Every year, around seven percent of the turnover of companies and organisations is lost due to illegal activities. The best approach to identify compliance breaches, policy violations, and legal offences at an early stage is direct employee feedback.

To protect companies from reputational as well as financial damage while continuing to maintain the protection and anonymity of whistleblowers, the EU eventually issued the “Whistleblower Protection Directive” (2019/1937) in December 2019.

The member states are required to implement the directive nationwide by the end of this year – from then on, companies, organisations, associations, and municipalities will be required to provide a whistleblower system, too*. It is particularly this type of system that flustron has specialised in. Learn more about our services and offers.

* The date by which a whistleblower system must be implemented by law may vary by country. Moreover, different deadlines are scheduled for separate legal entities. Detailed information can be found here.

What is a Whistleblower System?


The new EU directive 2019/1937 was issued to protect whistleblowers by legally binding companies, organisations, associations, and municipalities to integrate whistleblower systems. It is intended to enable employees, former employees, contacts of employees, and even external individuals to anonymously report grievances and issues to the company.

However, companies can significantly benefit from the reporting system, too. A well-implemented whistleblower system can protect a company from liabilities, fines, and criminal proceedings.

Thus, a professional whistleblower system does not only serve to expose potential violations but can also protect companies from loss of reputation and financial damage. Employees who call attention to grievances and statutory violations can therefore contribute significantly to an effective compliance management system. These synergetic processes are intended to enable discrete and effective problem-solving.

Incoming reports are then forwarded to the company’s internal trusted person(s) by flustron.

Who is required to set up a whistleblower system?*

  • Companies with 50 or more employees
  • Companies with an annual turnover of more than 10 million EUR
  • Cities and municipalities with a population of 10,000 or more
  • Legal entities of the public sector (e.g., government, nation, or municipalities)

As soon as the respective state has implemented the directive, the following legal entities are obligated to implement a whistleblower system: companies with 50 or more employees or with an annual turnover of more than 10 million EUR (including chartered accountants, tax advisors and lawyers); companies with 250 or more employees need to provide secure channels by 17 December 2021. Companies with 50–249 employees, on the other hand, must comply with the directive only by December 17, 2023. Additionally, legal entities under public law, such as the state and federal government, but also municipalities with a population of 10,000 or more, are required to provide reporting channels by December 2021.

*these numbers are as of 2021 and may vary by country.

Who can become a whistleblower?


A whistleblower is a person who reports a violation of the law within a company. This person can be internal or external to the business.

The directive generally applies to whistleblowers working in the private or public sector who become aware of grievances in the course of their job. Specifically, the following groups of people can become whistleblowers or are protected by the EU directive:

Employees before, during, or after their employment; also included are independent contractors, shareholders, interns, volunteers as well as members of administrative, management, or supervisory bodies of a company. Finally, the directive also applies to labourers working under the supervision and direction of contractors, subcontractors, and suppliers.

Additionally, the directive provides for the protection of intermediaries, legal entities associated with the whistleblower, and third parties, such as relatives or work colleagues.

The directive demands the reporting party be convinced of the truthfulness of the information before further steps are taken. Moreover, they must share the information via the available reporting channels according to the rules set out in the Whistleblower directive. flustron’s whistleblower system creates incentives for potential whistleblowers to first report violations of the law internally. Potential grievances can thus be eliminated within company territory.

How does a whistleblower system work?


A whistleblower system such as flustron is nothing other than a virtual mailbox. Should someone become aware of a breach of EU law, they can report it through the system. It is entirely their choice whether they want to remain anonymous and what information and details they would like to share. As soon as their report has been submitted, it is then forwarded to the persons responsible within the company who are determined in advance. Within seven days after receipt of the report, the whistleblower must receive an acknowledgement of receipt of their tip. It is obligatory that feedback be given to the whistleblower within a maximum period of three months starting from the confirmation of receipt of the report.

Employers benefit from implementing a whistleblower system such as flustron: potential violations of EU law can be identified and tackled internally without immediately setting external authorities in motion. A whistleblower system of this kind is beneficial for employees or any other person that may become a whistleblower. A whistleblower is someone who sees injustice and does not remain silent. flustron enables them to forward information without fear of retaliation and with complete legal security – all while remaining entirely anonymous. This does not only contribute to the improvement of a company but also helps to put an end to illegal activities.

Whistleblower System or CMS?


In connection with the new EU directive, whistleblower systems go by many names, most of which seem arbitrary: Whistleblower System, Compliance Management System (CMS), or even Reporting System. How do these terms differ from each other?

In short: they don’t. All four terms describe a system that helps to clarify internal grievances in companies – securely and discreetly.