Compliance with the regulations, corporate values and the internal codes of conduct and the efficiency of a credit institution's internal controls are enhanced where channels are provided which enable staff in good faith to internally express legitimate concerns on significate infringements of these regulations, corporate values and codes or on unethical or illegal behaviour, regarding aspects that fall within the credit institution's competence and under its supervision.
The institution should in this respect establish a policy and procedures that make it possible to submit any complaints directly or indirectly (through a mediator, the compliance function or the internal audit function) to the management (for instance through the audit committee) without resorting to the normal hierarchical channels. Whistle-blowers in good faith should be protected against any direct or indirect disciplinary measures or equivalent decisions.
The proper operation of the whistleblowing process depends on clear rules and procedures that precisely indicate what the complaints can relate to and specify the various steps and degrees of the procedure. The internal reporting procedures should comply with the criteria set out in Guideline 123 of EBA/GL/2017/11. The company officers should see to it that the information communicated by whistle-blowers is effectively examined and that the necessary measures are taken to rectify any dysfunction.
The rules provided should be in compliance with the legislation on privacy. Institutions can usefully resort to the advice of the authorities in charge of these matters in order to assess their own rules on the basis of the applicable provisions.