Whistleblowing Services

Assurance

All organizations are vulnerable to fraud and ethical misconduct. Statistics show that half of these challenges are detected by receiving tips from whistleblowers.

A whistleblower is a person, often an employee of a public, private or governmental organization who reports ethical misconduct, data manipulation, illicit or immoral activities that are happening within their organization or at third parties with which their organization collaborates.

The European Union has established a standard on whistleblower policy through the EU Whistleblower Directive which applies to all companies with more than 250 employees and Member States will have to adopt a set of rules and regulations to conform to this new directive

EY can help your organization by supporting with the end-to-end process, from establishing a whistleblower framework (or ensuring that the existing framework meets the standards set out by legislation), providing a secured confidential channel to receive and manage allegations (VCO), supporting in the triage and investigation of allegations reported through the channel and providing legal advice, as needed, to ensure the process is compliant with existing regulations (whistleblowing, labor law, GDPR etc.).

The EY Global Integrity Report 2022 highlights that 63% of respondents from Romania state to have NEVER reported issues of misconduct, be it to management or through a Whistleblowing hotline (behind the Eastern European average of 67% of respondents). Also, 36% of respondents have had concerns about misconduct but have not reported it and 58% of those who have reported misconduct felt under pressure not to report. Moreover, even if properly reported, only a minority of respondents (49%) agrees that their companies have taken action against employees breaching integrity standards.

The team

Clarisa Tesu

EY Romania Head of the Forensic & Integrity Services practice

Program Design and Implementation
Support in designing and implementing an end-to end whistleblowing framework;

Implementation and customization of EY designed reporting and case management tool (VCO);
Effectiveness assessment of existing program
Review of the design, operating effectiveness and alignment with legislative requirements of the existing end-to-end whistleblowing process;
Program Execution
Triage of allegations and conducting investigations;

Training on new processes and requirements;

Internal communication of new processes;
Legal Advice in cooperation with EY Law
Legal advice on incidents with respect to Labor law;

Support with information/consultation with trade unions and with respect to GDPR compliance;

Facts:

The EU has adopted a new Directive (EU) 2019/1937 which meant to be transposed into national legislation by December 17, 2021, regarding the protection of employees (including former and future employees) who report breaches of Union law (the so-called Whistleblower Protection Directive).

The Directive applies to legal entities in private and public sectors with more than 250 employees, and it intends to protect whistleblowers from retaliation by implementing organizational-level solutions. Failure to comply with the upcoming duties may materially and adversely affect the company's operations and reputation.

Duties:

Establishment of confidential, secured local internal reporting channels (accessible also for third parties), that allow for maintaining communication with the whistleblower

Acknowledgment of receipt of the report to the whistleblower within 7 days and feedback on the matter within 3 months;

Ensuring that whistleblowers are protected effectively against retaliation

Exercising due diligence in the course of internal investigation and other follow-up activities carried out by an impartial person or department.

Penalties:

The Directive requires that penalties be established for:

Breaches of the duty of maintaining the confidentiality of the identity of whistleblowers

Any instances of hindering the reporting process

Taking retaliatory or other adverse actions against whistleblowers

Across EU, the proposed penalties for non-compliance with the requirements range from around EUR 40K to EUR 100K, excluding any additional corporate criminal liability fines, if the case.

In Romania, the proposed penalties for non-compliance with the requirements range from RON 1,500 to RON 30,000 Failure to create internal reporting channels as required by the law will be sanctioned with a fine ranging between RON 2,500 to RON 25,000.

EY Virtual Compliance Officer is a whistleblowing tool created by EY. It is fully compliant with the requirements of the EU Whistleblowing Directive and meets the requirements of the GDPR. EY Virtual Compliance Officer streamlines the reporting process for whistleblowers which provides companies with comprehensive management reports and - if needed - offers the support of EY professionals in internal investigations.

Explore

Benefits for your organization

Benefits for the Management Boards and the Shareholders

Business security and compliance with the law

Comply with the requirements of the EU Whistleblowing Directive
Detect and prevent the misconduct early on
Minimize the risk of losses resulting from misconduct
Get support from EY professionals specialized in internal investigations

Benefits for Whistleblowers

Anonymous and easy reporting of misconduct

Easy access through internet browser and mobile devices
Simple and legible misconduct report form
Access to current report statuses
An EY-managed service ensuring independence and confidentiality

Benefits for Compliance Officers

Automated processes and reliable tools

Effective monitoring of misconduct reports thanks to automated notifications and reminders
Set of useful tools for managing misconduct reports (including online repository and case summary)
Security of confidential data in line with the leading IT security standards
Secure access can be granted to employees or third parties investigating the matter

