1. Overview of the Whistleblowing Landscape

Internal investigations, whistleblowing and external monitoring are the three key pillars in preventing and combating corruption and enabling better governance and performance both on a state and company level. An important place is given to the institution of whistleblowers due to their effectiveness and importance in detecting risks and irregularities. In 2003, the crucial role of whistleblowers in detecting crime and their need for protection were recognized as a part of international law when the United Nations adopted the Convention Against Corruption[1]. This Convention was signed by 140 nations and formally ratified, accepted, approved, or acceded by 137 nations, including Turkey[2].

With the growing recurrence of corruption scandals in recent years, especially in large companies, there has been a growing global interest in establishing whistleblower laws at the national level as well. Not to mention the national rules and regulations adopted in certain countries, which have extra-territorial reach, such as the U.S. and the U.K.[3] International organizations such as G20[4], OECD[5] and ICC[6] have also been influential in pushing for greater international adoption and national implementation of whistleblower laws and best practices.

Significant risks and costs are associated with whistleblowing, the most commons being subject to bad publicity, discrimination, and being fired. Given that the role of whistleblowers are crucial to be aware of violations and breaches that would otherwise remain concealed, adopting a wrong approach in shaping a whistleblowing policy can be detrimental to the fight against corruption and pose a serious threat to the welfare of the society both at micro and macro levels. In a similar vein, a well-built whistleblowing policy, together with a strong anti-retaliation message can reduce the vulnerabilities of whistleblowers and empower them to speak up without fear, which would, in turn, help detect and deter acts of corruption and promote a culture of compliance and transparency.

Currently, only a few countries have comprehensive whistleblower protection policies. The majority tend to have a legal framework that is so fragmented that it leaves significant gaps in this respect. Jurisdictions such as the UK, the US, France, Ireland, and Italy offer specific protection to whistleblowers against retaliation by their employers. In other countries, such as Germany, Hong Kong, Brazil, and Turkey there is no specific protection for whistleblowers. Yet, the more countries adopt a particular policy in this respect, the more likely others are to follow. Perhaps, a number of highly visible public scandals such as Wikileaks and Cambridge Analytica can increase pressure upon countries to implement safeguards for the benefit of whistleblowers.

The most recent move came from the European Union in this respect through the adoption of an EU-wide legislative act for a uniform whistleblower protection. It is expected that Turkey is likely to follow suit sooner or later as part of its accession track to the EU.

2. What’s at Stake in the EU Whistleblower Protection Directive?

On 7 October 2019, the European Union adopted the Directive (EU) 2019/1937 dated 23 October 2019 on the protection of persons who report breaches of Union law, commonly referred to as the Whistleblower Protection Directive[7] (the “Directive”). The Directive entered into force on 23 December 2019 and the Member States are given two years to implement the Directive into their national law. The Directive aims to enable confidential reporting and protect whistleblowers against termination of employment, refusal of promotions or salary, transfer or change of workplace and discrimination. For this, it provides for minimum harmonization standards that should be adopted at the national level.

Currently, whistleblower protection varies between Member States. Some have relatively high levels of whistleblower protection in place (e.g. Ireland) and some having practically none (e.g. Cyprus). Prior to the adoption of the Directive, the EU had long been called for an EU-wide law on whistleblower protection, but both the European Commission and the Council of Europe were unwilling to act on these calls due to several reasons. The call for an EU law on protection of whistleblowers was first voiced by the European Parliament in October 2013,[8] but the Commission rejected the request on the grounds that international standards are already in place.[9] When it comes to the Council of Europe, it appeared to have no interest to enhance legal protections for whistleblowers at the time.[10] Nevertheless, a series of scandals that were revealed to the public by whistleblowers (e.g. WikiLeaks, Panama Papers, Cambridge Analytica, LuxLeaks etc.) made the EU’s need for comprehensive protection of whistleblowers more apparent and the Commission proposed the Directive in April 2018.

According to the Directive, the Member States must ensure that the following key provisions are transposed into the national law as necessary:

