1) Local Laws
a) Has the country implemented any laws / regulations on whistleblowing (Local Law)?
There is no general law.
Legislation relating to whistleblowers operates mainly in the financial sector. The Transparency of Public Life Act (Draft) to regulate the status of whistleblowers is currently being revised by the Standing Committee of the Council of Ministers. Since its provisions are still subject to legislative work, it cannot be directly applicable.
Reference to whistleblowing can be found in the:
- Prevention of Money Laundering and Financing of Terrorism Act of March 1, 2018 (AML Act). Obliged institutions have to develop and implement procedures for anonymous reporting by employees or other people performing activities for the benefit of the entity of current or potential violations of the provisions of the Act. Obliged institutions include but are not limited to banks, financial institutions, investment funds, insurance companies and entrepreneurs.
- Banking Law Act of August 29, 1997 (Banking Law). This states that management systems in banks should include procedures for anonymous reporting of violations of the law and violations of the bank’s ethical procedures and standards to the designated member of the management board or bank’s supervisory board.
- Regulation of the Minister of Development and Finance of April 25, 2017, on detailed technical and organisational conditions for investment companies, banks referred to in Article 70 Section 2 of the Act on Trading in Financial Instruments, and the Trustee Banks (Regulation of April 25), which imposes an obligation on investment firms to develop and implement anonymous reporting procedures for employees of the breaches of law and ethical standards.
- Regulation of the Minister of Development and Finance of March 6, 2017 on the system for risk management and internal control system, remuneration policy and the detailed method of estimating internal capital in banks (Regulation of March 6) which requires banks to develop and implement procedures for anonymous reporting of violations of the law and ethical standards.
2) Scope of application
a) What types of wrongdoings are covered by the Local Law? Does it cover breaches of EU law?
There is no act in force that would regulate this issue. However a program implemented by the Office of Competition and Consumer Protection (OCCP) is intended for people who wish to notify the state authorities of actions that infringe or threaten the interest of the competition rules, in particular by: misleading designation of a business; false or fraudulent indication of the geographical origin of goods or services; misleading designation of goods or services; violation of business secrets; inducement to terminate or not to perform a contract; imitation of products; slander or unfair praise; obstruction of market access; bribery of a person holding a public office; unfair or prohibited advertising; organisation of an avalanche sales system whereby buyers of goods or services are promised material benefits in exchange for inducing others to make the same transactions ; running or organising a consortium system defined as a business activity consisting of the management of property pooled within a group with consumers, formed to finance the purchase of a product for the benefit of the participants in the group; and unjustified extension of payment periods for goods or services provided.
In addition, under the AML Act, obliged institutions must develop and implement an internal procedure for anonymous reporting of current or potential violations of anti-money laundering and anti-terrorist financing legislation by employees or other persons acting on behalf of the institution.
b) Personal scope
- Does the Local Law apply to reporting persons working in both the private and public sectors?
The scope of a whistleblower referred to in Article 4 of the EU Directive is relatively broader than in other acts as it includes not only former and current employees but also potential employees.
Under the provisions of the AML Act, in cases of infringements that lie within the scope of the Act, the General Inspector of Financial Information shall accept notifications from employees, former employees of the obliged institutions or other people who perform or have performed activities for the benefit of the obliged institutions on another basis than the employment relationship.
The OCCP program is addressed to employees with knowledge of irregularities committed by their employers, and entrepreneurs with knowledge of irregularities committed by their contractors. Protection will not be granted to people who are the perpetrators of competition rules infringements, including primarily entrepreneurs and managers.
- Does the Local Law apply only to breaches that the reporting person became aware of in a work-related context?
Yes, the binding acts refer to the work-related context.
- Does the Local Law also protect: facilitators; people connected to the whistleblower and who could suffer retaliation in a work-related context; and legal entities the whistleblower owns, works for, or is otherwise connected with?
No, local law does not extend to such facilitators.
c) Does the Local Law require specific conditions to protect reporting persons?
There is no general regulation. To get protection under the OCCP procedure, one must act in good faith and in the so-called public interest. This means that a person notifying irregularities cannot be guided by their own interest; their actions must be characterised by the overriding public interest. The good faith condition relates to the basis of the whistleblower's action, as to the intention and desired effect that the whistleblower is will to produce.
3) Reporting channels
a) Does the Local Law allow anonymous reports? How are companies/agencies meant to handle them?
Yes, anonymous reports are provided under the AML Act, the Banking Law, Regulation of March 6, Regulation of April 25, and the OCCP procedure.
b) Is there a duty of confidentiality and any derogation from this duty?
There is no general regulation.
The procedure for anonymous reporting of violations is provided under the AML Act. This regulates how the personal data of the employee making the report and of the person accused of the violation is to be protected, in accordance with the provisions on the protection of personal data and the rules of confidentiality in the case of revealing their identity.
