Lydian’s dedicated and multidisciplinary internal investigations team advises global and local clients on all aspects of business crime and employee fraud. Fivehundred sits down with Jan Hofkens and Yves Lenders, who provide guidance on an employer’s responsibilities in regards to whistleblowing.
1.1 What statutory or regulatory obligations should an entity consider when deciding whether to conduct an internal investigation in your jurisdiction? Are there any consequences for failing to comply with these statutory or regulatory regulations? Are there any regulatory or legal benefits for conducting an investigation?
Belgian law does not provide for a specific legal framework for internal corporate investigations. However, general rules of Human Rights (such as privacy and fair trial), and internal domestic law (such as criminal law and employment law) may apply and govern certain aspects of an investigation, depending on the scope and circumstances of the investigation.
The legal test is to conduct an internal investigation that is “reasonable in all the circumstances”. This means that the way in which the investigation is conducted should be “careful, balanced and thorough”. A court will not impose its own view of what a reasonable investigation would comprise, but will have to decide whether the entity’s actions were reasonable and in line with applicable legislation. In any case, a private company may never use force or violence during an internal investigation: only public authorities are allowed to use force or compulsory measures (such as detention or house search) to the extent permitted by criminal law.
Legal provisions aim to protect the rights of the persons involved in an internal investigation, especially in the context of the tools used to collect evidence. Privacy law in general and Data Protection rules (GDPR) in particular regulate and restrict the use of certain investigation methods, such as screening of mailboxes, data mining, search of hard disk, CCTV, recording of telephone conversations, body search, etc.
Belgian employment law in particular protects employees involved in an investigation. Specific collective bargaining agreements (CBA’s) regulate monitoring and screening of online communication data (CBA 81), body search (CBA 89) and video surveillance (CBA 68). A breach of a CBA constitutes a criminal offence.
Moreover, specific procedures apply when it comes to disciplinary actions against employees, such as the 3 working days deadline to terminate an employment contract for gross misconduct.
Furthermore, internal business conduct policies or IT policies may contain restrictions in case of an internal investigation. For independent contractors, such as service providers and freelancers, the contract clauses might include reporting duties and investigation rights. This is up to the parties’ contractual freedom.
As a general principle under Belgian law, evidence which is obtained in breach of the abovementioned legal provisions, is unlawful. A court may nevertheless accept such evidence in legal proceedings, civil or criminal, provided that:(i) the evidence has not been obtained in breach of formalities that are legally sanctioned with nullity, (ii) its reliability is not adversely affected by the breach; and (iii) the use of the evidence does not prevent the right to a fair trial. In practice, this means that the judge will balance the breach of protective law, on the one hand and the gravity of the irregularities or fraud on the other hand. Based on this assessment, the judge will decide whether the unlawfully obtained evidenced is admitted as evidence or not.
How should an entity assess the credibility of a whistleblower’s complaint and determine whether an internal investigation is necessary? Are there any legal implications for dealing with whistleblowers?
There is no clear (legal) rule to assess the credibility of a whistleblower. The specific circumstances will determine this assessment. The credibility of a whistleblower’s complaint and the decision to conduct an internal investigation or not, must always be assessed on a case-by-case basis. The position of the whistleblower within the entity, the detail of the complaint, reference to concrete situations and the existence of “prima facie” evidence to support the allegations, are such elements to consider in the assessment. Guidelines and best practices in a whistleblower policy are in this context very useful.
Belgian law currently does not provide for a general legal framework for whistleblowers. However, legislation exists for certain industry sectors, such as:
• The Act of 15 September 2013 on the reporting of an alleged breach of integrity in the National administrative authorities by its staff members. This Act, which only applies to federal public authorities, offers protection to civil servants and employees who report irregularities and abuses (“whistleblowers”). Sanctions affecting their careers are prohibited. Similar rules apply to regional public authorities.
• Belgian credit institutions are obliged to set up an appropriate internal whistleblowing procedure to report breaches of rules and codes of conduct of the institution (article 21, §1, 8° of the Act of 25 April 2014 on the status and supervision of credit institutions).
• Several legal instruments provide for a whistleblowing structure in the insurance sector, such as the IDD Directive ((EU) 2016/97 on insurance distribution and the PRIIPs Regulation ((EU) No 1286/2014 on key information documents for packaged retail and insurance-based investment products). The Market Abuse Regulations and Solvency II Law provide for similar procedures.
Furthermore, the Belgian Data Protection Authority issued a recommendation in 2006, setting forth guidelines for companies on how to establish an internal whistleblowing procedure or hotline in accordance with the Data Protection Act (Recommendation 01/2006 of 29 November 2006).
At European level, a Directive on the protection of persons who report breaches of Union law (“The Whistleblower Directive”) has been approved on 7 October 2019. This Whistleblower Directive aims to protect whistleblowers across the various countries within the European Union. Member States (including Belgium) must implement this Whistleblower Directive in national law by the end of 2021. The Whistleblower Directive has a very broad scope of application, as it applies to any breach of Union law in general and it covers civil servants, employees, self-employed individual and board members. On the basis of this Directive, member states are required to take all necessary measures to prohibit any form of retaliation against whistleblowers.
How does outside counsel determine who “the client” is for the purposes of conducting an internal investigation and reporting findings (e.g. the Legal Department, the Chief Compliance Officer, the Board of Directors, the Audit Committee, a special committee, etc.)? What steps must outside counsel take to ensure that the reporting relationship is free of any internal conflicts? When is it appropriate to exclude an in-house attorney, senior executive, or major shareholder who might have an interest in influencing the direction of the investigation?
This depends on the scope and specific circumstances of the internal investigation. In principle, the decision to conduct an internal investigation should be taken by the board of directors, or a person duly authorized by the board the make such decision. The board (or the person to whom such decision is delegated) also decides on the person(s) or team conducting the investigation, including legal counsel. In case of suspicion of involvement in irregularities against board members, the decision to investigate and to appoint external counsel may be taken by the shareholder, but this should be confirmed afterwards by a valid board decision.
The entity is free to decide on the members of the investigation team. This will obviously depend on the nature of the allegations. Normally the lead will be taken by an internal specialist of the entity (loss prevention team, compliance manager), supported by financial and/or technical (IT) experts. The team members should sign specific non-disclosure agreements (unless such NDA is included in their contracts). The person or body authorized to take (disciplinary) decisions should not be part of the team.
It is recommended to involve the legal team from the beginning to avoid that evidence is collected in breach of protective legislation. If no internal legal team exists, or if the legal team is not experienced with this type of investigation, it is recommended to appoint immediately a specialist outside counsel, whose role is to ensure that the investigation is properly conducted and evidence can be used in (disciplinary) proceedings and recovery actions afterwards.
In principle, it is for the entity to determine who the client will be. The “client” ordering the internal investigation and instructing outside counsel may obviously not be someone who is a (potential) witness, or who is (in-)directly involved in the department under investigation. An outside counsel may assume that no conflicts of interest exists unless it turns out otherwise pending the investigation. A signed engagement letter prior to starting the investigation is important; this engagement letter should include the client for the mandate, the scope of the investigation and the way of reporting.
Address: Avenue du Port 86c B113 1000 Brussels
Author 1: Jan Hofkens, jan.hofkens@lydian.be
Author 2: Yves Lenders, yves.lenders@lydian.be