Protected Disclosures including Whistleblowing and Infringement Reports 

What is a Protected Disclosure (including Whistleblowing and Infringement Reports)?

In summary :

Where a worker makes a disclosure under the Protected Disclosures Act, 2014 which they believe is substantially true, or a person in good faith makes a disclosure under the Central Bank of Ireland (Supervision and Enforcement) Act, 2013, to the Central Bank or to one of its employees or to one of its authorised officers; and

They have reasonable grounds for believing that the disclosure will show that there has been, is being or is likely to be a breach of, or an offence under, financial services legislation or the concealment or destruction of evidence relating to such an offence or breach; then the disclosure is a “protected disclosure” for the purposes of the legislation.

In broad terms, the protections which accompany a protected disclosure are:

  • The confidentiality of the identity of the reporting person making the protected disclosure. This is subject to certain exclusions – for example where disclosure is necessary for the effective investigation of any matter or is required by law.
  • The reporting person making the protected disclosure is protected from civil liability.
  • The reporting person making the protected disclosure has a right of action in tort.
  • Where the reporting person making the protected disclosure is an employee, their employer may not penalise or threaten penalisation for making the protected disclosure and an employer may be prosecuted for penalising an employee. In addition, employees are protected from dismissal.
  • Anonymous disclosures can be submitted to the Central Bank by workers - such disclosures can be treated as a protected disclosure under the Protected Disclosures Act 2014. However, where anonymous reports are provided by persons other than "workers", they come under  the  Central Bank (Supervision and Enforcement) Act 2013.  In those circumstances, an anonymous report is not a "protected disclosures" due to the provisions of the 2013 Act.
  • Disclosures made under the Protected Disclosures Act 2014 do not constitute a criminal offence provided that at the time the worker made the disclosure it was, or they reasonably believed it was, a protected disclosure under the Protected Disclosures Act 2014.

 

Confidentiality

  • The Central Bank has a legal obligation to protect the identity of the reporting person who makes a protected disclosure and not to disclose any information that might identify the reporting person, subject to the exceptions outlined below. 
  • The Central Bank will not inform a regulated financial services firm that a disclosure has been made.

Exceptions

  • The Central Bank may disclose the identity of the reporting person where the reporting person provides their consent.
  • There are also certain limited circumstances provided for in the legislation, when the Central Bank may, or may be required to (where there is a legal basis for doing so), disclose the reporting persons' identity and/or identifying information.  This may arise as follows:
  • Where the disclosure is made by a worker under the 2014 Act and:

  • The Central Bank demonstrates that it took all reasonable steps to avoid disclosing the identifying information; or

  • The Central Bank reasonably believes that the reporting person does not object to the disclosure of the identifying information; or

  • The Central Bank reasonably believes that the disclosure of the identifying information is necessary for; (a) the effective investigation of the wrongdoing disclosed or; (b) the prevention of serious risk to the security of the state, public health, public safety or the environment or; (c) the prevention of a crime or the prosecution of a criminal offence; or

  • The disclosure of the identifying information by the Central Bank was necessary in the public interest or required by law.

  • Where the disclosure is made under the 2013 Act and:

  • If it is necessary to disclose the identity of the reporting person for the effective investigation of the matter to which the protected disclosure relates: or

  • If it is necessary to disclose the identity of the reporting person for the purposes of one of the following in relation to any matter to which the protected disclosures relates:

  1. An inquiry under section 33AO or 33 AR of the Central Bank Act
  2. An appeal to IFSAT
  3. An assessment under part V of the 2005 MAR
  4. An assessment under part 15 of the Prospectus Regulations 2005
  5. An assessment under part 10 of the Transparency Regulations 2007
  6. An investigation or hearing under part 3 of the Central Bank Act 2010

Market Abuse Regulations (European Union (Market Abuse) Regulations 2016 (SI No.349 of 2016), Regulation (EU) no 596/2014 of the European Parliament and the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EU of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC, and 2004/72/EC). 