Select your EY Virtual Compliance Officer plan

	Basic	Pro	Premium
EY Virtual Compliance Officer tool	+	+	+
Support of EY proffesionals		+	+
Access to the smart document repository for employees			+

Explore

Practical experience of EY professionals combined with cutting edge IT technologies

EY Virtual Compliance Officer was developed by EY Forensics professionals who have extensive, hands-on experience in managing misconduct complaints and in interacting with whistleblowers. Our practical experience from more than 800 engagements over the last 15 years was combined with the knowledge of leading IT professional to make EY Virtual Compliance Officer a simple and secure solution that lets you react properly to reports of potential misconduct.
Compliance with the EU Whistleblowing Directive

EY Virtual Compliance Officer allows the company both to create a reporting channel for whistleblowers and to satisfy other requirements outlined in the EU Whistleblowing Directive, including sending acknowledgement of receipt of the report to the reporting person, ensuring their anonymity and deleting (anonymizing) any redundant personal data. As a service provider, EY ensures that EY Virtual Compliance Officer will be updated to accommodate for new legislations and it can be further developed based on client feedback.
Leading data security standards guaranteed by ISO 27001 certificate

The electronic data is kept within the territory of the European Union (hosted on the EY Client Technology platform based on Microsoft Azure cloud solution).

As proven by comprehensive penetration tests and ISO 27001 certified infrastructure, the EY Virtual Compliance Officer maintains leading-edge information security management standards.
Solution tailored to your organization

EY Virtual Compliance Officer can be tailored to your organization, among others by adding graphic elements and logotypes, as well as by modifying the misconduct report form.
Team of experienced EY professionals at your fingertipTeam of experienced EY professionals at your fingertips

Subscription to the EY Virtual Compliance Officer comes with a package of hours for advisory support (for example for conducting interviews, undertaking forensic data analysis or e-Discovery services) from an experienced team of EY forensics and compliance professionals.
You can select an EY Virtual Compliance Officer option which comes with a smart document repository for employees

EY Virtual Compliance Officer can include an additional module which grants users easy access to your organization’s internal documents, such as policies, regulations and guidelines. Thanks to the in-built monitoring functionality, a Compliance Officer can manage these documents and request employees to confirm they have read them. This module is equipped with automated reminders, statistics, history of records and a chat.

	EY Virtual Compliance Officer	Typical software provider	Typical legal counsel and advisory company
Whistleblowing automation IT tool for misconduct reporting	+	+	–
Anonymous reporting and a confidential channel for communication with the whistleblower	+	+	–
Advanced features for case management / administration of misconduct reports	+	+	–
Professional support in implementing procedures tailored to a client’s specific needs	+	–	+
Support in the assessment of misconduct reports and recommendations on follow-up actions	+	–	+
Support during internal investigations	+	–	+
Smart document repository for employees	+	–	–
Low maintenance cost	+	+	–

To whom does the EU Whistleblowing Directive apply?
The requirements laid forth in the Directive will be binding for:

legal entities in the private sector with 250 or more workers

all legal entities from the financial services sector, regardless of the number of workers

legal entities in the public sector

The deadline for bringing into force laws, regulations and administrative provisions necessary to comply with this Directive passes on 17 December 2021.

The EY Whistleblowing Directive will be binding for legal entities in the private sector with between 50 and 249 employees starting December 17, 2023.
What new requirements does the Directive bring for the organizations?
The Directive lays down common minimum standards to protect whistleblowers and introduces penalties which are to be specified by the EU member states. The minimum standards include:

establishing confidential internal reporting channels for whistleblowers and providing easily accessible information on these channels to employees and business partners

designation of a person responsible for following-up on the misconduct reports

undertaking diligent follow-up actions (including internal inquiries and investigations)

acknowledgment of receipt of the report to the whistleblower (within 7 days) and providing feedback about the action envisaged or taken as follow-up (within 3 months)

providing employees and business partners with information on internal and external misconduct reporting channels.
Is EY Virtual Compliance Officer fully aligned with new requirements of the EU Whistleblowing Directive?

Yes. EY Virtual Compliance Officer was specifically designed to help organizations satisfy the requirements of the EU Whistleblowing Directive and its transposition to local legislation in a simple and accessible way.
My company employs less than 50 workers. Do I have to implement a whistleblowing channel?

