BASIC QUESTIONS ABOUT THE LAW
- What is the objective of Law 2/2023, of February 20, regulating the protection of people who report on regulatory violations and the fight against corruption?
Its objective is to protect people who report or denounce violations in their workplace from retaliation they may suffer.
The Law transposes Directive 2019/1937 of the European Parliament on the protection of persons who report violations of Union Law.
Law 11/2016 creating the Agency for the Prevention and Fight against Fraud and Corruption of the Valencian Community, anticipated the Directive, creating an external complaints mailbox open to all citizens and a statute of protection of people who denounce, whether natural or legal persons.
- Who can report or denounce an irregularity in their workplace?
Any person linked by a labor or professional relationship may report to the Independent Informant Protection Authority (AIPI), which has not yet been created, or to the corresponding authorities or autonomous bodies.
In the case of the Valencian Community, the competent authority is the Valencian Anti-Fraud Agency.
- What type of information or complaints are included within the scope of application of the Law and give the right to protection?
Actions or omissions that may constitute a serious or very serious criminal or administrative offense. For example: passing the questions on an exam, manipulating a contract, building where you can’t, accessing a grant without having the requirements…
In the case of the Valencian Anti-Fraud Agency, these are those facts or conduct that may constitute corruption, fraud, administrative irregularities, conduct constituting an administrative or disciplinary offence, and conduct or activities that are reprehensible for being contrary to integrity and public ethics.
- Does the Valencian Antifraud Agency have powers in the private sector?
It could only have said competence if Law 11/2016 creating the Agency is modified, expanding its scope of action.
Therefore, for the private sector, the competent body is the Independent Informant Protection Authority (AIPI), which has not yet been created.
- What are the ways and means to report or denounce an infringement in accordance with Law 2/2023?
Through the internal channel that each entity must have, or through the external channel, which in the case of the Valencian Community is that of the Valencian Antifraud Agency.
The Law allows the whistleblower to choose between the internal or external channel, depending on the circumstances and the risks of reprisals that he considers.
The complaint may be anonymous or identified, and may be made by any means: written, verbal, by email, postal mail, voice mail, etc.
- Who can be reporting persons according to Law 2/2023?
Law 2/2023 uses the term “informant” as a synonym for whistleblower to refer to people in the public or private sector who communicate or reveal information about irregularities of which they are aware in their professional or work environment.
Are included:
- People who work in public administrations regardless of their employment relationship (career officials, interim, labor, temporary…)
- People who work in the private sphere.
- People who are doing internships, interns, in training or who are participating in a selection process.
- People who work for companies related to the administration, whether they are contractors, subcontractors, suppliers, etc.
In any case, these people who report violations must report in accordance with the requirements of the Law and have reasonable grounds to believe that the information they are providing is true.
- Can I go to the external reporting channel or should I first report through the internal channel?
The internal channel should be used preferentially, since a diligent and effective action within the organization itself could paralyze the harmful consequences.
However, the Law allows the whistleblower to choose the internal or external channel, depending on the circumstances and the risks of reprisals that he considers.
In any case, the AVAF is the external channel that may be used in accordance with the provisions of Law 2/2023 and in its regulatory regional regulations.
- What are the support measures established by Law 2/2023 for the person who denounces or informs?
- Free information and advice on the procedures and resources available, protection against retaliation and the rights of the affected person.
- Effective assistance by the competent authorities before any authority involved in their protection against retaliation, including the certification that they can avail themselves of protection under this law.
- Legal assistance in criminal proceedings and cross-border civil proceedings in accordance with community regulations.
- Financial and psychological support, exceptionally, after assessing the circumstances.
All this, regardless of the assistance that may correspond according to Law 1/1996 on free legal assistance, for the representation and defense in judicial proceedings derived from the presentation of the communication or public disclosure.
- Who can access the protection measures included in the Law?
In addition to the informants or denouncers, those related to them who may be harmed or retaliated against, such as family members or co-workers, will be able to access.
- What about retaliation?
Acts of retaliation, including threats and attempted retaliation, are expressly prohibited.
Retaliation is understood as any act or omission prohibited by Law, or that directly or indirectly involves unfavorable treatment that places the people who suffer it at a disadvantage with respect to another in the labor or professional context, solely because of their status as informants.
- What are the most common reprisals?
