What is a whistleblowing system?

A whistleblower system is intended to create a structured way of dealing with information about breaches of rules within a company. In particular, anonymous whistleblowing systems should also ensure that employees report violations even if they incriminate their superiors, for example.

Do Capital Management Companies and other obligated parties from the financial sector have to provide whistleblowing systems regardless of the number of their employees even if they have no employees?

No. According to §3 para. 9 HinSchG, obligated parties only have to provide internal reporting offices if they employ at least one person.

Do internal hotlines have to be reachable orally AND in writing?

No. According to §16 para. 3 HinSchG, internal reporting channels must allow reports in oral or text form. Thus, an internal reporting channel does not have to fulfil both conditions.

To what extent do existing internal reporting systems (e.g. based on the GWG) need to be adapted?

Existing reporting channels must be expanded to include the possibility of submitting reports according to §2 HinSchG. This includes, among other things, reports on violations that are subject to criminal penalties or fines. Or violations that are directed against other regulations such as federal and state legislation to combat money laundering and terrorist financing, requirements for product safety and conformity, environmental protection, radiation protection and nuclear safety or the promotion of the use of energy from renewable sources, and many more.

Is a "whistleblower mailbox", sufficient as an internal reporting office?

With great effort, yes - but it is not advisable. On the one hand, it must be ensured that the content of the reports as well as the identity of the reporting person are only disclosed to the persons who are responsible for receiving and processing the reports (§8 HinSchG & §16 para. 2 HinSchG). In addition, it must be ensured that even if an anonymous report is submitted, a response to the reporting person, including the possibility to ask questions, is possible (§17 para. 1 sentence 1 & para. 2 HinSchG). These two conditions cannot be taken for granted when setting up a simple letterbox.

Furthermore, the physical accessibility of a post box for employees must of course be taken into account. The possibility of being observed when making a report via a post box could also deter potentially important whistleblowers.

In a company, can the managing directors also take on the role of the person responsible for messages?

This is not completely excluded. Nevertheless, the designation of the management as the person in charge of processing reports could collide with Section 15 (1) HinschG. According to this, the persons appointed must not only be able to act independently, but they must not be subject to any conflicts of interest through the exercise of their activities as management as well as reporting officers. As supervisors, this condition is not met in case of doubt.

In the case of an anonymous report, how can it be ensured that feedback can be sent to the person making the report?

In whistleblowing systems such as Kerberos, whistleblowers receive an individual code. This code can be used to log back into the reporting system at any time to answer any queries or to track the current status. Registration is not necessary.

What deadlines must be observed after submitting a notification under the HinSchG?

According to §17 HinSchG, internal reporting offices must confirm receipt of a report to the person making the report within seven days. At the latest three months and seven days after submitting the report, the reporting office must provide feedback to the person making the report. Pursuant to section 17, paragraph 2, sentence 2 HinSchG, the feedback must include "the notification of planned as well as already taken follow-up measures as well as the reasons for these". This does not apply if the rights of others are affected or the investigation is affected.

What are the advantages of an internal whistleblowing system?

If employees discover violations of rules, it depends on the contact person in the company how the violations of rules are punished. If rule violations are committed by direct superiors and they then have to deal with them, making a report can even have a negative effect on the whistleblower.

In the worst case, employees do not even submit a report for fear of negative consequences. In this way, grievances in companies can spread unhindered.

Another possibility is for whistleblowers to publish breaches of rules through government reporting channels or even the press. This can have high reputational and financial consequences for companies as well as for whistleblowers.

An internal whistleblowing system, on the other hand, allows whistleblowers to report anonymously without fear of negative consequences. Experts can follow up on tips. Breaches of the rules can be remedied effectively and quickly. This structural approach not only promotes safer and more sustainable corporate development, but also strengthens the relationship of trust between employees and employers.

Which companies are obliged under the Whistleblower Protection Act (HinSchG) to set up internal reporting systems?

According to §12 para. 2 of the Whistleblower Protection Act (HinSchG), companies with 50 or more employees are generally obliged to set up an internal reporting office. This can be done, for example, by setting up a whistleblower protection system analogous to those required for compliance with the LkSG as well as the GwG.

In addition, irrespective of their size, the following companies are also obliged to set up an internal reporting office (Section 12 (3) HinSchG):

  • Investment services companies
  • Data reporting services
  • Stock exchange operators
  • Credit institutions and securities institutions
  • Counterparties within the meaning of Art. 3 No. 2 of EU Regulation 2015/2365
  • Capital management companies
  • Insurance companies

More information

Back to the overview


You have further questions?

Contact us now!

An unexpected error has occurred. Please try again or write to info@kerberos-compliance.com.

Please fill in all required fields.

Thank you. We will contact you soon.

In a hurry? Call us!

Our support staff is available on weekdays from 09:00 - 17:30.

+49 221 650 88 92 – 0