Is whistleblowing protection possible in multinational businesses?
by Jeremiasz Kusmierz
Adopted in 2019, the European Union Whistleblowing Directive marked a significant step toward standardised protection for whistleblowers across the EU.
As of September 2024, all 27 EU member states have finally implemented the relevant provisions into their national legislation, with Poland most recently adopting these rules. In response to this evolving compliance landscape, in recent years EU international businesses have developed robust internal whistleblowing systems. However, having a group-wide reporting channel and dedicated resources may still fall short of meeting specific national standards across the EU. A system deemed compliant in one EU jurisdiction may be insufficient in another.
Diversity in unity
Poland's newly adopted whistleblowing legislation mandates that report processing within company groups take place within Polish jurisdiction. While it is permissible for another group entity, including a foreign parent company, to manage maintenance of the reporting channel and acknowledge receipt of reports, the investigation and actual processing of the report must be conducted locally, even in entities with fewer than 250 employees.
Complexity in diversity
Combined with other local requirements this compels international groups to either create a separate whistleblowing policy specific to a jurisdiction, or supplement a global policy with comprehensive addendums to ensure compliance with local laws. Notably, some member states have imposed their own unique requirements for local whistleblowing policies, ranging from specific language requirements to mandatory consultation with employee representatives. For multinational companies, this can create additional layers of complexity compounding restrictions on cross-border data protection processing.
Fortunately, the legislation in most EU member states does not distinguish between national and multinational groups regarding the establishment of joint reporting channels. However, the sharing of resources (for example, having a joint investigation team) is frequently limited, in alignment with the directive, to entities employing fewer than 250 workers.
Unravelling complexity
The safest approach to navigating the complex EU whistleblowing landscape is to implement a dual reporting system – a global reporting channel with overarching guidelines used as a reference, paired with a local, dedicated procedure that aligns with the specific requirements of each national jurisdiction. Processing reports at the local level becomes more streamlined if the global compliance unit responsible for whistleblowing protection has representatives across all jurisdictions and entities within the group, enabling the assignment of specific investigations or follow-up actions to local members.
This hybrid approach – combining centralised oversight with localised execution – fosters a consistent culture of transparency and accountability across borders and ensures respect for each jurisdiction's unique compliance landscape.
Jeremiasz Kuśmierz heads the Penteris compliance department. He spreads his work across compliance, employment, and risk management.