Whistleblowers protection already in place
Before the Directive
Italy has a Whistleblowing Protection legislation in place since 2017. However, it needs to be improved in order to meet the minimum requirements of the Directive.
The current legislation only applies within the scope of a legal entity’s administrative liability, in terms of reporting channels and a prohibition on discrimination. The content of the disclosure is also very narrow in contrast to the EU Directive, concerning specific crimes, including corporate or environmental crime.
Current implementation status
Since April 2021, the Italian Government is mandated to begin the transposition of the Directive into national law.
Very little public information is available and there is no draft proposal published for public consultation or analysis.
After being drafted behind closed doors, the Council of Ministers definitively approved the Legislative Decree implementing EU Directive on March 9, 2023.
The new law will enter into force four months after its publication in the official Gazette, so by July 15, 2023.
All companies with more than 250 employees will have to have whistleblowing channels set up starting from 15 July 2023. Companies with more than 50 employees will have to comply with these legal obligations starting from 17 December 2023.
Very few information about specific requirements regarding the new Legislative Decree have been made public, and the final text is yet to be published.
Scope of the new Decree
Public and private entities (companies and municipalities) must set up internal reporting channels allowing reports of wrongdoing and misconduct.
One option for managing these channels is to have an autonomous and specially trained person or department in charge. Alternatively, an external person or office could be appointed. Reports can be submitted in writing, through IT solutions, or orally via hotlines or voice messaging. The reporting person also has the option to request a face-to-face meeting.
Anonymity and data security requirements
It’s not mandatory to accept anonymous reports, but there is an obligation of confidentiality.
Internal whistleblowing channels must ensure data protection and confidentiality throughout the entire process, using an appropriate encryption system.
In the case of oral reports, either the telephone call or voice message should be documented on a suitable device for storage and listening or through a transcript. If there is no recording available, the report must be documented in writing. If a transcript is used, the whistleblower has the option to verify, rectify, or confirm its contents by providing their signature.
When reports are made in-person, the meeting should be recorded (with the whistleblower’s consent) on appropriate devices for storage and listening, or transcribed and confirmed by the whistleblower’s signature.
Accessibility and extended protection against retaliation
The company must ensure that the internal whistleblowing channels are easily accessible to all stakeholders and featured in a dedicated section of the website. Moreover, a policy on how to use the internal channel, how to submit a report, what information to include in a report, and how the reports will be handled must be established.
Protection against retaliation is extended to:
- All persons assisting the whistleblower during the reporting process
- All relatives or people in the close social circle of the whistleblower, working or not with them
- All colleagues with a regular and current relationship with the whistleblower
- All entities owned by the whistleblower or by one of the categories of person mentioned above
Penalties for non-compliance
The national anti-corruption authority (ANAC) is responsible for enforcing all relevant sanctions, including fines ranging from €10,000 to €50,000 in cases where the company has committed retaliation against the whistleblower, hindered or obstructed the reporting process, or breached confidentiality requirements.
Fines may also range from €10,000 to €50,000 when the company has not established a whistleblowing channel, failed to adopt procedures for submitting and handling cases in compliance with legal requirements, or neglected to verify, analyze, and investigate cases received.
Sharing whistleblowing functions for Groups and global companies
In the case of company groups, the whistleblowing function and website may be shared if the combined number of employees in all subsidiaries does not exceed 249.
However, if any single subsidiary has more than 249 employees, a separate whistleblowing function and website must be established for that subsidiary.
Get a Head Start
Having a flexible platform that can adapt to any legislation and regulations can give you a great head start. With Whispli, you can build up your solution according to your current needs, and modify it at any time.
You can start by complying to the minimum requirement of the EU Directive today and adjust to your local legislation later.
Get in touch with one of our expert and get a guided demo to see how Whispli can help your Organization to comply with the Directive.
You're in Good Company
Whispli is an award-winning platform recommended by partners and clients alikeRead our Latest Customer Success Story: VodafoneZiggo
"Whispli is hands down the most watertight way to catch and manage wrongdoing in your organization. If you're not using it, then you're not serious about preventing fraud or corruption."
Group Risk & Compliance Manager, Topshop Topman
"I have had the opportunity to implement this type of tool in the past and this is the first time I have worked with a partner who knows how to turn this sensitive subject into an opportunity. The platform is clear, modern and easy to use."
Chief Compliance Officer, Auchan Retail
"Exceptional Client Service. Whispli product and customer success teams are its biggest asset. They are flexible, always available for support and ready to stretch beyond their roles to help the clients."
Senior Associate, Ernst & Young