Depending on the industry your company operates in, the Directive might apply even to companies employing less than 50 workers. This concerns the financial sector in particular; however, each EU Member State can decide to extend the personal scope of its local legislation to include other legal entities, based on their business activities and associated risks, and especially environmental and public health risks.

Implementation of whistleblowing channel is worth considering regardless of the EU Whistleblowing Directive. Having one significantly increases your chances to detect misconduct and limit potential losses resulting thereof.

Having a whistleblowing channel can help your organization gain competitive advantage. It is often expected or required by certain business partners.
Does EY Virtual Compliance Officer allow for communications with an anonymous whistleblower?

Yes. EY Virtual Compliance Officer allows for direct communication through a confidential whistleblowing channel which is available 24/7 for employees and individuals from outside the organization. Whistleblowers who want to remain anonymous receive a unique token code allowing for further communication. This allows the organization to communicate with anonymous whistleblower, ask questions, get additional information about the reported misconduct, send or receive documents and satisfy the EU Whistleblowing Directive requirements to give feedback to the reporting person.
Why is it so relevant to ensure you have a confidential and reliable whistleblowing channel?

This is one of the main requirements of the EU Whistleblowing Directive. Moreover, having such a channel increases a whistleblower’s trust in the company, making it more likely they will choose to report a misconduct through company’s internal channel and not opt for external reporting to authorities or a public disclosure (to which they are entitled to, based on the Directive). This will allow the organization to react faster to the reported misconduct and limit potential financial and reputational repercussions.
I already have implemented an IT solution of another provider. Can I still use EY advisory services?

Yes. EY Forensics and Integrity Services provides a wide range of services including compliance risk assessment, the implementation of compliance management systems, analysis of reported misconducts and comprehensive support during internal investigations (including process analysis, interviews, forensics data analysis, IT forensics – e-Discovery, open source intelligence, etc.)
I already have implemented an IT solution of another provider, but I am interested in a smart document repository for employees. Can I implement this functionality alone?

Yes. It is possible as EY Virtual Compliance Officer is composed of independent modules. Implementing the smart document repository allows your organization to share documents (such as internal regulations and guidelines) and manage the collection of affirmations, confirming that employees and business partners are acquainted with these documents.
I already have implemented an IT solution of another provider and all required processes. I would like to see if it works as intended – how can I do that?

EY’s Forensics and Integrity Services team has a vast experience in auditing compliance management systems. Depending on your needs, we can help you with risk identification and assessment, updating your procedures, assisting in training and preparing related communications.
How long does it take and how much it costs to implement the EY Virtual Compliance Officer?

The amount of time required to implement the EY Virtual Compliance Officer depends on the number of modifications requested by your organization, the number of users and other company-specific factors. Typical implementation takes 5-10 working days. Implementation is free of charge and there are no other costs besides the EY Virtual Compliance Officer subscription.
Can EY Virtual Compliance Officer be tailored to my organization’s needs, for example by changing logos or wording?

Yes. EY Virtual Compliance Officer can be customized to the needs of your organization, both in terms of misconduct reporting processes, and in terms of graphics and other visual elements. For example, you can modify the contents of the misconduct reporting form so that it will better suit your key risks and company’s structure. You will be also able to change graphics and logos on the landing page.
What is the cost of EY Virtual Compliance Officer?

The cost of EY Virtual Compliance Officer depends on the number of requested modifications, the number of active language versions (from the 13 languages versions currently available), the number of separate whistleblowing channels (in case of capital groups) and other individual arrangements.

The full price is prepared specifically for each client. It is always preceded with a demonstration meeting.

Make an appointment for a demo meeting
My company received a misconduct report but I do not know how to proceed with it.

In such cases, EY Forensics and Integrity Services can help with initial assessment of the misconduct report, deciding on further actions as well as provide comprehensive support during internal investigations (including process analysis, interviews, forensics data analysis, IT forensics – e-Discovery, etc.).
There are numerous whistleblowing platform available on the market. Why should I choose EY Virtual Compliance Officer?

By choosing EY Virtual Compliance Officer, you not only get an effective whistleblowing platform created by EY professionals based on global quality and security standards, but you also gain access to the knowledge and support of the biggest and most experienced forensics and compliance team in Europe. EY Forensics has unique competencies and experience in compliance and internal audit engagements across the whole region.

EU Whistleblowing Directive – full EY support

See how comprehensive EY solutions can help you become compliant with the requirements of EU Whistleblowing Directive and sleep easier even when you receive a misconduct report.

Learn more

Contact us

Interested in the changes we have made here? Contact us to find out more.

Topics

General

People

Trending