Whistleblowing

WHAT IS WHISTLEBLOWING?

“Whistleblowing” refers to the act of a person within a public administration or private company who observes illicit, irregular, negligent, or potentially harmful behaviour to their organisation or its broader community, and chooses to report it internally.

The Whistleblowing system adopted by the Bank regulates the criteria and rules for handling reports made by staff or qualified external parties regarding fraudulent behaviour, wrongdoings in the management of the company, or violations of the banking regulations and European Union law. These reports are based on reasonable suspicion or knowledge acquired in the course of their duties.

Banca MPS has adopted this tool not only to comply with regulatory requirements, but also to safeguard the Bank’s tangible and intangible assets from fraudulent behaviour and to combat it with the cooperation of all stakeholders.

Whistleblowing helps to monitor and more effectively prevent the risks to which the Bank may be exposed as a result of actions and events that violate external laws, company regulations, internal procedures and its own Code of Ethics. It also contributes to the implementation of the Bank's sustainability policy by promoting integrity and fairness.

The system is structured to ensure, at every stage, protection against retaliatory or discriminatory actions, confidentiality of the report and protection of the personal data of both the reporting party and the person reported by providing specific, independent and autonomous channels.

WHAT SITUATIONS CAN BE REPORTED?

Examples include:

• administrative irregularities and failures in accounting and tax compliance
• potential or actual violations of anti-money laundering and counter terrorist financing regulations
• market abuse (such as insider trading, manipulation) and other irregularities in investment services and activities
• breaches of data protection regulations
• violations of usury regulations
• corrupt practices
• misappropriation and embezzlement (of funds and of tangible and intangible assets)
• computer fraud
• violations of Banca MPS’ Code of Ethics and breaches of company regulations and internal procedures
• other offences that may constitute a breach of regulations governing banking activities or violations of European Union law
• illicit conduct under Legislative Decree No. 231/2001, or violations of the 231/2001 Organisation, Management and Control Model.

Reports must be made in good faith and substantiated

A report is not considered “in good faith” if it is false, contains elements of malice or gross negligence, is artificially structured to appear objective and substantiated but does not truthfully represent the facts, and is made with the intention to harm or defame other parties.

A report is considered "substantiated" if it sufficiently identifies the objective elements necessary to initiate an investigation, such as: the nature and purpose of the conduct or wrongdoing, the period of time to which the conduct refers, the parties involved, the methods used to evade the control system, copies of cited documentation, etc.

The whistleblowing tool may not be used for complaints regarding the business relationship, for which appropriate channels are provided, nor for disputes, claims or requests that relate to personal interests and pertain exclusively to the reporting party’s individual employment relationship.

WHO CAN MAKE A REPORT

The following categories of persons may make a whistleblowing report:

• Banca Monte dei Paschi personnel¹;
• Qualified external parties, such as: 
  • suppliers, self-employed workers, freelancers and consultants who provide their services to the Bank;
  • former employees, provided that the information to be reported was acquired during their employment;
  • persons with whom the employment relationship has not yet begun, if the information to be reported was acquired during the selection process;
  • shareholders and persons with administrative, management or supervisory functions.

¹ Pursuant to Article 1(2) (h-novies) of the Consolidated Law on Banking, "personnel" refers to: "employees and those who, in any case, work on the basis of relationships that determine their inclusion in the corporate organisation, even if in a form other than an employment relationship”.

HOW TO MAKE A REPORT

Whistleblowing reports can be made:

• in writing, through a dedicated web platform 

Banca Monte dei Paschi di Siena's employees and qualified external parties can use a web platform with independent and confidential access, utilising encryption tools to ensure the completeness, integrity and confidentiality of the information , as well as its appropriate and proportionate storage.

• verbally, through a dedicated telephone service 

The number 0577-299077 is available to employees and external parties. This channel can be used to report a violation, request a face-to-face meeting with the Whistleblowing Manager, or request to be contacted by the Whistleblowing Manager by telephone.  

HOW IS THE REPORTING PARTY PROTECTED?

The Bank will protect the reporting party who acts in good faith and other associated persons (such as facilitators, family members, colleagues) from retaliation, discrimination or other unfair action as a result of the report made. Specific disciplinary measures will be taken against anyone who retaliates or discriminates against the reporting party.
In the event of a false report made with malice or gross negligence, the Bank reserves the right to conduct the necessary investigations against the reporting party and to take appropriate action.

The Bank guarantees the confidentiality of the report and the protection of the personal data of both the reporting party and of the reported party, without prejudice to the rules governing investigations or proceedings initiated by the judicial authorities in relation to the facts reported and the rules protecting the right of defence of the reported party.

The Whistleblowing Manager, who is responsible for overseeing the proper conduct of the process, managing all reporting channels and ensuring the confidentiality, integrity and preservation of information, is selected from within the Internal Audit function and appointed by resolution of the Board of Directors.

For further information on the processing of personal data carried out by the Bank in relation to the receipt and management of reports, please refer to the information provided in accordance with Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR"). This information applies to personal data concerning individuals who, for various reasons, are involved in the report (reporting party, parties concerned, other persons mentioned in the report).  Any personal data acquired by the Bank in connection with the report will be processed in accordance with the provisions of the GDPR and the relevant personal data protection legislation.

VIOLATIONS UNDER LEGISLATIVE DECREE 231/2001

Violations relating to events that could entail the liability of the Bank pursuant to Legislative Decree no. 231/2001, or relating to the organisational, management and control model pursuant to the same Legislative Decree no. 231/2001, may also be reported through the reporting channel directly to the 231 Supervisory Body. Employees and qualified external parties can therefore send a written report to the 231 Supervisory Body, ensuring the utmost confidentiality.
The 231 Supervisory Body can be contacted:

• by sending a letter by post to: Organismo di Vigilanza 231/2001, Banca Monte dei Paschi di Siena S.p.A., piazza Salimbeni 3, 53100 Siena
• by sending an e-mail to organismovigilanza.231-2001@mps.it 

Access to the reports is restricted to employees expressly authorised by the 231/2001 Supervisory Body.

EXTERNAL CHANNELS 

If the conditions set out in Legislative Decree 24/2023 are met, it is possible to use the external reporting channel managed by ANAC, the Anti-Corruption National Authority. The procedures and conditions for using this channel can be found on the website https://www.anticorruzione.it/-/whistleblowing. 

This channel can only be used in the following cases: 

1. The internal reporting channels are not active or, even if active, do not comply with the provisions of Legislative Decree 24/2023;
2. The reporting party has already made an internal report and the report has not been acted upon;
3. The reporting person has reasonable grounds to believe that an internal report would not be effectively followed up or that the report could lead to the risk of retaliation; or
4. The reporting party has reasonable grounds to believe that the violation may constitute an imminent or manifest danger to the public interest.

It is also possible to use the external reporting channel provided by the Bank of Italy, subject to the conditions laid down in the Consolidated Law on Banking. The channel is available on the website https://www.bancaditalia.it/compiti/vigilanza/whistleblowing/index.html.