Whistleblower regulations update: strengthening protections

We wrote about the dynamic field of whistleblower regulation some time ago and since then several important regulatory updates have occurred that are worth raising. In this update we also dive into how whistleblower protections can be strengthened through robustly empowered supervisory bodies, practical anti-retaliation measures and tackling whistleblowing in traditionally confidential sectors.

Our previous article can be found here.

A. Supra-national regulatory framework and international organisations

I. Council of Europe (CoE)

1. The CoE legal instrument, Recommendation CM/Rec(2014)7 concerns the protection of whistleblowers that disclose information in the public interest. This broader protection in the Recommendation goes beyond the good faith disclosures of corruption outlined in the Civil Law Convention on Corruption. Each Member State is to determine what the “public interest” is in its regulatory framework but should, at least, include violations of law, human rights and risks to public health and safety, and the environment. The Recommendation covers both individuals working in either the private public sphere. Although CoE recommendations are not binding on governments of Member States, the whistleblower Recommendation persuades members to:

  • develop a normative framework reflecting a comprehensive and coherent approach to facilitating public interest reporting and disclosures (Principle 7);

  • open channels for reporting and disclosures, where individuals feels safe to freely raise public interest concerns (Principle 12);

  • confidentiality of the whistleblower, subject to fair trial guarantees (Principle 18);

  • prompt investigation of public interest reports and disclosure by either the employer or public regulatory body (Principle 19);

  • protections against retaliation (Principle 21) and in legal proceedings relating to detriment suffered by a whistleblower, it should be for the employer to establish that the detriment was not so motivated (Principle 25); and

  • promote widely the whistleblower framework (Principle 27) and periodic assessment of the effectiveness of the framework (Principle 29).

II. European Union (EU)

2. The EU Whistleblowing Directive entered into force in January 2020 and Member States must transpose this into national law by December 2021. The EU Whistleblowing Meter tracks the transposing progress of Member States’.

3. The Whistleblowing Directive requires companies with more than 50 employees or with an annual turnover or total assets of more than €10 million (Article 8) and municipalities of more than 10 000 inhabitants to set up anonymous reporting channels for whistleblowing. Commercial firms may be contracted to provide such reporting channels. Although the Directive reflects the minimum standards for whistleblower protections, Member States are encouraged to take further measures, including raising awareness among the general public about the positive role of whistleblowers. Key features of the Directive include:

  • Broad definition of whistleblower goes beyond “workers” and includes “self-employed people, shareholders, trainees and volunteers” (Article 4).

  • Establishing secure and confidential reporting channels of hierarchical procedures. Beginning with internal reporting procedures (Chapter 2), through to external reporting channels (Chapter 3) and the permissible situations where either internal reporting may be bypassed (Article 7) or public disclosure where the whistleblower has reasonable grounds to believe the breach constitutes an imminent danger to the public (Article 15).

  • Each level has prescribed action deadlines eg. receipt of the internal report should be provided within seven days and a response within three months (Article 9).

  • Requirements of an independent and autonomous external reporting channel (Article 12).

  • Retaliation is prohibited by Article 19 and provides protection against dismissal or demotion by the employer. Support measures include access to free information and advice on available procedures for protection against any legal action taken against them and that they receive free legal aid, as well as financial and psychological support, during any legal proceedings (Article 20).

4. The Whistleblower Directive is not applicable to EU institutions because their regulations are contained in the Staff Regulations [Articles 22a, 22b & 22c, Regulation No 31 (EEC), 11 (EAEC)] and 2012 Guidelines on Whistleblowing [SEC(2012)679/F1]. Surprisingly, however, the range of situations covered by the whistleblowing protection rules applicable to EU staff is way more limited.

B. International NGOs

I. Transparency International

1. Transparency International is an independent, not-for-profit, non-governmental organisation working to stop corruption and promote transparency, accountability and integrity at all levels and across all sectors of society. It has developed a comprehensive document of International Principles for Whistleblower Legislation, which serves as a guidance for formulating new, and improving on existing, whistleblower legislation. The Principles cover the following matters that whistleblower legislation should contain:

  • A guiding definition of whistleblowing, who are protected individuals and what are protected disclosures.

