Implementing a whistleblower protection system in Poland, especially in the context of “daughter” companies of foreign corporations, is a challenging process. The Polish law on the protection of whistleblowers, imposes a number of specific obligations that can be difficult to implement within international capital groups. For “daughter” companies, a particular challenge is balancing local requirements with the expectations of foreign owners. When conducting implementations, we often encounter a case in which a Polish company is already the last one in an international group where whistleblower protection must be implemented. In such a situation, it seems rational to adapt solutions already implemented in Germany, Austria, the Netherlands or other countries and adjust them to Polish realities. However, direct transfer of foreign solutions “1:1” is rarely effective. In the same way, it may turn out to be a bad idea to “invent gunpowder anew” and create internal solutions only for the needs of a Polish company. So how to find” the golden mean”?
The answer to this question is only one: “it depends.” We will not fully answer it in this article, because everything depends on the individual situation, but we will point out the problems that are worth paying attention to.
“Imported solution” in the Polish legal framework
Often Polish companies in foreign groups get from the head office the task of implementing an analogous procedure for the protection of whistleblowers, based “on a pattern” used in other countries. Such a Model may be quite good, indicating a pattern of action that fits the “DNA” of the group in which the Polish company is located. On the other hand, the first problem often arises when determining: to whom should reports from Polish whistleblowers go?
According to Article 28 Section 3 of the Law on Whistleblower Protection, private entities employing between 50 and 249 people may establish common rules for receiving and reviewing internal reports and conducting investigations. Even if they opt for these “common rules,” they are individually responsible for complying with the Act, particularly with regard to maintaining confidentiality, providing feedback and following up. This responsibility lies primarily with the Polish company, but there is a risk that board members could be held liable for violations in this area.
In addition to this, group entities may establish a common procedure for internal reporting, and this is where the key phrase comes in: “subject to ensuring compliance of the activities performed with the Polish law.” A key element of compliance is Article 25(1) of the Law on the Protection of Whistleblowers, which requires that the reporting procedure identify the persons authorized to receive internal reports and follow up. This means that inside the organization there should be a person or group of people authorized to handle internal reports.
So much theory. And what does it look like in practice?
Sharing resources in practice
For large companies with more than 249 employees, it is necessary to develop and implement their own individual whistleblower protection procedures. This does not mean, however, that they must be completely different from the solutions used by the “parent” company. However, these procedures must be appropriately adapted to the structure of a Polish company, which may require consultations with trade unions or employee and co-worker representatives.
What is the situation in capital groups? Can they have a common procedure for internal notifications, subject to compliance with the Polish law? In principle, yes, subject to proper implementation in Poland. In the European Commission’s latest report to the European Parliament and the Council on the implementation of the Whistleblower Protection Directive, the commission made it clear that member states that allowed corporate groups to set up notification channels exclusively at the group level, thus exempting all entities belonging to the same group from the obligation to establish their own internal channels acted contrary to the directive’s purpose. The purpose of the directive is to ensure the availability and proximity of channels for whistleblowers[1] .
Therefore, when implementing solutions based on resource sharing, it is worth being aware of the directive’s goals. Control authorities can take these issues into account when evaluating implementation in individual organizations.
Prudent distribution of tasks and responsibilities
What does this look like in practice? In principle, it is possible to have a single tool for receiving notifications, but there is the question of how these notifications are to be processed? It cannot be that a Polish whistleblower can only report a violation to a foreign “headquarters.” He or she must have proximity and accessibility to channels and thus his or her report cannot be processed in isolation from local conditions, by a team in another country unfamiliar with the regulations and realities in a Polish company.
This is related to the second problem with imported solutions: It is often the case that although the system in a Polish company is already in place, the problem is establishing responsibility for a specific task. In Germany, for example, a willing solution is to delegate the acceptance of reports to a trusted law firm or other external entity ensuring impartiality. While from the point of view of impartiality, this may be a good solution, from the point of view of a pragmatic and effective approach to problem solving, this may no longer be the case, as mentioned above, but also such a solution is not fully compliant with the Polish Law on the Protection of Whistleblowers. The internal organizational unit or person authorized to undertake follow-up should be located within the company’s organizational structure and should ensure impartiality. Which does not mean that it cannot obtain external assistance. On the contrary, in the case of reports requiring specialized expertise, it should have access to such expertise.
Whistleblower in first place
Polish regulations on whistleblower protection are only just starting to become established, and it will take time for practice to develop around them. Meanwhile, the deadline for implementing internal procedures in Polish obligated companies is September 25, 2024, so it is worth ensuring that the implementation in our organization is not only practical and effective, taking into account the experience of foreign group companies, but also meets the requirements of Polish law.
The European Commission’s report on the implementation and application of the Directive on the Protection of Whistleblowers states that there are significant differences in the way member states implement the Directive, so it is worth taking a closer look at “imported” solutions in order to maximize the effectiveness of whistleblower protection, as this is the primary goal of the new legislation.
Author:
Dr. jur. Jan Muszyński, Attorney-at-law (PL)
[1] https://secure.ipex.eu/IPEXL-WEB/download/file/082d29089070f71e019077ce1c4c0b22