The Deutsche Forschungsgemeinschaft e.V. (DFG, German Research Foundation) is committed to ensuring effective compliance. Compliance means adhering to the law and establishing structures that ensure the DFG, the Executive Board and all its employees can behave lawfully. The Compliance Ombudsperson and the ISO 27001-certified DFG incident reporting system (bkms-system.co) form part of the DFG’s compliance management and compliance culture. In accordance with the Hinweisgeberschutzgesetz (Whistleblower Protection Act), the FAQs seek to establish legal clarity for complainants/whistleblowers as to when and under which provisions they are protected when reporting or disclosing violations.
As an employer, the DFG was obliged to set up an internal reporting centre when the Hinweisgeberschutzgesetz (Whistleblower Protection Act) came into force in June 2023. The DFG integrated this legal requirement into its existing compliance structure in the firm belief that incident reports help counteract violations of the law at an early stage, thereby preventing damage to employees, business partners, third parties and the DFG itself. In order to ensure an entirely independent initial review of incident reports, the DFG has appointed a Compliance Ombudsperson, Dr. Johannes Dilling, whom DFG employees and suppliers can refer to as an external and independent contact if they have sufficient evidence that violations of applicable regulations have occurred.
Anybody is entitled to submit an incident report providing they do so in good faith. “Good faith” means that at the time the complainant/whistleblower submits the report, the person doing so believes the information they share to be true.
Please provide the Compliance Ombudsperson with the following details:
Any information on possible violations of applicable law is of relevance to the Compliance Ombudsperson.
The Compliance Ombudsperson is also interested in finding out which other persons – potentially including those not directly involved in the matter in hand - are aware of the facts and whether there are any documents (e.g. e-mails, photos) relating to it.
Please check carefully whether the information you provide is correct before submitting a report. In particular, you must not make any statements that you know to be false.
Please also let the Compliance Ombudsperson know how they can contact you in the event of queries.
The following are violations that are of particular relevance to the DFG:
violations of data protection and information security at the DFG Head Office (including the Berlin Office and representations abroad)
violations of tax law, including non-profit law, at the DFG Head Office (including the Berlin Office and the representations abroad),
corruption and violations of public procurement law at the DFG Head Office (including the Berlin Office and the representations abroad), and
other behaviour at the DFG Head Office (including the Berlin Office and the representations abroad) that is punishable by law or subject to a fine. Violations of the Criminal Code (StGB) such as theft, fraud, breach of trust, forgery of documents, acceptance of benefits, bribery, coercion, insult, defamation, etc. are criminal offences. In addition, numerous offences are punishable under so-called secondary criminal law (e.g. § 26 of the Occupational Health and Safety Act (ArbSchG), § 23 of the Working Hours Act (ArbZG), §§ 17, 18 of the Foreign Trade and Payments Act (AWG), § 105 of Book VIII of the German Social Code (SGB)). Other provisions specifying offences that are subject to fines must serve to protect life, limb or health or to protect the rights of employees or the Works Council. This includes administrative offences such as § 49 of the Road Traffic Act (StVO), § 25 (1) of the Occupational Health and Safety Act (ArbSchG) and § 121 of the Works Constitutions Act (BetrVG), which can be penalised by the responsible authorities with a fine.
Complainants/(whistleblowers are not expected to be able to name any legal provisions that may have been violated, let alone be aware of all provisions under § 2 Whistleblower Protection Ac (HinSchG). As a rule of thumb in responding to any misconduct observed, the greater the risk to life or health, the greater the risk to the DFG’s reputation and the greater the risk of financial damage to the DFG, the more important it is for a report to be submitted! This gives the DFG the opportunity to prevent such damage occurring in the first place.
If necessary, the Compliance Ombudsperson can also provide help in providing a legal assessment of whether or not misconduct that has been observed should be reported.
On the issues of data protection (DFG department responsible: Z-OTM), taxation law (Z-FIN), corruption prevention (V-WR-O), public procurement law (V-WR-1) and criminal or administrative offences committed against the DFG (Z-PRO-JUS), feel free to contact the department shown in brackets if you require advice.
If you are not sure whether what you have observed or suspect is a case of misconduct, we would ask you to word your report using expressions such as “I believe ...”, “I think it is possible ...”, “It could be that...”. If you are unsure how to describe or assess the facts and/or if you don’t know how to proceed, you can talk to the Compliance Ombudsperson about the case beforehand, anonymously if you wish and free of charge.
No, there are no costs incurred to the person submitting an incident report.
As a lawyer, Dr. Johannes Dilling is bound by professional secrecy and may not disclose the identity of a complainant/whistleblower to third parties without making himself liable to prosecution. Dr. Dilling has taken suitable technical and organisational measures to protect the information he receives in such a way that it cannot be accessed by third parties. The information that Dr. Dilling passes on to the DFG is also treated confidentially and protected.
No.
Firstly, § 9 (2) HinSchG (Hinweisgeberschutzgesetz, Whistleblower Protection Act)provides for exceptions to confidentiality which allow the identity of a complainant/whistleblower to be shared with a law enforcement authority if requested, for example. Express reference is made to § 9 HinSchG.
