The present Policy sets the principles and framework through which the Cryptoro OU's and its subsidiaries and branches (hereinafter “the Group”) receive, assess and investigate anonymous and non-anonymous reports on serious irregularities, omissions or offenses that came to the attention of its staff, customers, partners and other stakeholders.
A major commitment of the Group is to maintain the highest level of ethical and professional behavior, having zero tolerance towards illegal and irregular acts affecting its reputation and credibility.
Whistleblowing policies are generally intended to make it easier for members of staff to be able to report irregularities in good faith, without having to fear that their action may have adverse consequences. Protecting the integrity and reputation of the Group requires the active support of all members of the staff, former employees, candidates, customers, stakeholders and parties with whom the Group has a business relationship (contractors, subcontractors, collaborators etc.).
This Policy applies to everyone working for or on behalf of any of the legal entities within the Cryptoro OU group. The Policy also applies to all employees (all Cryptoro OU directors, officers, agents, staff, temporary workers, interns, consultants, contractors or any other person who is employed by Cryptoro OU or otherwise works for Cryptoro OU or its subsidiaries, regardless of the duration of their employment contract or other type of relationship) as well as former employees, candidates, third parties with whom the Group has a business relationship. This Policy applies everywhere, for all locations, roles and seniority levels.
Disclosures shall be carried out on condition of faithful and reasonable belief that an offense or misdeed has been or may be committed.
The Whistleblowing Policy applies to concerns about suspected or actual criminal conduct, unethical conduct or other misconduct including a (suspected) breach of (EU) law by or within the Group, including but not limited to:
• Accounting, internal accounting controls or auditing matters;
• Money laundering or terrorist financing;
• Insider dealing;
• Breach of client confidentiality or privacy;
• Bribery or corruption; and
• Undesirable behaviors.
1.3. Local regulations
In jurisdictions where (local) laws or regulations set stricter rules than those set out in the Whistleblowing Policy, the stricter rules prevail.
2. Policy principles and rules
2.1. Key principles
The Whistleblowing Policy of Cryptoro OU is structured around the following key principles:
- safeguarding of confidentiality;
- non-retaliation principle;
- anonymous reporting;
- reporting in good faith;
- and protection of accused persons.
2.1.1. Safeguarding of confidentiality
The recipient of the whistleblowing report and all others involved in the whistleblowing process treat the information confidentially and with utmost care.
The data is saved digitally and/or physically and is only accessible to the officers directly involved in the reporting and investigation process on a ‘need to know’ basis. The identity of the reporting person and other details of the report are treated confidentially and are protected through all stages of the investigation process.
The identity of the reporting person who has filed a whistleblowing report is not revealed without first obtaining the person’s explicit consent, unless its disclosure is required by a court order in the context of subsequent judicial proceedings.
2.1.2 Non-retaliation principle
The protection of the employee is of utmost importance to the Group. Members of the staff who have filed a report under the Whistleblowing Policy ‘in good faith’ are appropriately protected from any negative impact, e.g. retaliation, discrimination or other types of unfair treatment.
Retaliation includes any adverse action taken against a reporting person, such as but not limited to demotion, discipline, firing, salary reduction or job or shift reassignment. The non-retaliation principle does not entail that a whistleblower who has breached internal policies or laws cannot be confronted with consequences. Self-reporting can be a ground to reduce potential sanctions.
It is important to note however that the focus is not on punishment, but rather on the question whether irregularities did take place, the (possible) consequences and how to prevent future irregularities from happening. Appropriate measures are taken against anyone under control of the Group who (attempts to) victimizes an employee who has reported an irregularity. Appropriate measures can be disciplinary action, civil action or criminal prosecution.
If you believe that you have suffered adverse consequences as a result of having made a report under the Group Whistleblowing Policy, then you must report it to the Chief Executive Officer (CEO), who will arrange for an independent investigation into the matter.
2.1.3 Anonymous reporting
Following the Group's strong commitment to protect the identity of those who made reports in good faith and the Group’s non-retaliation principle, as described above, a strong framework is in place to protect employees who file a report under this Policy. As anonymous reporting can seriously hinder the possibility to investigate the claim, the Group encourages reporting persons to disclose their identity when reporting a concern or to at least provide contact details to facilitate any follow-up.
