Whistleblower-Portals

A whistleblower system is intended to create a structured way of dealing with information about breaches of rules within a company. In particular, anonymous whistleblowing systems should also ensure that employees report violations even if they incriminate their superiors, for example.

No. According to §3 para. 9 HinSchG, obligated parties only have to provide internal reporting offices if they employ at least one person.

No. According to §16 para. 3 HinSchG, internal reporting channels must allow reports in oral or text form. Thus, an internal reporting channel does not have to fulfil both conditions.

Existing reporting channels must be expanded to include the possibility of submitting reports according to §2 HinSchG. This includes, among other things, reports on violations that are subject to criminal penalties or fines. Or violations that are directed against other regulations such as federal and state legislation to combat money laundering and terrorist financing, requirements for product safety and conformity, environmental protection, radiation protection and nuclear safety or the promotion of the use of energy from renewable sources, and many more.

With great effort, yes - but it is not advisable. On the one hand, it must be ensured that the content of the reports as well as the identity of the reporting person are only disclosed to the persons who are responsible for receiving and processing the reports (§8 HinSchG & §16 para. 2 HinSchG). In addition, it must be ensured that even if an anonymous report is submitted, a response to the reporting person, including the possibility to ask questions, is possible (§17 para. 1 sentence 1 & para. 2 HinSchG). These two conditions cannot be taken for granted when setting up a simple letterbox.

Furthermore, the physical accessibility of a post box for employees must of course be taken into account. The possibility of being observed when making a report via a post box could also deter potentially important whistleblowers.

This is not completely excluded. Nevertheless, the designation of the management as the person in charge of processing reports could collide with Section 15 (1) HinschG. According to this, the persons appointed must not only be able to act independently, but they must not be subject to any conflicts of interest through the exercise of their activities as management as well as reporting officers. As supervisors, this condition is not met in case of doubt.

In whistleblowing systems such as Kerberos, whistleblowers receive an individual code. This code can be used to log back into the reporting system at any time to answer any queries or to track the current status. Registration is not necessary.

According to §17 HinSchG, internal reporting offices must confirm receipt of a report to the person making the report within seven days. At the latest three months and seven days after submitting the report, the reporting office must provide feedback to the person making the report. Pursuant to section 17, paragraph 2, sentence 2 HinSchG, the feedback must include "the notification of planned as well as already taken follow-up measures as well as the reasons for these". This does not apply if the rights of others are affected or the investigation is affected.

If employees discover violations of rules, it depends on the contact person in the company how the violations of rules are punished. If rule violations are committed by direct superiors and they then have to deal with them, making a report can even have a negative effect on the whistleblower.

In the worst case, employees do not even submit a report for fear of negative consequences. In this way, grievances in companies can spread unhindered.

Another possibility is for whistleblowers to publish breaches of rules through government reporting channels or even the press. This can have high reputational and financial consequences for companies as well as for whistleblowers.

An internal whistleblowing system, on the other hand, allows whistleblowers to report anonymously without fear of negative consequences. Experts can follow up on tips. Breaches of the rules can be remedied effectively and quickly. This structural approach not only promotes safer and more sustainable corporate development, but also strengthens the relationship of trust between employees and employers.

According to §12 para. 2 of the Whistleblower Protection Act (HinSchG), companies with 50 or more employees are generally obliged to set up an internal reporting office. This can be done, for example, by setting up a whistleblower protection system analogous to those required for compliance with the LkSG as well as the GwG.

In addition, irrespective of their size, the following companies are also obliged to set up an internal reporting office (Section 12 (3) HinSchG):

• Investment services companies
• Data reporting services
• Stock exchange operators
• Credit institutions and securities institutions
• Counterparties within the meaning of Art. 3 No. 2 of EU Regulation 2015/2365
• Capital management companies
• Insurance companies