  • Companies in scope: The Directive applies both to the private and public sectors. Companies located in the EU with 50 or more employees will be required to implement internal compliance reporting channels.[11] Furthermore, all companies are required to ensure that whistleblowers are protected against any form of retaliation.
  • Scope of protection: The Directive applies not only to employees working at the company at the time of the reporting but also to applicants who disclose breaches during a recruitment process and former workers.[12] Furthermore, the protection extends to volunteers, paid or unpaid trainees, contractors, subcontractors and suppliers, as well as self-employed persons, shareholders, management, and administrative or supervisory bodies.[13] To protect whistleblowers, companies will be required to refrain from any form of retaliation, including termination of employment, unjustified negative performance assessments or negative impacts on promotions or salary, transfers/changes of workplace, and harassment or discrimination.[14]
  • Subject matters of protection: The Directive refers to protecting individuals who report breaches of certain EU law, including public procurement, financial services, products and markets, prevention of money-laundering and terrorist financing, product safety and compliance, transport safety, protection of the environment, radiation protection and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, protection of privacy and personal data, security of network and information systems, financial interests of the Union, and internal market in terms of competition and taxation. [15] The protection covers only the disclosures pertaining to breaches of the EU law and national policies setting rules beyond the minimum standards of the EU regulations and directives are left out of scope in this respect.[16]
  • Minimum standards for protection: Member States will have to require companies to establish a reporting and investigation system available to all employees and other relevant persons specified in the Directive.[17] Such a system can be operated internally by the company itself, or externally by a third-party service provider appointed by the company. Either way, it must be designed and operated to ensure the confidentiality of the whistleblower and prevent access to non-authorized persons. The internal reporting system must allow for reporting in writing (e.g. by mail, by physical complaint boxes, or through an online platform, whether it be on an intranet or internet platform) and/or orally (e.g. via telephone or through other voice messaging systems). If requested by the whistleblower, the system must enable submission of a report by means of in-person meetings. Once the report is submitted, the company is obliged to confirm receipt of the report within seven days and must respond to the whistleblower within three months after the confirmation.[18]
  • Three-tier reporting model: The Directive recommends a three-tiered reporting model, which is composed of internal, external, and public reporting channels. Internal reporting refers to reporting to the company itself; external reporting concerns making a report to law enforcement agencies/authorities outside of the company; and public reporting refers to disclosure to the media. According to the three-tiered model, the whistleblower is encouraged to take the internal route first; and resort to the external means by taking the report to relevant enforcement authorities ideally following an internal reporting (or directly without prior internal reporting); then the whistleblower may turn to the public if sufficient measures are not taken in the first two steps.
  • Aspects to be governed by Member States: The Directive provides leeway for Member States to determine certain aspects of the protection for whistleblowers, through which different reporting systems may be set in the different Member States. For instance, Member States can decide whether anonymous reporting will be permitted,[19] whether subject matters of the protection will be expanded, and whether protection will be extended beyond what the Directive requires. Similarly, scope of sanctions to be imposed in case of non-compliance is left to the discretion of Member States. Member States can also implement stronger measures for whistleblowers, such as requiring companies with fewer than 50 employees to form internal reporting channels.[20]

Overall, the Directive is the first EU law resource to address the fragmentation of protection for whistleblowers across the EU. Although the Directive permits Member States to determine certain aspects by their national laws, there is an opportunity now for Member States to form and/or strengthen their whistleblower protection laws by converging on the same high standards set by the Directive.

From a critical perspective, the scope of the Directive is found to be limited to the reporting the breaches of certain defined areas of the EU law as specified in Article 2 and it only sets minimum standards due to limited competences of the EU, which may not protect mere violations of national law and this may create legal uncertainty for whistleblowers to understand whether they are protected or not.[21] For instance, Article 6(1)(a) of the Directive requires whistleblowers to have reasonable ground to believe that the information they are reporting falls within the scope of the Directive to be qualified for protection. Given that the person whistling the blow is rarely in a position to perceive the situation wholly and accurately at the time of the reporting, the Directive is not fully effective to eliminate the vulnerabilities of whistleblowers against retaliation.[22] Moreover, the Directive is applicable to reports of breaches related to procurement rules involving defense or security information. This could be problematic as national security whistleblowers often suffer the most severe retaliation, including not only termination of employment but also criminal investigation.

Trends similar to the EU in whistleblower protection frameworks may emerge in Turkey given the global/regional nature of today’s businesses, which may produce extraterritorial effects and may lead to cooperation between regulators across the region. Moreover, Turkey must align its legislation with the Directive as part of its accession process to the EU.

3. Legal Protections for Whistleblowers in Turkey

Turkey does not have any specific legislation regarding whistleblowing protection. Nonetheless, Turkey is party to all international anti-corruption conventions, including the United Nations Convention against Corruption and the International Labour Organisation’s Termination of the Employment Convention No. C158. It is also worth mentioning that Turkey’s anti-corruption legislation has been improving in the last twenty years aligning with the international conventions and standards, to which Turkey has become a party. However, Article 32 and 33 of the UN Convention Against Corruption (i.e. provisions on protection of witnesses and whistleblowers) have not been implemented in Turkey yet[23] and there is no specific legislation for protection of reporting persons.

