Enterprises: protecting the whistleblowers (law Sapin 2)

Back To Blog

Beyond the obligations introduced by the law “Sapin 2” in France, the implementation of whistleblowing tools is necessary to detect and prevent ethics and integrity failures within the companies.

Regardless of their size, companies face ethics and probity infringements. It may affect the companies assets (fraud, corruption, theft, etc.), their image or their employees (harassment in all its forms).

The possibility for employees and external partners to whistleblow represents a genuine deterrent effect, a detection tool and a protection against these risks. In this article we explain the legal obligations for the French companies regarding whistleblowing, and the reasons why implementing a secured process is beneficial for the companies.

Protecting whistleblowers: a good practice which has become an obligation with the law "Sapin 2"

The law of the 9th of December 2016 on transparency, fight against corruption and economic modernization, called “Law Sapin 2”, aims to fight against fraud and corruption. In the light of this, it obliges companies to implement the eight following pillars:

Code of conduct

It defines the behaviours to be prohibited (corruption, influence peddling)

Whistleblowing procedures

Reporting unethical behaviours occurring within the organization

Ethical risks mapping

Risks of exposure to external solicitations for corruption purposes

Third parties rating

Compliance assessment of customors, vendors and intermediaries

Specific audit and controls

Dissimulation of corruption or unethical transaction within the books

Training the exposed staff

Managers awareness of the risks of corruption and conflicts of interests

Disciplinary measures

Sanctions for employees violating the company code of conduct

Procedures assessment

Making sure that the implemented procedures are applied

These measures shall apply to the French companies with 500 or more employees and with a turnover higher than 100 millions euros.

Besides, the obligation of implementing a whistleblowing procedure is wider, as it applies to entreprises with 50 or more employees, as well as the municipalities with more than 10 000 inhabitants.

The whistleblowing procedures and tools shall respect the following conditions:

  • guarantee the confidentiality of the whistleblower identity as well as all the people mentioned in the report
  • the alerts may be processed by a direct or indirect supervisor, or by an appointed external officer

It must also be compliant with the General Data Protection Regulation (GDPR).

The law doesn’t specify the technical requirements of the tools. It may be for instance a dedicated phone line, or an application: web platform, a private messaging system… The tool may be internal or provided by an external company.

Implementing a whistleblowing tool, a necessity with multiple benefits for the company

Beyond the legal obligation, implementing procedures and tools giving a secured framework to whistleblowers is an obvious requirement for companies.

First of all, it helps managers to detect fraudulent behaviours which may have devastating consequences for the company: financial losses,

Elle permet tout d’abord à l’encadrement de l’entreprise de détecter des comportements malveillants dont les conséquences peuvent être dévastatrices pour l’entreprise: pertes financières, harm to the company’s image, deterioration in the social climate, criminal prosecution, etc.

The provision of secure whistleblowing tools installs a safe environment for the ethical employees, who will have a channel for listening while preserving their anonymity if they want to.

An efficient whistleblowing tool also has a preventive and dissuasive function for the malicious employees.

As the procedures must also enhance the external whistleblowers (such as subcontractors), it may help to detect fraudulent acts committed by employees within the company.

Ensuring compliance and protecting the whistleblowers: call upon a specialist

To comply with the law Sapin 2 and the GDPR, it is recommended to work together with compliance and anti-fraud experts, and to use specific tools ensuring the whistleblowers and data protection.

Besides the implementation of procedures, training and raising awareness of the employees is necessary in order to make the whistleblowing tools efficient.

The issues analysis and investigations must be done accurately and within a fairly decent timeframe, otherwise the issue may be raised to the judicial or administrative authorities.

Once the alert is admissible, investigations may be done internally or by a private investigator specialized in fraud and corporate issues.