The ECB encourages people to report a suspected breach of relevant Union law directly to the ECB through its breach reporting mechanism (BRM).
The BRM has been set up to deal with breaches of relevant Union law by:
The ECB is not competent to deal with breaches relating to consumer protection or the implementation of anti-money laundering rules.
The relevant Union law for the purposes of the BRM comprises the material rules relating to the prudential supervision of credit institutions that the ECB applies when carrying out the tasks conferred on it by the Single Supervisory Mechanism (SSM) Regulation. These rules are composed of directly applicable regulations such as the Capital Requirements Regulation (CRR). When directives are considered relevant Union law, the national implementations of these directives are also considered to be relevant Union law, e.g. national implementations of the Capital Requirements Directive IV (CRD IV). Furthermore, where directly applicable regulations grant options to Member States, the national legislation exercising those options is considered to be relevant Union law. ECB regulations, such as the SSM Framework Regulation and ECB decisions, are also considered to be relevant Union law.
Misusing the BRM may constitute a criminal offence. To protect the reputation and rights of all parties involved, the ECB may therefore seek the initiation of criminal proceedings at the national level if a report was not submitted in good faith.
All reports must be submitted in good faith and with reasonable grounds.
The ECB strongly recommends submitting documents to support the allegations. It may refrain from follow-up measures if a report contains unsubstantiated allegations and/or the ECB cannot gather further information because the report was submitted anonymously.
All reports are handled confidentially in compliance with the EU data protection framework. The ECB protects personal data and ensures appropriate protection for both the persons who report breaches and for the accused persons.