There are however several provisions scattered across different laws prescribed under the Turkish legislation that may apply to whistleblowing cases:

  • The UN Convention against Corruption: Turkey signed the Convention on 10 December 2003 and ratified it on 9 November 2006. Pursuant to Article 90 of the Constitution of the Republic of Turkey, duly ratified international agreements have the force of law. Article 33 of the UN Convention calls the signatory states to adopt appropriate measures to provide protection for whistleblowers against any unjustified treatment for their reporting to the competent authorities. However, the Convention still needs to be implemented fully as no specific legislation has been enacted in this respect yet.
  • OECD Convention & Guidelines: It is also a party to OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions. It also commits to follow the Guidelines for Multinational Enterprises issued by the Organization for Economic Co-operation and Development. The Convention obliges the signatories to adopt the necessary rules and regulations to fight against wrongdoing. The Guidelines state that multinational enterprises should refrain from discriminatory or disciplinary action against employees, who make reports on practices that violate the law, the Guidelines or the company’s internal policies.[24]
  • ILO’s Convention No. C158 and Labor Law No. 4857: Turkey ratified the Convention on 4 January 1995 and entered into force twelve months after its ratification was registered as law. Pursuant to Article 5 of the Convention, “filing of a complaint or the participation in proceedings against an employer involving alleged violation of laws or regulations or recourse to competent administrative authorities” should not constitute valid reasons for termination. Moreover, Article 18 of Turkish Labor Law No. 4857 echoes Article 5 of ILO’s Termination of the Employment Convention No. C158. This protection is only in relation to complaints filed against employers – i.e. there is no specific regulation for reporting an employee. There is no specific law protecting employees in reporting a wrongdoing, however, according to Article 25 of the Law, acts abusing the employer’s trust, theft, or the disclosure of confidential and professional secrets pertaining to the employer are deemed to be fair grounds for termination of an employment agreement in case such acts are against the employee’s duty of loyalty.
  • Code of Obligations No. 6098: Pursuant to Article 396 of the Turkish Code of Obligations, “employees are obliged to do their work undertaken diligently and act loyally in protecting legitimate interests of the employer,” in light of which the employee should report to the employer the wrongdoing of another employee they witnessed, in accordance with the duty of loyalty if an employee witnesses any wrongdoing at the workplace.
  • Criminal Code No. 5237: Articles 278-284 of the Turkish Criminal Code prescribes penalties for failure to report crimes. Accordingly, any person who fails to report an offense that is in progress to the relevant authority will be sentenced to a penalty of imprisonment for a term of up to one year. Furthermore, any person who fails to notify the relevant authority of any offense that has already been committed but where it is still possible to limit its consequences will be sentenced to a penalty of imprisonment for a term of up to one year as well. There is also an effective remorse mechanism (a type of leniency) under the Turkish Criminal Code that provides for either a reduction in the penalty or full immunity. This mechanism applies for certain crimes only as prescribed in the Turkish Criminal Code, which include also bribery and money laundering. In respect of bribery, if either the perpetrator, participant, intermediary or accessory to a crime reports it to the authorities before the law enforcement bodies become aware of it, that person will not be subject to any punishment for bribery. In respect of money laundering, there will be no punishment for a person who helps the law enforcement bodies to seize the assets that are the subject of a crime or reports their location before the commencement of criminal proceedings.
  • Law No. 4054 on Protection of Competition: There is a leniency application mechanism for cartel cases under the Turkish competition law regime. Apart from Law No. 4054, the Regulation on Active Cooperation for Discovery of Cartels (i.e. Leniency Regulation) and the Guidelines on Clarification of Regulation on Leniency specify the details of the leniency mechanism. Accordingly, the leniency program is only available for cartelists – i.e. it does not apply to other forms of antitrust infringement. A cartelist can apply for leniency until the investigation report is officially served. Depending on the application order, there may be full immunity from, or reduction of, a fine. 
  • Others: Whistleblowers who report tax evasions can be awarded up to 10% of the tax imputed and those who report the smuggling of goods or drugs can be awarded up to 25% of the value of the smuggled goods or drugs. In addition, the Regulation on the Awards to be Granted to Whistleblowers Who Help with Revealing Terror Crimes or Collecting Evidence or Catching the Offenders provides for whistleblowers who report terrorist organizations to be granted a financial incentive. The only legislation specifically granting legal protection to whistleblowers is Law No. 5726 on Witness Protection, which applies only to people who have provided testimonies during criminal proceedings and certain of their relatives.