  • Scope of application covering what kinds of disclosure, what kinds of whistleblower eg. public and private sector employees, contractors, volunteers etc., and the threshold for whistleblower protection “reasonable belief of wrongdoing”, including inaccurate disclosures made in honest error.

  • Forms of protection: protection from retribution; preservation of confidentiality; burden of proof on the employer to demonstrate that any measure taken against an employee unconnected, or motivated by, a whistleblower disclosure; knowingly false disclosures not protected; waiver of liability (immunity from liability under criminal, civil and administrative laws); right to refuse participation in wrongdoing; preservation of rights; anonymity; and personal protection.

  • Disclosure procedures, including reporting within the workplace, reporting to regulators and authorities, reporting to external parties (media, civil society organisation, legal association, trade union etc.), accessible disclosure channels and advice tools.

  • National security/official secrets disclosures may be adopted with special procedures and safeguards for international report to prevent unnecessary external exposure. Internal disclosures, disclosure to an autonomous oversight body that is institutionally and operationally independent from the security sector should be permitted. Outline circumstances of permissible external disclosures.

  • Relief and participation should include full range of remedies (possibly a fund to provide assistance for legal procedures and support whistleblowers in financial need), fair hearing, whistleblower participation in subsequent investigation or inquiry and reward systems.

  • Dedicated legislation to ensure clarity.

  • Publication of data by the whistleblower complaints authority.

  • Periodic review of whistleblowing laws, regulation and procedures to involve multiple actors.

  • Whistleblowing training.

  • Enforcement via a dedicated and independent whistleblower complaints authority, that is resourced in order to carry out these important functions.

  • Penalties for retaliation and interference.

  • Follow-ups and reforms of valid whistleblower disclosures.

2. Transparency International chapter in Estonia, France and Italy have developed guidelines on how to set-up and operate effective internal reporting mechanisms. The Advocacy and Legal Advice Centre advise whistleblowers in making their disclosures and work to make sure that their disclosures are duly addressed by appropriate authorities.

II. Open Society Justice Initiative

3. The Open Society Justice Initiative is an Open Society Foundation programme that funds lawyers, advocates and staff to pursue work that promotes and defends justice and human rights. The Initiative developed the Global Principles on National Security and the Right to Information (the Tshwane Principles) to provide guidance to those engaged in drafting, revising or implementing laws about the state’s authority to withhold information on national security grounds or to punish the disclosure of such information. The Tshwane Principles were drafted by 22 organisations and academic centres in consultation with more than 500 experts from more than 70 countries at 14 meetings held around the world. Part VI of the Tshwane Principles concern public interest disclosures by public personnel. Broadly, the Tshwane Principles follow similar principles to those of Transparency International above, providing additional details around reporting channels to independent oversight bodies and protection of public disclosure.

4. Regardless of security classification public personnel disclosing wrongdoing that has occurred, is occurring or is likely to occur should be a protected disclosure (Principle 37). Examples of protected disclosures pertaining to wrongdoing include:

  • criminal offences;
  • human rights violations;
  • international humanitarian law violations;
  • corruption;
  • dangers to public health and safety;
  • dangers to the environment;
  • abuse of public office;
  • miscarriages of justice;
  • mismanagement or waste of resources;
  • retaliation for disclosure of any of the above listed categories of wrongdoing; and
  • deliberate concealment of any matter falling into one of the above categories.

5. Principle 38 states that the law should protect from retaliation public personnel who make disclosures of wrongdoing (Principle 37 categories) and that disclosure complies with Principles 38-40. It goes on to state that the motivation for a protected disclosure is irrelevant except where it is proven to be knowingly untrue. Given the secrecy involved in national security matters the person making a protected disclosure should not be required to produce supporting evidence or bear the burden of proof in relation to the disclosure. Principle 39 concerns the procedures for making and responding to protected disclosures internally or to independent oversight bodies, and the obligations of receiving disclosures. Public personnel should be permitted to bypass internal reporting channels and make protected disclosures directly to independent oversight bodies. Independent oversight bodies should be institutionally and operationally independent from the security sector and other authorities from which disclosures may be made, including the executive branch. Principle 43 concerns a public interest defence for public personnel and outlines what prosecutorial and judicial authorities should consider in deciding whether the public interest in disclosure outweighs the public interest in non-disclosure. The listed considerations are [at Principle 43(b)]:

