Protected Disclosures including Whistleblowing and Infringement Reports

 

What is a Protected Disclosure (including Whistleblowing and Infringement Reports)?

In summary:

Where a worker makes a disclosure under the Protected Disclosures Act, 2014 (the 2014 Act) which they believe is substantially true, or a person in good faith makes a disclosure under the Central Bank (Supervision and Enforcement) Act, 2013 (the 2013 Act), to the Central Bank or to one of its employees or one of its authorised officers; and they have reasonable grounds for believing that the disclosure will show that there has been, is being or is likely to be a breach of, or an offence under, financial services legislation or the concealment or destruction of evidence relating to such an offence or breach; then the disclosure is a “protected disclosure” for the purposes of the legislation. 

In broad terms, the protections which accompany a protected disclosure are:

  • The confidentiality of the identity of the reporting person making the protected disclosure. This is subject to certain exclusions – for example, where disclosure is necessary for the effective investigation of any matter or is required by law.
  • The reporting person making the protected disclosure is protected from civil liability.
  • The reporting person making the protected disclosure has a right of action in tort.
  • Where the reporting person making the protected disclosure is an employee, their employer may not penalise or threaten penalisation for making the protected disclosure and an employer may be prosecuted for penalising an employee. In addition, employees are protected from dismissal.    
  • Workers can submit anonymous disclosures to the Central Bank and such disclosures can be treated as a protected disclosure under the 2014 Act. However, where anonymous reports are provided by persons other than “workers”, they fall under the 2013 Act. In those circumstances, an anonymous report is not a “protected disclosure” due to the provisions of the 2013 Act.

  • Disclosures made under the 2014 Act do not constitute a criminal offence if, at the time the worker made the disclosure, it was, or they reasonably believed it was, a protected disclosure under the 2014 Act.

Confidentiality

  • The Central Bank has a legal obligation to protect the identity of the reporting person who makes a protected disclosure and not to disclose any information that might identify the reporting person, subject to the exceptions outlined below.
  • The Central Bank will not inform a regulated financial services firm that a disclosure has been made.

Exceptions

The Central Bank may disclose the identity of the reporting person where the reporting person provides their consent.

There are also certain limited circumstances provided for in the legislation, when the Central Bank may, or may be required to (where there is a legal basis for doing so), disclose the reporting person’s identity and/or identifying information. This may arise as follows:

Where the disclosure is made by a worker under the 2014 Act and:

  • the Central Bank demonstrates that it took all reasonable steps to avoid disclosing the identifying information; or
  • the Central Bank reasonably believes that the reporting person does not object to the disclosure of the identifying information; or
  • the Central Bank reasonably believes that the disclosure of the identifying information is necessary for; (a) the effective investigation of the wrongdoing disclosed or; (b) the prevention of serious risk to the security of the state, public health, public safety or the environment or; (c) the prevention of a crime or the prosecution of a criminal offence; or
  • the disclosure of the identifying information by the Central Bank was necessary in the public interest or required by law.

Where the disclosure is made under the 2013 Act and:

  • it is necessary to disclose the identity of the reporting person for the effective investigation of the matter to which the protected disclosure relates; or
  • it is necessary to disclose the identity of the reporting person for the purposes of one of the following in relation to any matter to which the protected disclosure relates:
  1.  an inquiry under section 33AO or 33AR of the 2013 Act;
  2. an appeal to IFSAT;
  3. an assessment under Part 5 of the Market Abuse (Directive 2003/6/EC) Regulations

    2005 (now Part 5 of the European Union (Market Abuse) Regulations 2016 - S.I. No. 349 of 2016);

  4. an assessment under Part 15 of the Prospectus Regulations 2005;

  5. an assessment under Part 10 of the Transparency Regulations 2007;

  6. an investigation or hearing under Part 3 of the Central Bank Reform Act 2010.

Where the disclosure is made under the European Union (Market Abuse) Regulations 2016 (S.I. No. 349 of 2016) (the 2016 Regulations).

