WHISTLEBLOWING LAW IN MALTA

PRACTICAL LEGAL ADVICE. GET COMPLIANT.

What is Whistleblowing?
Whistleblowing is the act of reporting wrongdoing within an organisation, such as fraud, corruption, and other breaches of laws, which are of serious and widespread concern, in the public interest. Reporting may be internal or external.

This is not to be confused with individual workplaces grievances which are of personal interest (such as harassment, discrimination or bullying) which will generally not fall within the scope of whistleblowing protection.
How is Whistleblowing regulated in Malta?
The protection of whistle-blowers in Malta is regulated by means of the Protection of the Whistleblower Act (Chapter 527, Laws of Malta). Employees also find protection against the offence of victimisation in the Employment and Industrial Relations Act (Chapter 452).
Chapter 527 has recently been amended in order to transpose Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law. In this regard organisations ought to be considering the far-reaching implications of this new law.

Internal Reporting Channels

Entities with more than 50 employees & public sector institutions, authorities and municipalities are obliged to set up suitable internal reporting channels.

Confidentiality

Entities must ensure that their whistleblowing process adheres to the principles of confidentiality as well as comply with data protection law.

Reputational damage

Robust internal reporting channels may avoid external leaks, as well as mitigate risk of reputational damage and fines.

Who we are

Fenech & Fenech Advocates is a full-service firm which is well positioned to advise clients on whistleblowing legislation, including with:

  • The structuring of effective compliance and reporting programs;
  • Performing review of protocols;
  • Conducting training;
  • Defending client interests and reputation when reports are filed.

The firm relies on its multi-talented team of lawyers specialised in the various fields, with experience in litigation. The Employment Law team, headed by Partner Dr Paul Gonzi, who also co-heads the Data Protection team within the firm, is well placed to advise on the regulatory and practical requirements of the law, including on data protection, confidential information and trade secrets legislation, subjects which are integral to whistleblowing. 

POINTS OF CONTACT

Paul Gonzi

Partner
paul.gonzi@fenechlaw.com

Mattea Pullicino

Associate
mattea.pullicino@fenechlaw.com

FAQS

To which organisations does the law apply?

The Directive and Chapter 527 require legal entities that employ more than 50 employees to introduce internal reporting channels and procedures for follow up.

Can the law ever apply to entities with less than 50 workers?

Yes, by way of exception.   The Directive permits Member States to require entities in the private sector having less than 50 workers to set up internal reporting channels. This would have to be done following an appropriate risk assessment taking into account the activities of the entities (especially when there are risks on the environment and health), which decision would have to be communicated to the EU Commission and to other Member States.   The new law replicates this possibility but does not seem to propose any decision to impose the obligation on legal entities in the private sector with fewer than 50 workers.

Who will be protected by the law?

Protection is granted to persons who acquire and disclose information on certain defined breaches in a work related context, this irrespective of the size of the entity and/or whether the entity is in the private or public sector. Protection applies to persons having the status of a worker. This includes, self-employed persons, contractors, and civil servants, shareholders, persons in management (as well as non-executive members), volunteers and unpaid trainees. Protection may extend to circumstances where the work-based relationship has ended or is yet to begin. Protection will also extend to persons who facilitate the report and/or who are connected with the reporting person and could suffer retaliation in a work-related context (such as colleagues and relatives). Whistleblowers who report breaches will be protected as long as certain specific conditions for protection are satisfied, and provided that the several exceptions or exclusions do not apply.

Is the law the same in every EU Member State?

No. National implementation of the Directive will not result in full harmonization across EU member states. Whistleblower legislation is likely to differ in individual EU member states.

Does the law alter the previous conditions for protection of reporting persons?

Yes. Previously disclosures were protected if (a) they were made in good faith, (b) the whistle-blower reasonably believed, at the time of disclosure, that the information disclosed and allegations made were substantially true, (c) that the information tended to show an improper practice being committed, and (d) that the disclosure was not made for purposes of personal gain. These conditions all had to be satisfied in order for protection to be granted. The new law does away with several of the conditions, in that it states that a disclosure shall be a protected one where (a) the whistle-blower had reasonable grounds to believe that the information on breaches disclosed was true at the time of the disclosure, (b) that such information fell within the scope of the Act, and (c) the whistle-blower disclosed internally or externally, or made a public disclosure as permitted in terms of law. Once more, these conditions must all be satisfied in order for protection to be granted.

Does the Act protect anonymous reports?

The Directive allows EU Member States to decide whether anonymous reports of breaches must be accepted and followed up. Nevertheless, even if anonymous reports need not be accepted in terms of a Member State Law, persons who report or publicly disclose information on breaches anonymously, but who are subsequently identified and suffer retaliation, shall qualify for protection. The Act stipulates that anonymous disclosures will not be protected, yet if following a public disclosure that is made anonymously the whistle-blower is subsequently identified and suffers retaliation, that disclosure shall be a protected disclosure (as long as the disclosure satisfies the conditions established for normal protected disclosures). Whether this is fully aligned with the Directive is questionable, in that the protection in the Directive seems to apply not only to situations where the whistle-blower is identified after an anonymous public disclosure but also after anonymous reporting.
LATEST INSIGHTS
Whistleblowing
16/02/2022
DO YOU EMPLOY MORE THAN 50 WORKERS? IF SO, IT’S TIME TO GET CRACKING!
VIEW ARTICLE
Whistleblowing
10/11/2021
THE EU WHISTLE-BLOWER PROTECTION DIRECTIVE – GET PREPARED!
VIEW ARTICLE
Whistleblowing
17/11/2021
WHISTLE-BLOWER PROTECTION – NEW DRAFT BILL PUBLISHED
VIEW ARTICLE
Whistleblowing
01/12/2021
WHISTLEBLOWING AND DATA PROTECTION
VIEW ARTICLE