  • whether the extent of the disclosure was reasonably necessary to disclose the information of public interest (i);
  • the extent and risk of harm to the public interest caused by the disclosure (ii);
  • whether the person had reasonable grounds to believe that the disclosure would be in the public interest (iii);
  • whether the person attempted to make a protected disclosure through internal procedures and/or to an independent oversight body, and/or to the public, in compliance with the procedures outlined in Principles 38-40 (iv); and
  • the existence of exigent circumstances justifying the disclosure (v).

6. The Open Society Justice Initiative developed a useful Briefing Paper on understanding the Tshwane Principles, which provides a summary of each principles and their genesis, similar to the Explanatory Memorandum of parliamentary bills.

C. National regulatory frameworks

1. Building on the regulatory references of our previous article this update focusses on reference regulation that is noteworthy for addressing gaps and shortcomings in the whistleblower framework. The general purpose of whistleblower protection legislation is that whistleblowers play an important role in transparency. Whistleblowers disclose information that might not necessarily come out via other accountability mechanisms or where the organisation has an interest in that disclosure not being made. On this basis we focus on mechanism to strengthen the whistleblower framework, such as: supervisory bodies; anti-retaliatory measures and whistleblowing in sectors of confidentiality.

I. Supervisory Bodies

2. Whistleblower regulatory frameworks typically involve procedural requirements that enable disclosures of wrongdoing to be made and protections for persons making such disclosures. A robustly empowered, ideally independent, supervisory body is critical for monitoring implementation of such requirements, particularly in sectors, public or private, of confidentiality and secrecy. In researching reference whistleblower supervisory bodies we found no example of a national supervisory body for all sectors, or even a coordination point for quality management of the whistleblower regulatory framework. What we found is that whistleblower supervisory bodies were sector specific, particularly the supervisory bodies for whistleblowing in the public sector and the financial sector. The following jurisdictions are referenced for their regulatory approach to robustly empower whistleblower supervisory bodies.

3. Should the UK private members bill of January 2020, “The Office of the Whistleblower Bill”, be adopted by the UK Parliament, it would be the first example of a cross-sector, independent supervisory body for whistleblowing. The Bill would establish within one year an Office of the Whistleblower, which would build upon the current statutory framework and improve whistleblower protections and support. The Bill was developed in response to the All Party Parliamentary Group’s 2019 report on whistleblowing and incorporates the report’s 10 point plan to address and correct the failures of the UK Public Interest Disclosure Act (PIDA). The report found the PIDA had not lived up to expectations and failed to provide adequate and comprehensive protection to whistleblowers or the public. If passed, the Bill empowers the Office of the Whistleblower to:

  • give direction to and monitor activities of relevant bodies;
  • act as a point of contact for whistleblowers;
  • form and maintain a panel of legal firms and advisory bodies to advise and support whistleblowers;
  • maintain a fund to support whistleblowers;
  • provide financial redress to whistleblowers whose disclosure is deemed by the Office to have harmed their employment, reputation or career; and
  • to publish an annual report to Parliament regarding its activities.

The provision of financial redress to a whistleblower, via administrative means and not judicial, is a commendable empowerment because it helps to mitigate the extent to which financial hardship might discourage whistleblowing.