Overall, Turkey has a plenty of room for whistleblower protection and needs a single legal structure for this to ensure effective implementation, rather than a piecemeal approach. With the globalization of anti-corruption legislation (e.g. the FCPA and the UK Bribery Act) it is critical to look at whistleblowing on a global basis given the nature of today’s businesses. The fact that Turkey is an accession country for the EU and accordingly many of Turkey’s regulations are akin to, and closely modelled on, the EU regulations (e.g. antitrust, data protection and privacy etc.), the adoption of the Directive may encourage Turkish legislation body to adopt similar rules for whistleblower protection. Furthermore, Chapter 23 (Judiciary and Fundamental Rights) for Turkey’s accession to the EU requires Turkey to implement a whistleblower protection. In fact, the European Commission’s 2020 Turkey Progress Report[25] emphasizes that Turkey’s “legal framework on whistleblower protection still needs to be aligned with the new EU acquis on this issue.” During the negotiation process for Turkey’s accession, Chapter 23 carries special importance for Turkish authorities as it has been emphasized at the Judicial Reform Strategy by the Ministry of Justice.[26] Therefore, once the transposition process of the Directive is complete in Member States, it can be reasonably expected from Turkey to follow suit (sooner or later) as part of its accession track to the EU. Alternatively, the Directive would accelerate Turkey’s implementation process together with the commitments Turkey made as regards whistleblower protection under the aforementioned UN and OECD Conventions.

*This content was originally published in Global Investigation Review 2021.

[1]         United Nations Office on Drugs and Crime, “United Nations Convention Against Corruption”, 2004. Available online at      https://www.unodc.org/documents/treaties/UNCAC/Publications/Convention/08-50026_E.pdf

[2]         Turkey has completed the ratification procedure on 09.11.2006, together with the Ratification Law No.5506 dated 24.05.2006. Avaliable online at https://www.resmigazete.gov.tr/eskiler/2006/05/20060524-4.htm (Only in Turkish)

[3]         Eduard Ivanov, International Anti-Corruption Academy,” Overview of Anti-Corruption Compliance Standards and Guidelines”, 2019. Available online at https://www.iaca.int/media/attachments/2020/01/09/overview_of_compliance_standards_and_guidelines.pdf

[4]         Group of Twenty (G20), “High-Level Principles for the Effective Protection of Whistleblowers”, 2019. Available online at https://g20.org/pdf/documents/en/annex_07.pdf.

[5]         G20 Anti-Corruption Action Plan, “Protection of whistleblowers: Study on whistleblower protection frameworks, compendium of best practices and guiding principles for legislation”, 2010. Available online at https://www.oecd.org/corruption/48972967.pdf.

[6]         International Chamber of Commerce (ICC), “Guidelines on Whistleblowing”, 2008. Available online at https://iccwbo.org/content/uploads/sites/3/2008/06/ICC-Whistleblowing-Guidelines.pdf

[7]         European Parliament and the Council, “Directive (EU) 2019/1937 of the of on the Protection of Persons who Report Breaches of Union Law”, 23 October 2019. Available online at https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019L1937

[8]         European Parliament, “Resolution on Organised Crime, Corruption and Money Laundering: Recommendations on Action and Initiatives to be Taken”, (2013/2107(INI)), 23 October 2013, point 14.

[9]         Nielsen, N., “EU-Wide Whistleblower Protection Law Rejected”, EU Observer, 23 October 2013. Available online at https://euobserver.com/justice/121873.

[10]        Transparency International, “Whistleblowing in Europe: Legal Protections for Whistleblowers in the EU”, 5 November 2013, p. 48. Available online at https://images.transparencycdn.org/images/2013_WhistleblowingInEurope_EN.pdf.

[11]               For companies with 50 to 249 employees, this obligation will not apply until 17 December 2023.

[12]               Article 4 of the Directive.

[13]               Ibid.

[14]               Articles 19-20 of the Directive.

[15]               Article 2 of the Directive.

[16]               Article 1 of the Directive.

[17]               Article 4 of the Directive.

[18]               Article 9 of the Directive.

[19]               Article 6(2) of the Directive.

[20]               Article 8(7) of the Directive.

[21]               Transparency International, Building on the EU Directive for Whistleblower Protection Analysis and Recommendations, 2019. Avaliable online at https://images.transparencycdn.org/images/2019_EU_whistleblowing_EN.pdf

[22]               Ibid.

[23]               Transparency International Turkey and the UNCAC Coalition, Enforcement of Anti-Corruption Laws: Turkey, 2015. Available online at https://uncaccoalition.org/files/cso-review-reports/Year-4-UNCAC-Review-TI-Turkey.pdf

[24]               Guidelines for Multinational Enterprises issued by the OECD, Section II, General Policies, 14.

[25] Available at https://ec.europa.eu/neighbourhood-enlargement/sites/near/files/turkey_report_2020.pdf.

[26] Ministry of Justice, “Judicial Reform Strategy”, May 2019, Avaliable at https://sgb.adalet.gov.tr/Resimler/SayfaDokuman/23122019162949YRS_ENG.pdf