- The new Law 2/2023 of 20 February, which regulates the protection of persons who report regulatory infringements and the fight against corruption, establishes the obligation to implement an "internal information system" to detect irregular conduct in certain types of organisations. The UNE-ISO 37002 standard indicates how a system with these characteristics can be implemented.
- The guidelines of this document are generic and intended to be applicable to all organisations, regardless of type, size, nature of activity, and whether in the public, private or not-for profit sectors.
Madrid, 10 July 2023 - Following the publication of the new Law 2/2023 of 20 February, which regulates the protection of persons who report regulatory infringements and the fight against corruption, the UNE-ISO 37002 standard on Whistleblowing Management Systems takes on special relevance. Guidelines. This global standard is compatible with and complementary to legislation and gives guidelines for establishing, implementing and maintaining an effective whistleblowing management system based on the principles of trust, fairness and protection, and covering all the phases necessary for their management: receiving, assessing, addressing and concluding.
The legal text establishes the obligation to implement an "internal information system" to detect irregular conduct in certain types of organisations. In this context, the UNE-ISO 37002 standard indicates how a system with these characteristics can be implemented. In addition, this system can be a very important governance and management tool for many other organisations that fall outside the scope of the law.
Law 2/2023 transposes into Spanish law Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019, which promotes information processes (alert/whistleblowing) and offers protection to the whistleblower (alerter/whistleblower), understanding that these processes are key to promoting investigations and ensuring a coherent application of European law.
The UNE-ISO Standard helps to put into practice the idea that underlies the new whistleblower protection legislation, where collaboration is a key element in the rule of law because it can help eradicate irregular conduct within organisations that is detrimental to the general interest. Sometimes certain behaviour can occur within organisations that constitute irregularities (breaches of legislation, breaches of codes of conduct or actions or omissions that cause damage, among other things) can remain hidden and do not become known internally. Often, lack of confidence or fear of reprisals prevents employees of an organisation or other people who know of these irregularities from making them known.
This global standard supports all steps of the whistleblowing process, requires the existence of an independent and resourced whistleblowing management function, and requires monitoring, measurement, analysis and evaluation of results for improvement. It also includes a risk-based approach, which is particularly important in identifying the risks of harm that whistleblowers may face.
In addition, it advises that appropriate awareness and training measures should be put in place for all persons performing work under the organisation's control, so that they understand the objectives of the system, the importance of contributing to it, and the implications of non-compliance with the requirements. If governing bodies do not provide trust, impartiality and protection, and if staff do not know or trust the whistleblowing system, there will be no whistleblowing and therefore no effective reporting system.
The recommendations it sets out are applicable to all organisations regardless of type, size, nature of activity, and whether they are public, private or not-for-profit. It can therefore be applied by all those entities that have to comply with the new legislation and also by those entities that, although not obliged to apply it, wish to demonstrate sound and ethical governance practices to society, markets, regulators, owners and other stakeholders.
The UNE-ISO 37002 standard may be of particular interest to those organisations that have implemented a compliance management system. Its application can increase the effectiveness of compliance management systems defined in other standards that incorporate whistleblowing as a key information element (UNE-ISO 37301 Compliance management systems). Requirements with guidance for use; UNE 19601 Criminal compliance management systems. Requirements with guidance for use; UNE-ISO 37001 Anti-bribery management systems. Requirements with guidance for use; UNE 19602 Tax compliance management systems. Requirements with guidance for use; PNE 19603 Compliance Management Systems in the field of free competition. Requirements with guidance for use; o PNE 19604 Social and labour compliance management systems. Requirements and guidelines for use.
