3. Investigations, Compliance & Ethics
  5. Japan: The requirement for whistleblowing systems under the Amended Whistleblower Protection Act

Japan: The requirement for whistleblowing systems under the Amended Whistleblower Protection Act

19 Jan 2022    4 minute read
Whistleblowing System Whistleblower Compliance Program Internal Investigation

In brief

In June 2022, amendments to the Whistleblower Protection Act ("Amended WPA"), a law that protects employees who have reported violations of certain laws specified in the WPA, are expected to come into force. Amongst other items, the Amended WPA includes a mandatory obligation for companies of a certain size to establish a whistleblowing system with the aim of ensuring the protection of whistleblowers. With the object of providing detailed guidance on how business operators should establish whistleblowing systems, the Consumer Affairs Agency (CAA) issued Guidelines for Appropriate and Effective Implementation of the Whistleblowing System ("Guidelines") and commentary on the Guidelines ("Commentary").

This client alert summarizes the Guidelines and Commentary, together with shedding light on key issues relevant to multinational companies with a subsidiary in Japan.

Contents

Background

1. Overview of the mandatory obligations when establishing a whistleblowing system under the Amended WPA

There are two obligations with respect to whistleblowing systems to be established under the Amended WPA.

  1. Companies must designate personnel who are to be engaged in receiving whistleblowing reports, investigating allegations and taking corrective measures ("Personnel Responding to Whistleblowing Reports").
    Personnel Responding to Whistleblowing Reports: (i) shall be subject to a confidentiality obligation with respect to information obtained in dealing with whistleblowing reports that identifies the whistleblower; and (ii) in the event such personnel divulge the aforementioned information without justifiable grounds, shall be subject to a criminal fine not exceeding JPY 300,000.
  2. Companies are required to establish an internal system to properly respond to whistleblowing reports.

Notably, the mandatory obligation to establish a whistleblowing system mentioned above is reduced to an obligation to "make efforts" for business operators who hire 300 or less regular employees.

In order to ensure effective enforcement of the obligation to establish a required whistleblowing system, the Consumer Affairs Agency (CAA) will be granted the authority to take certain administrative measures, including: (i) making inquiries; (ii) giving guidance or recommendations to business operators failing to meet the requirements; and (iii) publishing the name of business operators should they fail to follow the CAA's recommendations. Moreover, should a business operator fail to report following an inquiry made by the CAA, or should they make a false statement in such regard, the business operator may be subject to an administrative fine not exceeding JPY 200,000.

2. The Guidelines and the Commentary

With a view to providing guidance on several fundamental areas that companies must bear in mind when establishing whistleblowing systems under the Amended WPA, the CAA created the Guidelines and the Commentary. The areas covered in the Guidelines and the Commentary include:

  • Designation of Personnel Responding to Whistleblowing Reports, including the scope of personnel covered and the manner of designation.
  • Establishment of internal systems, including a consideration of the practicalities of formation of systems, the requirement for independence and elimination of conflict of interest, and steps to be taken when responding to whistleblowing reports.
  • Measures to protect whistleblowers, including methods to prevent adverse treatment and avoid out-of-scope information sharing.
  • Ensuring whistleblowing systems function effectively, including employee education, feedback to whistleblowers, retention of records, and establishment of internal rules.

The inherent nature of whistleblowing systems is that they may differ depending on factors such as the size of the business operator, its organizational structure, the type of business, the likelihood of potential violation of laws, the number of stakeholders, the current situation of use of the internal whistleblowing system by employees, directors and retirees, and present societal expectations. Accordingly, the Commentary clearly mentions that the Guidelines provide only an outline of the whistleblowing system to be established under the Amended WPA.

Taking the above into account, each business operator should consider independently the specific measures to be taken with reference to factors such as those noted above. Indeed, the Commentary provides views and specific examples of implementation to be used as a reference when ensuring compliance with the Guidelines, together with ideas and specific examples and recommendations that are expected to be undertaken by business operators beyond the minimum measures required to comply with the Guidelines at an operator's own behest.

