Legislative Decree No. 24 of 10 March 2023 stems from the need to implement Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons who report breaches of Union law or who report breaches of national laws. “This Directive, which introduced a set of common minimum standards aimed at guaranteeing a high level of protection to public and private whistleblowers, undoubtedly represents an important tool for the prevention of wrongdoing,” says Manolo Valori, Technical Director of CVI Italia, the Italian branch of the Slovakian group CVI SRO, one of the most important realities in the voluntary certification sector with international accreditation, in this lengthy interview.
by Roberta Imbimbo
Dr Valori, what does Legislative Decree 24 of 10/2/23 provide for and why is it so important?
A premise is necessary. Those who work for, or are in contact with, a public or private organisation in the course of their professional activity are often the first person to become aware of threats or harm to the public interest arising in that sphere. By reporting violations of EU or national law that harm the public interest, Whistleblowers play a decisive role in exposing and preventing such violations, in the interest of society as a whole, of course. Potential whistleblowers are, however, often reluctant to report such wrongdoings for fear of possible retaliation. This is why, in this context, the importance of ensuring a balanced and effective protection of whistleblowers is extremely important and increasingly recognised both nationally and internationally. Legislative Decree 24 of 10/2/23 will come into force on 17 December 2023 for private sector entities that have employed up to 249 workers in the last year and will apply indiscriminately to both public sector entities and private companies with more than 50 employees with permanent or fixed-term employment contracts; if, on the other hand, they are companies operating in sensitive sectors, such as the financial sector, the discipline will apply regardless of the size of the company workforce.
What burdens are imposed on public and private sector entities?
The Legislative Decree in question places the onus on private-sector entities to proceduralise Whistleblowing activities by integrating the system of organisational arrangements through the activation of an efficient internal channel enabling the timely and effective handling of reports. An external channel will also be activated at the A.N.AC. to which recourse can be made in the event of inefficiency of the internal systems, where there is a risk of retaliation in the event of an internal whistleblowing or where the violation may constitute an imminent or obvious danger to the public interest. The obligation to set up internal reporting channels is also incumbent on the various public sector actors.
What offences may be reported?
Administrative, accounting, civil or criminal offences; unlawful conduct relevant under Legislative Decree 231/2001; and, more generally, all conduct, acts or omissions (even if only attempted or threatened) that undermine the integrity of the public administration or private entity and/or that harm the Union’s financial interests. The protections are extended to all those who report breaches of which they have become aware in the context of their work, as employees or collaborators, employees and self-employed persons, freelancers and other categories such as volunteers and trainees, including unpaid ones, shareholders and persons with administrative, management, control, supervisory or representative functions. The directive provides that protection is also granted in the case of reports or disclosures that later prove to be unfounded, if the reporter had reasonable grounds to believe that the violations were true, or in the absence of wilful misconduct or gross negligence.
Why is it important today to foster a corporate organisational culture favourable to whistleblowing?
Today, companies with at least 50 employees will necessarily have to implement an in-house office for analysing whistleblowing reports to check their validity with ad hoc internal investigations. Certified organisations are obviously better prepared in this respect. For example, ISO 37001 ‘Management Systems for the Prevention of Corruption’ certification helps prevent, detect and manage situations of corruption by the organisation, its staff and business associates. In fact, it aims to reduce the risks and costs associated with possible corruption phenomena by implementing within the organisation a system of whistleblowing, identification of corruption risks and verification of the effectiveness of the measures taken. Certified companies therefore have a corporate organisational culture already projected towards the reporting of offences, potential dangers and possible violations. This allows the organisation itself to take timely preventive and mitigating measures, thus reducing the risk of reputational, legal or financial damage. Therefore, having a whistleblowing-friendly organisational culture is of utmost importance today not only because it enables the company to deal with critical issues in an effective and compliant manner (thus avoiding the heavy penalties provided for companies that do not implement the whistleblowing system in-house), but also because employees are encouraged to behave ethically and comply with company regulations and policies. In conclusion, fostering an organisational culture conducive to whistleblowing is crucial to ensuring transparency, integrity and accountability within companies, as it fosters risk prevention and more effective management of issues, contributing to the creation of stronger, more ethical and resilient organisations.
