Increased safety for whistleblowers entails new requirements

On October 7, 2019, the European Council approved a directive, entitled the Whistleblower Directive, intended is to protect individuals who report suspected violations through so-called whistleblowing. EU member states have two years to apply this directive. This means that the Swedish government will have tightened legislation in place by the end of 2021.

The Swedish government has commissioned a special investigator to assess how the directive relates to Swedish law and to propose necessary changes. KPMG has followed the investigation and the presentation. Below is our analysis on how it affects you as an employer.

The new rules are proposed to require that employer’s must establish internal reporting channels for whistleblowing and routines for follow-up.

Whistleblowing must be easily accessible to those who want to report wrong-doing and needs be able both in writing and verbally. The employer must also ensure that whistleblowing can take place at a physical meeting. Written and verbal reports must be documented and preserved in such a way that access to the documented reporting is limited to special personnel who need the information to fulfill their duties.

Reports received shall be handled by specially designated persons or entities and these persons or entities need to be independent and autonomous. Confidentiality applies to information that may reveal the identity of the whistleblower or others involved, which also infers high demands on information security.

On 1 December 2021, the directive will become Swedish law. The investigator, assigned by the Swedish government, has given organizations a deadline of 7 to 24 months to implement secure reporting channels.

Whistleblowing often contain sensitive information, both about employees and the organization, which is why information security must be maintained at every stage of the process to ensure action in accordance with applicable laws and regulations. This is especially important regarding the Privacy Policy (GDPR) and the forthcoming duty of confidentiality regarding whistleblowing.

The Whistleblower Directive requires a reporting system that can handle both through written and verbal notifications in a secure manner.

We offer a comprehensive solution:

• Interpretation and understanding of coming legislation.
• Provision of technical solutions for the reporting channel.
• Assessment and evaluation of received cases.
• Independent and autonomous investigations.
• Action management and help to implement preventive routines.

Working with KPMG, you will benefit from specialists with relevant knowledge and experience. Our teams handle the cases received to provide a first assessment and we can thereby quickly provide feedback and advice on how the cases should be handled.

KPMG has extensive investigative experience and a breadth of expertise from our teams of lawyers, auditors and criminal police investigators. KPMG helps you and your organization in all steps of the process to live up to legal requirements but also to handle cases in an efficient and legally secure manner.

Stay up to date on the latest on the new whistleblower law with KPMG Forensics – and feel free to contact us if you want to discuss any matter that concerns your business.