4. Scotland’s Independent National Whistleblower Officer (INWO), created by the Public Services Reform (The Scottish Public Services Ombudsman) (Healthcare Whistleblowing) Order 2020, will begin from April 2021. The establishment of an INWO in the Scottish Public Services Ombudsman (SPSO) is to ensure everyone delivering NHS services in Scotland is able to speak out to raise concerns when they see harm or wrongdoing putting patient safety at risk, or become aware of any other forms of wrongdoing. The INWO’s investigative powers are quite broad and include actions relating to the treatment of any person. The SPSO is independent of NHS Scotland and the Scottish government and are responsible for handling complaints about public services in Scotland. From 1 April 2021 every organisation that delivers NHS services must have a procedure that is in line with the National Whistleblowing Standards that the INWO developed. Although individuals making disclosures should first use internal reporting channels, the INWO may receive disclosures from individuals who feel the need to come to INWO first before raising their concern internally (Section 3 of the Public Services Reform Order 2020). Actioning such disclosures will be assessed on a case-by-case basis but INWO would ensure that an internal investigation was appropriately undertaken (including support for anyone raising the concern, before starting any INWO investigation).1 In addition to complaints handling, the INWO has a national leadership role to proactively support early resolution, and good practice in whistleblowing handling, recording, reporting, learning and improvement. As the INWO is a new organisation it has a free phone service and email to assist with implementing the National Whistleblowing Standards.

5. Taiwan does not have a dedicated whistleblower regulatory framework, although a draft Whistleblower Protection Act is under consideration by the Executive Yuan (Taiwan’s Parliament).2 Despite not having a dedicated whistleblower law, whistleblower regulations are covered by several pieces of legislation, Taiwan has an interesting approach to whistleblowing supervision within the remit of its network of Government Employee Ethics Units and Officers. These units and officers are regulated under the Act of the Establishment and Management of the Government Employee Ethics Units and Officers. This network of units are in charge of the government employee ethics businesses at central and local organs and state-owned enterprises and consist of personnel under the Agency Against Corruption of the Ministry of Justice, in charge of “matters concerned with handling corruption and malfeasance related to the organs”3. The powers of the units are broad, including:

  • Publicity of public integrity and social participation.
  • Preparation, promotion and execution of laws concerning public integrity and precautions.
  • Preparation, coordination and promotion of the suggestions on public integrity reform.
  • Affairs in relation to civil servants’ assets declaration, recusal of interest conflicts and integrity and ethics.
  • Complete a check of affairs carrying risks of corruption.
  • Handling and coordination of protection of official confidential information of the office.
  • Handling and coordination of security maintenance of the organ.
  • Other matters concerning government employee ethics.4

The units in each organ are established according to the level, business attribute, organisational framework and needs of government employee ethics business of the respective organs.5 Each unit manages their organ’s anti-corruption hotline and other modes for reporting.6 According to the Agency Against Corruption’s (AAC) “Guidelines for Liaison of Government Ethics Officer in Supporting Role” officers are to educate and make inquiries related to the Act on Property-Declaration by Public Servants and the Act on Recusal of Public Servants Due to Conflicts of Interest. Noting that public interest disclosures often involve wrongdoing arising from conflict of interest this power of the Government Employee Ethics units is quite far-reaching, not to say extremely useful.

6. Taiwan’s AAC manages the rewards and protection of anti-corruption informants outlined in the Anti-Corruption Informant Rewards and Protection Regulation. Article 2 lists the corruption and malfeasance cases to which informants may report and be eligible for a reward. Informants may report to Government Employee Ethics units, prosecutor offices or the judicial police authority (Article 3). An interesting empowerment of Taiwan’s Financial Supervisory Commission. as part of its supervisory function in the financial sector, is to fine companies that fail in their whistleblower duties and order the dismissal of employees.7

7. In 2019 Australia strengthened its private sector whistleblowing laws via the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act, which consolidated previously separate regimes into a new Corporations Act regime. The Amendment also included a new whistleblower tax regime, amending the Taxation Administration Act. The Amendment requires all companies, authorised deposit institutions (eg. banks), insurers and superannuation entities to have a whistleblower policy. The Australian Securities and Investments Commission (ASIC) is responsible for administering the whistleblower protection provisions in the Corporations Act (Volume 5, Chapter 7, Part 9.4AAA – Protection for whistleblowers).8 ASIC has broad powers under the ASIC Act to “take whatever action it can take, and is necessary, in order to enforce and give effect to the laws of the Commonwealth that confer functions and powers on it9. Such broad powers are necessary for a corporate regulator and the new whistleblower protections benefits from ASIC’s general powers of investigation (Division 1 ASIC Act), examination of persons (Division 2 ASIC Act), inspection of books and audit information gathering powers (Division 3 ASIC Act) and the power to hold hearings (Division 6 ASIC Act).

