On February 16, 2023, the Congress of Deputies approved the Law regulating the protection of persons who report administrative infringements and the fight against corruption, which transposes the Whistleblowing Directive, which obliges companies and Public Administrations to implement a whistleblowing channel to process such reports.
The new Law will come into force 20 days after its publication and, for companies with 250 employees or more, a period of 3 months is established to be able to implement a complaints channel, a period that is extended to December 1, 2023 for organizations with less than 249 workers.
The regulation is based on the idea that workers have the duty to report any irregularities they become aware of in the context of their employment relationship, in order to prevent fraudulent and corrupt practices. Therefore, the Law contemplates a system to protect workers who report certain irregularities.
The purpose of this regulation is for entities to provide informants with a preferential channel for communicating actions or omissions that constitute any of the infringements covered by the Law, as well as a system for managing the processing of communications and the protection of informants, in order to avoid possible reprisals and reputational damage.
What is new in this Law?
Full whistleblower protection
In the first place, the clear objective of this regulation is the protection of the person who reports or informs of an unlawful act in an entity. This protection translates into the prohibition of reprisals against the informants of these facts through the communication procedures provided for in the new Law.
Public and private sector whistleblower protection
Another of the novelties included in this new Law is the application of internal information systems for Public Administrations and individuals or legal entities in the private sector with 50 or more employees. Likewise, protection is established for self-employed persons, participants, shareholders and persons forming part of the management or administrative body, or for professionals working on contracts. The protection is extended to coworkers or relatives of the informant. It should be noted that the protection granted by this new Law also extends to those informants of a fact even after the termination of their employment or statutory relationship.
Obligation to respond to the informant upon receipt of the case
Promptness and diligence are two other features that should define the operation of the whistleblowing channel. Thus, the informant must be responded to after receipt of the complaint within 7 days and must be given an answer on its resolution within the following 3 months.
Designation of an Information System Manager for its correct operation.
The Law provides that the administrative or governing body of each entity or organization shall appoint the individual responsible for the management of the system, i.e. the Head of the Information System. The person in charge of the system must perform his functions independently and autonomously from the other bodies of the organization.
Protection of personal data
Personal data must be protected through systems that ensure confidentiality, follow-up, investigation and protection of the informant. The person to whom the reported facts refer shall in no case be informed of the identity of the informant, nor shall any data be provided that would allow the identification of the informant. This obligation extends to the persons concerned and to any third party mentioned in the information provided.
Likewise, informants must be expressly informed that their identity will be kept confidential in any case and that it will not be disclosed to the persons to whom the facts reported refer or to third parties.
Information on internal and external information channels
There must be clear and accessible information on the use of the internal and external information channels that have been implemented, as well as on the essential principles of the management procedure. All of this should be posted on the website, on the home page and in a separate, easily identifiable section.
Application of a sanctioning regime
The Independent Authority for Whistleblower Protection will be responsible for sanctioning infringements committed by individuals and legal entities in both the public and private sectors. It is worth mentioning that only those infractions committed with malice will be punished, being that they can be divided into very serious, serious and minor infractions. Different sanctions are foreseen depending on the seriousness of the infraction committed (fine, reprimand, prohibition to obtain subsidies, prohibition to contract with the public sector, publication in the BOE…).
Which subjects are obliged to have an Internal Information System?
Private sector
- All companies with 50 or more employees must implement an internal information system.
- Private sector companies falling under the scope of application of the acts
- of the European Union in the area of financial services, products and markets,
- prevention of money laundering or terrorist financing,
- transport safety and environmental protection
- Political parties, trade unions, employers’ associations and foundations created by them, provided that they receive or manage public funds.
Public sector
- The General State Administration, the Administrations of the Autonomous Communities, cities with Statute of Autonomy and the entities that make up the Local Administration.
- Public bodies and entities linked to or dependent on any public administration, as well as other associations and corporations in which public administrations and bodies participate.
- The independent administrative authorities, the Bank of Spain and the Social Security management entities and common services.
- Public universities.
- Public law corporations.
- Public sector foundations (under the terms established in the Law).
- Constitutional bodies, those of constitutional relevance and autonomous institutions analogous to the above.
Abogada Penalista – Socia fundadora del despacho NIETO ENRIQUEZ Abogados Penalistas. Lidera un equipo de abogados especializados en Derecho Penal y Compliance. Cuenta con amplia experiencia en la dirección jurídica de todo tipo de asuntos penales y en la elaboración de programas de prevención de delitos e imparte formaciones a directivos y empleados en esta materia.