  •  In addition to the above exceptions, where the disclosure relates to market abuse under the Market Abuse Regulations, namely insider dealing, unlawful disclosure of inside information and/or market manipulation, the following specific exceptions to the disclosure of a reporting person’s identity or identifying information may also apply in the following circumstances: -
  1. Where it is a necessary and proportionate obligation required by law subject to the appropriate safeguards in the context of investigations or subsequent judicial proceedings or in circumstances where it is necessary to protect the freedom/rights of others, and in particular, the right to a fair trial; or
  2. Where there is an exchange of information between national competent authorities within the European Union, in relation to allegations of market abuse, in particular where such information is necessary for legal proceedings; or
  3. Where information is transmitted to competent authorities in non-EU countries, which will only be done on a case by case basis, provided that the requirements of the Data Protection Acts have been adhered to. Further it will be on condition that no further transmission of that information will occur without the express written authorisation of the Central Bank and where there has been compliance with the conditions imposed by the Central Bank in relation to the further transmission of the information; or
  4. In certain circumstances, where information is transmitted to a non-EU country where a co-operation agreement exists between Ireland and that country.

Procedures

  • The Central Bank will acknowledge receipt of the Report to the postal or electronic address indicated by the reporting person.
  • The Central Bank may contact the reporting person to clarify the information reported or to request additional information that may be available to the reporting person at the postal or electronic address of the reporting person or by telephone or to the preferred communication channel if indicated by the reporting person. 
  • The Central Bank is limited in the feedback it can provide to the reporting person and will only provide feedback where possible.
  • Calls that are made to the Whistleblowing Desk may be recorded.

 Protections for Employees

Both the Protected Disclosures Act, 2014 and Part 5 of the Central Bank (Supervision and Enforcement) Act, 2013, provide protections to employees who make protected disclosures. The legislation provides protections and remedies for reporting persons from penalisation and unfair dismissal in relation to their making a protected disclosure.

The Workplace Relations Commission and/or the courts will determine whether or not a disclosure is a protected disclosure under the legislation, not the Central Bank. However, it should be noted that the 2014 Act provides that in such proceedings, all disclosures are presumed to be protected disclosures unless otherwise proven.

The Central Bank cannot intervene in employment disputes and cannot provide legal advice in relation to employee protections under the legislation. If you are considering making a protected disclosure but are unsure of your legal rights, you should contact a lawyer.

Protected Disclosures Act 2014 (Central Bank of Ireland is a prescribed person)

Where a worker wishes to make a Report to the Central Bank under the Protected Disclosures Act 2014 relating to breaches of financial services legislation by their employer they may make the disclosure through the following channels.

Should you call the telephone line out of hours and leave a message including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt.

  • E-mail: confidential@centralbank.ie
  • Telephone: 1890 130014
  • Post: Protected Disclosures Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, North Wall Quay, Dublin 1, D01 W920.
Central Bank of Ireland 2017 Report on Protected Disclosures | pdf 189 KB Central Bank of Ireland 2016 Report on Protected Disclosures | pdf 88 KB Central Bank of Ireland 2015 Report on Protected Disclosures | pdf 7 KB

Pre-approval Controlled Function (PCF) Disclosures

Persons holding PCF roles in regulated firms who need to make a disclosure of an alleged offence, breach of financial services legislation or concealment or destruction of evidence of such in their firm are requested to make the disclosure by completing the form below and submitting it either by e-mail or post to the addresses provided.

Should you call the protected disclosures telephone line out of hours and leave a message including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt.

  • E-mail: Protecteddisclosures@centralbank.ie
  • Telephone: 1890 130015 (for general queries only)  
  • Post: PCF Disclosure Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, North Wall Quay, Dublin 1, D01 W920.
Pre-approval Controlled Function S.38(2) Disclosure Form | doc 20 KB

 

Central Bank (Supervision and Enforcement) Act, 2013

Where a person wishes to disclose to the Central Bank an alleged offence, breach of financial services legislation or concealment or destruction of evidence of such, under the Central Bank (Supervision and Enforcement) Act 2013 they may make the disclosure through the following channels.

