You are here:
23 July 2020 / news

Assessing the compliance of existing policies with the Whistleblower Directive: an institutional case study

Most financial institutions have already implemented internal policies to address whistleblowing. However, the Directive raises expectations and companies will necessarily have to challenge themselves and make substantive internal changes in order to be truly compliant. The market would not be ready if the Directive was implemented today.

whistleblower-directive-series

We recently examined the existing policies of selected Luxembourg regulated financial institutions using only public data sources. Of the available policies, only one was fully compliant with the Whistleblower Directive’s requirements. This significant finding demonstrates that even companies with extensive existing policies will need to update their internal procedures. A breakdown of the areas which require improvement for compliance, as well as their explanation is provided below. Firms should review these findings against current policies to determine the scale of change which is required.

Eligibility

Third parties who have dealt with the company are eligible to whistleblow under the Whistleblower Directive. 

Graph Eligibility 

Reporting channels

The Whistleblower Directive requires that either an oral or written channel of reporting is available as well as in-person reporting.

Graph Reporting Channels 

Procedures

The Whistleblower Directive requires a particular protocol to be followed upon the receipt of a report.

Graph Procedures 

Follow-up procedures

The Whistleblower Directive specifies a protocol which must be taken to follow-up with whistleblowers after steps are taken internally to rectify a situation.

Graph Follow Up 

Evaluating an Existing Policy: A Case Study

The following table contains a breakdown of the existing whistleblowing policy of a Luxembourg bank which was developed in response to CSSF Circular 12/522.
This case study demonstrates that existing policies will require substantial changes to comply with the Whistleblower Directive and highlights best practices.

 

Whistleblower Directive Case Study

Whistleblower Directive Case Study

 

Other pitfalls to avoid

Lack of Receipt Procedure

There was no procedure to reply to a whistleblower following a report. The Whistleblower Directive requires that this should happen within seven days.

Lack of Auditing Procedure

There was no internal audit procedure to ensure the effectiveness of whistleblowing protocols. While not required by the Whistleblower Directive, this could be important to ensuring program success and avoiding external reporting. For financial institutions in Luxembourg subject to CSSF Circular 12/552, there is a generic requirement to review all policies regularly, however, a specific audit procedure would ensure a more comprehensive review.

Lack of Routine Training

While not explicitly provided for in the Whistleblower Directive, routine training should be conducted to ensure that employees are and remain familiar with the system.



Fading buildings - deal - acquisition of Luxembourg private bank - SCHWM - Sept

Loyens & Loeff advises on acquisition of Luxembourg private bank

Loyens & Loeff Luxembourg financial regulatory team advised on the first acquisition of a Luxembourg bank by Alexander Schütz read more
guide-to-restructuring-luxembourg-webinar

Webinar: A guide to restructuring in Luxembourg

The Legal 500 and Loyens & Loeff hosted a webinar around restructuring and insolvency procedures in Luxembourg. read more
whistleblower-directive-series

How to create an EU-compliant and practical whistleblower policy

This series of articles will provide you with the tools to ensure you comply with the new Whistleblower Directive. read more