Under the AML Act, obliged institutions as referred to in Article 2 of the AML Act such as domestic banks, branches of foreign banks, branches of credit institutions and financial institutions as well as its employees and other people who act on behalf of those institutions shall keep in secret the information which they provided to the General Inspector of Financial Information or other competent authorities. That information can include analyses carried out in connection to money laundering and terrorist financing, or reports relating to suspicious transactions or assets that could be subject to money laundering or terrorist financing.
There are some situations in which the obligation to keep the information confidential is excluded. Such an exception relates to obliged institutions and their branches and subsidiaries that are part of a group and apply the rules of conduct set out in a group procedure, including branches and subsidiaries established in a third country.
c) Public disclosures: does the Local Law provide for this possibility?
Local law does not provide for this.
4) Reporting channels: internal
a) Is there an obligation for private and/or public legal entities to establish channels and procedures for internal reporting and follow-ups?
According to the AML Act, obliged institutions shall develop and implement an internal procedure for the anonymous reporting of current or potential violations of anti-money laundering and anti-terrorist financing legislation by employees or other persons acting on behalf of the obliged institution. The internal procedure shall specify the rules for reporting violations of anti-money laundering regulations and terrorist financing by current or potential employees.
b) Do internal reporting channels need to allow reporting in writing, orally or both?
Without excluding any possibility of filing an application, the AML Act states that the way of collecting reports is defined in the Anonymous Reporting Procedure.
c) Procedures for internal reporting and follow-up: does the Local Law require legal entities to adopt internal reporting systems with the following elements?
- Channels able to ensure the confidentiality of the identity of the reporting person and the protection of third parties mentioned in the report:
Yes, such regulations exist under the AML Act. The procedure for anonymous reporting of violations specifies how the personal data of the employee making the report and the person accused of the violation shall be protected in accordance with the provisions on personal data protection and confidentiality rules when the identity of the person making the report is disclosed.
The obliged institutions, their employees and other persons acting in the name and on behalf of the obliged institutions shall keep secret the fact that they have provided the General Inspector of Financial Information or other competent authorities with information obtained in connection with the procedure for anonymous reporting of breaches and information about their analyses relating to money laundering or terrorist financing.
- Acknowledgement of receipt of the report to the whistleblower within seven days of receipt:
There is no reference to acknowledgement of receipt, although it cannot be ruled out that such a condition will be provided.
- The designation of an impartial function/team to manage follow-ups on reports and maintain communication with the whistleblower:
Such mechanisms exist in relation to financial market operators.
Regulation of March 6 states that:
- The Board of Directors shall establish an internal division of powers identifying the member of the Board to whom breaches are reported and responsible for the day-to-day operation of anonymous reporting procedures.
- The internal division of competences shall be subject to approval by the supervisory board.
- The member of the board or the supervisory board shall, upon receipt of a report, designate employees, business units or organisational units responsible for undertaking and co-ordinating the verification of the report of a breach and for the follow-up.
Regulation of April 25 states that:
Any other follow-up requirements including those for anonymous complaints:
- A member of the management or the supervisory board, upon receipt of a report, shall designate employees or organisational units responsible for verifying the report and taking and co-ordinating follow-up actions.
- Where justified by the size, structure and type of business, the designated member of the management board or the supervisory board may refrain from appointing employees or organisational units.
Currently, the requirements relating to reporting, follow-up and data protection are regulated in the anonymous reporting procedures of financial institutions.
A reasonable timeframe to provide feedback, not exceeding three months from acknowledgment of receipt or if no acknowledgement was sent, three months from the expiry of the seven-day period after a report is made:
There is no Act that regulates such time frames. It is not possible to indicate to what extent the provisions of the Draft will meet those requirements.
Providing clear and easily accessible information on internal reporting procedures and external reporting procedures to competent authorities and/or EU institutions/bodies:
Under the AML Act, the General Inspector of Financial Information shall make information and documents available to competent authorities and/or any EU institutions/bodies.
Should legal entities take any additional measures in order to comply with the above requirements?
At the current stage of legislative work on the Draft, it is not possible to indicate to what extent its provisions will meet requirements set out in the EU Directive.
5) Reporting channels: external
a) Has the country designated a competent authority to receive and investigate whistleblower disclosure and retaliation complaints?
b) Is an independent and autonomous external reporting channel already established in the country?
An OCCP program allows breaches to be reported, but its scope is limited to issues concerning unfair competition.
6) Processing of personal data
a) Is personal data concerning the reports processed in compliance with local and EU legislation such as EU Regulation 2018/1725 and local privacy laws?
Under the AML Act, the General Inspector of Financial Information shall ensure the protection of personal data of the people making the report as well as the person accused of breaching the regulations on counteracting money laundering and terrorist financing. Personal data is collected in a separate data collection created strictly for the purpose of AML Act and ensuring the protection of personal data of the people making the report as well as the person accused of breaching the regulations on counteracting money laundering and terrorist financing.
