Is your organization ready for new requirements on whistleblowing? – Checklist for implementation of whistleblower systems

In October last year, a new EU directive was adopted. The directive is intended to strengthen the protection of whistleblowers (the whistleblower protection directive). The directive shall be implemented in Sweden by December 17, 2021. Setterwalls has previously summarized the most important news, especially in relation to the construction industry, in an article here.

In June this year, proposals on how the whistleblower protection directive should be implemented in Sweden was presented in a Swedish Government Official Report “increased security for whistleblowers” (SOU 2020:38). In accordance with the directive it is, among other things, proposed that employers with 50 or more employees should be obligated to have internal reporting channels and procedures for internal reporting and follow-up.

A large number of Swedish companies, many of which are assumed to lack existing whistleblower functions, will consequently have to comply with the new requirements and familiarize themselves with the new legislation. Below, we have summarized, in the form of a simple checklist, the aspects that are important to keep in mind before establishing and implementing a new whistleblower system.

• Design – the system must be user-friendly and easily accessible.
• Availability – the system must be accessible for all persons working for you (including, among others, employees, suppliers and shareholders)
• Information and instructions – inform everyone, who according to the aforementioned bullet point should have access to the system, about the system. Also make sure that there are clear and easily accessible instructions on how to use the system.
• Responsible persons – appoint appropriate persons to be responsible for (i) receiving reports and having contact with reporting persons, (ii) following-up on what is reported and (iii) providing feedback to the reporting person. The persons can be appointed internally or externally and shall be independent, impartial and bound by a confidentiality obligation. 
• Routines – ensure that there are routines in place for responsible persons on how reports shall be handled and followed up. Among other things, there shall be routines for how and within what time (i) the receipt of a report shall be acknowledged and (ii) feedback shall be provided to the reporting person.
• Restriction of access – ensure that only the appointed responsible persons can access the reports that enter the system.
• Documentation and preservation of reports – ensure that there are routines for documenting and preserving both written and oral reports. Also ensure that there are routines for deleting completed cases as well as personal data that occurs in the system.

We at Setterwalls regularly assist our clients in their compliance work and we also act as recipients in whistleblower systems for several of our clients. Do not hesitate to contact us if you have any questions related to monitoring or implementing whistleblower systems, execution of internal investigations or other questions related to your compliance work!