How Can Companies Prepare For The Upcoming Wave Of ESG Whistleblowers In Europe?

Companies with operations in Europe are facing changes brought about by the new EU Whistleblower Directive and the corresponding national implementing laws. Key new rules oblige companies to set up internal reporting channels and scrutinize how they conduct internal investigations and treat whistleblowers. At the same time, many companies are under increasing pressure to improve and disclose their environmental, social and governance (“ESG”) practices. This article looks at what companies operating in EU member states should be doing to prepare for the upcoming wave of ESG whistleblowers in Europe.

Board directors of companies with significant operations in the European Union know all too well that their companies are increasingly expected to embrace sustainability and address ESG requirements. 2021 was an illustrative year in that respect, amplified by a number of legislative initiatives that impacted companies’ ESG disclosure obligations. Among them are the EU Sustainable Financial Disclosure Regulation (“SDFR”), which details requirements for sustainability-related disclosures in the financial services sector, in effect since March 10, 2021. The SDFR imposes sustainability disclosure obligations covering a broad range of ESG metrics both at the entity and the financial products levels. Also, the new related EU “Taxonomy Regulation”, in effect on a phased basis since 1^st January 2022, establishes companies’ obligations to disclose how and to what extent their activities are associated with environmentally sustainable economic activities. More legislative changes are in the pipeline for the coming years, including:

• The proposal of a directive on corporate sustainability reporting (“CSRD”) (revising and extending the rules introduced by the Non-Financial Reporting Directive) requires large companies to disclose information on the way they operate and manage social and environmental challenges. These disclosure obligations not only encourage companies to develop a responsible and sustainable business approach, but may also help investors, consumers and other stakeholders to evaluate the non-financial performances of companies.

• The long-awaited proposal for a directive on corporate sustainability due diligence, supplementing the CSRD, includes obligations of in-scope companies to perform due diligence to identify, prevent, mitigate, and remediate any adverse impacts of their activities on the environment and human rights.

• The proposal of a directive on pay transparency demonstrates an increased focus on social sustainability. The key aspects of this proposal include, on the one hand, an enhanced information right for (prospective) employees on the company’s pay levels and pay levels criteria and, on the other hand, a gender pay gap reporting obligation.

These legislative developments put ESG considerations at the forefront of business considerations for internal and external stakeholders, who are paying attention to how their companies comply. This heightened pressure comes at the same time companies are faced with the EU Whistleblower Directive, the most far-reaching law of its kind ever created in the EU.

The State of the EU Whistleblower Directive

The EU Whistleblower Directive was adopted in response to the global rise in whistleblowing. The purpose of the Directive is to enhance the enforcement of EU law and policies in specific areas (such as, public procurement, financial services, product safety and compliance, protection of the environment, etc.) by establishing minimum standards for a high level of protection for those who report breaches of EU law.

The Directive creates an obligation for private legal entities with fifty or more employees to establish secure internal whistleblowing channels, and procedures for internal reporting and follow-up. Some discretion is left to companies regarding the establishment of their own internal channels. Each type of reporting channel has its own characteristics, restrictions and risks, which must be evaluated properly before implementing a policy.

In addition to this obligation on companies, the EU Whistleblower Directive also requires EU member states to establish external reporting channels and procedures, which allow whistleblowers to report breaches directly to the competent authorities.

Finally, the EU Whistleblower Directive provides a framework that is intended to protect whistleblowers against any form of retaliation. A company’s policy should explicitly state that whistleblowers cannot be subject to retaliation, and this term covers, among others, termination of employment, demotion, harassment, failure to renew a temporary contract, and harm to a person’s reputation. Whistleblowers qualify for protection against any form of retaliation provided that (i) they had reasonable grounds to believe that the information concerning the reported breach was true at the time of reporting and that such information fell within the scope of the EU Whistleblower Directive, and (ii) they reported either internally or externally, or made a public disclosure. Specifically, with regard to public disclosures, the Directive requires the fulfilment of additional conditions in order for whistleblowers to be protected. Whistleblowers making a public disclosure are only protected against any form of retaliation provided that (i) they first reported internally and/or externally but no appropriate action was taken in response to the report, or (ii) they have reasonable grounds to believe that the breach may constitute an imminent or manifest danger to the public interest, or in case of external reporting, there is a risk of retaliation or low prospect of the breach being effectively addressed.

ESG disclosures and the global rise in whistleblowing

As a result of the ongoing increase in ESG disclosure obligations for companies in the EU, and that the Directive covers whistleblower reporting of breaches of those investigations, board directors should expect that employees will make use of the internal and/or external whistleblowing channels to report ESG concerns. The increase in mandatory ESG-related disclosure obligations makes it likely that whistleblowers will play a key role in reporting noncompliance with those requirements.

EU employers need only look to their peers in the US to see how these developments may unfold. U.S. regulators have paved the way for whistleblowers to come forward with ESG-related concerns, and regulators in EU member states are sure to follow suit.  For example, the U.S. Securities and Exchange Commission (“SEC”) formed a Climate and ESG Task Force in March 2021 to “develop initiatives to proactively identify ESG-related misconduct.”  The ESG Task Force is focused on “material gaps and misstatements in issuers’ disclosures of climate risks under existing rules,” and “disclosure and compliance issues relating to investment advisers’ and funds’ ESG strategies.” In turn, the SEC’s Office of the Whistleblower receives and evaluates tips, referrals, and whistleblower complaints, and serves as an agency-advisor on ESG-related matters.

To be sure, whistleblowers in the EU are well aware of the US example. Since the inception of the SEC Whistleblower Program, submissions have come from whistleblowers in 130 countries, accounting for over 11% of all the agency’s tips. International whistleblowers have received a number of significant whistleblower rewards, including one for more than $30 million, one of the largest in the history of the SEC Whistleblower Program.

What boards should do in light of the heightened risks

In light of these recent and upcoming whistleblowing and ESG developments, boards should prepare for a likely wave of internal and external ESG whistleblowers. They should consider the following:

• Implement internal reporting channels based on the provisions of the EU Whistleblower Directive. Companies with operations in various EU member states must continue to monitor the relevant national implementation and adjust their whistleblower channels and procedures to account for local differences. US companies with operations in the EU should closely monitor national member state implementation in order to evaluate their existing channels, procedures, and policies for compliance.

• Implement an internal early warning monitoring tool to facilitate the detection and thorough investigation of possible ESG-related misconduct, such as greenwashing claims or reports on illegal labor practices. Apart from the important objective of ensuring integrity of the company’s ESG program, this will afford the company an opportunity to understand and mitigate any such problems before they become public disclosures.

• Protect those who raise concerns or report breaches (including ESG-related). The protection of whistleblowers is an important part of maintaining the integrity of the company’s ESG policy and proof of the company’s healthy “speak-up” culture.