Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
When British short seller Matthew Earl called the whistleblower hotline of Germany’s financial watchdog BaFin in late 2016 to flag suspicious activities at German payments company Wirecard, he did not get far.
After he mentioned the company’s name, Earl said the friendly person at the other end asked him to call back at a later point, claiming their English wasn’t good enough. On the second attempt, BaFin hung up on him after he had said he was calling about Wirecard. For his co-authorship of an anonymous report into suspected accounting fraud and money laundering at Wirecard, Earl even became a target of an unfounded criminal investigation by prosecutors.
Such experiences have been typical for whistleblowers in Germany: there has been a long-standing distrust in the country of individuals who highlight other people’s wrongdoings to authorities. This view is partly rooted in German history: both the Nazis and the communists in the German Democratic Republic urged and incentivised citizens to report suspicious behaviour.
And whistleblowers have long enjoyed very little if any legal protection. For decades, even employees who flagged criminally relevant behaviour by their employers to police could be fired legally. Courts argued that whistleblowers behaved disloyally and violated their duty of allegiance to the employer. In a landmark ruling in 2011, the European Court of Human Rights struck down this view.
While BaFin reorganised and beefed up its whistleblower office after the collapse of Wirecard in June 2020, the legal position of employees who flag misconduct has improved only slowly, and mainly due to pressure from the European Commission.
In 2019, Brussels decreed that member states needed to establish secure channels for whistleblowers and protect them against retaliation. Germany long dithered in implementing those rules, only putting them in place last summer and missing the deadline for the implementation of such rules by two years. It has been taken to the European Court of Justice over an alleged infringement of EU rules. Simon Gerdemann, an academic specialising in whistleblower protection at University of Göttingen, says he expects that Germany will be fined about €30mn for the delay.
The new whistleblower protection rules, in place since July, made it easier and less risky to report misconduct. “If you start at zero, any progress is an improvement,” says Annegret Falter, chair of the German Whistleblower Netzwerk, adding that one of the biggest steps forward was the ban of any retaliation against whistleblowers.
During the first seven months of its foundation in July 2023, the new national whistleblower office at Germany’s Federal Office of Justice has received 478 reports from whistleblowers, of which 24 were deemed criminally relevant and have been passed on to public prosecutors, the office told the Financial Times.
However, the new German laws still fall short of what is required under EU rules, according to experts. One of the biggest flaws is the lack of any financial damages for whistleblowers who suffered non-financial consequences such as mental health problems caused by bullying. According to Gerdemann, this is one of several examples in which the new German whistleblower law is at odds with the EU directive. He warned that these issues were likely to trigger a second infringement procedure against Germany.
Another shortcoming is the fact that compliance staff do not enjoy legal protection, warns Manuela Mackert, former chief compliance officer at Deutsche Telekom and now senior managing director at Ankura, a consultancy.
She points out that, while data protection officers and anti-money laundering officers cannot be terminated under German law, compliance officers are treated like any ordinary employee and do not enjoy such special protection. “Sometimes, compliance needs to be annoying in order to get to the bottom of alleged misconduct,” she argues, adding that this requires full independence and job security as internal investigations can clash with the personal interests of senior managers. Ideally, Mackert says, chief compliance officers should be independent members of the management board themselves, and have the right to directly liaise with the audit committee.
Even four years after the Wirecard debacle, learning the right lessons from the scandal remains an uphill battle for corporate Germany.