Article 32 — Reporting of infringements
- Member States shall ensure that competent authorities establish effective mechanisms to enable reporting of actual or potential infringements of this Regulation to competent authorities.
- The mechanisms referred to in paragraph 1 shall include at least:
- specific procedures for the receipt of reports of infringements and their follow-up, including the establishment of secure communication channels for such reports;
- within their employment, appropriate protection for persons working under a contract of employment, who report infringements or are accused of infringements, against retaliation, discrimination or other types of unfair treatment at a minimum; and
- protection of personal data both of the person who reports the infringement and the natural person who allegedly committed the infringement, including protection in relation to preserving the confidentiality of their identity, at all stages of the procedure without prejudice to disclosure of information being required by national law in the context of investigations or subsequent judicial proceedings.
- Member States shall require employers who carry out activities that are regulated by financial services regulation to have in place appropriate internal procedures for their employees to report infringements of this Regulation.
- Member States may provide for financial incentives to persons who offer relevant information about potential infringements of this Regulation to be granted in accordance with national law where such persons do not have other pre-existing legal or contractual duties to report such information, and provided that the information is new, and that it results in the imposition of an administrative or criminal sanction, or the taking of another administrative measure, for an infringement of this Regulation.
- The Commission shall adopt implementing acts to specify the procedures referred to in paragraph 1, including the arrangements for reporting and for following-up reports, and measures for the protection of persons working under a contract of employment and measures for the protection of personal data. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 36(2).