Share This Article
Italian banks are required to comply with strict rules in their whistleblowing procedures for reporting possible breaches in banking law regulations by the end of the year.
This is a guest post from my colleague Giulia Zappaterra on a very sensitive topic at the moment, I hope you will enjoy it.
Whistleblowing legislation to date
Italy used not to have anyย laws on whistleblowing, but this is slowly changing. Atย the end of 2012, a law stipulating that public sector workers must be protected if they report illegal practices came into force. And now, new rules on whistleblowing were introduced for the banking sector. On 31 December 2015 the rules will enter into force, and the relevant procedures shall be implemented by Italian banks and their parent companies.
The new whistleblowing rules for banks
According to the new rules, Italian banks must implement ad hoc procedures that will allow employees to report concerns regarding breaches in banking laws and regulations. In particular, such procedures will guarantee the following minimum requirements:
- the information about both the individual raising the concern and the individual allegedly liable for the breach must be protected and kept confidential;
- the individuals raising the concern against any retaliation, discrimination or other type of unfair treatment must be protected;
- the implemented whisteblowing procedure has to be specific, independent and autonomous to ensure that breaches may be reported.
Subject to the compliance with such principles the Bank of Italy required that Italian banks shall:
- Identify a specific whistleblowing procedure – that can also be outsourced to a third party – which must be approved by the banks’ bodies who are responsible for the strategic supervision and that are clearly outlined in a document containing all the phases of the procedure;
- Inform employees of the procedure to ‘blow the whistle’;
- Provide employees with a privacy notice relating to the whistleblowing, highlighting the measures adopted to protect the whistleblower’s personal data;
- Appoint one person with responsibility for all the internal reporting systems, who is required to promptly notify the relevant bodies of any material complaint;
- Draft an annual report on the activities carried out by the bank with regards to whistleblowing (which must be approved by the management).
There is no doubt that the above rules might become a benchmark for whistleblowing procedures in other private sector industries that not yet covered by specific legislation on whistleblowing.
Also, it is interesting that the issue of the above mentioned rules has not been followed yet by any decision of the Italian privacy authority on the matter which makes the implementation of the above mentioned rules more “delicate“.
@GiulioCoraggio and @GiuZappaterra