8. Australia’s ASIC has published on its website a regulatory guide on its approach to enforcement, which provides a lot of information about its regulatory powers, how matters are selected for formal investigation, its strategic significance (eg. the extent of harm or loss), benefits of pursuing misconduct etc. ASIC conducts surveillance activities for compliance with the requirement to have a whistleblower policy and can receive whistleblower complaints directly. Specific to whistleblowing, ASIC may relieve a specific class of entities from the requirement to have a whistleblower policy (Corporations Act Section 1317AJ), for example small not-for-profits or charities (companies limited by guarantee, with annual revenue below AU$1 million).

9. The US Securities and Exchange Commission (SEC) is required to conduct a study of the whistleblower protection programme [Section 922(d) Study of Whistleblower Protection Program of the Dodd-Frank Act). The study is required to report on the following:

(A) whether the final rules and regulation issued under the amendments made by this section have made the whistleblower protection program (referred to in this sub­ section as the ‘‘program’’) clearly defined and user-friendly;

(B) whether the program is promoted on the website of the Commission and has been widely publicized;

(C) whether the Commission is prompt in— (i) responding to—

(I) information provided by whistleblowers; and

(II) applications for awards filed by whistleblowers;

(ii) updating whistleblowers about the status of their applications; and

(iii) otherwise communicating with the interested parties;

(D) whether the minimum and maximum reward levels are adequate to entice whistleblowers to come forward with information and whether the reward levels are so high as to encourage illegitimate whistleblower claims;

(E) whether the appeals process has been unduly burdensome for the Commission;

(F) whether the funding mechanism for the Investor Protection Fund is adequate;

(G) whether, in the interest of protecting investors and identifying and preventing fraud, it would be useful for Congress to consider empowering whistleblowers or other individuals, who have already attempted to pursue the case through the Commission, to have a private right of action to bring suit based on the facts of the same case, on behalf of the Government and themselves, against persons who have committee securities fraud;

(H)(i) whether the exemption under section 552(b)(3) of title 5 (known as the Freedom of Information Act) established in section 21F(h)(2)(A) of the Securities Exchange Act of 1934, as added by this Act, aids whistleblowers in disclosing information to the Commission;

(ii) what impact the exemption described in clause (i) has had on the ability of the public to access information about the regulation and enforcement by the Commission of securities; and

(iii) any recommendations on whether the exemption described in clause (i) should remain in effect; and

(I) such other matters as the Inspector General deems appropriate.

The Inspector General’s report “Evaluation of the SEC’s Whistleblower Program” was published in 2013. The SEC also publishes annually a report to Congress on the Dodd-Frank Whistleblower Program, covering matters such as: number of awards granted, types of cases in which awards were granted, balance of the Investor Protection Fund from which awards are granted, and a complete set of audited financial statements.

I. Anti-retaliatory measures

10. It was identified in our first whistleblower article that various protections for whistleblowers was important for incentivising persons to make disclosures that may not otherwise be discovered, without the fear of reprisal. Examples of protections identified, included:

  • The 2006 Whistleblower Act of Ghana offers legal assistance and police protection to whistleblowers and their relatives;

  • Serbia’s Whistleblowing Act (Zakon o zaštiti uzbunjivača) outlines 14 prohibited detrimental actions against whistleblowers and provides judicial relief via an urgency procedure (Article 24).

  • Australia’s Public Interest Disclosure Act provides disclosers with diverse protections (Part 2-Protection of disclosers), including: Div. 1, Subdivision A-Immunity from liability; Subdivision B-Protection from Reprisals (reinstatement of employment, injunctions, apologies, free court costs for judicial application of protection); and Subdivision C-Protecting the identity of disclosers.

