Philipp Rosenauer
Partner Legal, PwC Switzerland
Richard Thomas
Partner, Risk Consulting TIS (Trade, Industry, Services) & Internal Audit, PwC Switzerland
The fact that the EU Whistleblowing Directive (EU Directive) does not affect the activities of Swiss companies within their own national borders does not mean that they can turn a blind eye to it. The EU Directive becomes of relevance to Swiss groups whenever they have subsidiaries in the European Union (EU) that reach the respective threshold.
Interested in more detailed insights?Register here for the free webcast (25.04.)
Subsidiaries of Swiss companies with 50 or more employees in an EU member state must implement internal reporting channels (in special cases, depending on the country, even fewer employees may trigger this requirement). This threshold does not apply to EU subsidiaries of Swiss companies operating in the financial industry, as they need to implement reporting channels regardless of the number of employees.
EU subsidiaries of Swiss companies with at least 250 employees, already had to comply with this obligation by 17 December 2021. EU subsidiaries with 50 to 249 employees are now required to set up an internal reporting channel by 17 December 2023. In doing so, international Swiss groups and the affected EU subsidiaries need to be aware of some pitfalls, which are highlighted in this blogpost.
Different standards in group structures
If an international Swiss group has subsidiaries in an EU member state, the EU Directive and the associated protection of whistleblowers apply to them. For locations in Switzerland or in other countries, the requirements of the EU Directive do not apply, and a different standard prevails in the company as a whole. However, it proves useful to set up a company-wide standard and also provide employees in Switzerland or other countries with an internal whistleblowing channel without them having to fear reprisals.
Another challenge for international groups is the fact that every EU member state has to transpose the EU Directive into national law. These transposition laws may differ from country to country. Therefore, also the requirements for the setup of whistleblowing channels and the proccessing of reports may vary.
Admissibility of group-wide whistleblowing channels
In the past, group structures often set up a single whistleblowing channel company-wide. However, following the EU Commission's statement, it is now clear that this is no longer permissible for all companies under the EU Directive.
Certain facilitations apply to medium-sized subsidiaries (50 to 249 employees). The EU Directive provides that they can join forces to operate a joint whistleblowing channel and the receipt of reports and the conduct of investigations may be assigned to a subsidiary for several legal entities. In addition, under certain conditions, medium-sized subsidiaries should also be able to make use of the group's central investigation unit and not have to conduct their own investigation. However, the prerequisite for this is that these subsidiaries nevertheless offer their own reporting channels, inform the whistleblower of the submission of the investigation to the central office, the whistleblower agrees to this, and that follow-up measures and queries vis-à-vis the whistleblower take place exclusively at the subsidiary level.
For large subsidiaries (at least 250 employees), the aforementioned simplifications do not apply, which has increased the expense for many international groups. It is therefore mandatory that these companies set up their own reporting and investigation units that can process incoming reports independently of and outside the central whistleblowing channel.
No complete guarantee of anonymity
The EU Directive states that the identity of whistleblowers must be kept confidential, thus protecting them from reprisals. A distinction must be made between the protection of identity and anonymous whistleblowing. The EU Directive leaves it up to the national legislator to decide whether the possibility of accepting anonymous reporting should be created.
Practical experience shows that in many cases anonymity is maintained at the beginning, but in the course of the investigation the identity of the whistleblower is revealed. For this reason, a company should not promise its employees complete anonymity when filing a report.
Keep data protection in mind
Personal data is processed in the whistleblowing channel. For this reason, the provisions under the Swiss Federal Act on Data Protection (FADP) and General Data Protection Regulation (GDPR) need to be considered when planning the implementation of a whistleblowing channel.
How can we support you?
Would you like to better understand the impact of the EU Whistleblowing Directive on your business, or do you need support in developing and implementing, or enhancing an appropriate and trustworthy incident reporting system? Please do not hesitate to contact us. We are happy to answer your questions and support you in your next steps!
#social#
Contact us
Partner, Risk Consulting, Risk Consulting Leader TIS (Trade, Industry, Services) and Internal Audit, PwC Switzerland
Tel: +41 79 816 27 00
Silvan Thoma
Director, Legal FS Regulatory & Compliance Services, PwC Switzerland
Tel: +41 58 792 1817
Director, Risk Consulting, Compliance and ESG, PwC Switzerland
Tel: +41 79 150 75 59