Should you call the whistleblower telephone line out of hours and leave a message including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt (if you include your return postal address).

  • E-mail: confidential@centralbank.ie
  • Telephone: 1890 130014
  • Post : Whistleblowing Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, North Wall Quay, Dublin 1, D01 W920. 
      

Market Abuse Regulations

Where a person wishes to report an actual or potential infringement of the Market Abuse Regulations they may make the Report through the following channel.

Should you call the telephone line out of hours and leave a message including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt (if you include your return postal address).

  • E-mail: confidential@centralbank.ie (please refer to MAR infringement in email)
  • Telephone: 1890 130014
  • Post : MAR Disclosures Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, North Wall Quay, Dublin 1, D01 W920. 

A person making a Report to the Central Bank can also seek to have a meeting with dedicated staff members of the Central Bank.

 

Overview of the Legislation

Please note that the Central Bank cannot give you legal advice if you are thinking about making a disclosure. You should contact a lawyer if you are unsure of your position.

Part 5 of the Central Bank (Supervision and Enforcement) Act 2013 (“the Act”)

The Act came into force on 1 August 2013. This introduced new protections for persons making protected disclosures to the Central Bank as well as new obligations on certain categories of persons in firms to disclose breaches of financial services legislation to the Central Bank.

 

Obligation on PCF’s to report breaches of financial services legislation (S. 38 (2) Disclosures)

A person appointed to perform a pre-approval controlled function (“PCF”) is required under Section 38 of the Central Bank (Supervision and Enforcement) Act 2013, to disclose to the Central Bank information relating to a breach of, or offence under, financial services legislation or the concealment or destruction of evidence relating to such an offence or breach which he or she believes will be of material assistance to the Central Bank.

 

Protected Disclosures Acts 2014

A worker can make a Report to the Bank under the Protected Disclosures Act 2014 relating to breaches of financial services legislation which they learned about in connection with their employment as the Bank is a prescribed person by virtue of S.I. NO. 339/2014 Protected Disclosures Act 2014 (Section 7(2)) Order 2014.

 

ECB/Single Supervisory Mechanism Regulation

The EU SSM Regulation establishing the Single Supervisory Mechanism (SSM), which formally commenced on 4 November 2014, includes a provision in respect of reporting of breaches, i.e. whistleblower reports: Article 23. Under the Regulation, persons with information on potential breaches of relevant EU law by banks and/or by competent authorities, including the Central Bank, can report such breaches to the ECB.

Reports received by the Central Bank in respect of the significant supervised entities, i.e., major Banks in Ireland and in respect of prudential issues, must be submitted to the ECB by the Central Bank for processing, in accordance with the SSM Regulation. Reports in respect of less significant supervised entities where the Report is in respect of an alleged breach of an ECB decision or regulation or where the Report is in respect of the Central Bank will also need to be submitted to the ECB. Where such Reports are in respect of breaches of the Central Bank's code of conduct or anti-money laundering these are not sent to the ECB and are assessed by the Central Bank.

Market Abuse - European Union (Market Abuse) Regulations 2016 (S.I. No.349 of 2016)

The Regulations impose obligations on the Central Bank to have appropriate structures and processes in place to receive Reports of actual or potential infringements of market abuse law. The SI does not create a separate type of protected disclosure in respect of infringements of market abuse law, but sits with existing protections for persons making protected disclosures under the Central Bank (Supervision and Enforcement) Act 2013 and Protected Disclosures Act 2014.

Where a reporting person makes information available to the Central Bank in accordance with the Market Abuse Regulations, they are not considered to be: -

  1. Infringing any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision; or
  2. Involved in liability of any kind related to such disclosure.


Please note that where there is any divergence between this information and the legislation then the language of the legislation prevails.