On July 2 2016 the Federal Financial Supervisory Authority (BaFin) established a central contact point for whistleblowers to report misconduct in the financial sector. On January 1 2017 BaFin completed the set up by implementing an electronic whistleblowing system. These developments took place in accordance with Section 4d of the Financial Services Supervisory Law, through which the government has implemented various EU directives and regulations.
BaFin's central whistleblower system will help to detect and fight breaches of law, legal regulations, general administrative acts and other provisions (including legal acts of the European Union and EU supervisory authorities). The whistleblower system is not meant to be used for consumer complaints, but to foster disclosures by persons with a special knowledge of a regulated entity's internal affairs (eg, employees working in the financial sector or individuals with internal knowledge by way of a relationship of trust or for other legal reasons).
Pursuant to Section 4d(6), whistleblowers will enjoy the utmost protection. Whistleblowers who are employed by enterprises within the financial sector, or who are working for service providers to which regulated entities have outsourced certain parts of their regulated activities, will be protected against penalties under both criminal and labour law. In addition, BaFin will not disclose the whistleblower's identity and reports can be made anonymously.
However, this protection is subject to various exemptions. First, protection against penalties does not apply if it turns out that the relevant disclosure was untrue and that the whistleblower had acted intentionally or with gross negligence.
Further, the whistleblower's anonymity may be lifted in connection with investigations or other administrative or judicial proceedings. Moreover, suspects or other individuals charged by the whistleblower cannot be deprived of their rights to be heard or to inspect the respective files. This complex situation is necessary to balance the interests of the whistleblower and suspects or individuals charged. The anonymity of the whistleblower cannot be fully safeguarded.
Section 4d does not provide for a mechanism governing the relationship between the internal whistleblower system of the regulated entities in the financial sector and BaFin's central contact point for whistleblowers.
Pursuant to Section 25a(1) Subsection 6(3) of the Banking Act, German financial institutions are obliged to implement their own internal whistleblower systems. The purpose of this obligation is to motivate employees to internally report compliance deficits by offering them an appropriate internal process for disclosure. However, the protection provided by Section 4d of the Financial Services Supervisory Law does not require that the whistleblower first blow the whistle internally and then fail to reach an internal remediation before informing the external BaFin whistleblower hotline. This conflicts with the prevailing practice of the labour courts, which generally find it to be a severe violation of duties and may terminate a whistleblower's employment contract for cause if the whistle has been blown externally without an internal disclosure beforehand.
For whistleblowers themselves, it may eventually be favourable to benefit from the protection granted by statutory law regarding disclosure via BaFin's whistleblower platform. It remains to be seen whether the central whistleblower system will weaken the internal systems of the financial industry and how the labour courts will consider the new legal situation.
For further information on this topic please contact Thomas Sonnenberg at CMS Hasche Sigle by telephone (+49 221 77 16 0) or email ([email protected]). The CMS Hasche Sigle website can be accessed at www.cms-hs.com.