Whistleblowing channels: are public administrations prepared?

On September 23, the DraftLaw regulating the protection of persons who report on regulatory and anti-corruption infringements was published in the Official Gazette of the Congress of the Cortes Generales. The purpose of the text is to provide adequate protection against retaliation to natural persons who report any of the actions or omissions referred to in the law itself. As is known, Directive (EU) 2019/1937 of the European Parliament and of the Council is thus incorporated into Spanish law, which established common minimum standards to provide a high level of protection for persons reporting breaches of Union law. The draft law, following the guidelines of the Directive, contains a series of very specific provisions in relation to various aspects, one of the most important being the obligation imposed on all entities and organizations, both public and private, to establish internally systems that allow those who maintain an employment or professional relationship with them, are able to report or alertthem to irregularities of which they have become aware in the context of that relationship, and all this with full guarantees that they will not be subject to retaliation for that reason [1]. Without prejudice to the considerable delay that we accumulate in the transposition (it should have been completed in December 2021), the truth is that everything indicates that in a few months the standard can be approved, after which the different bodies and entities must have these systems fully implemented and operational within a maximum period of three months [2] In the field of the public sector, which is the one that concerns us here, the fulfillment of these forecasts requires to gain time in their planning, to be able to face them with a minimum of rigor and solvency. Let us recall, first of all, that the Directive imposed this requirement in general on all public sector entities, a provision that is incorporated in the draft law very broadly, so that practically no body or entity canexempt itself from this obligation [4]. That being so, I would dare to say that, except in the field of public commercial companies, which have already made significant progress in this area as a result of the extension to them of the regime of criminal liability of legal persons (article 31 quinquies of the Criminal Code after the reform operated by Organic Law 1/2015, of March 30), there are not many public sector entities that currently have these systems, so, to this date, the greatest challenge is those that have to start from scratch. Be that as it may, we must start from the fact that, as the OECD has been demanding for years, for these tools to have real functionality they should be solidly established within a system of integrity of the organization, which in turn should rest on an ethical culture, something that should be addressed in a first stage in an essential way. That’s where we should start, therefore. It would also be necessary to advance in planning the design of the essential elements of these systems and their fit within the organizational structures of each agency or entity. It is necessary to be very clear that the bill is not limited to requiring that there be a channel so that irregularities can be reported internally, but imposes that it be integrated into a system, with a person in charge appointed by the administrative or governing body of the entity, who must carry out their functions independently and autonomously with respect to the rest of the organizational bodies of the entity or body. This makes it essential to start thinking as soon as possible about the model to follow. In many public administrations, some functions of this type are already resident in service inspections, while others have reporting channels within corruption offices or bodies located outside the administrative structure to provide them with greater autonomy and independence. Similarly, it is not possible to ignore that within the framework of the Anti-Fraud Plans referred to in Order HFP 1030/2021, which configures the management system of the Recovery, Transformation and Resilience Plan, it is recommended that decision-making or executing entities or that they participate in the execution of the PRTR measures, the creation of an Anti-Fraud Committee and an Internal Control Unit [4] , units which, if they exist, should not be left out of the integrity system or detached from the person responsible for the system referred to in the Directive and the draft law. Admittedly, not all entities have the same characteristics, so it will also be necessary to make, at least, a first assessment of the situation of each one, its possibilities and its needsin order to consider sharing the System and resources with other entities (art. 8.9 of the Directive and 14 of the draft L ey) or, where appropriate, to resort to management through an external third party (Art. 15 of the draft L ey). In this area, the Autonomous Communities and, above all, the provincial councils, should also design possible actions to help its implementation, through subsidies or assistance, paying special attention to smaller municipalities. Furthermore, it should be noted that, even in cases where institutions already have internal channels for alerting to irregularities, it would be necessary to adapt them to the requirements of the Directive and the transposition rule, as laid down in the first transitional provision of the draft law. Among others, special attention should be paid to some essential issues: • In their design, it is necessary that these channels appear differentiated and independent of the internal information channels or systems of other entities or organizations. This issue is important to take into account for certain reporting channels that some public administrations have already established, and that, to date, serve other bodies or entities in their own field.   • As for their addressees, it must be guaranteed that at least the persons referred to in article 3 of the draft law can go to these channels, and that, through these…

