Pérez-Llorca organised an event to analyse the main new features resulting from the recent entry into force of Law 2/2023, of 20 February, regulating the protection of persons who report regulatory infringements and the fight against corruption, better known as the Whistleblowing Law, as well as its impact on companies. The session was led by Adriana de Buerba and Juan Palomino, partners of Pérez-Llorca’s White Collar Crime and Investigations practice, and Daniel Cifuentes, partner of the firm’s Employment, Compensation and Benefits practice.
Adriana de Buerba stressed the importance of this law, which transposes Directive (EU) 2019/1937 of the European Parliament, and which for the first time defines the mandatory requirements for an internal whistleblowing channel within a company. The Pérez-Llorca partner indicated that this regulation, among other new features, incorporates a leniency programme if administrative infringements are reported and establishes a penalty regime in the event of non-compliance with the provisions of the law.
From an employment perspective, Daniel Cifuentes explained which types of companies are obliged to implement this new law in their organisations. In the private sector, the rule establishes two criteria: quantitative, covering companies employing 50 or more workers, and qualitative, covering companies in sectors where the legislator believes a higher number of infringements may occur. With regard to the public sector, political parties, trade unions, business organisations and foundations are obliged to follow this law, provided that they receive or manage public funds.
Juan Palomino analysed which types of infringements can be reported under this law and which cannot. The Pérez-Llorca partner explained that actions or omissions that may constitute breaches of EU law, those that may constitute a serious or very serious criminal or administrative offence, as well as breaches of employment law in the area of health and safety at work may be reported. On the other hand, complaints involving classified information, obligations resulting from protecting the confidentiality of certain professionals and information on infringements in the processing of procurement procedures may not be reported.
Daniel Cifuentes then moved on to discussing who may act as a whistleblower for regulatory and anti-corruption violations. In this regard, Cifuentes indicated that the law protects whistleblowers working in the public or private sector who have obtained information on infringements in an employment or professional context, as well as those who have received information in the framework of an employment relationship that has already ended or during the pre-contractual selection and negotiation process. In addition, Cifuentes stressed that the law also provides protection measures for workers’ legal representatives when carrying out their duties of advising and supporting the whistleblower.
Cifuentes stressed that the implementation of an information system to ensure whistleblowers’ protection is one of the regulation’s main new features, and that the company’s management bodies are responsible for putting this in place. The Pérez-Llorca partner explained that the regulation of this system can be outsourced but that it is essential that a company manager is responsible for the system internally to ensure its proper functioning.
Adriana de Buerba and Juan Palomino concluded the session by analysing the procedure that organisations must follow for information management. According to the provisions of the Whistleblowing Law, the whistleblower must report to the company’s management body and must comply with the following requirements, among others: include clear and accessible information on existing external information channels, not exceed the maximum period of three months to carry out the investigation (which may be extended for an additional three months), inform the accused of the facts attributed to them, guarantee confidentiality in the event that the information is not directly received by the internal person responsible for this procedure, respect personal data protection rules and forward the information to the Spanish Public Prosecutor’s Office immediately if the events may constitute a crime.
The event ended with an interesting Q&A session.