- Opening of disciplinary files and dismissal.
- Demotion or denial of promotions and substantial modifications of working conditions.
- Damages, including those of a reputational nature, or economic losses, coercion, intimidation, harassment or ostracism.
- Denial or cancellation of licences, permits or training.
- Discrimination, or unfavorable or unfair treatment.
- What are the protection measures against retaliation?
The best protection is anonymity.
The Law requires the creation and implementation of secure channels that guarantee confidentiality, admitting both anonymous and identifying complaints.
The people who communicate this information are not liable, provided that access to the information does not constitute a crime and except for legal liabilities that may arise. However, the protection does not exempt the complainant from the responsibilities that may have been incurred for events other than the complaint.
In judicial proceedings or before another authority, related to the damages suffered by the whistleblower, once he has reasonably demonstrated that he has suffered damage, it will be presumed that it is a retaliation.
In the judicial processes in which the reporting person may be immersed, he or she will have the right to plead in his favor, having made a complaint or provided information.
- What obligations does the entry into force of Law 2/2023 give rise to?
- Creation of an internal information system (internal channel), which must meet certain requirements and guarantees, and must be designed, established and managed in a secure manner, allowing the presentation and processing of anonymous complaints.
- Regulate the channel management procedure for the processing of communications or complaints in accordance with the Law.
- Appoint a person in charge of the internal information system, which can be a natural person or a collegiate body.
- Notify the competent Authority (in the Valencian Community, the Valencian Anti-Fraud Agency with respect to the public sector) the designation of the person in charge of the internal information system.
- Have a book-registry of the information received and of the internal investigations to which they have given rise.
- Inform in a clear and accessible way to those who carry out the communication through the internal channel about the existence of the external channel.
ON INTERNAL INFORMATION SYSTEMS (SII)
- What is an Internal Information System?
An internal information system is a structure whose objective is to guarantee that employees, public or private, can communicate within the organization itself the irregularities they are aware of, so that they can be monitored.
The internal information system is made up of:
- An internal channel for receiving information or complaints.
- A procedure for the management of such information or complaints,
- A person responsible for the management and processing.
The System must offer full guarantees of independence, confidentiality, security and that those who use the channel do not suffer reprisals.
The internal information system must form part of the organization’s integrity strategy, as well as promote good public governance and safeguard the general interest through ethical commitment, allowing the elimination of bad practices and consolidating the trust of citizens in their institutions.
- Which entities are required to have an internal information system?
In the PUBLIC SECTOR: all administrations and public entities.
They may share the internal information system and the resources for investigations and procedures:
- Municipalities with fewer than 10,000 inhabitants.
- Entities belonging to the public sector that have less than 50 workers linked to or dependent on bodies of the territorial Administrations
In any case, it must be guaranteed that the systems are independent from each other and that the channels appear differentiated.
In the PRIVATE SECTOR: individuals or legal entities that have 50 or more workers.
Legal persons in the private sector with between 50 and 249 workers may share the internal information system and the resources for the management and processing of communications.
- What are the requirements that the management procedure of the Internal Information System (SII) must meet?
Identification of the internal information channel (web, bulletin board, banners…).
- Include clear and accessible information about external channels.
- Send acknowledgment of receipt to the informant, without jeopardizing confidentiality.
- Determine the maximum term to respond to the investigation actions.
- Possibility of communication with the informant and how to request additional information.
- The affected person’s right to information, as well as to be heard at any time, respecting the presumption of innocence and their honor.
- Protection of personal data.
- Referral to the Public Prosecutor’s Office of facts that may constitute a crime, and to the European Public Prosecutor’s Office if they affect the interests of the European Union.
- What happens if an entity already has an Internal Information System (SII)?
It may be used to comply with Law 2/2023, adapting to the requirements established therein.
- Is it possible for the Internal Information System (SII) to be managed by an external third party?
In the field of public administrations, the reception of the information by a third party may only be agreed.
In any case, the insufficiency of own resources must be justified in accordance with the Public Sector Contracts Law.
The Valencian Antifraud Agency offers information and advice on how to install internal channels at no financial cost, for which the prior signing of a collaboration protocol is necessary.
- Within the Internal Information System (SII) can various channels coexist in addition to the channel provided for in Law 2/2023?
Yes, as long as they appear differentiated so as not to create confusion.