3. International transfers of information contained in whistleblowing reports

As the operation of responding to whistleblowing reports usually involves handling personal data, business operators are also required to comply with relevant requirements stipulated in the Act on Protect of Personal Information (APPI).

These requirements include:

  • Notification of the purpose of information utilization;
  • Taking security measures; and
  • Restrictions on data transfer to third parties.

In addition, particular care should be taken in cases involving a Japanese subsidiary of a foreign multinational company where responding to whistleblowing reports involves an international transfer of personal data.

Examples of situations in which personal data contained in whistleblowing reports may be transferred to a parent company outside of Japan are: (i) where the parent administers the whistleblowing system; or (ii) when a whistleblowing report is made to the contact point administered by the Japanese subsidiary and the Japanese subsidiary then shares certain content of the whistleblowing report with its parent company.

Recommended actions

Through the Amended WPA, Japan is following in the footsteps of several jurisdictions globally by creating or updating legislation aimed at increasing the protection of whistleblowers.

Given the expanded scope of the Amended WPA, business operators in Japan would be best served by ensuring that their existing whistleblowing systems comply with the requirements of the Amended WPA, in particular with reference to the Guidelines and the Commentary. Further, should business operators not have a whistleblowing system in place, they should consider the extent to which they may be required to, or wish to, establish such system.

Contact Information
Akira Inoue
Partner
Tokyo
Read my Bio
akira.inoue@bakermckenzie.com
Toshio Ibaraki
Partner
Tokyo
Read my Bio
toshio.ibaraki@bakermckenzie.com
Dominic Sharman
Senior Associate
Tokyo
Read my Bio
dominic.sharman@bakermckenzie.com
Takumi Hasegawa
Senior Associate
Tokyo
Read my Bio
takumi.hasegawa@bakermckenzie.com
Rieko Yamauchi
Associate
Tokyo
Read my Bio
rieko.yamauchi@bakermckenzie.com

Copyright © 2024 Baker & McKenzie. All rights reserved. Ownership: This documentation and content (Content) is a proprietary resource owned exclusively by Baker McKenzie (meaning Baker & McKenzie International and its member firms). The Content is protected under international copyright conventions. Use of this Content does not of itself create a contractual relationship, nor any attorney/client relationship, between Baker McKenzie and any person. Non-reliance and exclusion: All Content is for informational purposes only and may not reflect the most current legal and regulatory developments. All summaries of the laws, regulations and practice are subject to change. The Content is not offered as legal or professional advice for any specific matter. It is not intended to be a substitute for reference to (and compliance with) the detailed provisions of applicable laws, rules, regulations or forms. Legal advice should always be sought before taking any action or refraining from taking any action based on any Content. Baker McKenzie and the editors and the contributing authors do not guarantee the accuracy of the Content and expressly disclaim any and all liability to any person in respect of the consequences of anything done or permitted to be done or omitted to be done wholly or partly in reliance upon the whole or any part of the Content. The Content may contain links to external websites and external websites may link to the Content. Baker McKenzie is not responsible for the content or operation of any such external sites and disclaims all liability, howsoever occurring, in respect of the content or operation of any such external websites. Attorney Advertising: This Content may qualify as “Attorney Advertising” requiring notice in some jurisdictions. To the extent that this Content may qualify as Attorney Advertising, PRIOR RESULTS DO NOT GUARANTEE A SIMILAR OUTCOME. Reproduction: Reproduction of reasonable portions of the Content is permitted provided that (i) such reproductions are made available free of charge and for non-commercial purposes, (ii) such reproductions are properly attributed to Baker McKenzie, (iii) the portion of the Content being reproduced is not altered or made available in a manner that modifies the Content or presents the Content being reproduced in a false light and (iv) notice is made to the disclaimers included on the Content. The permission to re-copy does not allow for incorporation of any substantial portion of the Content in any work or publication, whether in hard copy, electronic or any other form or for commercial purposes.

HighQ
Copyright Baker McKenzie 2024 | Disclaimers | Supplemental Privacy Statement