Report a breach
The ECB encourages people to report a suspected breach of relevant Union law directly to the ECB through its breach reporting mechanism (BRM).
What kind of breaches can be reported?
The BRM has been set up to deal with breaches of relevant Union law by:
- supervised entities
- competent authorities
It does not deal with breaches relating to consumer protection or the implementation of anti-money laundering rules.
The relevant Union law for the purposes of the BRM comprises the material rules relating to the prudential supervision of credit institutions that the ECB applies when carrying out the tasks conferred on it by the Single Supervisory Mechanism (SSM) Regulation. These rules are composed of directly applicable regulations such as the Capital Requirements Regulation (CRR). When directives are considered relevant Union law, the national implementations of these directives are also considered to be relevant Union law, e.g. national implementations of the Capital Requirements Directive IV (CRD IV). Furthermore, where directly applicable regulations grant options to Member States, the national legislation exercising those options is considered to be relevant Union law. ECB regulations, such as the SSM Framework Regulation and ECB decisions, are also considered to be relevant Union law.
Who should a breach be reported to?
- …if a supervised entity established in a participating country breaches micro- or macro-prudential regulations laid down in relevant Union law.
- …if a competent authority, e.g. a national competent authority or the ECB itself, breaches relevant Union law.
Misusing the BRM may constitute a criminal offence. To protect the reputation and rights of all parties involved, the ECB may therefore seek the initiation of criminal proceedings at the national level if a report was not submitted in good faith.
- ...if the breach relates to consumer protection or the implementation of anti-money laundering rules by supervised entities. The ECB is not competent to investigate these breaches and does not provide any legal advice on these matters.
How to report a breach
All reports must be submitted in good faith and with reasonable grounds.
- Information may be provided in any of the official EU languages.
- Although anonymous reports are accepted, providing contact details allows the ECB to clarify aspects of the submission or request further information if necessary.
- Information provided should be as accurate and complete as possible.
The ECB strongly recommends submitting documents to support the allegations. It may refrain from follow-up measures if a report contains unsubstantiated allegations and/or the ECB cannot gather further information because the report was submitted anonymously.
- Submit supporting documents to postal address provided on completion of the form.
- State the reference code given when filling in the online form.
All reports are handled confidentially in compliance with the EU data protection framework. The ECB protects personal data and ensures appropriate protection for both the persons who report breaches and for the accused persons.