The Protected Disclosures (Amendment) Act 2022 ("2022 Act") comes into effect on 1 January 2023. The changes it makes to the Protected Disclosures Act 2014 are outlined in our previous client update.
Of primary note, the 2022 Act requires that all entities initially in scope must have and maintain internal reporting channels and investigation procedures that comply with its requirements from 1 January 2023.
Entities Initially in Scope
By virtue of (i) prescribing a wide range of EU regulated entities to be in scope and (ii) the regime now applying to a more extensive range of individuals connected to a relevant entity, most Irish regulated entities will be subject to the new whistleblowing obligations from 1 January 2023.
Regulated Entities
Without reference to specific legal structure, the 2022 Act applies, in its initial phase, to any 'employers' that are entities who fall within the scope of a prescribed list of EU laws. This list covers a wide range of areas of financial services regulation, including EU directives / regulations applicable to the following, non-exhaustive list of Irish authorised entities:
- UCITS management companies;
- AIFMs;
- Externally managed ICAVs and PLCs authorised as UCITS or AIFs;
- MiFID investment firms; and
- Payment services and e-money firms.
The list also covers entities that fall within the ambit of the Criminal Justice (Money Laundering and Terrorist Financing) Acts 2010 to 2021 ("CJA").
Individuals Connected to a Relevant Entity
An entity will be an employer where it has a 'worker'.
As well as covering employees, contractors, shareholders and other
individuals, a worker includes non-executive directors.
Therefore, entities cannot avoid the 2022 Act obligations if they
have a board of directors and no employees. The presence of the
directors and shareholders alone will bring these entities (such as
externally managed ICAVs) into scope.
Existing Whistleblowing Requirements
It should be noted that many regulated entities have existing
legislative obligations to establish reporting channels and report
contraventions of financial services law to the Central Bank of
Ireland including, for example, rules applicable to UCITS
management companies and those in scope of the CJA.
Those obligations will continue to apply in addition to the 2022
Act requirements.
Action Required
Entities initially in scope of the 2022 Act must ensure they
have a framework in place that captures the new requirements. They
should therefore take appropriate steps to establish and maintain
secure and confidential internal reporting channels and investment
procedures for protected disclosures.
Our Financial Services Regulatory and Employment Groups have been
working closely with regulated entities to assist in developing or
updating their internal written framework to ensure they comply by
1 January 2023.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.