CONCEPT - THE IMPORTANCE OF PREVENTION

Whistleblowing is the disclosure of information about a perceived wrongdoing in an organization to individuals or entities believed to be able to effect action.

Traditionally, whistleblowing is not regulated exhaustively as concerns private entities neither at European level nor at the level of individual EU countries. Romania has a law applicable to the public sector, being perceived as the first country in the continental legislative system implementing a comprehensive whistleblowing protection act, the scope of which is the protection of the whistleblower against retaliation.

One of the main advantages of implementing a whistleblowing system in a private company is in the ability to identify wrongdoings in their early stages for the purpose of solving them internally, while limiting their negative effect on the public perception of the  company.

NOVELTIES IN THE FINANCIAL SECTOR

The legal arrangement set out by Directive 2003/6/EC of the European Parliament and of the Council1 (Market Abuse Directive) governing the functioning of the internal market for financial services was deemed to be less effective in combating market abuse given recent developments in the market and technology. This gave rise to the greater need for a new legislative instrument to ensure that there are uniform rules and clarity of key concepts.

Consequently,  Regulation  no.  596/2014  on  market  abuse  and  repealing  Directive 2003/6/EC(Market Abuse Regulation or Regulation) has been issued with the aim of contributing in a determining manner to the proper functioning of a genuine internal market, characterized by integrity, efficiency and transparency.

This Regulation establishes a more uniform and considerably stronger framework to preserve market integrity by introducing new regulations and concepts, amongst which whistleblowing arrangements have a significant role. Specifically, the Regulation outlines the importance of preventing and detecting market manipulation and other abusive practices in order to protect the integrity of financial markets; it specifically emphasizes the need to introduce a system for reporting any violations of the Regulation to the competent authorities.

To this end, Article 32 (1) of the Regulation requires Member States to ensure that competent authorities establish effective mechanisms to enable reporting of actual or potential infringements of this Regulation to those authorities.

At a different level, Member States shall require employers (including private entities) who carry out activities that are regulated by financial services regulation to have in place appropriate internal procedures for their employees to report infringements of the Regulation.

Moreover, similar to US and UK precedents, Member States may provide for financial incentives to persons who offer relevant information about potential infringements of the Regulation.

In  this  context,  the  European  Commission  adopted  the  Implementing Directive no. 2015/2392(Implementing   Directive)  which lays down rules specifying the procedures set out in Article 32 (1) of the Market Abuse Regulation, including the arrangements for reporting and for following-up on reports, measures for the protection of persons working under a contract of employment, and measures for the protection of personal data.

The Market Abuse Regulation enters into application on 3 July 2016. The Member States shall apply the provisions of the Regulation and shall transpose the Implementing Directive by 3 July 2016.

EXPECTED CHANGES AT ROMANIAN LEVEL

The Romanian Financial Supervision Authority (FSA) will need to create and implement a whistleblowing system by 3 July  2016.  We  are  expecting  most  probably  an amendment to the FSA Statutes (and  potentially  secondary  FSA  legislation  -  see  draft Law on issuers of financial instruments and market operations) to  this end.  The  system should be actually operational by 3 July 2016 (art. 13 para. 2 Implementing Directive).

Further on, the Romanian legislation must change, again by 3 July 2016, to oblige the entities within  the financial markets to create and  implement internal whistleblowing systems/procedures. It is again expected that the FSA will issue secondary legislation to this end.

HOW SHOULD THE FSA WHISTLEBLOWING SYSTEM LOOK LIKE

The three main directions of the Implementing Directive can be summarized as follows:

  • Specific procedures to be observed by the competent authority when receiving reports of  infringements and conducting the relevant checks, including the establishment of secure communication channels for receiving and following up on the reports submitted thereto;
  • Securing adequate protection against retaliation, discrimination or other types  of direct or indirect unfair treatment both for persons working under a contract of employment who report infringements and for those who are accused of infringements;
  • Protection of the personal data both of the person who reports the infringement and the natural person who allegedly committed the infringement, without prejudice to the obligation to disclose information when this is required by national law in the context of investigations or judicial proceedings.

More precisely, pursuant to the provisions of the Implementing Directive, Member States shall ensure that:

  • Competent authorities assign trained staff to provide any person with information with respect to infringements, and to handle reports of infringements and maintain contact with involved persons;
  • A separate and easily  identifiable  section  on  the  competent  authorities'  website  is being established for receiving and following-up reports of infringements; the website will also provide all relevant information to interested persons (including a  clear statement that blowing the whistle does not represent a breach of any legal  or contractual confidentiality obligation);
  • Independent and autonomous communication channels ensuring the confidentiality of the reporting of infringements are being implemented;
  • The procedures are reviewed at least once every two years and adapted to market and technological developments;
  • The personal data of persons who report and of reported persons is protected;

The persons working under a contract of employment are protected