Introduction of Whistleblower Software: A Guide for Medium-Sized Companies

The independence of the persons responsible for the reporting office must be ensured
Special attention must be paid to ensuring that the persons entrusted with the tasks of a reporting office are independent in their activities. While they may perform other tasks in addition to their work for the internal reporting office, it must always be ensured that these do not lead to conflicts of interest.

Reporting software assists medium-sized companies in effectively implementing the law
The software should be user-friendly to make it easier for persons providing information to report violations. The software should allow the submission of reports through various communication channels. The legislator requires the submission of reports:

Orally, e.g. by uploading a voice message or via a telephone hotline
Written, by submitting a text. It should also have the function of uploading documents.
In person, individuals providing information have the right to meet in person with the person responsible for the reporting office

Moreover, for the reporting office to be accepted, it is important to offer a system that also allows anonymous submission of information.

Since medium-sized companies have different requirements and processes for their reporting office, it is important that the IT-supported reporting office can be individually adapted to the specific needs of the company. This includes the color design according to the company’s CI, the adaptation of texts to the corporate culture, the introduction of reporting categories and notification settings or reporting functions.

Confidentiality and independence are essential for the successful operation of the internal reporting office
When operating the reporting office, the confidentiality of the informant’s data must be particularly protected. Therefore, the following should be taken into account when selecting the software:

Protect the confidentiality of the reports
Restrict sensitive information
Store data on certified, secure, and continuously checked cloud environment in Germany
The software can be used without system integration

The independence that such software offers is also of great importance to management, as it provides insight into potential developments in the company without being directly involved. Even in a medium-sized company, the management cannot be involved in all processes and is therefore regularly dependent on information. In this way, developments in companies can be detected and eliminated at an early stage in order to avoid public reputation damage and resulting loss of sales.

The group of people who have access to the submitted information must be limited and specially trained.

Although not legally required, it is advisable to set up a system that also allows anonymous submission of information. Especially in medium-sized companies, the possibility of anonymous submission of information can ensure that certain information is given that would otherwise have been kept silent.

Outsourcing to an external third party strengthens trust in the reporting office
Outsourcing to an external third party creates trust because they cannot draw any conclusions about the person providing the information. If this third party is a lawyer, he or she is also obliged to maintain confidentiality, which creates even more trust.

In addition to confidentiality and independence, outsourcing to an external third party is also economically interesting.

Integration into existing compliance management systems
Even companies that already have a compliance management system in place are obliged to implement an internal reporting office in accordance with the Whistleblower Protection Act.

However, companies can save costs for setting up the system if they only have to adapt existing systems.
Nevertheless, they must allocate capacities for legal advice and support in the design of a whistleblower system, the preparation of the necessary guidelines and processes, support in implementation and communication, data protection-compliant design, and training of the reporting office staff. Here, too, outsourcing of the reporting office can therefore make sense under certain circumstances.

Support and training
If an IT-supported whistleblower system is used, it is important that the software provider offers support and training as part of the implementation. On the one hand, to ensure that the company can effectively use the software. On the other hand, because employers are required by law to ensure that the persons entrusted with the tasks of an internal reporting office have the necessary expertise.

In addition, it is also important that the persons responsible for the reporting office regularly attend content-related training on the operation of an internal reporting office and the Whistleblower Protection Act.

Operation of a joint reporting office
Several private employers with usually 50 to 249 employees can also set up and operate a joint office for receiving information and for the further measures under this law (see § 14 para. 2 Whistleblower Protection Act). Here, too, outsourcing to a third party is a good option, especially to avoid the disclosure of trade secrets to competing companies, insofar as these would be revealed by the reporting of a violation. According to the principle of separation under corporate law, it is also possible to set up an independent and confidential office at another group company (e.g., parent or subsidiary company) as a “third party”, which can also work for several independent companies in the group.

With eagle lsp, companies can outsource their internal reporting office to lawyers
Outsourcing the internal reporting office to a service provider like eagle lsp is both cost-effective and legally compliant. The lawyers (some with TÜV-certified Compliance Officer training) have the technical know-how and legal expertise to install and operate a reporting office in a legally compliant manner. Furthermore, outsourcing provides the necessary independence, thus creating trust in the reporting office service and the process.

You haven’t implemented an internal reporting office yet? Then we should talk!

As of: 07.06.2023