The concept of compliance derives from the English phrase "to comply with" (= to apply to) and, from a corporate governance perspective, refers to all possible actions within an enterprise aimed at ensuring compliance with laws, regulations, and other normative acts, as well as other standards of conduct. The main objective of compliance is to eliminate future or minimize existing threats that may negatively impact the company's financial condition or even threaten its operation. Revealing a violation of internal regulations, unfair activity, or business practices can permanently damage any organization, not just a banking one, exposing it to legal consequences and effectively deterring potential clients and business partners.

The history of compliance dates back to the early 20th century.

It is argued that the first regulations concerning the compliance management system resulted from the establishment of a number of state institutions in the United States, whose purpose was to ensure public safety. The most important moment, determining the rapid growth of compliance in enterprises, was the establishment of the Federal Sentencing Guidelines by the U.S. Sentencing Commission in the early 1990s, according to which a mitigating circumstance is the fact that a given enterprise implements measures to prevent violations of the law.

Compliance Areas

As part of our series, we will publish information regarding the obligations of entrepreneurs imposed by law. Our lawyers will address the following topics:

• Personal data protection
• Anti Money Laundering (AML)
• Whistleblowers
• Liability related to corporate law
• Liability related to proper bookkeeping and accounting. Fiscal criminal liability
• Liability related to labor law
• Acts of unfair competition
• Transactions with consumers
• MDR – Tax Scheme Reporting
• Environmental protection law
• Tax regulations

We encourage you to follow our series.

Am I a whistleblower?

To answer this question, it will be necessary to refer to Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons reporting breaches of Union law (commonly referred to as the Whistleblower Protection Directive) and to the draft Polish Act on Whistleblowers.

The term whistleblower comes directly from the English term. Generally speaking, a whistleblower is someone who, without any legal consequences, identifies and reports any irregularities, illegal or unethical activities occurring in a workplace or organization, and then reports these irregularities to their superiors.

Individuals working for a public or private organization, or those who maintain contact with such an organization in connection with their professional activities, are often the first to learn about irregularities. They therefore play a key role in exposing such violations and, consequently, contributing to their prevention in order to protect the public good. The purpose of reporting is to highlight any type of inappropriate behavior, whether it involves action or omission.

The Directive specifies the persons who can submit a notification, but it should be remembered that this is an open catalogue.

A whistleblower may be an individual who reports or publicly discloses information about a violation of the law, obtained in a work-related context, including:

1. an employee, even if the employment relationship has already ended;
2. a person applying for employment who has received information about a violation of the law in the recruitment process or negotiations preceding the conclusion of a contract;
3. a person providing work on a basis other than an employment relationship, including a civil law contract;
4. entrepreneur, shareholder or partner;
5. member of a body of a legal person;
6. a person performing work under the supervision and direction of a contractor, subcontractor or supplier, including under a civil law contract;
7. trainee;
8. volunteer.

It should be noted that in order to obtain whistleblower status – and thus obtain the protection to which he or she is entitled – three conditions must be met:

1. Making an internal report, external report or public disclosure;
2. Having the belief and reasonable grounds (evidence) that the reported information is true and actually indicates irregularities in the functioning of the organization;
3. Acting in good faith (i.e. for the public good), and not for bad, unacceptable reasons (e.g. a desire for revenge).

According to the directive, whistleblowers will be able to report any irregularities they notice through external and internal channels, as well as through public disclosure. These channels should be confidential, and no unauthorized persons should have access to whistleblower data. The reporting channel should allow for reporting violations verbally and in writing. Public disclosure is the last resort, involving reporting the matter to media representatives. Employers will be required to maintain a record of all reports submitted by whistleblowers.

To protect themselves from negative consequences for reporting, whistleblowers are unconditionally protected, and there is no possibility of retaliation for reporting violations of law or organizational policies. Whistleblowers will also not face consequences for violating company secrets or confidentiality obligations. Employees will also be able to report illegal work, for which their employer will face appropriate consequences.

The employer will be obligated to demonstrate in detail that any actions that could potentially be considered retaliatory were taken for a valid reason. Adverse actions against the whistleblower, constituting retaliation, will be punishable, and the employer will bear the burden of proving that no discriminatory actions were taken. A whistleblower who is forced to change employment due to retaliatory actions by their employer will be entitled to seek appropriate compensation from the employer. The employer will also be unable to terminate the contract before the previously established end date for collaboration with co-workers, suppliers, and contractors.

Actions to protect whistleblowers include, in particular:

1. Protection of the whistleblower's identity;
2. Providing whistleblowers with access to information on procedures and procedures to be followed in the event of the need to report irregularities;
3. Providing protection against possible retaliation by the employer: this primarily involves the impossibility of dismissal, change of job, demotion, suspension of benefits or other actions that could adversely affect the employee's situation.

Similar protection measures include:

1. People assisting in submitting the report;
2. Third parties associated with reporting individuals who may experience retaliation in a work-related context;
3. Legal entities owned by the reporting person, for which the reporting person works or which are otherwise associated with the reporting person in a work-related context.

The Whistleblower Protection Directive brings significant changes and sets precise procedural requirements for both private and public organizations. Therefore, it's crucial to understand the basic concept of a whistleblower from the outset. The educational aspect should not be overlooked, and employees should be encouraged to understand that reporting issues is by no means "snitching," but significantly improves the safety of their employer. Therefore, even though the Polish law has not yet been passed, it's worth fostering this understanding among employees and starting to prepare for the upcoming changes today.

Legal basis:

• Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019
• Draft Act on the Protection of Persons Reporting Violations of the Law

This alert is for informational purposes only and does not constitute legal advice.

Filip Jurczak

Attorney
+48 733 809 890 | f.jurczak@kglegal.pl

Mateusz Grosicki

Attorney, partner
+48 506 367 109 | m.grosicki@kglegal.pl