The ECB is committed to tough but fair banking supervision. Ensuring that all supervised banks and banking supervisors are fully adhering to their obligations under EU law is an essential part of this task. However, on occasion, these obligations are not followed and, in some cases, deliberate action is taken to conceal wrongdoing. “Whistleblowers” who inform the ECB of possible malpractice serve the public interest and act in the greater good when they report their suspicions.
Compliance officers, auditors and other employees of a bank are the groups most likely to have knowledge of possible wrongdoing. Inadequate calculation of own funds and capital requirements as well as governance issues are among the most common breaches reported.
“Reports on violations are an effective tool for bringing incidents of business misconduct to light.”
(Danièle Nouy, Chair of the Supervisory Board, Opinion piece)
The ECB can only investigate breaches of “relevant EU law”. These are laws that relate to the prudential supervision of banks, such as the laws on capital requirements and governance arrangements. Where a breach relates to other areas of supervision of a bank – for example, consumer protection or the implementation of anti-money laundering rules – it is outside the ECB’s mandate to follow up. Instead, these breaches should be reported to the national authorities.
Breaches should be reported via the online form. Using the form guarantees that the report is submitted directly and without delay to those responsible for assessing the possible breach. The form also contains a number of questions that are important to the ECB’s assessment of the report.
Anyone can report a breach anonymously using the ECB’s online form. Informants can trust the ECB to assess their report carefully.
To protect informants, the ECB consulted the European Data Protection Supervisor to ensure that all necessary safeguards have been put in place. The protection of informants is also set out under the institutional framework applicable to the ECB in its supervisory tasks.
An expert team receives the report and assesses whether it is relevant to the ECB or a national banking supervisor. If, after the initial assessment, the expert team concludes that the report is relevant, it will forward the report to the responsible area within the ECB or to a national banking supervisor. A supervisory action may be triggered – for example, a request for information, an on-site inspection, the use of supervisory measures or a sanction procedure.
Given the professional secrecy regime in place, the ECB is not allowed to communicate the outcome of a report to the informant. However, each year, an aggregate summary of the reported breaches and the follow-up actions taken by the ECB is published in the ECB Annual Report on supervisory activities.