11. The US Occupational Safety and Health Administration (OSHA) administers a Whistleblower Protection Programme based on enforcing the whistleblower provisions of more than 20 whistleblower statutes. Whistleblowers have a right to file a complaint with OSHA if they believe they are the subject of employer retaliation via an online complaint form, email or by free phone call during an emergency, fatality or life threatening situation. OSHA encourages employers to create an anti-retaliation programme in the workplace noting that it is prohibited to retaliate against employees who raise or report concerns about hazards or violations of 2210 workplace safety and health laws. The five key elements to creating an anti-retaliation programme include:

(1) Management leadership, commitment, and accountability;

(2) System for listening to and resolving employees’ safety and compliance concerns;

(3) System for receiving and responding to reports of retaliation;

(4)Anti-retaliation training for employees and managers; and

(5) Programme oversight.

12. The US Securities rule for Whistleblower Incentives and Protection also prohibits any person from impeding “an individual from communicating with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement … with respect to such communications” [Commission Rule 21F-17(a)]. This protection is not limited to the employee-employer. Only the SEC may file an enforcement action for a violation of this rule and persons may submit information about such a violation direct with the SEC.

13. If an employee in New Zealand suffers retaliatory action by their employer for making a protected disclosure under the Protected Disclosures Act, s/he can commence personal grievance proceedings under the Employment Relations Act (Section 103). New Zealand administers various personal grievance processes, including:

  • raising a personal grievance directly with the employer, a sample letter is provided as an example to follow at the bottom of the Employment New Zealand page;
  • requesting mediation; and
  • making a personal grievance claim with the Employment Relations Authority, which is more formal than mediation but less formal than the Employment Court.

Employees have 90 days to raise a personal grievance but where 90 days has lapsed an employee may still raise a personal grievance in exceptional circumstances.

III. Whistleblowing in sectors of confidentiality

14. The Regulatory Institute believes a comprehensive stand-alone legislation on whistleblower protection is the best approach to regulating the protection of those that disclose in the public interest. However, some jurisdictions have excluded sectors of confidentiality or national security from the scope of whistleblower protection eg. EU Whistleblower Directive states that national security and defence matters remain outside the scope of protection of the Directive (Article 3). Principle 5 of the CoE Recommendation on whistleblowers states that: “A special scheme or rules, including modified rights and obligations, may apply to information relating to national security, defence, intelligence, public order or international relations of the State.” The principle is based on the assumption that member States may introduce a scheme of more restrictive rights in relation to the general scheme but that they may not leave the whistleblower completely without protection or a potential defence. The scheme of more restrictive rights refers to information and not individuals of those sectors to be subject to a modified scheme. We reference below examples of special whistleblowing regulations and related provisions in sectors of confidentiality.

15. The US Intelligence Community Whistleblower Protection Act of 1998 amends the Central Intelligence Agency Act of 1949 to provide a process for employees within the intelligence community to submit urgent concerns to Congress. Intelligence community (IC) employees include those of the:

  • Central Intelligence Agency;
  • Defense Intelligence Agency;
  • National Imagery and Mapping Agency;
  • National Reconnaissance Office;
  • National Security Agency;
  • contractors to the above Agencies;
  • Federal Bureau of Investigation; and
  • Any other employee of, or contractor to, an executive agency, or element or unit thereof, determined by the President under section 2302(a)(2)(C)(ii) of title 5, United States Code, to have as its principal function the conduct of foreign intelligence or counterintelligence activities.11

Similar to a general whistleblowing framework, the IC Whistleblower Act outlines the hierarchical procedures for “urgent concerns” to Congress. Urgent concerns are:

  • A serious or flagrant problem, abuse, violation of law or Executive Order, or deficiency relating to the funding, administration, or operation of an intelligence activity involving classified information, but does not include differences of opinion concerning public policy matters.

  • A false statement to Congress, or a wilful withholding from Congress, on an issue of material fact relating to the funding, administration, or operation of an intelligence activity.

  • An action constituting reprisal or threat of reprisal in response to an employee reporting an urgent concern.