  • In addition to the above exceptions under the 2014 and 2013 Acts, where the disclosure relates to market abuse under the 2016 Regulations, namely insider dealing, unlawful disclosure of inside information and/or market manipulation, the following specific exceptions to the disclosure of a reporting person’s identity or identifying information may also apply in the following circumstances: -
  1. where it is a necessary and proportionate obligation required by law subject to the appropriate safeguards in the context of investigations or subsequent judicial proceedings or in circumstances where it is necessary to protect the freedom/rights of others, and in particular, the right to a fair trial; or
  2. where there is an exchange of information between national competent authorities within the European Union, in relation to allegations of market abuse, in particular where such information is necessary for legal proceedings; or
  3. where information is transmitted to competent authorities in non-EU countries, which will only be done on a case by case basis, provided that the requirements of the Data Protection Acts have been adhered to. Further, it will be on condition that no further transmission of that information will occur without the express written authorisation of the Central Bank and where there has been compliance with the conditions imposed by the Central Bank in relation to the further transmission of the information; or
  4. in certain circumstances, where information is transmitted to a non-EU country, where a co-operation agreement exists between Ireland and that country.

Procedures

  • The Central Bank will acknowledge receipt of the Report to the postal or electronic address indicated by the reporting person.
  • The Central Bank may contact the reporting person to clarify the information reported or to request additional information that may be available to the reporting person.    This contact will be to the postal or electronic address of the reporting person or by telephone or to the preferred communication channel, if indicated by the reporting person.  
  • The Central Bank is limited in the feedback it can provide to the reporting person and will only provide feedback where possible.

  • Calls to the Protected Disclosures Desk may be recorded.

 Protection for Employees

Both the Protected Disclosures Act, 2014 and Part 5 of the Central Bank (Supervision and Enforcement) Act, 2013, provide protections to employees who make protected disclosures. The legislation provides protections and remedies for reporting persons from penalisation and unfair dismissal in relation to their making a protected disclosure.

The Workplace Relations Commission and/or the courts will determine whether or not a disclosure is a protected disclosure under the legislation, not the Central Bank. However, it should be noted that the 2014 Act provides that, in such proceedings, all disclosures are presumed to be protected disclosures unless otherwise proven.

The Central Bank cannot intervene in employment disputes and cannot provide legal advice in relation to employee protections under the legislation. If you are considering making a protected disclosure but are unsure of your legal rights, you should contact a lawyer.

 

Protected Disclosures Act 2014 (Central Bank of Ireland is a prescribed person)

Where a worker wishes to make a report to the Bank under the 2014 Act relating to breaches of financial services legislation by their employer they may make the disclosure through the following channels.

  • E-mail: confidential@centralbank.ie
  • Telephone: 1890 130014 : Calls are answered Monday to Friday 9.30am - 5.00pm
  • Post: Protected Disclosures Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, Dublin 1, D01 W920.

Should you call the telephone line out of hours and leave a message, including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt (if you include your return postal address).

Central Bank of Ireland 2017 Report on Protected Disclosures | pdf 189 KB Central Bank of Ireland 2016 Report on Protected Disclosures | pdf 88 KB Central Bank of Ireland 2015 Report on Protected Disclosures | pdf 7 KB

Pre-Approval Controlled Function (PCF) Disclosures

Persons holding PCF roles in regulated firms who need to make a disclosure of an alleged offence, breach of financial services legislation or concealment or destruction of evidence of such in their firm are requested to make the disclosure by completing the form below and submitting it either by e-mail or post to the addresses provided.

Should you call the protected disclosures telephone line out of hours and leave a message including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure.

Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt (if you include your return postal address).

  • E-mail: Protecteddisclosures@centralbank.ie
  • Telephone: 1890 130015 (for general queries only);  Calls are answered Monday to Friday 9.30am - 5.00pm  
  • Post: PCF Disclosure Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, Dublin 1, D01 W920.
Pre-approval Controlled Function S.38(2) Disclosure Form | doc 20 KB

Central Bank (Supervision & Enforcement) Act, 2013

Where a person wishes to disclose to the Central Bank an alleged offence, breach of financial services legislation or concealment or destruction of evidence of such, under the Central Bank (Supervision & Enforcement) Act 2013 they may make the disclosure through the following channels.

