports of unethical conduct.Comprehensive documentation of reports made.Recording of any lessons learnt changes to the CMS.ISO 37001Published in 2016, ISO 37001 provides guidance and details requirements for the setup and maintenance of an anti-bribery system. ISO 37001 is designed to help combat instances of bribery in the public, private and nonprofit sectors, perpetrated by individuals within the organization, as well as those acting on its behalf, plus a host of other scenarios. ISO 37001 is only intended for use as part of an anti-bribery system, but its recommendations are deliberately generic as to be applicable for any nature of organization.  The introduction of a whistleblowing system in your organization is crucial for complying with ISO37001. Requirement no. 18 specifically calls for the implementation of a whistleblowing system: ‘Implement reporting (whistle-blowing) procedures which encourage and enable persons to report suspected bribery, or any violation of or weakness in the ABMS, to the compliance function or to appropriate personnel’. IATF 16949IATF 16949 is a standard published by the International Automotive Task Force (IATF) and the Technical Committee of ISO, to be used in the creation of a quality management system to allow for ongoing improvement in the automotive industry supply and assembly process. The standard was updated in 2016 to include a stipulation for a whistleblowing policy. The updated version states: ‘[Organizations] shall define and implement corporate responsibility policies, including at a minimum an anti-bribery policy, an employee code of conduct, and an ethics escalation (whistle-blowing) policy.’ TISAXTISAX (Trusted Information Security Assessment Exchange) stipulates the standards for information security management systems within the automotive industry and is now commonplace across Europe. Its requirements are very similar to ISO 27001, differing mainly in the fact that TISAX is designed specifically for the automotive industry, whereas ISO 27001 is a more generalized standard. ISO 27001 focuses on data security within an organization, TISAX secures data throughout the supply chain. SMETASMETA (Sedex Members Ethical Trade Audit) is not a standard as such, but an audit that your organization can request to help you understand labor, health and safety, environmental and ethical standards within your workplace. After the audit, organizations receive an action plan designed to help them take corrective steps. The audit comprises two mandatory pillars, Labor Standards and Healthy & Safety. The two non-compulsory pillars are Business Ethics and Environment.  Sedex recommends providing whistleblowing hotlines across your supply chain, particularly to combat modern slavery. Other standards and certificationsRead about other standards and certifications and how they relate to whistleblowing in our previous blog posts: Whistleblowing guidelines: what you need to know about ISO 37002Whistleblowing requirements and the SA8000How whistleblowing can help improve your company's ESG scoreGet in touch and see how FaceUp can meet your whistleblowing needs. 

Social Accountability International (SAI) is a global non-government organization that protects and advances human rights at work. The Library of Congress in the United States includes the SAI as one of the recommended organizations providing policies and guidelines for socially responsible companies. And GOV.UK, the official website of the UK government, mentions the SAI’s workplace certification, the SA8000 as one of two audits that can be used to combat modern slavery in government supply chains.     Benefits of getting an SA8000 certificateThe SA8000 certification measures organizational practices according to nine criteria: Child LabourForced or Compulsory Labour Health and SafetyFreedom of Association & Right to Collective BargainingDiscriminationDisciplinary PracticesWorking HoursRemunerationManagement System Organizations that apply for an SA8000 certificate signal to stakeholders and the public that they are committed to creating work environments that protect and promote human rights. Having an SA8000 certification also shows potential investors that your organization is a safe investment.  As ESG (Environmental, social, and corporate governance) investing becomes more prevalent, organizations are under increased pressure to ensure that they are above board and operating ethically. The SA8000 is one of the most well-known certifications for ensuring that commitment.    SA8000 whistleblowing requirementsThe SA8000 requires that a company has a written complaint system. This grievance process must be easily accessible, for employees and other interested parties to make complaints, comments, recommendations, or reports about the workplace or violations of SA8000 standards. The SA8000 also specifies that the complaint system must be unbiased, confidential, and non-retaliatory. Once a report is received, the organization needs to have a clearly outlined process for investigating and following up on complaints concerning the workplace or non-conformance to the SA8000 guidelines.  The results of the investigation and response must be freely available to all personnel and interested parties upon request. Finally, The SA8000 makes it clear that the organization can’t in any way punish, dismiss, or discriminate against a member of staff if they choose to make a complaint. Do you need an internal complaints system for the SA8000?FaceUp is an intuitive effective whistleblowing system that matches all of these requirements. FaceUp makes it easy to track reports and respond to issues quickly within your organization. Available in 113 languages, the platform takes minutes to integrate into your organization and makes collecting reports and responding to workplace issues much easier. Get in touch and see how FaceUp can meet your whistleblowing needs. 

The subject of whistleblowing has been gaining traction in recent years, with both companies and the authorities looking for ways to protect whistleblowers when they speak up about unethical conduct in their workplace. To that end, the EU introduced its EU Whistleblowing Directive 2019 (also known as EU Directive 2019/1937), which aims to standardise the amount of protection afforded to whistleblowers across member states.  What does the EU Whistleblowing Directive cover?Under the Directive, organizations must:  Provide an internal whistleblowing channel (like FaceUp 🙂!)Educate employees and other stakeholders about whistleblowing optionsProtect whistleblowers who report breaches, andPrevent them from retaliationIt’s important to note that this is a directive, not a regulation (like GDPR), which means it is left up to individual member states how they go about applying it. The Whistleblowing Directive acts as a minimum standard of protection for whistleblowers. Countries or individual companies may go even further if they wish. When does the EU Whistleblowing Directive come into effect?The EU Whistleblowing Directive was adopted on 23 October 2019 and came into force on 16 December 2019, meaning that member states had until 17 December 2021 to transpose it into their national laws, although many missed this deadline.  Organizations with 50-249 workers have until 17 December 2023 to implement internal reporting channels. Who is protected and who has to comply?Simply put, the Directive protects anyone who has a ‘work-based relationship’ with an organization. The scope is broad and covers all manner of paid and unpaid workers, from full-time employees to freelancers, suppliers and subcontractors.  The Directive applies to all companies with more than 50 employees or with an annual turnover or assets totalling more than 10 million EUR. It also applies to local authorities which serve more than 10,000 people. How FaceUp can help your company comply with the EU Whistleblowing Directive Complying with the Directive may seem confusing and overwhelming. Fortunately, FaceUp has you covered. By using our whistleblowing platform, you can be assured that you are complying with the Directive’s stipulations through our anonymous and secure internal reporting channel, with the option of appointing an impartial assignee to receive and investigate reports.Check out all the FaceUp features which help you comply with the Whistleblowing Directive.  Do you need advice on how to effectively introduce a whistleblowing system?