7) Record keeping of reports
a) Is there any obligation regarding record keeping of reports as provided for by the EU Directive?
There is no such general regulation.
Under the AML Act, the minister in charge of public finance shall determine, by way of an ordinance, the manner in which reports are received, handled and stored with a view to ensuring adequate protection, including protection of personal data of the person making the report or of the person allegedly in breach of regulations on anti-money laundering and terrorist financing.
a) Is there any difference between whistleblower protections in the private and public sectors?
There is no specific regulation in Polish law covering this at the moment.
b) Are whistleblowers protected against all forms of retaliation including threats and attempts of retaliation? Which forms of retaliation are expressly indicated?
There is no specific regulation in Polish law covering this at the moment.
In the banking and financial sector there is a regulation that banks should ensure that employees who report breaches are protected at least against repressive action, discrimination or other forms of unfair treatment.
c) Does the Local Law provide for any other measures of support such as those indicated in the EU Directive?
The legislator has not introduced any specific form of protection for whistleblowers in the Labour Code but the provisions on employee protection may apply.
Legal protection measures for whistleblowers who are employees include:
- Appealing to the court against the notice of termination received and demanding that it be determined to be ineffective, that the employee be reinstated on previous terms or paid compensation, or payment of damages.
- Appealing to the court against termination of the employment contract without notice and right to claim damages or reinstatement.
- Seeking compensation from the employer an amount not lower than the minimum remuneration for work, determined on the basis of separate regulations, if due to mobbing the contract of employment was terminated through the fault of the employer.
- Claiming a reasonable amount of money from the employer as compensation for the harm suffered if the harassment caused a health disorder.
An employee affected by discrimination has the right to seek compensation in court. In particular, a person whose employer has infringed the principle of equal treatment in employment has the right to compensation in an amount not lower than the minimum wage for work, determined by separate provisions.
d) Does the Local Law provide for the necessary measures to prohibit any form of retaliation against whistleblowers?
There is no such direct regulation.
However, Article 218 of the Criminal Code states that practices such as malicious or persistent violation of an employee’s right resulting from the employment relationship or social insurance, and refusal to reinstate an employee whose reinstatement was ordered by the competent authority, are subject to penalties.
Examples of offences under Article 218 § 1a of the Code of Criminal Procedure can include non-payment of remuneration. Article 218 of the Code of Criminal Procedure may be a tool to penalise the employer’s negative behaviour towards a whistleblower when the employer’s retaliatory reaction takes the form of persistent and malicious violation of employment rights.
e) Does the Local Law provide for any remedial measures, including interim relief measures?
No remedial measures are mentioned.
f) Does the Local Law provide for exemptions from liability for whistleblowers?
The Act on Combating Unfair Competition provides that whoever, contrary to their obligation towards an entrepreneur or whoever, having illegally obtained information constituting a business secret, discloses to another person or uses in their own business activity information constituting a business secret, if it causes serious damage to the entrepreneur, shall be subject to a fine, the penalty of restriction of liberty or imprisonment for up to two years.
However, the Act also provides that disclosure, use or acquisition of information constituting a business secret does not constitute an act of unfair competition if it was made in order to:
- Protect a legitimate interest protected by law.
- In the exercise of freedom of expression.
- In order to disclose irregularities, misconduct or actions in breach of the law to protect the public interest.
- Disclose to employee representatives in connection with the performance of their functions under the law is necessary for the proper performance of those functions.
g) Does the Local Law provide for sanctions against natural and legal persons that violate whistleblowers’ protection or the duty of maintaining the confidentiality of their identity?
The AML Act states that anyone who, contrary to the provisions of the Act, discloses to unauthorised people, account holders or people affected by the transaction, information collected in accordance with the Act or uses this information in a manner inconsistent with the Act shall be subject to a term of imprisonment of between three months and five years.
h) Does the Local Law provide for sanctions in case of false reports?
9) Other issues
a) Under the Local Law, is adopting a whistleblowing system relevant to assess the adequacy of a compliance program? Does this have any value to mitigate or eliminate criminal liability for legal entities?
There is no binding law on this. However, whistleblowing programs are an important part of compliance programs.
b) Does the Local Law or another law in your country provide for whistleblower reward programs?
No reward programs are envisaged under binding law.
c) Can companies benefit from any incentives in the case of voluntary self-disclosure of violations they became aware of following an internal report?
There is no general law providing such possibilities. However, under the competition law an enterprise which concluded an agreement which restricts competition may apply for total exemption or reduction of fines if it admits to having participated in the agreement and provides information and evidence demonstrating the existence of the practice.
d) Will implementing the EU Directive create any issues with obligations provided for under other laws / regulations?
Implementing the EU Directive into Polish law will require not only the adaptation of existing solutions to EU requirements but also adopting an Act that will comprehensively regulate the issues raised in the Directive. This is an important step in bringing whistleblower regulation into the Polish legal system.
For a pdf of the full guide please click on the button below.