Clifford Chance

Currently, Polish law contains no universal regulations on whistleblower protection. However, there are some specific laws in various business sectors that already contain provisions that are in line with the requirements laid down by the EU Whistleblower Protection Directive.

Some sector-specific regulations

There are several sector-specific regulations in Poland providing for the obligations of business entities to introduce internal reporting channels or requiring State institutions to provide external reporting channels for whistleblowers.

• In particular, publicly traded companies are required to have in place procedures allowing for anonymous reporting of the breaches of law or ethical standards.
• In addition, regulations in the financial sector are particularly notable. The banks, investment companies and companies providing transactional information services are obliged, under specific sectoral regulations, to introduce channels for anonymous reporting of breaches of law or ethical standards. These channels must also ensure confidentiality of the whistleblowers' identity and appropriate handling of their reports and follow-up procedures. The financial institutions are also obliged to ensure that the whistleblower is protected against retaliation or unfair treatment as a result of the reporting.
• There are also some regulations providing for external reporting channels. In particular, with regard to breaches of the MAR (EU Market Abuse Regulation), the reporting of any MAR breaches to the Financial Supervision Authority (the "FSA") by e-mail, letter, telephone, and personally is envisaged. The FSA is obliged to ensure that the means of communication used for communication with the whistleblowers reporting such breaches is independent from other means of communication used, as well as that any information provided is kept confidential. The FSA further needs to designate employees responsible for receiving the reports, and to provide them with adequate training on procedures and regulations governing anonymous reporting before they start carrying out these tasks. These employees are responsible for appropriate follow-up of the reports and communicating with the whistleblower.
• Also with regard to auditing activities, the Polish law¹ provides that anyone may report a suspected breach of the auditing regulations or the related EU laws to the Polish Audit Supervision Agency or the Polish Chamber of Statutory Auditors. Further, the reporting person must be notified of the initiation of proceedings or lack of follow-up and must be provided with justification within three months from the report. No personal information on the reporting person may be disclosed to the auditor or the audit firm and the anonymity of the whistleblower must be guaranteed.
• Finally, all entities which are required to prevent money laundering and terrorist financing are obliged to implement procedures to enable their employees to anonymously report potential or actual breaches of regulations on counteracting money laundering and terrorist financing by their employees or other persons acting on their behalf. The Polish law provides for the minimum content of such procedure, stating that it must indicate the person responsible for and the manner of receiving the reports, envisage appropriate rules for maintaining confidentiality, provide for protections against retaliation and discrimination, as well as regulate the nature of follow-up actions.

Draft Law on Corporate Criminal Liability

Additionally, Poland plans to introduce a new law on corporate criminal liability (the "Draft Corporate Criminal Liability Act"), which envisages whistleblower protections in the case of reports concerning irregularities that may lead to criminal offences and which requires the organisations to conduct an internal investigation into the information obtained from a whistleblower and to remedy the reported irregularities. The Draft Corporate Criminal Liability Act states that:

• If a whistleblower informs an organisation, in the public interest, of any irregularities within it that may lead to the organisation's criminal liability, i.e. suspicion of an offence or preparation for an offence, non-compliance or abuse of rights, or the failure of the organisation's corporate bodies to act with due care, he/she must be protected.
• If the whistleblower's relationship with the organisation is terminated because he/she reported any irregularities, the whistleblower will be entitled to demand reinstatement at work and/or seek payment of damages in court. At the same time, the whistleblower will be required to prove that the information reported was justified and could have prevented an offence or enabled its earlier discovery, but it remains to be seen how the courts will assess this.
• A report from a whistleblower should result in the organisation's investigating the irregularity, and provides that if the compliance officer (or another body responsible for compliance) does not conduct such an investigation or does not remedy the irregularity and an offence is committed, the organisation will be liable to a fine of up to PLN 60 million (approximately EUR 14 million).

Once adopted, the Draft Corporate Criminal Liability Act will enter into force six months after its publication.

Conclusion

In view of the piecemeal regulations described above, Poland still needs to introduce regulations that will facilitate full compliance with the EU Whistleblower Protection Directive.

The Polish regulations in particular need to address the requirement for all companies with over 50 employees to introduce internal whistleblowing channels (which at this stage is applicable only in the financial sector), as well as designating the appropriate authority to facilitate external reporting. Polish law also needs to address the prohibition of retaliation against and unfair treatment of whistleblowers, such as the obligation that the employer bears the burden of proof that the detriments to the whistleblower's situation were not caused by the reporting. To date, the whistleblowers have been able to rely only on the general provisions of employment law.

For a more in-depth analysis of the Whistleblower Protection Directive, as well as a checklist for compliance with the regulations, please refer to our initial blog post The new EU Whistleblower Protection Directive – Are the Member States Ready?

¹The Act of 11 May 2017 on Statutory Auditors, Audit Firms and Public Supervision.