  • E-mail: confidential@centralbank.ie
  • Telephone: 1890 130014: Calls are answered Monday to Friday 9.30am - 5.00pm   
  • Post : Protected Disclosures Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, Dublin 1, D01 W920.

Should you call the telephone line out of hours and leave a message, including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt (if you include your return postal address).

European Union (Market Abuse) Regulations 2016

Where a person wishes to report an actual or potential infringement under the 2016 Regulations they may make the Report through the following channels.

  • E-mail: confidential@centralbank.ie (please refer to MAR infringement in email)
  • Telephone: 1890 130014: Calls are answered Monday to Friday 9.30am - 5.00pm
  • Post: MAR Disclosures Desk, Central Bank of Ireland, PO Box 11517, Spencer Dock, Dublin 1, D01 W920. 

Should you call the telephone line out of hours and leave a message, including your contact details, we will call you back within one working day to acknowledge receipt of your disclosure. Should you raise your disclosure via e-mail, you will receive an automatic acknowledgement of receipt and we will make further contact with you thereafter, if the need arises. Should you submit your disclosure by post, you will receive a written acknowledgement within three working days of receipt (if you include your return postal address).
 
A person making a Report to the Central Bank can also seek to have a meeting with dedicated staff members of the Central Bank.

 

Overview of the Legislation

Please note that the Central Bank cannot give you legal advice if you are thinking about making a disclosure. You should contact a lawyer if you are unsure of your position.

Part 5 of the Central Bank (Supervision and Enforcement) Act 2013

The Act came into force on 1 August 2013. This introduced new protections for persons making protected disclosures to the Central Bank as well as new obligations on certain categories of persons in firms to disclose breaches of financial services legislation to the Central Bank.

Obligation on PCFs to report breaches of financial services legislation (S. 38 (2) Disclosures)

A person appointed to perform a pre-approval controlled function (“PCF”) is required under Section 38 of the 2013 Act, to disclose to the Central Bank information relating to a breach of, or offence under, financial services legislation or the concealment or destruction of evidence relating to such an offence or breach, which he or she believes will be of material assistance to the Central Bank. 

Protected Disclosures Acts 2014

A worker can make a report to the Bank under the 2014 Act relating to breaches of financial services legislation which they learned about in connection with their employment, as the Bank is a prescribed person by virtue of S.I. No. 339/2014 Protected Disclosures Act 2014 (Section 7(2)) Order 2014.

ECB/Single Supervisory Mechanism Regulation

The EU SSM Regulation establishing the Single Supervisory Mechanism (SSM), which formally commenced on 4 November 2014, includes a provision in respect of reporting of breaches, i.e. whistleblower reports: Article 23. Under the Regulation, persons with information on potential breaches of relevant EU law by banks and/or by competent authorities, including the Central Bank, can report such breaches to the ECB.

Reports received by the Central Bank in respect of the significant supervised entities, i.e., major Banks in Ireland, and in respect of prudential issues, must be submitted to the ECB by the Central Bank for processing, in accordance with the SSM Regulation. Reports in respect of less significant supervised entities, where the report is in respect of an alleged breach of an ECB decision or regulation or where the report is in respect of the Central Bank, will also need to be submitted to the ECB. Where such reports are in respect of breaches of the Central Bank's code of conduct or anti-money laundering these are not sent to the ECB but are assessed by the Central Bank.

Market Abuse - European Union (Market Abuse) Regulations 2016 (S.I. No.349 of 2016)

The 2016 Regulations impose obligations on the Central Bank to have appropriate structures and processes in place to receive reports of actual or potential infringements of market abuse law. The SI does not create a separate type of protected disclosure in respect of infringements of market abuse law, but sits with existing protections for persons making protected disclosures under the 2013 and 2014 Acts.

Where a reporting person makes information available to the Central Bank in accordance with the 2016 Regulations, they are not considered to be: -

  1. infringing any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision; or
  2. involved in liability of any kind related to such disclosure. 

Please note that where there is any divergence between this information and the legislation then the language of the legislation prevails.