Year-End Deadline for Regulated Entities’ Whistleblowing Procedures
The Protected Disclosures (Amendment) Act 2022 (“2022 Act”) comes into effect on 1 January 2023. The changes it makes to the Protected Disclosures Act 2014 are outlined in our previous client update.
- Published
- in Industry Updates
Of primary note, the 2022 Act requires that all entities initially in scope must have and maintain internal reporting channels and investigation procedures that comply with its requirements from 1 January 2023.
Entities Initially in Scope
By virtue of (i) prescribing a wide range of EU regulated entities to be in scope and (ii) the regime now applying to a more extensive range of individuals connected to a relevant entity, most Irish regulated entities will be subject to the new whistleblowing obligations from 1 January 2023.
Regulated Entities
Without reference to specific legal structure, the 2022 Act applies, in its initial phase, to any ’employers’ that are entities who fall within the scope of a prescribed list of EU laws. This list covers a wide range of areas of financial services regulation, including EU directives / regulations applicable to the following, non-exhaustive list of Irish authorised entities:
- UCITS management companies;
- AIFMs;
- Externally managed ICAVs and PLCs authorised as UCITS or AIFs;
- MiFID investment firms; and
- Payment services and e-money firms.
The list also covers entities that fall within the ambit of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021 (“CJA”).
Individuals Connected to a Relevant Entity
An entity will be an employer where it has a ‘worker’. As well as covering employees, contractors, shareholders and other individuals, a worker includes non-executive directors.
Therefore, entities cannot avoid the 2022 Act obligations if they have a board of directors and no employees. The presence of the directors and shareholders alone will bring these entities (such as externally managed ICAVs) into scope.
Existing Whistleblowing Requirements
It should be noted that many regulated entities have existing legislative obligations to establish reporting channels and report contraventions of financial services law to the Central Bank of Ireland including, for example, rules applicable to UCITS management companies and those in scope of the CJA.
Those obligations will continue to apply in addition to the 2022 Act requirements.
Action Required
Entities initially in scope of the 2022 Act must ensure they have a framework in place that captures the new requirements. They should therefore take appropriate steps to establish and maintain secure and confidential internal reporting channels and investment procedures for protected disclosures.
Our Financial Services Regulatory and Employment Groups have been working closely with regulated entities to assist in developing or updating their internal written framework to ensure they comply by 1 January 2023.
Further Information
Further information on our Irish Financial Services Regulatory Group, and the services we provide is available on our website page and in our brochure.
If you would like further information, please liaise with the below or your usual Maples Group contact.