Whistleblowing reflects our mission and vision, built upon the value that we grant our people, upon integrity, honesty, and transparency, rather than the maximum standards of excellence inspiring us, both towards our own company and towards our clients.

The regime on whistleblowing included in this notice is applicable to BFF Bank S.p.A., its branches and subsidiaries entities that have formally adopted it, is inspired by Directive (EU) 2019/1937, foreseeing a channel for whistleblowing reporting concerning breaches of Union law, threats or violations of public interest, laws, regulations, and internal policies, rather than our own Ethical Code.

The Bank guarantees confidentiality and protection of personal data of the whistleblower as well as of any reported subject(s), provides for a Director Responsible for the Internal Whistleblowing System, nominated by the Bank’s Board of Directors and coinciding with the Head of Internal Audit of BFF Bank S.p.A. Furthermore, the Bank guarantees protection against a series of retaliatory, discriminatory and unfair conduct resulting from aforementioned reporting, in accordance with art. 17 of the Legislative Decree no. 24 of 10 March 2023.

In particular, the whistleblower, not necessarily coinciding with the affected person(s) according to the law in force, having always granted a confidential treatment and anonymity, if demanded, is to use a dedicated IT procedure “Whistleblowing submissions”, accessible through a link available on the company intranet. The procedure embeds an automatic data encryption on the database and assigns a unique ID number to the report. Alternatively, the whistleblower can fill a form (annex 1) and send it to the dedicated email address [email protected] or in an envelope addressed to Internal Audit Function BFF Bank S.p.A., Via Domenichino, 5 Milano 20149. The reports submitted through channels different from the IT procedure are loaded to it by the Director Responsible for the Internal Whistleblowing System, guaranteeing thus the same confidentiality in the process.

The Bank cooperates with relevant authorities if, as provided for by law, an external reporting becomes necessary. To that end and in order to guarantee a sufficient governance of the process, three different functions contribute to the proper functioning of the workflow described: Internal Audit, Compliance & AML, and Human Resources & Organizational Development. An annual report is produced, containing indication of the number and the outcome of the reports received and managed, available upon request to relevant authorities, whereas proper education on the matter is provided both in the onboarding phase as well as through specific courses dedicated to the Bank personnel.