Church & Whistleblowing: What Religious Institutions Need to Consider

A new era of whistleblowing is presenting major challenges and opportunities for religious institutions.
Moritz Homann

While churches and ecclesiastical organisations are subject to secular laws, they also base their actions on Christian values. Therefore, it is essential for them to uncover internal wrongdoing such as misconduct, corruption and abuse of power at an early stage. Given that this has not worked out in the past, transparency has become more important than ever and employees have to be granted the opportunity to report wrongdoing without having to fear job loss, bullying or other negative consequences. With the arrival of the EU Whistleblowing Directive, this is now set to become mandatory and this article examines the ramifications, closely focusing on the Catholic and Protestant Churches.


A pastor standing in front of a church. In the background you can see a bible.

What does the EU Whistleblowing Directive require?

The EU Whistleblowing Directive was conceived to protect employees who discover and disclose wrongdoing in the course of their professional activities, requiring organisations with at least 50 employees to introduce a whistleblowing system. They need to acknowledge a report within seven days and provide feedback on action taken within three months. Retaliation against the whistleblower(s) and, in most cases their close contacts, is prohibited.  

EU member states have introduced their own interpretations of the Directive within their national legal frameworks and while they broadly conform to a single universal standard, some of the finer details tend to vary between countries. Nearly all countries have now managed to transpose the Directive, though the process was delayed considerably. 

Does the church need to introduce compliance measures?

In many countries, new national whistleblower protection laws explicitly name both the Protestant and Catholic churches, along with their respective parishes, as employers. Other ecclesiastical districts such as dioceses, archdioceses and deaneries are considered corporate bodies and are thus affected. Furthermore, privacy law applies to legal entities including registered associations, limited liability companies and foundations.  

Many of the different national laws implementing the EU Whistleblowing Directive take volunteers into account and this will have ramifications for the church. In Ireland, for example, the Coast Guard told its volunteers that they are now ‘explicitly included’ under the country’s new whistleblowing law, despite the fact that they do not receive remuneration and are not economically dependent on the organisation (which includes full-time paid employees along with unpaid volunteers).  

In Ireland and other countries, church volunteers will be similarly impacted by new legislation and this means that even smaller church institutions exceeding the 50-employee threshold (including unpaid volunteers) will be compelled to introduce a whistleblowing system. The situation remains somewhat nebulous in certain EU member states, such as Germany. While the country’s Hinweisgeberschutzgesetz does not specifically protect volunteers who are unpaid, it is open to interpretation. Only lay judges are explicitly excluded from the legislation and one could conclude that all other volunteer groups can be considered employees.  

Has priest-penitent privilege been taken into account?

There are legislative questions surrounding confession and priest-penitent privilege. In France, Germany and Poland, for example, Catholic clergy are not obliged to inform the authorities about crimes heard in confession, even if they involve child abuse, while information does not have to be disclosed in court. Ireland announced its intentions to reverse the privilege in the wake of a plethora of scandals involving child sex abuse, but the church informed the government that priests would not comply with the provision, regardless of the consequences. In the UK, the status of priest-penitent privilege has not been absolutely determined.  

So far, the EU Whistleblowing Directive has taken the professional secrecy of occupations such as lawyers, notaries, doctors and pharmacists into account while the pastoral confidentiality of the church has been omitted. This has attracted criticism. In Germany, for example, where section 5 paragraph 2 or the law states that the professional confidentiality of a number of occupations is exempt from disclosure, religious organisations are absent. This has resulted in the Protestant and Catholic churches demanding that their clergy be included due to their duty to uphold pastoral confidentiality.  

Can churches establish a central whistleblowing hub?

  • Church institutions have asked whether it is possible to pool resources to establish a central whistleblowing hub. In principle, this possibility does exist for registered associations and other legal entities with between 50 and 249 employees. In Denmark, France, and Austria, for example, the employee threshold for group whistleblowing systems can be interpreted as being unrestricted.  
  • There are exceptions, however, and Germany provides another example. While registered legal entities can amalgamate resources under private law, regional churches, dioceses and deaneries cannot take the same step according to the current wording of the draft. The Protestant and the Catholic churches in Germany released a joint statement criticising the situation, calling for similar treatment to the federal government, federal states and municipalities who are allowed to form organisational units for the creation of an internal whistleblowing hub.   

