Many companies are unaware that they may be required to establish whistleblowing systems.
While many companies are eagerly awaiting the implementation of the EU Whistleblowing Directive in Germany, the topic has already been established for years in the field of anti-money laundering. Nevertheless, many companies are unaware that they may be required to establish whistleblowing systems under anti-money laundering regulations. This article aims to provide an overview of the legal requirements and practical implementation.
The fight against money laundering and financial crime is of paramount importance both internationally and at the European level. Accordingly, legislative requirements have been significantly tightened in some areas in recent years. However, these changes did not merely involve an adjustment of obligations and the list of sanctions; rather, the scope of entities subject to these obligations has since been expanded in both the financial and non-financial sectors. The latter include, in particular, real estate agents, commodity traders, as well as attorneys and tax advisors.
Pursuant to Section 6(5) of the Anti-Money Laundering Act (GwG), obligated entities must take appropriate measures, commensurate with their nature and size, to ensure that their employees and persons in comparable positions can report violations of anti-money laundering regulations to the appropriate authorities while maintaining the confidentiality of their identity. This provision implements Article 42 of the Fourth EU Anti-Money Laundering Directive. It thereby legally requires all entities subject to anti-money laundering regulations to establish a whistleblowing system.
With regard to the specific implementation of a whistleblowing system, it is largely left to the obligated entity to determine what measures it will take. It may designate which internal department is responsible for receiving reports from employees and how the confidentiality of the employees’ identities will be ensured. According to the legal requirements, the nature and size of the obligated entity are decisive for the specific design of the internal measures. Accordingly, it is assumed that obligated entities that are particularly vulnerable to money laundering and terrorist financing due to their business and customer structure are required to implement more extensive measures than those that are only minimally vulnerable to such risks.
Companies should be able to meet the following requirements:
In any case, the whistleblowing system must be accessible to employees and individuals in comparable positions, such as freelancers. Furthermore, the system must enable appropriate communication within the company. Depending on the size of the company, suitable communication channels may include anonymous email services, software-based whistleblowing systems, or external ombudspersons. To ensure consistently confidential communication with the reporter, the reception channel should also allow for follow-up communication with the reporter. Furthermore, a procedure must be established for promptly following up on reports while maintaining the reporter’s confidentiality.
With regard to the protection of personal data, the whistleblowing system must ensure that not only the processing of the reporter’s data but also that of the employee or third party affected by the report is carried out in accordance with the provisions of the General Data Protection Regulation.
It is crucial that the system be designed in such a way that the confidentiality of those involved is always maintained. While anonymity is not required, the company must guarantee and ensure that employees do not face any disadvantages—such as retaliatory measures, discrimination, or consequences under their employment contracts—as a result of their report. Confidentiality is therefore only maintained if the report is, in principle, not disclosed to other employees of the company or to any third parties. To ensure this, it may be advisable to consider a software-based whistleblower system with the option of anonymous communication, the involvement of ombudspersons bound by professional confidentiality, or a combination of both.
Don’t have a digital whistleblowing solution yet? Schedule a no-obligation initial consultation with our team today!