Procedure for handling reports of illegal conduct and violations (Whistleblowing)
Whistleblowing is the reporting system by which an entity contributes or can contribute to the emergence of risks and/or potentially harmful situations, such as violations or unlawful conduct.
MSA Mizar (“Company“), in line with the provisions of D.lgs. 10 March 2023, n. 24, has adopted a system of management of reports of illegal conduct and violations (whistleblowing) and an internal channel for sending such reports, whose general principles are set out below.
The whistleblowing system is included within the organization, management and control model adopted by MSA Mizar pursuant to D.lgs. 231/01 (“Model“) and is ruled by a specific operating procedure.
1. The internal reporting channel: general principles
1.1 Who can report?
The reporting agent is the person who reports or discloses information about unlawful conduct or violations (“Reporting agent“) acquired as part of his working or professional activity related to the Company, regardless of the nature of those activities or whether the employment relationship has in the meantime been terminated or has not yet started or is being tested.
Therefore, the following natural people who provide services to the Company or work in it are included:
- employed people (including those who have atypical, part-time and fixed-term contracts, and who have a contract or employment relationship with a temporary agency, trainees and volunteers, paid and unpaid);
- employees, self-employed people and consultants;
- shareholders, members of the Company’s management, control or supervisory or representative bodies, even if these functions are performed merely as a matter of fact.
1.2 What can be reported
Reports may concern:
- illegal conduct and crimes potentially relevant pursuant to Legislative Decree. 231/01;
- violations of the Code of Ethics and Conduct and the Company Model;
- violations of national legal provisions (criminal, civil, accounting and administrative offences);
- infringements of EU legislation (offences committed in breach of European legislation related to: public contracts, financial services, products and markets and the prevention of money laundering and terrorist financing; transport security; environmental protection; public health; consumer protection; privacy and personal data protection; network and information systems security);
- acts or omissions affecting the financial interests of the EU (e.g. fraud, corruption and any other illegal activity related to EU expenditure);
- acts or omissions related to the internal market which affect the free movement of goods, persons, services and capital (e.g. infringements of the rules on competition, State aid and corporation tax);
- acts or conduct which nullify the subject matter or purpose of EU provisions in the areas referred to in the preceding paragraphs.
1.3 What you should not report
You must not report through whistleblowing system reports concerning (not be worthy of protection):
- facts or information obtained by “hearsay” (e.g. rumors, mere suspicions or suppositions) or reported by another subject and, that is, not learned directly, as well as information about violations that are manifestly baseless or are already in the public domain;
- reports of unlawful conduct or unfounded violations that do not allow the identification of facts that are reasonably sufficient to initiate an investigation (e.g. wrongdoing, reference period, persons/organisational units involved);
- unsubstantiated reports, made for the purpose of damaging or harming the person/s reported or the Company;
- facts relating to the privacy of the person reported (e.g. facts relating to the political or religious orientation of the person reported or similar);
- disputes, claims or requests related to a personal interest of the Signaller that pertain exclusively to the related individual employment or employment relationships;
- reports of unlawful conduct or violations already covered by EU or national acts;
- reports of unlawful conduct or breaches relating to national security, as well as procurement relating to defence or national security aspects, unless these aspects are covered by relevant secondary EU law.
1.4 Content of the report
All reports must contain precise and consistent factual elements which can enable all the necessary and appropriate checks to be carried out to establish the merits of the facts to be reported and thus:
- a clear and complete description of the reported facts;
- the circumstances of the time and, if known, the place where the reported facts were committed;
- generalities, if known, or other elements allowing the identification of the person who carried out the reported facts (for example the qualification or the sector in which he carries out the activity);
- any documents which may confirm the facts given;
- any other information that may provide useful feedback on the existence of the reported facts (e.g. other people potentially aware of the facts or who might confirm the facts).
1.5 Anonymous reports
In order to facilitate as much as possible the emergence of unlawful conduct or violations, anonymous reports will be taken into account provided they are properly substantiated.
1.6 Who receives the reports via the internal channel (recipient)
Reports activated via the internal channel can be sent to the Supervisory Body established pursuant to Legislative Decree no. 231/01 of the Company.
In the event that the person reported, author of the alleged unlawful conduct or the alleged violation, or the Signaller should be one of the recipients, the report must be addressed to the other recipient.
The addressee of the reports provides feedback to the Signaller on the results of the same, in accordance with Legislative Decree. 24/2023 and, in particular, it shall issue to the Reporting Party an acknowledgement of receipt of the report within 7 days from the date of actual receipt and provide a feedback within the following 3 months.
1.7 How you can report
- 1.7.1 Reports to OdV (supervisory board)
- Written reports through a special IT platform accessible via the web from computers, tablets or smartphones to the email address email@example.com. This address will be able to ensure the confidentiality of the identity of the Reporter, the content of the alert and its documentation;
- Written notification sent by e-mail to the ODV President at the address provided by the ODV President (firstname.lastname@example.org);
- Direct meeting between the Signaller and one (e.g. the President) or all the components of the ODV, at the request of the Signaller, to be fixed within a reasonable period of time and, in any case, not exceeding 7 working days; in this case, a report will be prepared and signed by the participants of the meeting.
