Anti-fraud signs the NEIWA Utrecht statements with recommendations for the implementation of internal and external reporting channels

NEIWA members make a series of recommendations to governments, administrations and other stakeholders involved in the creation of internal and external reporting channels, in the framework of the transposition of the EU Directive on the protection of whistleblowers

The Anti-Fraud Office of Catalonia is a member of the Network of European Integrity and Whistleblowing Authorities (NEIWA)

EU directive on the protection of persons who report breaches of Union Law
EU directive on the protection of persons who report breaches of Union Law

14 July 2021. The Anti-Fraud Office of Catalonia, together with 25 other organizations belonging to NEIWA, sign the Declaration on establishing internal reporting channels and the Declaration on establishing external reporting channels, both resulting from the Utrecht meeting and from the working groups set up within the NEIWA in which the Anti-Fraud Office has participated. These statements include a series of recommendations for the effective implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of European Union law. The signing institutions met virtually on June 4 as a follow-up of the meetings in The Hague (May 2019), Paris (December 2019), Rome (June 2020) and Brussels (December 2021), as well as other sessions organized within the framework of the Network's purposes.

During the meeting, the President of the Netherlands Whistleblowers Protection Authority and the meeting's host, Wilbert Tomesen, welcomed a new institution that is part of the NEIWA network: the Bulgarian Commission for Anti-Corruption and Illegal Assets Forfeiture. The Montenegrin Agency for Prevention of Corruption also participated as an observer.

The meeting was also attended by a representative of the European Commission, Christel Mercade Piqueras, who reported on the latest developments in the tasks of transposing the European Directive. The Commission is working on a document addressed to Member States on "frequently asked questions" (FAQ) regarding the interpretation of certain provisions of the Directive. To date, no EU law transposing the European Directive has been communicated by EU Member States.

At the conclusion of the Utrecht meeting, the members of NEIWA, in the spirit of sharing best practices, recommend the points set out in the following statements and which are addressed to governments, administrations and other stakeholders involved in the implementation of the Directive.


Declaration on establishing internal reporting channels

1. Establishment of internal channels

1.1. Legal entities in the private and public sector should establish appropriate internal procedures for receiving and following up on reports on wrongdoings. Internal channels aim at the disclosure of wrongdoings in workplaces that would otherwise remain hidden, often due to fear of reprisals.

1.2. Entities obliged to implement internal reporting channels shall foster a culture of reporting internally and value internal reporting as an act of loyalty and as an opportunity to learn about internal wrongdoings and remedy them.

2. Confidentiality and anonymous reporting

2.1. Whistleblowers may often lack trust and confidence in the effectiveness of internal reporting channels, which may discourage them from reporting a wrongdoing. Safeguarding the confidentiality of the identity of the reporter and of the investigation therefore is a key condition for a reporting system, ensuring that filing a report does not lead to any professional or personal risk to the whistleblower.

2.2. The internal reporting channels must offer confidence and trust preventing unauthorized staff from having access to its content. Entities externalising their internal reporting channels should check beforehand that the third party guarantees that internal reports are kept confidential and that only authorised persons will be able to access their content.

2.3. The internal reporting channel should include that an adequate investigation regarding the report of a wrongdoing shall be carried out in a rigorous manner.

3. Procedures for internal reporting and for follow-up according to the EU Directive:

3.1. Depending on the nature and dimension of the entities, internal channels could be constituted by an impartial person or department responsible for receiving and following-up to the reports and maintaining the communication with the reporting person. In any case, their function should be such as to ensure independence, avoid conflict of interests and be trusted by employees.

3.2. Clear and defined procedures of receiving and follow-up to the report are essential for building trust in the effectiveness of the overall system of whistleblower protection. Appropriate follow-up shall be given to a report filed internally with a reasonable timeframe to inform a reporting person, in line with minimum standard in the EU Directive. The reporting person should be informed about the timeframe and procedures of feedback.

3.3. Persons who are considering reporting breaches should be able to make an informed decision on whether, how and when to report. It is essential for legal entities in the private and public sector and that have an internal reporting channel, to provide clear and easily accessible information regarding the procedures for reporting internally as well as the possibility to report externally to competent authorities.

3.4. Reporting person should be able to choose the most appropriate reporting channel (internal or external) depending on the individual circumstances of the case. However, they could be encouraged to first use internal reporting channels and report to their employer, if such channels are available to them and can reasonably be expected to function.

4. Prohibition of retaliation

4.1. Internally reporting persons should be protected against any form of retaliation, whether direct or indirect, taken, encouraged or tolerated by their employer or customer or recipient of services and by persons working for or acting on behalf of the latter, including colleagues and managers in the same organisation or in other organisations with which the reporting person is in contact in the context of his or her work-related activities.

4.2. A clear legal prohibition of retaliation will have an important dissuasive effect, and would be further strengthened by provisions for personal liability and penalties for the perpetrators of retaliation.

4.3. Granting of a protection status to a reporting person, when granting of such status is foreseen by national legislation, implies that the competent authorities must ensure that the reporting person does not suffer any direct or indirect forms of retaliation. Competent authorities should, where appropriate, have dissuasive tools to prevent any form of retaliation including the possibility to impose a sanction on the organisation taking retaliatory measures.

4.4. Even if the identity of the reporting person is not known (anonymous), nor data that allows him to be identified is available at the time, this may be revealed or deduced at a later stage. Therefore, if the reporting person has done so in line with the rules and, (s)he is still entitled to the protection measures offered by the Directive, when granting of such measures is foreseen by national legislation.

4.5. Competent authorities and entities obliged to establish internal reporting channels shall seek to redress any situation in which the Whistleblower may have been subject to any form of reprisals and assess how to prevent future similar situations.


Declaration on establishing external reporting channels

1. Ensure that the external reporting channels, set up by the competent authorities, provide strict confidentiality to Whistleblowers and to their reports a well as to the investigations by the competent authorities following these reports, towards any third party, and ensure their protection by granting those channels the organizational and financial autonomy needed to perform their functions properly and providing them with sufficient resources.

2. Consider appointing an authority that is recognized and positioned as the main, central or pivotal authority within the Member State or region and that gives the Directive and the national implementing law a name, a face and a phone number.

3. Provide that this authority performs, not necessarily exclusively and depending on national law, one or more of the tasks foreseen by the Directive, which could in particular include investigating allegations of retaliation, and providing information and being available for consultation or advice to reporting persons and where applicable refer them to the relevant competent authority.

4. Consider making this authority competent for following up on reports of breaches, at least as a last resort when no other authority is competent or has not given proper follow-up to a report, in accordance with the applicable national framework.


NEIWA, currently represented by 22 member states, was created in May 2019 in order to provide a platform for cooperation and for the exchange of knowledge and experiences in the field of integrity and whistleblower protection. It is currently focusing its efforts on the transposition and implementation of the European Directive for the protection of whistleblowers that EU Member States must carry out before December 17 of this year. In fact, a meeting has been proposed in Dublin on 9-10 December (before the deadline for transposition of the Directive) if the epidemiological situation improves.