Employees may submit reports of urgent concerns to the IC Inspector General (IC IG) by phone call. The IC Inspector General has 14 calendar days to determine if the information appears credible and, if credible, submit the information to the Director of National Intelligence (DNI) before the end of the 14 calendar days. The DNI must submit within 7 calendar days the information to the congressional intelligence committees. IC employees may submit urgent concerns direct to the congressional intelligence committees only if: (a) the employee gives the DNI, through the IC IG, a statement of the employee’s complaint or information and notice of the employee’s intent to contact the congressional intelligence committees directly; and (b) obtains and follows from the DNI, through the IC IG, direction on how to contact the congressional intelligence committees in accordance with necessary and appropriate security procedures.

16. There are a range of protections for IC employees who make lawful disclosures. It is prohibited to take personnel action in reprisal or making security clearance access determinations in reprisal against an employee who made a lawful disclosure.12 Further, these provision require an inspector general to conduct fact-finding in reviewing allegations of security clearance reprisal.13

17. Most whistleblowing regulatory frameworks explicitly exclude disclosures of information protected by legal professional privilege:

  • EU Whistleblowers Directive, Article 3;
  • New Zealand Protected Disclosures Act, Section 22;
  • Australian Public Interest Disclosure Act, Section 67; and
  • Canadian Public Servants Disclosure Protection Act, Section 49.

18. For good public policy reasons, communications between lawyers and their clients are the subject of legal professional privilege and cannot be disclosed. However, the US SEC whistleblower award rules provide that a lawyer may disclose confidential client information to the SEC without client consent and seek an award if such disclosure would be permitted under the SEC’s lawyer conduct rules, the applicable state lawyer conduct rules, or “otherwise”.14 Another SEC rule 17 CFR 205.3(d)(2) permits lawyers representing issuers of securities to reveal to the SEC “confidential information related to the representation to the extent the attorney reasonably believes necessary”:

(1) to prevent the issuer from committing a material violation that is likely to cause substantial injury to the financial interest or property of the issuer or investors;

(2) to prevent the issuer, in a Commission investigation or administrative proceeding, from committing perjury, suborning perjury, or committing any act that is likely to perpetrate a fraud upon the Commission; or

(3) to rectify the consequences of a material violation by the issuer that caused, or may cause, substantial injury to the financial interest or property of the issuer or investors in the furtherance of which the attorney’s services were used.15

19. Another interesting regulatory provision that waives confidentiality can be found in the EU’s Trade Secrets Directive (2016/943). Article 5(b) of the Trade Secrets Directive provides that using or disclosing trade secrets to reveal misconduct, wrongdoing or illegal activity does not fall under the rule of protection of trade secrets if done in the public interest. This means that a whistleblower would be exempt from liability for breach of trade secrets.


Whistleblowing regulation can be described as the last line of defence for accountability and transparency, because wrongdoing not uncovered by other mechanisms might be exposed by a future whistleblower. The fact remains that whether an organisation be private or public or the executive government, if an individual wishes to hide their wrongdoing it may be relatively straight forward where such an individual knows how to “game” the system of checks and balances. Wrongdoers may think twice where a good whistleblower policy exists as a result of a good regulatory framework that is supervised correctly.

In this whistleblower regulatory update we have attempted to inform our readers about recently introduced whistleblower frameworks and how existing whistleblower regulation could improve through better supervisory bodies and practical anti-retaliation measures. We also looked at jurisdictions that have special rules for whistleblowers in traditionally confidential sectors such as national security and the legal profession, which may prompt other jurisdictions to review how well their confidential sectors can blow the whistle in the public interest.

This article was written by Valerie Thomas, on behalf of the Regulatory Institute, Brussels and Lisbon.


Regulatory Institute “Whistleblowers: protection, incentives and reporting channels as a safeguard to the public interest”, https://www.howtoregulate.org/?s=whistleblow

Taiwan Agency Against Corruption, https://www.aac.moj.gov.tw/5791/5793/5821/5851/5853/Lpsimplelist

Government Accountability Project https://whistleblower.org/resources/

OECD Committing to Effective Whistleblower Protection, https://www.oecd.org/corruption/Committing-to-Effective-Whistleblower-Protection-Highlights.pdf

Whistleblowing and the UNCAC: Protecting people who report corruption, https://uncaccoalition.org/learn-more/whistleblowing/

Whistleblowing International Network https://whistleblowingnetwork.org/Home

US Congressional Research Service Intelligence Community Whistleblowing Protections, https://fas.org/sgp/crs/intel/R45345.pdf

1 Frequently Asked Questions: When can someone take their concern to the INWO?, https://inwo.spso.org.uk/faq-page#undefined.