Flawed rules and view from the Vatican

  • In May 2019, Pope Francis issued moto propio, an Apostolic Letter entitled Vos estis lux mundi (“You are the light of the world”) setting forth new accountability rules for Roman Catholic bishops committing sexual abuse or cover ups. While the new measures attracted praise and made it mandatory to report abuse, they were seriously flawed.  
  • Investigations still had to be conducted by the church hierarchy rather than the civil authorities which raised fears of cronyism and clericalism. It is also highly uncertain as to whether victims or the civil authorities would have been informed about the outcome of investigations. While the new rules forbade “prejudice, retaliation or discrimination as a consequence of having submitted a report”, they did not specify any penalties against individuals breaching those protocols.  
  • The rules also included a mandatory whistleblowing provision whereby a priest or member of a religious order had to report wrongdoing to the local bishop. If a bishop was involved, the priest was compelled to report it to the Holy See directly through the Pontifical Representative. Notably, this mandatory whistleblowing process still did not compel an individual to report wrongdoing to a neutral third party or the civil authorities. This is now set to change across Europe as a result of the Directive and the church will have to comply with the new secular requirements.  

Setting an example

  • Some Roman Catholic districts have already taken the initiative to introduce their own third-party whistleblowing systems, and this provides a good example of how the church can comply with the Directive on a much a larger scale. In the United States, where the new European measures will not have an impact, a 2022 poll of more than 3,500 Roman Catholic priests found that their trust levels in diocesan bishops fell from 63% in 2001 to just 49% in 2022. Less than a quarter of priests responded that they had confidence in US bishops in general. Given this crisis in trust, it is unsurprising that some US dioceses are attempting to introduce measures to improve the situation.  
  • The Archdiocese of Baltimore announced it was establishing a whistleblowing system for complaints against bishops in January 2019. Archbishop William Lori announced the implementation of the web-based system which routes complaints to Baltimore’s lay-led diocesan review board which is charged with reporting allegations to the civil authorities.  
  • Shortly afterwards in March, the Archdiocese of Boston made a similar announcement, confirming that a third-party whistleblowing system would be introduced for reporting allegations of abuse or misconduct against bishops. Cardinal Sean O’Malley stated that the web-based solution would be confidential, anonymous and a third-party system. 
  • While the Catholic Church and its ecclesiastical districts in Europe do offer whistleblowing guidance, templates and consultation, there are few examples of similar systems being put into use. One exception is the diocese of Augsburg in Germany where a platform allowing confidential reporting is in place. The diocese introduced compliance rules for its administration in 2019 and they applied to approximately 15,000 employees across its parishes and day-care centres from December 2022. This is an example of a diocese that is now well prepared for the transposition of the EU Whistleblowing Directive in Germany.  
  • Outside the Catholic Church, other denominations are also introducing effective whistleblowing frameworks. Back on the other side of the Atlantic, the United Church of Canada, the largest Protestant Christian denomination in the country, has also introduced a digital whistleblowing system where concerns can be submitted in English and French.  

How religious institutions can successfully implement a whistleblowing system

Given that big compliance changes are coming to the Protestant and Catholic churches in Europe, it is important to outline how a third-party whistleblowing system can be put into effect. Other religious institions, such as the Islamic and Jewish faiths, are also advised to place a close eye on the new legislation as the requirements could have an equally significant impact on their operations.  

There are various ways to establish a whistleblowing system in principle, such as a mailbox, telephone, ombudsman or digital platform. The latter, already operating put into action by a small number of forward-thinking dioceses, has the advantage of being available around the clock while being accessible from anywhere. In addition, this solution allows for anonymous reporting, the most popular option among whistleblowers in the Whistleblowing Report 2021.  

Implementation is easiest with an established technical solution and an experienced service provider. It is essential to combine the new digital whistleblowing system with suitable communication measures to make employees aware of what it can offer and how it can be harnessed. This should help develop an environment of trust where the system’s users feel encouraged to report violations.  

While this article provides several examples of districts that have successfully embraced technologically advanced whistleblowing tools, the church needs only to look towards the corporate world for evidence of how these systems are revolutionising compliance and just how easy they are to implement. Regardless of the transposition of the Directive across Europe, ecclesiastical organisations are advised to proactively take their first steps right away so that they are well positioned to apply with the new secular legal requirements looming on the horizon. 

Guide to the Introduction of Whistleblowing Systems

How to successfully implement a whistleblowing system in your organisation.

Share this blog post on

Moritz Homann contact image |
Moritz Homann
Managing Director Corporate Compliance | EQS Group
Moritz Homann is responsible for the department of Corporate Compliance products at EQS Group. In this function, he oversees the strategic development of digital workflow solutions tailored to meet the needs of Compliance Officers around the world.