- Can the same channel act at the same time as an internal channel of an organism and as an external channel of another?
No. Internal channels must always form part of the structure of the body or entity, and external channels will depend on the competent administrative authority, whether state or regional.
- Should public bodies with infringement investigation functions have an internal channel and also an external channel?
Yes. The external channel must be created for communications of non-compliance wished by persons outside the organization and whose investigation depends on the entity.
ON THE RESPONSIBLE FOR THE INTERNAL INFORMATION SYSTEM (RSII)
- Who can be Responsible for Internal Information Systems (RSII)?
Individuals or collegiate bodies. If it is a collegiate body, it must delegate to one of its members the powers of management of the internal information system and processing of investigation files.
It must carry out its functions independently and autonomously from the rest of the entity’s bodies, reporting directly to the governing body. In addition, it must offer full guarantees of confidentiality and security regarding the information it handles.
- Who should appoint the person Responsible for the Internal Information System (RSII)?
The governing body or administrative body, after consultation with the legal representation of the workers.
- What profile is most appropriate to fulfill the functions of Head of the Internal Information System (RSII)?
In the entities or organizations in which there is already a person responsible for the function of regulatory compliance or integrity policies, they may be designated as System Manager, provided they meet the requirements established in the Law.
Each entity has to assess the suitability of the corresponding person, who offers the greatest guarantees of independence and autonomy necessary to perform their functions and with the necessary preparation and training.
- What happens if there is a conflict of interest of the person in charge of the Internal Information System (RSII)?
You must refrain from the procedure in accordance with the provisions of Law 40/2015, of October 1, on the Legal Regime of the Public Sector.
It is recommended that the governing body or administrative body has pre-established a system of substitutions.
- What is the deadline within which the Valencian Anti-Fraud Agency must be notified to the Head of the Internal Information System (RSII)?
10 business days from your appointment.
- What is the regulation that regulates the Register of Persons Responsible for the Internal Information System (RSII) in the Valencian Community?
The applicable standard is Resolution no. 504/2023 of the director of the Agency, which creates the Register of Managers of Internal Information Systems (DOGV no. 9601, of 05.23.2023).
https://dogv.gva.es/datos/2023/05/23/pdf/2023_5194.pdf
- How should communication be made to the Valencian Anti-Fraud Agency of the person in charge of the internal information system (RSII)?
At its electronic headquarters, through the specific procedure that appears in the section “Law 2/2023” – “Responsible for the Internal Information System”.
- What must be provided to notify the Valencian Anti-Fraud Agency of the Head of the Internal Information System (RSII)?
- The completed electronic office procedure form.
- Copy or certificate of the governing body that accredits the designation of the natural person or collegiate body.
ABOUT THE DEADLINES
- What is the implementation period for the Internal Information System (SII) for administrations, agencies, companies and other obligated entities?
The term expires on June 13, 2023.
- What is the implementation period for the Internal Information System (SII) for municipalities with fewer than 10,000 inhabitants?
Until December 1, 2023.
- What is the implementation period for the Internal Information System (SII) for municipalities with more than 10,000 inhabitants?
The term expires on June 13, 2023
- What is the implementation period of the Internal Information System (SII) for legal entities in the private sector with 249 or fewer workers?
Until December 1, 2023
- What is the implementation period for the Internal Information System for legal entities in the private sector with 250 or more workers?
The term expires on June 13, 2023
ABOUT PROTOCOLS WITH THE VALENCIAN ANTI-FRAUD AGENCY
- Why does an administration or public entity need to sign a collaboration protocol with the Valencian Anti-Fraud Agency?
Through the signing of protocols, the Agency provides help and advice for the implementation of a free complaints channel, as well as offering training and information on the application of Law 2/2023.
If you are interested in signing up for a protocol, you can send an email to juridico@antifraucv.es
Lousy here to see the protocol model.
- Is it necessary for a public sector entity, attached to or linked to a public administration of the Valencian Community, to sign a protocol with the Valencian Anti-Fraud Agency?
If the public sector entity is attached to or linked to a public administration that has already signed a protocol with the Agency, it will not be necessary to sign a new protocol to obtain this collaboration. However, if you wish, you can subscribe to a specific protocol.
In the case of a consortium, it will not be necessary to sign a protocol if it has already been signed by the public administration participating in the consortium as a majority.