Anonymous reporting is nevertheless a possibility under the Group Whistleblowing Policy, as the Group would rather receive anonymous reports than not having the concern reported at all.
While there is the possibility to raise concerns anonymously there are some drawbacks as well. The ability to investigate, ask follow up questions or to provide feedback will be reduced if the individual cannot be contacted. It will also be more difficult to ensure the individual is protected if their identity is not known.
2.1.4 Reporting in good faith
This Policy protects whistleblowers who report in good faith.
A report is considered to be made in good faith if the individual had reasonable grounds to believe the information was true at the time of the reporting. If it later turns out the information was not true but the report was made in good faith, the whistleblower is still protected from retaliation.
Those who deliberately and knowingly report wrong or misleading information do not benefit from protection, which serves as a safeguard against malicious or abusive reports. Making malicious or false claims is incompatible with the Group’s core values, and deliberate misuse of the Group’s whistleblowing channel may result in disciplinary action.
2.1.5 Protection of accused persons
The protection of the employee is of utmost importance to the Group. In case a natural person is allegedly responsible for the irregularity, their employment rights and right to privacy will need to be carefully considered.
The person who is the subject of an investigation will be informed about the cause of the investigation, if appropriate given the circumstances. When the investigation finds no evidence that justifies taking measures against the person who has been reported, that person should be protected from any negative effects. The same protection should apply for persons who are subjected to reports made in bad faith. If evidence is found and measures are taken, the person concerned should be protected from unintended negative effects that go beyond the objective of the measure taken.
2.2. Filing a whistleblowing report
A whistleblowing report can be filed via the designated secure whistleblowing internal channels described below:
• Whistleblowing form;
• Phone +48 789765098
• Post mail to the Compliance Department: Ul. Hoza 86 / 210, 00-682 Warszawa, Poland;
• Email firstname.lastname@example.org
All the above-mentioned channels operate exclusively as a dedicated line for disclosures and are available 24 hours a day/7 days a week (exception – phone line that is available on the working days during 9.00-17.00).
Employees are under no obligation to use the phone channel or Whistleblowing form to raise their concerns regarding alleged irregularities, but using the designated whistleblowing channels guarantees that the report is submitted directly and without delay for assessing the reported irregularity.
Alternatively, if, for any reason, an employee should feel uncomfortable using any of the designated channels, they can file a report with their manager, their manager’s manager, the HR Department, the Compliance Officer, or a senior representative of the employee's choice. Concerns can be reported in writing or by telephone, where employees are expected to specify that they are filing a report under this Policy.
If a (potential or suspected) abuse or irregularity is reported to a line manager or senior officer (or any of the other alternative channels indicated above), the recipient is required to contact the Reporting Officer without delay for further guidance.
If the employee feels uncomfortable using the designated Whistleblowing Channels because of possible conflict of interest, the report can be filed with their manager, their manager’s manager, the HR Department, the Compliance Officer, or a senior representative of the employee's choice. In these cases, the employee is expected not only to specify that the report is filed under this Policy, but also that a conflict of interests is anticipated.
Prior to lodging a report, employees also have the opportunity to ask for advice and discuss their concern confidentially with the Reporting Officer.
The Group Whistleblowing channels are also open to third parties. Third parties include customers, suppliers, agents, etc. This Policy is not designed for customers who wish to file a complaint. These customers are kindly requested to follow the complaints procedure.
The key principles of Cryptoro OU’s Whistleblowing Policy are also applicable to third parties making use of the policy.
The reporting person is encouraged to use the internal reporting channels mentioned above before addressing the external reporting channels. By exception, when a crime takes place, addressing the external reporting channel should be chosen before/or at the same time when reporting through the internal reporting channel. The external reporting channels consists of relevant competent authorities able to receive, give feedback and follow up on reports. For example, in Lithuania, the external reporting channel is the Prosecutor’s Office of the Republic of Lithuania.
3. Final provisions
Under the responsibility of the Compliance Department, the Whistleblowing Policy shall be communicated to Employees and posted on the Konto.com website in a separate, easily identifiable and accessible section. The Compliance Department is responsible for the evaluation and annual review of the Policy and, if deemed necessary, proposes amendments in order to recognize changes of the respective regulatory framework and continually improve operational efficiency and effectiveness.