On January 1 2017, the German Federal Financial Supervisory Authority (“BaFin”) set up an online whistleblowing system allowing anyone to anonymously report alleged violations of supervisory law. BaFin is the national supervisory authority for banks, financial service institutions, the securities market and insurance undertakings in Germany. The online whistleblowing system is part of an effort to comply with Section 32 of the 2014 European Market Abuse Regulation (MAR) which obliges EU member states to establish effective mechanisms for reporting actual or potential infringements of EU law. It is the latest addition to a central reporting platform established at BaFin in July 2016.
In Germany, the scope goes beyond EU law infringements and also relates to any violation of national or EU supervisory law to the extent BaFin is competent to supervise compliance with these rules. The reporting system allows for anonymous communication by ways of an encryption mechanism shielding the identity of the reporting whistleblower. While BaFin is legally bound to guarantee whistleblower anonymity, available personal data may be forwarded in case of subsequent criminal proceedings or released due to a court order.
The online whistleblowing system is backed by an anti-retaliation provision ensuring that individuals do not suffer disadvantages in labor law, criminal law or by being the subject of damage claims (unless the reported facts are wrong and the individual acted in gross negligence). Any contractual provisions preventing employees from reporting to BaFin have no legal effect. Although Section 32 MAR allows EU member states to provide for financial incentives to persons who offer relevant information about potential infringements, Germany has opted not to implement “whistleblower awards” as part of its whistleblowing legislation.