Secondly, only those persons enjoy protection of confidentiality who are acting in good faith, i.e. who are not intentionally or grossly negligently sharing false information. “Good faith” means that at the time they submit an incident report, the person doing so believes the information to be true. A complainant/whistleblower who intentionally or grossly negligently provides false information must expect their identity to be revealed, e.g. via a request for information on the part of the respondent in accordance with Art. 15 (1) GDPR; it can be assumed that the latter will assert claims for damages.
Finally, neither Dr. Dilling nor the DFG are protected from confiscation, i.e. in the event of an official investigation, authorities may confiscate documents that reveal the identity of the complainant/whistleblower.
Complainants/whistleblowers who fear that their identity will be revealed can submit a report anonymously. Anonymous reports may not contain false information either.
If you are not sure, the same thing applies here: please word your report using phrases such as “I believe ...”, “I think it is possible ...”, “It might be that …”.
Complainants/whistleblowers can remain anonymous if they wish. They may also request the Compliance Ombudsperson not to disclose information that might reveal their identity to the DFG.
No, reprisals against complainants/whistleblowers are prohibited. This also applies to threats and attempted reprisals.
The Compliance Ombudsperson is not an arbitration body for disputes. The only client relationship is between the DFG and the Compliance Ombudsperson. Nevertheless, the Compliance Ombudsperson acts impartially and is not bound by instructions issued by the DFG. As a lawyer, the Compliance Ombudsperson is obliged by law to maintain confidentiality.
The Compliance Ombudsperson informs you within 24 hours that the report has been received. The Compliance Ombudsperson prepares the report and passes it on confidentially to the DFG’s Head of Economics, Auditing and Compliance. The DFG’s Head of Economics, Auditing and Compliance decides in consultation with the DFG Secretary General how to deal with the information. If there are sufficiently concrete grounds for suspicion of legal violations, these are investigated internally in order to clarify and remedy any possible misconduct. As a rule, this is also done confidentially and discreetly in order to protect the interests of the respondent. You will receive feedback from the Compliance Ombudsperson no later than three months after submitting your report as to whether the reported violation has been confirmed.
If the allegations concern the Executive Board, the Compliance Ombudsperson forwards the information they have prepared to the Chair of the Committee for Executive Board Affairs. If the allegations concern the head of V-WR, the Compliance Ombudsperson forwards the information they have prepared to the Secretary General. If there are sufficiently concrete grounds for suspicion, these are investigated externally; an investigation may be undertaken by the Compliance Ombudsperson in these cases.
You can contact the Compliance Ombudsperson any way you wish (telephone, e-mail, fax, post or via the DFG incident reporting system). The Compliance Ombudsperson is also available for face-to-face meetings with complainants/whistleblowers, including via video and audio on request. If you wish to communicate in encrypted form, you can also use the messenger services Signal or Threema to contact the Compliance Ombudsperson. It is also possible to send encrypted e-mails to the Compliance Ombudsperson via Protonmail to the following address: RADilling@protonmail.co
The contact details are as follow:
Dr. Johannes Dilling, Lawyer
Landgrafenstraße 49
50931 Köln
Tel.: +49 (0) 221 933 107 40
Mobile: +49 (0) 163 347 6111
Fax: +49 (0) 221 933 107 42
www.ra-dilling.d
Threema-ID: 3PX6278J
info@ra-dilling.d; RADilling@protonmail.co
DFG incident reporting system (bkms-system.co)
Only the Compliance Ombudsperson has access to the reports in the focus area “Report submission for DFG employees and suppliers”. [Please note: this report focus area is not yet activated at the present time]
Complainants/whistleblowers can choose to report violations to external reporting centres. These are also to be found here.
Where effective action can be taken against the violation and you do not fear reprisals, you should favour reporting to the Compliance Ombudsperson. This is to be understood as an appeal on the part of the DFG, however, not as a requirement.
The external reporting centres under the (HinSchG (Hinweisgeberschutzgesetz, Whistleblower Protection Act) are as follows:
The general external reporting centre is:
For details of the reporting procedure at the Federal Office of Justice, which is referred to here in accordance with § 24 (4) sentences 1, 2 HinSchG, see:
You will find the online reporting procedure under this link:
The external reporting centre for reports according to § 21 No. 1, 2 HinSchG is:
For details of the reporting procedure at the Federal Financial Supervisory Authority, which is referred to here in accordance with § 24 (4)) sentences 1, 2 HinSchG, see:
You will find the online reporting procedure under this link:
The external reporting centre for reports according to § 22 (1) HinSchG is:
Violations can be reported at any time by submitting an internal report, regardless of the outcome of proceedings.
For details of the reporting procedure at the Federal Cartel Office, which is referred to here in accordance with § 24 (4) sentences 1, 2 HinSchG, see:
You will find the online reporting procedure under this link:
Complainants/whistleblowers can also report possible cases of fraud and other serious irregularities with a potentially negative impact on EU funds to the European Anti-Fraud Office (OLAF) – also anonymously if necessary:
For details of the reporting procedure at the European Anti-Fraud Office, which is referred to here in accordance with § 24 (4) sentences 1, 2 HinSchG, and the online reporting procedure, see: