EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
In November 2022, the Belgian legislator adopted a new law on the protection of whistleblowers in the private sector (“Whistleblowing Law”),1 which is based on the EU Whistleblowing Directive.2
Among other things, the Whistleblowing Law contains an obligation for legal entities in the private sector to establish internal channels and procedures for the reporting of breaches, i.e. acts or omissions that pertain to a policy area covered by the Whistleblowing Law and that are unlawful or run contrary to the objectives of rules in the covered policy areas. Such internal channels and procedures are typically included in a so-called “whistleblowing policy”.
The new Whistleblowing Law has implications for whistleblowing policies at Belgian financial institutions. Here’s what you need to know.
What financial institutions are affected by the new Belgian Whistleblowing Law?
Although a general exemption to the whistleblowing policy obligation exists for small private sector entities, financial entities have been explicitly carved-out of this exemption. As a consequence, all Belgian financial institutions must adopt and maintain a whistleblowing policy that is compliant with the new Whistleblowing Law.
Together with the other provisions from the new Belgian Whistleblowing Law, the provisions on the mandatory whistleblowing policy have been applicable since 15 February 2023. Many financial institutions have not yet adopted internal whistleblowing policies or are still in the process of amending existing whistleblowing policies with a view to making them compliant with the new rules.
Non-compliance with new whistleblowing requirements entails legal and compliance risks, especially since the FSMA appears to have the new Belgian Whistleblowing Law high on its regulatory agenda. Last month, the FSMA published a circular in which it clarified the procedural rules on how it will receive and handle so-called “external” whistleblowing reports, which go directly to the supervisor rather than being flagged internally first (see Circular FSMA_2023_03, in Dutch or in French). The FSMA has also updated its Frequently Asked Questions dealing with the whistleblowers’ point of contact.
How to be compliant?
To be compliant with the new rules, the internal whistleblowing policy that financial institutions are expected to adopt must at least allow employees of the financial institution to report information on breaches. Financial institutions may either manage the reporting channel internally or employ a third-party service provider. By opting for an external party to manage the intake of whistleblowing reports, financial institutions can facilitate the independent and autonomous character of their internal reporting channel. In any case, the reporting channels should, by their design, setup, and management, securely protect the confidentiality of the identity of the reporting person and of any third parties named in the report. Whistleblowing policies should also contain sufficient mechanisms to meet the minimum procedural requirements outlined in the new Whistleblowing Law, e.g., for what regards acknowledgement of receipt, diligent follow-up, reasonable timeframe for feedback, etc.
1 Law of 28 November 2022 on the protection of persons who report breaches of Union or national law within a legal entity in the private sector, Belgian Official Gazette 15 December 2022, 97213.
2 Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law, Official Journal of the European Union 26 November 2019, 305, 17.