1.8 Reports management
Reports are managed in compliance with the provisions of Legislative Decree No. 24/2023 and in compliance with the principles of impartiality and confidentiality and with the law on the protection of personal data, in order to verify the validity of the report.
- 1.8.1 Protection of the reporting agent
At every stage of the management and processing of the report, the confidentiality of the identity of the Signaller, of the persons involved or mentioned in the report, as well as of the facts described and the contents of the report and its documentation is guaranteed, in compliance with the provisions of Legislative Decree. 24/2023.
Moreover, the Company does not tolerate and prohibit direct or indirect acts of retaliation or discrimination against the Signaler for reasons related, directly or indirectly, to the reporting, as provided by Legislative Decree no. 24/2023.
Safeguards are extended, pursuant to Legislative Decree no. 24/2023, in particular:
- to the facilitator (natural person assisting the Signaller in the reporting process);
- to people of the same working context as the Signaller and who are linked to it by a stable bond of affection or kinship within the fourth degree;
- to the Signaller work colleagues who work in the same context and who have a habitual and current relationship with the Signaller.
- 1.8.2 Protection for the reported person
The Company also provides protection against the reported person (the natural or legal person mentioned in the report to whom the violation or unlawful conduct is attributed by the Signaller or who, according to the Signaller, is involved in the violation or illegal conduct) pending the assessment of any liability, in order to avoid that the whistleblowing system can be abused in bad faith and to the detriment of the reported ones.
Without prejudice to the sanctions imposed by the National Anti-Corruption Authority (“ANAC”) pursuant to Legislative Decree No. 24/2023, the following conducts constitute reasons for applying the sanctions provided for by the Company’s Disciplinary System (attached to the Model):
- violations of the Reporting Party’s protection measures with regard to the right of confidentiality;
- retaliatory or discriminatory conduct, direct or indirect, by anyone (members of the corporate bodies, managers and subordinates) against the Signaller and obstructing activities;
- the conduct of those who send with malice or gross negligence reports that prove to be unfounded, false, slanderous or defamatory (in the event of a judicial finding, including a judgment of the Court of First Instance, of criminal liability for defamation or slander by means of a report);
- unlawful conduct and/or violations committed by the persons reported;
- omissions in the activities of verification and analysis of reports received by the party responsible for receiving and managing Reports.
2. Other reporting channels
Without prejudice to the fact that, as a priority, Whistleblowers are encouraged to use the Company’s internal reporting channel, when certain conditions are met, D.lgs. 24/2023 provides other reporting channels in addition to the aforementioned internal channel.
2.1 External reporting channel
The Reporting Agent may make an external report through the ANAC channel (https://www.anticorruzione.it/-/whistleblowing), with the same guarantees of confidentiality in the following cases:
- lack of internal reporting channel or activation of a channel not complying with the requirements of Legislative Decree no. 24/2023, within the Company;
- the Signaller carried out the internal signalling and the same has not been followed up;
- the Signaller has good reason to believe that, if he made the internal report, it would not be effectively followed up or that the same could determine the risk of retaliation;
- the Signaller has reasonable grounds to believe that the infringement may constitute an imminent or manifest danger to the public interest.
With respect to the external report received, ANAC shall:
- issue an acknowledgement of receipt to the reporting agent within 7 days of receiving the external report, unless explicitly requested otherwise by the same agent or unless ANAC considers that the notice would undermine the protection of the confidentiality of the identity of the agent;
- provide feedback to the Reporting agent on the report received within 3 months of the date of acknowledgement of receipt or, in the absence of such acknowledgement, within three months of the expiry of the period of 7 days from receipt of the alert; where justified and reasoned reasons exist, such acknowledgement shall be provided within six months of the date of acknowledgement of receipt or, in the absence of such acknowledgement, within six months of the expiry of the period of 7 days from receipt of the alert;
- notify the Reporting agent of the final outcome of the report.
2.2 Public disclosure
The Reporting agent can make a public disclosure through the press or electronic means or through means of dissemination able to reach a large number of people, under the conditions and in the manner provided for by Legislative Decree no. 24/2023.
In particular, public disclosure of infringements and unlawful conduct is possible under the following conditions:
- the Reporting agent has previously carried out an internal and external report or has directly carried out an external report, and has not been acknowledged within the deadlines;
- the Reporting agent has reasonable grounds to believe that the infringement may constitute an imminent or manifest danger to public interest;
- the Reporting agent has good reason to believe that the external report may involve the risk of retaliation or may not have effective follow-up, due to the specific circumstances of the specific case, such as where evidence may be concealed or destroyed or where there is a reasonable fear that the person who received the report may be colluding with the offender or involved in the infringement itself.