External whistleblowing: Comments and recommendations by the NBB
Besides the internal warning system for AML/CFTP that financial institutions should set up pursuant to Article 10 of the Anti-Money Laundering Law to allow their staff members, agents and, in the case of electronic money institutions, distributors, to inform the AMLCO and the senior officer responsible for AML/CFTP, through a specific, independent and anonymous channel, of any breaches of the Anti-Money Laundering Law (see the page "Internal whistleblowing" on this website), the NBB has also set up an external whistleblowing system for reporting breaches of the Anti-Money Laundering Law and regulations.
The practical details of this reporting system are set out on the NBB's website under the heading “Report a breach”. In this regard, the NBB recommends that financial institutions ensure that – as part of the training sessions to be organised pursuant to Article 11 of the Anti-Money Laundering Law – the NBB’s external whistleblowing system is referenced in a written medium (e.g. a slide including a hyperlink to the appropriate section of the NBB’s website).
It should be noted that this internal reporting system of the NBB is not specifically designed for reporting breaches of the Anti-Money Laundering Law and regulations, but that it has a more general scope, as it can also be used for breaches of the prudential legislation and regulations applicable to financial institutions that are subject to supervision by the NBB.
This web page, however, only focuses on breaches of the anti-money laundering legislation and regulations.
1. Scope ratione personae
The NBB's external whistleblowing system can be used by anyone wishing to notify the NBB of any potential or actual breach or violation of the provisions of the anti-money laundering legislation and regulations committed by financial institutions subject to the supervision of the NBB, as defined on the web page “Scope”.
In practice, the external whistleblowing system is accessible inter alia to the staff members of a financial institution, its agents or subcontractors and to the intermediaries, agents and distributors whose services it makes use of.
2. Object of reporting a breach
In the context of AML/CFTP, the external whistleblowing system set up by the NBB can be used to report suspected or actual breaches of the following legal and regulatory texts:
- the Anti-Money Laundering Law,
- the Anti-Money Laundering Regulation of the NBB,
- the implementing measures of Directive 2015/849,
- the European Regulation on transfers of funds, and
- the binding provisions relating to financial embargoes as defined in Article 4, 6° of the Anti-Money Laundering Law;
provided that these breaches have been committed by a financial institution that is subject to supervision by the NBB or by its managers, staff members, agents, subcontractors or distributors.
3. Protection of the person reporting the breach
Article 36/7/1 of the Law of 22 February 1998 establishing the Organic Statute of the NBB prohibits any civil, penal or disciplinary proceedings, any professional sanctions and any unfavourable or discriminatory treatment, and any termination of the employment contract of the whistleblower because of his having reported a breach. The Bank may impose an administrative sanction on any financial institution that violates this prohibition.
The NBB will use the information supplied in the breach report exclusively for the purpose of performing its legal tasks. That information is subject to the rules on professional secrecy laid down in the Law of 22 February 1998 establishing the Organic Statute of the National Bank of Belgium. The protection of the person reporting the breach and of the person accused in this report is therefore guaranteed.
If the person reporting a breach is subject to adverse or discriminatory action, he/she may file a new external report to inform the NBB.
4. Action taken on the report
In carrying out its task to monitor AML/CFTP prevention mechanisms, the NBB analyses the information which it receives and takes the action that it deems appropriate.
Since the NBB and the persons involved in the performance of its supervisory tasks are bound by professional secrecy, the person reporting the breach cannot be informed of the action taken on the information received.
5. Processing of personal data
The name and contact details of the person reporting a breach of the anti-money laundering legislation or regulations are registered by the NBB. The NBB processes these data solely for the purpose of the investigation triggered by the report and in accordance with the current regulations on the processing of personal data. The NBB treats these data as confidential. However, the NBB cannot rule out the possibility that in certain circumstances, owing to a statutory obligation, these personal data must be disclosed to other persons, in which case the person concerned will be notified in advance.
The data relating to the persons accused in a report are likewise treated in accordance with the current legislation on personal data protection.