2 Huang Tzi-ti, “Taiwan Cabinet proposes draft for whistleblower protection act”, Taiwan News,https://www.taiwannews.com.tw/en/news/3692890.

3 Articles 3 & 4 of Taiwan’s Act of the Establishment and Management of the Government Employee Ethics Units and Officers,https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=I0070001.

4 Ibid. Article 4 summarised.

5 Ibid. Article 5.

6 Article 13 of Taiwan’s Anti-Corruption Informant Rewards and Protection Regulation,https://law.moj.gov.tw/ENG/LawClass/LawAll.aspx?pcode=I0070003.

8 ASIC Regulatory Guide 270 Whistleblower policies, November 2019, p. 12, https://asic.gov.au/regulatory-resources/find-a-document/regulatory-guides/rg-270-whistleblower-policies/.

9 ASIC Act 2001, Section 1 Objects, Subsection 2 (g), https://www.legislation.gov.au/Details/C2018C00438.

10 OSHA enforces the whistleblower provisions of the following statutes: (1) Occupational Safety and Health Act (OSHA 11(c)), 29 U.S.C. § 660(c); (2) Surface Transportation Assistance Act (STAA), 49 U.S.C. § 31105; (3) Asbestos Hazard Emergency Response Act (AHERA), 15 U.S.C. § 2651; (4) International Safe Container Act (ISCA), 46 U.S.C. § 80507; (5) Safe Drinking Water Act (SDWA), 42 U.S.C. § 300j-9(i); (6) Federal Water Pollution Control Act (FWPCA), 33 U.S.C. § 1367; (7) Toxic Substances Control Act (TSCA), 15 U.S.C. § 2622; (8) Solid Waste Disposal Act (SWDA), 42 U.S.C. § 6971; (9) Clean Air Act (CAA), 42 U.S.C. § 7622; (10) Comprehensive Environmental Response, Compensation and Liability Act (CERCLA), 42 U.S.C. § 9610; (11) Energy Reorganization Act (ERA), 42 U.S.C. § 5851; (12) Wendell H. Ford Aviation Investment and Reform Act for the 21st Century (AIR21), 49 U.S.C. § 42121; (13) Sarbanes Oxley Act (SOX), 18 U.S.C. § 1514A; (14) Pipeline Safety Improvement Act (PSIA), 49 U.S.C. § 60129; (15) Federal Railroad Safety Act (FRSA), 49 U.S.C. § 20109; (16) National Transit Systems Security Act (NTSSA), 6 U.S.C. § 1142; (17) Consumer Product Safety Improvement Act (CPSIA), 15 U.S.C. § 2087; (18) Affordable Care Act (ACA), 29 U.S.C. § 218C; (19) Consumer Financial Protection Act of 2010 (CFPA), 12 U.S.C. § 5567; (20) Seaman’s Protection Act, 46 U.S.C. § 2114 (SPA); (21) FDA Food Safety Modernization Act (FSMA), 21 U.S.C. § 399d; and (22) Moving Ahead for Progress in the 21st Century Act (MAP- 21), 49 U.S.C. § 30171. List of statutes found at p. 12, https://www.osha.gov/Publications/OSHA3905.pdf.

11 Section 8H of the US Inspector General Act of 1978 (5 U.S.C. App.) https://uscode.house.gov/view.xhtml?path=/prelim@title5/title5a/node20&edition=prelim .

13 Presidential Policy Directive – 19, Protecting Whistleblowers with Access to Classified Information,https://www.dni.gov/files/ICIG/Documents/Policy/Whistleblowing/PPD-19.pdf.

14 Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934, Release No. 34-64545, https://www.sec.gov/rules/final/2011/34-64545.pdf.

15 Ibid.

Leave a Reply

Your email address will not be published. Required fields are marked *

three + eleven =