Integrity, a value present in Els Furs de Jaume I

The recent Law 1/2022, of April 13, on Transparency and Good Governance of the Valencian Community, specifying its general principles, defines integrity with these words: persons in the service of the administration, whether or not they hold public office, must build trust and ensure the democratic quality of public institutions and their reputation with the public. The exercise of its functions must be characterized by impartiality, objectivity, honesty, respect for the legal framework and the observance of ethical behavior absent of arbitrariness, aimed at compliance with and satisfaction of general interests. Thepresence of this concern and values in the Valencian legal system has its roots in the dawn of the foral stage. Indeed, in the primitive normative provisions granted by Jaume I to the city of Valencia (Consuetudines Valentiae) and in els Furs (Fori Valentiae, 1251 and Furs de València, 1261) subsequently granted in general for the whole kingdom, the integrity it permeates many of its precepts. It is a value to be preserved and a virtue to be practiced by those who exercise public offices. And, consequently, those behaviors that denote dishonesty or arbitrariness, insofar as they are contrary to integrity, must be sanctioned. From the compilation available in the Virtual Arxiu of the UJI, of the first norms granted by Jaume I, between 1238 and 1271, to the Valencian city and town, I have made a selection of precepts that try to preserve the integral behaviors and sanction those that suppose any type of corrupt action. The careful reading of Els Furs allows us to know the importance that integrity, as a value, has throughout the normative text. Proof of this is the phrase with which the text “Com manamens sien de dret honestament viure” begins and the justification of the need to put in writing the Law “aver memòria de totes coses e que en neguna cosa hom no·s desviàs“. Both statements clearly point to wholeness: people are to live honestly and righteously. From an institutional perspective, inorder to regulate the cort de justícia and the officers who are to serve in it, Els Furs stipulates that the person who performs the office of batle, as well as all those who are in charge of the administration of royal revenues, shall not intervene in any criminal or civil lawsuit, “sinó tant solament los pleyts e les demandes qui seran sobre los sensals nostres o les altres rendes nostres“. Iam able to act as a lawyer or advisor to anyone. The king wants to avoid any type of conflict of interest that may influence the proper administration of Justice and therefore makes the exercise of certain functions incompatible with others. And it prohibits the institution from requesting and receiving “cosa per donar auctoritat sua“. Currently, the conflict of interest has been regulated by the Valencian legislator through Law 8/2016, of October 28 and Decree 65/2018, of May 18. For its part, the AVAF has paid special attention to this issue through the document Reflections on conflicts of interest and the docuforum Conflicts of interest and public integrity. The gift policy, present in the articles of the Valencian transparency law (arts. 54-56), is also regulated in the avaf’s code of ethics and conduct . Also interestingare the guarantees provided for in the Furs to preserve the impartiality of judges and courts, including the duty to abstain, even providing for the event that the reason for abstention arises during the trial: si la cort o el jutge al començament no ere sospitós, e mentre que·l pleit de la enquisició se menarà serà feyt sospitós per alcuna novela rahó, doncs la cort do a ell altre jutge no sospitós. Throughout the text, mandates are frequent aimed at preserving the integrity of those who perform offices of royal provision and that of those who, for some reason, are in the service of the king. Thus, for example, tenants of real rents are prevented from intervening as judges in any type of process. Royal officers may not acquire, auction or bid on an auction when the object of the auction is a real income. Inorder to prevent those who handled information by reason of the performance of a public office from benefiting from it (abuse of privileged information), they were prohibited from “comprar alcunes heretats que per juhii o per sentència de cort s’auran a vendre“. Thus, the prohibition was established that royal officers could acquire inheritances previously seized by the Justice. In matters of judicial public faith and for those cases in which discrepancies could arise with respect to what was declared or proven in court, els Furs gave probative value to “los actes públiques que seran feytes en aquell pleyt “, above, even, what could manifest in word the court itself. To further guarantee the content of the procedural acts, the provisions of Jaume I obliged those to be written “per l’escrivà de la cort” in all processes with an amount equal to or greater than 100 solids. Likewise, the acts written in the “libre de la cort” as well as “els libres dels escrivans públichs” enjoyed a presumption of veracity. If, despite the provisions of the Furs regarding the integrity with which the judges should behave and act, they did not proceed with rectitude and neglected their function, issuing some resolution “contra lo manament de la Costum de València“, the provisions of Jaume I made it clear that the judge thus proceeded “la dita Costum ofen e fa contra ella“. It was therefore not possible to depart from the law, nor was there justice outside the dictate of the norm. In the event that a case has been tried in accordance with the provisions of els Furs, it must be retried, and the first trial shall be declared null and void. For those cases in which the judge is corrupted, mediating promise or delivery of something, as well as in cases in which, deliberately “per sa pròpria aucturitat absolrà aquell que devie condempnar“,els Furs established that the judge be…

