Whistleblowing

Whistleblowers can make use of any of the following channels:

1. The dedicated app, available at this link: https://bancaifis-whistleblowing.integrityline.com/?lang=en;
2. A voice messaging system, at this toll-free number 800 591 836;
3. The postal or internal mail service, by sending a written report in a sealed envelope marked “STRICTLY CONFIDENTIAL” to the Head of Internal Audit;
4. A direct report to the Head of Internal Audit, by contacting the following toll-free number 800 591 836;

When they use any of these channels, whistleblowers are guaranteed the following legal protection:

• Confidentiality: the identity of the person making the report, the person he/she is reported on, and any person mentioned in the report is guaranteed at every stage of the process, as well as the content of the report and any relative documentation.
• The processing of personal data: the reports and relative documentation are kept for the time required for processing of the report, and in any event for no more than five years after the date that the whistleblower is notified about the final outcome of the report. Any personal data that are clearly not relevant to the processing of a particular report are not gathered or, if gathered accidentally, are immediately deleted. The personal data collected in the reporting process are processed by Banca Ifis S.p.A. as data controller in compliance with the principles and obligations set forth in the legislation on personal data protection (EU Regulation no. 2016/679 – GDPR and Legislative Decree no. 196/2003 – Privacy Code) and are protected by adequate security measures. Further information on the processing of personal data can be found in the information notice made available at the following link.
• A prohibition on retaliation: all necessary measures are taken to protect the physical integrity and moral character of the reporting party, ensuring he/she is protected against any form of retaliation, criminalisation, discrimination or threat.

It should be noted that the reporting party will also receive protection before any legal relationship with the Bank has begun (if the report of wrongdoing is made during the selection process or at any stage prior to contract); or during their probationary period, or after the end of their legal relationship (if the report of wrongdoing was made during this relationship). This protection also extends to facilitators; to people working in the same setting as the reporting person; to people with whom they have a stable emotional bond or relatives within the fourth degree of relationship; to colleagues of the reporting person who work in the same setting and who have an on-going relationship with that person; to businesses owned by the Reporting Person or for whom any of the above persons work, as well as businesses that operate in the same context as the aforementioned persons.

The report may relate to any form of behaviour, action or omission on the part of a person working for the company, which violates the provisions of the law and which harms or may harm the public interest or the integrity of the Parent Company and/or its Subsidiaries. The report may concern both violations already committed and those not yet committed that the whistleblower has reasonable grounds for believing may well happen.

By way of example but not limited to, the report may concern conduct, actions or omissions consisting of:

• Violations of Italian law – This category includes, by way of example but not exclusively: criminal, civil, administrative or accounting offences; alleged offences related to the application of Legislative Decree no. 231/2001, and breaches of the standards of organisation and management set out in this same Decree ; contraventions of the law with regard to the prevention of money laundering and financing of terrorism; breaches of the rules in relation to financial brokerage and banking procedures.
• Violations of laws and regulations of the Group’s Code of Ethics or other company provisions that can be sanctioned by disciplinary action.
• Violations of European Union law – This category includes, but is not limited to:
  • Offences that fall within the scope of legislation enacted by the European Union or nation states, or domestic legislation that implements acts passed by the European Union in relation to the following: public procurement; financial services, products and markets, and the prevention of money laundering and the financing of terrorism; product safety and compliance; transport safety; environmental protection; protection from radiation and nuclear safety; food and animal feed safety and the health and welfare of animals; public health; consumer protection; protection of privacy, and the protection of personal data and the security of information networks and systems;
  • Actions or omissions that affect the financial interests of the European Union;
  • Actions or omissions that affect the internal market;
  • Actions or conduct which undermine the object or purpose of the provisions of European Union legislation in the areas outlined in the previous three points.

A report by a whistleblower should include the following:

• Confirmation that he/she intends to keep his identity confidential for the purposes of this report, and that he/she wishes to benefit from the protection offered in the event of any retaliation he/she suffers from making a report within the terms of the whistleblowing regulations. This specification rules, where the whistleblowing is mistakenly received by a person who is not competent or through a channel other than those specifically provided for, that the report shall not be treated as an ordinary report and, therefore, without the protections afforded to whistleblowers, but must instead be forwarded by the recipient in a timely manner (no later than seven days) to the Head of Internal Audit;
• The company within the Group to which the report refers;
• The relevant personal data of the whistleblower, indicating the channels where he/she can be contacted for any further discussions. These data are not mandatory as the report can also be anonymous, but if this is the case and if further details are needed, it may be difficult to investigate the report in an effective manner;
• The detailed and verifiable facts (i.e. what happened, when it happened, and where it occurred) and the information and data required for definitely identifying the perpetrators of the illegal action;
• Any conflict of interest between the whistleblower and the content of the report;
• Any way in which the whistleblower bears co-responsibility for the wrongdoings in the report;
• Any items of evidence (including attached documents where available) that can help in assessing the report;
• Any person who works in the same setting, and who helped the whistleblower during the reporting process.

The following annual report on the operation of the internal process is brought to the attention of all our staff. It contains aggregated data on the results of the actions carried out after reports were received: Annual report on the correct functioning of our violation reporting (Whistleblowing) system 2023

We should add that the reporting system also includes the following methods of communication, with the same guarantees of protection as stated above in relation to confidentiality, data processing and retaliation. These can be used under certain conditions, as specified below.

A report may be sent to the National Anti-Corruption Authority (“ANAC”) if one of the following conditions applies:

1. The internal reporting channel is not active;
2. The whistleblower has already made an internal report and it has not been followed up;
3. The whistleblower has reasonable grounds for believing that, if he/she made an internal report, it would not be properly followed up (e.g. if there was a difficult relationship between the whistleblower and the person in charge of the internal reporting system); or that such a report could carry the risk of retaliation;
4. The whistleblower has reasons for believing that the contravention may constitute an imminent or clear threat to the public interest.

Moreover, the reporting person may also turn to ANAC to notify any retaliation resulting from a report.

ANAC publishes methods for submitting reports on its website, accessible at the following link:  https://www.anticorruzione.it/, which also provides the following information:

• Guidelines about whistleblowing regulations;
• Contact details for ANAC, for those who require more information about the use of the reporting channel and the relevant methods of protection;
• A list of bodies affiliated to ANAC that provide free support to whistleblowers in the form of information, assistance and advice about how to make a report and protect oneself against retaliation; and also to the subjects of reports in relation to their rights, and regarding the methods and conditions for accessing legal aid.

Where the report contains information about infringements outside its area of expertise (such as criminal or tax offences), ANAC will ensure that it is immediately sent on to the relative administrative or judicial authority, including the institutions, bodies, offices or agencies of the European Union.