Using the breach reporting/whistleblowing mechanism

The aim of the breach reporting mechanism

The ECB’s breach reporting mechanism (BRM) – also referred to as the ECB’s whistleblowing platform – provides a channel for reporting suspected breaches of relevant European Union law by supervised entities, competent authorities or the ECB itself. The ECB encourages any individual, acting in good faith and with reasonable grounds to believe that breaches of relevant EU law have occurred, to report such breaches via the breach reporting/whistleblowing mechanism.

Relevant EU law

For the purposes of the breach reporting/whistleblowing mechanism, a breach of relevant EU law is either a breach of the microprudential and/or macroprudential regulations that are applicable to supervised entities and laid down in relevant EU law, or a breach of relevant EU law by competent authorities.

Relevant EU law comprises the rules relating to the prudential supervision of banks that the ECB applies when carrying out the supervisory tasks conferred on it by the SSM Regulation (Council Regulation (EU) No 1024/2013). These rules are:

Within the scope of the breach reporting/whistleblowing mechanism, relevant EU law does not cover any matters related to supervisory tasks that are not conferred on the ECB, such as anti-money laundering and counter-terrorism financing activities, consumer protection or the supervision of payment services. If you would like to report a breach related to one of these issues, please contact the relevant authority in your Member State. For legal reasons, the ECB is not allowed to collect personal data related to these matters and will not forward them to any other authority. The ECB will delete personal data at the end of the applicable retention period indicated in the privacy statement.

The ECB will not provide legal advice on matters reported to the ECB.

Misuse of the breach reporting mechanism

Misuse of the breach reporting/whistleblowing mechanism may constitute a criminal offence in one or more EU Member States. Therefore, if a report is not submitted in good faith, the ECB may start criminal proceedings in a Member State in order to protect the reputation and rights of all parties involved.

How to report a breach of relevant EU law

Any report of a breach of relevant EU law that is made in good faith will be treated as a protected report. If you would like to report a breach, please use the secure external whistleblowing platform and answer the questions, providing as much detail as possible.

The ECB strongly recommends submitting any relevant documents in support of your allegations. If a report contains unsubstantiated allegations and the ECB cannot obtain further information from you, the ECB may decide not to take any follow-up measures to protect the individuals alleged to have committed a breach.

Although the reporting form on the whistleblowing platform is currently only available in English, you can communicate with the ECB in any official EU language. If you would like to use an official EU language other than English, please set out your allegations in that language in the free text field of the reporting form.

Please find, under the following link, additional details on whistleblowing and the dedicated platform – particularly in terms of how to submit your report along with any supporting documents, and how to communicate with the ECB.

Be informed that you may report a breach without revealing your identity. All reports are handled confidentially in compliance with EU data protection law. The ECB ensures that the personal data of individuals who report suspected breaches and individuals alleged to have committed a breach are protected appropriately. See the privacy statement for further information on the data protection standards that are applied.