Rechts-, steuer- und buchhaltungsdienstleistungen aus einer hand

Complaints Act

Act XXV of 2023, which is known as the Complaints Act, entered into force on 25 May 2023.

The new Complaints Act makes it compulsory for employers above a certain number of employees and for employers regardless of the number of employees to operate an internal misuse reporting system.

Staff number categories and implementation deadlines applicable to the categories concerned:

– Not mandatory for employees between 1 and 49

– For employees between 50 and 249 persons, mandatory implementation by 17 December 2023

– For staff of 250 or more, an internal misuse reporting system must be in place by 24 July 2023.

The introduction of an internal misuse reporting system is mandatory by 24 July 2023, regardless of the number of employees, and more for firms that are subject to mandatory money laundering controls, e.g. lawyers, auditors, accountants, etc.

The purpose of the internal misuse reporting system is among others to enable employees, former employees or persons who have or have had other contractual relations with the employer, in particular contractors and agents, to report any wrongdoing or abuse they have detected or complained of. The range of notifiable infringements is almost unlimited, so that not only an act subject to the labour law can be notified, but also any act or omission contrary to any law or even the employer’s internal rules.

The notification should be able to be made orally or in writing, and the notifier should be able to make the notification anonymously.

The operation of the misuse reporting system and the investigation of whistleblowing may be carried out by a designated department or person within the company, but it is important that the department or the person is impartial and independent. However, the company may also entrust these tasks to an external organisation or a so-called whistleblower protection lawyer.

The operation of the misuse reporting system and the investigation of misuse reports necessarily involve the processing of personal data, and it is therefore recommended that the company’s privacy policy is reviewed as part of the implementation process.

We will be happy to answer any further questions you may have regarding the internal misuse reporting system.