Complaint boxes: What, Who, When, Where and Why

1. Anti-fraud complaint mailboxes: basic concepts We are facing a new legal obligation. Directive 1937/2019 of the European Parliament and of the Council, of October 23, 2019, regarding the protection of people who report violations of Union Law, establishes the need to promote internal and external reporting channels: “ Member States shall promote communication through internal complaint channels before communication through external complaint channels.” (article 7.2). The rule establishes a preference for internal reporting channels over external ones, “Member States shall promote communication through internal reporting channels (…), provided that the infraction can be dealt with effectively internally and provided that the complainant consider that there is no risk of retaliation.” (article 7.2). This need to promote the implementation of internal complaint channels is complemented by the need to articulate the appropriate complaint and follow-up procedures, after consulting the social partners and in accordance with them when established by national law. However, the complainant may go directly to the external channel if, after the internal complaint, the appropriate measures are not taken; if it is presumed that the complaint to his superiors will not produce effects; or when there is imminent or manifest danger to the public interest.For its part, the Draft Law transposing Directive 2019/1937 (hereinafter, APL), refers to internal information systems, opting for this less forceful terminology, almost a euphemism, and providing that these internal information systems information are the preferential channel to report on the actions or omissions provided for in article 2, in short, on infringements of Union Law provided for in the Directive (article 4 APL). The administration or government body of each entity or body will be responsible for the implementation of the internal information system, after consultation with the legal representation of the workers (art. 5 APL). The management of internal information systems may be carried out within the entity itself or by going to an external third party. (art. 6 APL). In addition, all internal information channels will be integrated into the internal information system. The Preliminary Draft also refers to the anonymization or confidentiality of the informant (understood as “complainant”). Thus, it establishes that the internal information channels must allow the presentation and subsequent processing of anonymous communications (art. 7.3 APL). For its part, the procedure for managing internal communications (understood as “complaints”) is the one established in art. 8 APL, to which we refer. In any case, it will be necessary to follow the evolution of the text already in the phases of the Bill, reports and processing in parliament. What does seem clear is that the vast majority of public and private entities must have them: “Member States shall ensure that legal entities in the private and public sectors establish channels and procedures for internal reporting and follow-up (…)” (art. 8.1 Directive). According to the Directive itself, the establishment of a complaints channel or mailbox is mandatory for legal entities in the private sector with more than 50 workers. Member States may require it from entities with less than 50 workers, but this decision is left to national regulatory development. At the moment, the aforementioned draft law generally regulates the obligation only for private legal entities with 50 or more workers. The same does not happen in the public sector, where reporting channels will be mandatory. In this case, the Directive once again establishes the possibility for Member States to exempt municipalities with fewer than 10,000 inhabitants or with fewer than 50 workers, as well as other legal entities in the public sector with fewer than 50 workers. But here the preliminary bill does not exempt any public sector entity from the obligation, and given that the difficulties of small municipalities can be solved with the sharing of resources and, above all, with the action of support and assistance of Provincial Councils, Cabildos and Councils, it is more than likely that the obligation will remain.   2. The complaints mailbox of the Valencian Anti-Fraud Agency: a model to reproduce How to articulate the aforementioned obligation to create and maintain a mailbox for complaints in our public sector entities? Our particular proposal is the model of the Valencian Antifraud Agency. Our complaints mailbox, in this case internal and, as an anti-fraud office, also external in the sense explained above, has been in operation since 2018. It is based on the Globaleaks platform and was originally adapted to the current technology and legislation by Xnet, this form could be used and replicated in different institutions and organizations in Spain quickly, agilely and without cost. The tool can be downloaded from the website of its creator https://www.globaleaks.org/ where you can access its main features and which we would like to group into four groups: 1.At the user level: simple management from a web interface, translated into more than 60 languages, fully configurable and customizable with the corporate colors and logos of the different administrations. It also allows its adaptation to the casuistry of each project, allowing anonymous reporting, creation of advanced questionnaires, private conversations and exchange of information and statistical reports. 2.On a technical level: long-term maintenance guaranteed by the developer (LTS), fully autonomous application (no need for web servers or other applications), built using light navigation technologies, integrated backup system, configuration automated access through the TOR private network and prepared to be integrated with other web pages and intranets. 3.At a legal level: it complies with the standards of ISO 37002:2021 (Management systems for reporting irregularities) as well as with Community Directive 2019/1937 on the protection of whistleblowers of corruption. It complies with the European GDPR data protection regulation allowing data retention policies to be configured, in the same way it guarantees the custody of the complainant’s identity (if provided) by protecting access to complaints as well as by the absence of registration of the IP addresses of those who make these communications. 4.At the security level: it guarantees access through HTTPS protocols and the TOR network. It is continuously exposed to different pentesting tests to guarantee and improve its…