What is whistleblowing?
Do you suspect that a supervised entity, a national banking supervisor or the European Central Bank itself has breached or is breaching European Union law relating to the prudential supervision of credit institutions? If so, you can report this breach to the relevant authority. This is referred to as whistleblowing – or breach reporting.
You can report breaches via our secure whistleblowing platform.
Before you do so, please make sure that you know what kind of information you can submit and how the platform works, as outlined below. Please also read the Privacy statement and Important legal information.
When should I contact the ECB via the whistleblowing platform?
Contact us via the whistleblowing platform if you suspect a breach of EU law relating to the prudential supervision of credit institutions by either:
- a supervised bank
List of supervised entities
- a national banking supervisor (also known as a national competent authority or NCA) or the ECB itself
List of national supervisors
When should I contact a national supervisor?
Contact the relevant NCA if:
- an entity suspected of a breach is directly supervised by their national supervisor and not by the ECB
- the breach has been committed by any other entity not supervised by the ECB in the context of European banking supervision, such as an insurance undertaking
Can I use the whistleblowing platform to report breaches relating to consumer protection or the implementation of anti-money laundering rules?
No, as these areas fall exclusively within the remits of national authorities or the European Banking Authority. Please use the links below to find out what steps to take.
- National authorities in charge of consumer protection
- European Banking Authority - Consumer corner
European Banking Authority – Anti-Money Laundering and Countering the Financing of Terrorism
What do you mean by “EU law relating to the prudential supervision of credit institutions”?
Within the context of European banking supervision, the relevant EU law comprises the rules relating to the prudential supervision of banks. The purpose of the rules is to ensure that both banks and the financial system as a whole are safe and sound, and the ECB applies them when carrying out the tasks conferred on it by the Single Supervisory Mechanism (SSM Regulation).
These rules include:
- directly applicable regulations such as the Capital Requirements Regulation (CRR), which includes requirements in the areas of own funds, capital requirements, large exposure limits, liquidity, leverage and reporting, as well as public disclosure of information on those areas
- national implementations of directives such as the Capital Requirements Directive (CRD), which includes requirements in the area of governance, including fit and proper criteria, risk management, internal controls, and remuneration policies and practices
- ECB regulations, such as the SSM Framework Regulation and ECB decisions about banking supervision
How do I report a breach?
You should report a breach through the whistleblowing platform. All reports must be submitted in good faith and with reasonable grounds. The ECB recommends that you submit documents to support your allegations, and we may refrain from taking follow-up action if a report contains unsubstantiated allegations.Report a breach via the whistleblowing platform
Step 1: Fill in the online form
- Information may be provided in any of the official EU languages
- Anonymous reports are accepted
- Information provided should be as accurate and complete as possible
Step 2: Submit supporting documents (see below)
Information submitted to the whistleblowing platform is processed externally on behalf of the ECB by the secure third-party provider EQS Group AG. EQS Group does not have access to the content of submissions. For more information please read the full privacy statement.
How can I submit supporting documents?
Submit documents via the upload function on the whistleblowing platform by selecting the relevant file(s) and clicking the upload button when asked to do so.
When submitting information anonymously, please make sure you remove any information that could identify you – for example, file properties that may contain your name as the author of a document.
What file types can I upload?
The following file formats are accepted (up to a maximum size of 10 MB): PDF, Word, Excel, PowerPoint, GIF and JPEG.
How can I get an inbox on the whistleblowing platform?
This inbox is a secure communication channel provided to you after you have submitted information via the whistleblowing platform. Your inbox allows you to check the status of your report, and we will use the inbox to let you know if we require additional information. You will be provided with an inbox even when submitting information anonymously.
After submission, you will receive a unique breach report number and will have to create a password.
Important: It is not possible to restore access to your inbox if you forget your breach report number or password.
What happens after I report a breach?
An expert team assesses whether the reported breach is relevant to the ECB or to a national banking supervisor. If the team concludes that the report is relevant, it will be forwarded to the appropriate area within the ECB or national banking supervisor. The information included in whistleblowing reports may also need to be communicated to other relevant authorities if deemed appropriate or required by law.
A relevant report may lead to supervisory action – for example, information requests, on-site inspections, supervisory measures or sanction procedures.
Due to professional secrecy rules, we are not allowed to communicate the outcome of a report to the informant. However, each year, an aggregated and anonymised summary of reported breaches and the consequent actions taken is published as part of the ECB’s annual report on supervisory activities.
All reports are treated confidentially in compliance with the EU data protection framework. We protect personal data and ensure appropriate protection for both the reporting party (the whistleblower) and the accused party.Privacy statement