Thu, Jun
87 New Articles

Bulgarian Whistleblowing Woes – A CEE Legal Matters Round Table

Bulgarian Whistleblowing Woes

Round Tables
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Hosted by Penkov, Markov & Partners, nine lawyers from Bulgaria – six working in-house and three in private practice – sat down for a round table conversation to discuss the EU Whistleblowing Directive and how it will impact companies in the country.

  • Alexander Tsanev, Legal Counsel, SumUp
  • Anton Petrov, Deputy Director Legal, First Investment Bank
  • Elina Vardeva, Head of Legal, Siemens 
  • Iliana Byanova, Chief Legal, Sopharma Trading
  • Ilya Komarevski, Managing Partner, Komarevski, Dimitrov and Partners
  • Ivelina Vassileva, Attorney at Law, Schoenherr
  • Nikolay Voynov, Attorney at Law, Penkov, Markov & Partners
  • Tsvetelina Yotova, Legal Counsel, SumUP
  • Vladislav Nikolov, COO, General Counsel, EnduroSat 

A Familiar Tool for an Old Problem

To set the background of the conversation, Petrov points out that, at the moment, only about 20% of fraud is detected and prosecuted, 40% is detected but not prosecuted, while the remaining 40% simply goes undetected – the so-called “dark number.” According to him, “the regulator is trying to figure out how to clear this up while keeping in mind that 60% to 70% of prosecutions result from anonymous tips.” The EU Whistleblowing Directive is aimed at just that.

The principles of the EU Whistleblowing Directive are not necessarily completely new, according to Byanova, who points to the fact that a whistleblower protection regulation was introduced in the financial sector already several years ago (and in aviation and maritime transport as well): “In fact, it has been around for about a decade now as it was introduced as part of the Basel Committee guidelines and the Capital Requirements Directive (CRD IV). I believe that pretty much all that we are reading now in the new directive is already in place in terms of policies within banks.” She also highlights that there already is a national hotline meant to report cases of conflicts of interest and corruption. Furthermore, Nikolov points out that there already is a “good legislative ground for whistleblowing in competition law – the so-called ‘leniency program’ where one (even a participant in a violation) can inform the competent authority about a forthcoming or existing infringement of the competition regulations. This has been a well-used procedure in the EU and US law systems for years and a good example that the whistleblowing regulations are not new, but further development of already existing rules.”

Voynov agrees with Byanova but notes that is really the case only for internal channels – “external ones will be a different matter. Unlike in most countries where whistleblowing has been in place for at least a decade, especially when it comes to anticorruption channels, an unfortunate equality has been drawn between a whistleblower and an informer (snitch) in the public perception, as illustrated in various NGO reports and studies on the matter.

Cause(s) for Concern

Drawing from her own company’s experience, Vardeva says that Siemens already has strict reporting channels in place – “so nothing new is really on the horizon for us.” The one potential problem that Vardeva highlights is an interpretation paper issued by the European Commission, (in response to a letter sent by certain Danish companies) according to which, she explains, “groups of companies with 50 or more employees cannot use just the channels established in their central HQ – rather they also need to set up new local ones.” This, she argues, “is something that is not very reasonable – we already have the resources and the channels built there and now it’ll take additional capacity to establish internal channels in each country and train the relevant people to take this on. Whether or not we’ll be able to rely exclusively on our already created, centralized tools and they will be considered sufficient is the main concern for us.” And she is not the only one for whom this is the case, with Yotova saying that SumUP also has well-established channels in place equipped to cover all elements required by the directive, but to what extent their current system meets the local requirement is a question mark. “There is no real exception for international groups, unfortunately, so the real question for someone like us, with a system in place globally, is what needs to be done locally.”

And a particularly difficult element going forward, according to Yotova, is that the directive specifies that a national body should investigate reports. “Imagine someone in Germany files a report about a breach in Luxembourg using a channel in Bulgaria. How will the Bulgarian authority step in, in this case?” And to further add to this issue, Voynov highlights that this is a directive – not a regulation – which can “very well lead to astonishing differences in transposition in local markets. Whistleblowing within global organizations will be very difficult because of this.” Even in Bulgaria, it is as of yet unclear how it will be transposed into local law, with Vassileva explaining that the current draft has yet to be passed by the national assembly.

“I see several things that concern me,” Voynov comments looking at the current draft, with a particular focus on the aspect of anonymous whistleblowing. He notes that the threshold of 50 employees, as set in the directive and “directly translated into the Bulgarian draft,” will be “very challenging.” Beyond the threshold, he believes that “both the aspect of anonymous signaling and the specific authority in charge of it in Bulgaria need to be carefully reassessed and perhaps even reconsidered.” On the latter, Petrov agrees, noting that “the current spectrum is very wide, and the authority will need some time to educate itself if it is to investigate every single one.” Of anonymous tips, however, he is a promoter, reminding us that they comprise 60-70% of all investigations. “Whistleblowing is often discouraged in Bulgaria. We are scared of the process, and we need to become more comfortable with it to accept elements such as anonymous tips, which are still deemed ‘not reliable.’”

Komarevski agrees, adding that “culture here in Bulgaria does not help. We don’t like reporters, and we need to educate all that it is not bad to report on wrongdoing. Without anonymous reporting, I believe we’d have very few cases reported to begin with. I believe that, for all its challenges and risk of abuse, anonymous reporting is the way to move forward here, especially since I believe the current culture is in place because there was no legislative support in the past for anonymous reporting.” Nikolov believes that this cultural aspect can be addressed by the update, describing it as a “good step towards empowering people,” while Vardeva, drawing from her exchanges within business associations, points out that she was “really surprised to hear that most business representatives support anonymous reporting – something I would not have necessarily expected from large employers.”

The Drawbacks of Anonymous Signaling

The first question raised by Byanova is whether anonymity can be protected, to begin with: “does anyone know of a single huge whistleblowing case where the whistleblower remained anonymous?” Tsanev agrees: “if it’s a big case, indeed, it’s impossible.” Further, it’s not just about the size of the case but also that of the team, with Nikolov explaining that, “in a relatively small organization, even an anonymous report could be easily tracked by management to its origin, which could prevent the proper implementation of this regulation in practice. As we are well aware, the regulation is enforceable for teams of 50 (and above) employees, but from my practice, I can assume that even in a team of 100-150 a potential whistleblower could be easily revealed and become subject to retaliatory actions by the respective company. I see this regulation as really only applicable and working for bigger organizations.”

But Yotova highlights the distinction between anonymity and protecting the identity of the whistleblower. “There are ways to ensure the system knows the identity of the whistleblower but keeps it a secret,” she explains, adding: “In my opinion, anonymity itself won’t bring anything helpful to a major investigation, especially keeping in mind that the lawyer of the persons concerned will, from the very beginning, argue the right of defense of their client is compromised by not knowing who is giving the signal. And, ultimately, the relevant authority won’t be able to investigate properly because of the shortage of information.” On this point, however, Petrov argues that, at this stage, getting to prosecution is key: “As a reminder, 40% of cases of fraud are recognized by the state as never being identified. Even if the prosecution would not be as effective, it’d still be better to initiate investigations into those cases that we’d otherwise not even know about.” Tsanev agrees that, “even if anonymous reports do not lead to anything, it’s still a red flag that something is going on, meaning that authorities can pay closer attention. It’s like a tax audit – the authorities can’t physically go into every single entity, rather screen and test here and there. If a report is filed, at least the authorities know an investigation is warranted.”

Voynov, however, is concerned with how these anonymous signals might be abused. “If the investigation is carried out by a competent authority, Anton is right, but I’ve seen instances where if an authority comes into your office, it may very likely kill your business. Also, think of a simple instance of public procurement – with only one anonymous signal you can entirely derail a competitor. I see risks of this being weaponized and used abusively,” he explains. “Indeed, there’s a lot of risks,” Yotova adds. “Just imagine the damages that might arise from an abusive report that affects trade secrets – if any are abusively disclosed, we could be talking about millions in damanges against a possible fine of untruthful reporting.” And Nikolov also points to potential abuses from within the organization itself: “I see a risk with employees being very well aware that they can prevent themselves from being fired if they are a whistleblower. It’d be a simple matter of submitting a two-sentence completely ungrounded signal and you’d become subject to unbeatable protection from dismissal – it’s quite scary from a Bulgarian system of law perspective.”

Underpromoted But Not Underdiscussed

In terms of awareness, Byanova feels that, as with compliance matters in general, there is “huge awareness and everyone I know is well aware of whistleblowing. They all want to be prepared and that will be furthered by the fact that, as soon as the draft bill becomes law, law firms will put up newsflashes, and solution providers will look at offering off-the-shelf services for it.” Indeed, Komarevski points out they are already offering digitalized online solutions, acting as a third-party whistleblowing channel keeper to their clients. Vardeva agrees that “businesses are quite aware of what is coming. Within the associations where I am active, we did have a discussion on the whistleblowing directive and the draft law, and I can say that most members are apprised of what is going on. Especially noteworthy is that these members were not just colleagues from other legal departments, but management representatives of their companies.”

Petrov, however, looks at the general population and points out that, “as opposed to say the GDPR, which was a topic of discussion for what feels like a century, there has been little talk on whistleblowing leading up to this update.” Indeed, Komarevski agrees that there has been “no real effort to promote the change to the wider public,” with Voynov adding that the government has done little to help in this regard. In fact, he adds, “Transparency International raised a red flag on it already but the topic seems to have plunged into some kind of an abyss – there was a working group with the Ministry of Justice put together to address it – but between the Green Deal, ESG, and the Russian invasion it seems to have slipped in the background. When the GDPR came around there wasn’t such stiff competition for attention.”

Petrov echoes the need for a government-led campaign. “We have active ongoing campaigns against human trafficking, for example – and that’s certainly a worthy cause – but the effects of fraud and corruption are far more far-reaching.” Vassileva closes the conversation with the hope that the new law will be a catalyst and “that the state authority takes the lead and informs people and runs campaigns to encourage people to report more.”

This Article was originally published in Issue 9.8 of the CEE Legal Matters Magazine. If you would like to receive a hard copy of the magazine, you can subscribe here.

Our Latest Issue