Whistleblowing Policy and System

Article 1
Object

The object of this Whistleblowing Policy and System is to establish, pursuant to and by virtue of the provisions in Article 8 (1) of Law no. 93/2021, of 20 December, which approved the general rules on the protection of persons reporting breaches, in conjunction with that set out in Part II.A. 1 (x) of the Annex to Directive (EU) 2019/1937 of the European Parliament and of the Council, of 23 October 2019, on the protection of persons who report breaches of Union law (the Whistleblower Directive), the principles, rules and procedures that must be followed when reporting breaches that are directly or indirectly related to the insurance distribution activity performed by Corbroker – Corretores de Seguros, S.A. (hereinafter Corbroker), whether those breaches are reported by Corbroker’s employees, its clients, policyholders, insured persons, beneficiaries or injured third parties, or by any person who demonstrates a legitimate interest in such reporting.

Article 2
Articulation with the applicable legislation

The provisions of this Whistleblowing Policy and System do not affect the whistleblower protection rules provided for in the sector-specific acts of the European Union referred to in Part II of the annex to Directive (EU) 2019/1937 of the European Parliament and of the Council, or in legislative acts that execute, transpose or enforce those acts, in particular in Directive (EU) 2016/97 of the European Parliament and of the Council, of 20 January 2016, on insurance distribution, and the legal framework for the distribution of insurance (RJDS) approved in annex to Law no. 7/2019, of 16 January, especially regarding the public disclosure of the breach or the external reporting channel provided by the Insurance and Pension Funds Supervisory Authority (ASF), under Article 72 of Regulatory Standard no. 13/2020-R, of 30 December, in articulation with Article 71 of the RJDS, via the email address denuncias@asf.com.pt,, where any person may report a situation if they become aware of facts, evidence or information relating to breaches of legislation applicable to the supervised activity.

Article 3
Object and content of the reporting

Any reporting via the internal channel provided by Corbroker may relate to breaches that have already taken place, that are currently taking place or that can reasonably be expected to take place, as well as attempts to conceal those breaches.

Article 4
Reporting Person (Whistleblower)

1.     A whistleblower is any natural person who uses the internal channel provided by Corbroker to report a breach based on information acquired in the context of his/her work-related activities, irrespective of the nature of those activities and of the sector in which they are performed, provided that they are directly or indirectly related with Corbroker’s activity.

 

2.   For the purposes of the previous paragraph, the following persons, in particular, may be considered whistleblowers:

a)    Persons working in the private, social or public sector;

b)   Service providers, contractors, subcontractors and suppliers, and any persons working under their supervision and direction;

c)    Shareholders and persons belonging to the administrative, management or supervisory body of an undertaking, including non-executive members;

d)   Volunteers and paid or unpaid trainees.

 

3.   A natural person may be considered a whistleblower even if he/she reports a breach based on information acquired in a work-based relationship which has since ended, or during a recruitment process or at any other stage of pre-contractual negotiations for a work-based relationship whether this has begun or is yet to begin.

Article 5
Features of the internal whistleblowing channel

  1.     The internal whistleblowing channel provided by Corbroker enables reports to be submitted and followed up in a secure manner, in order to ensure the completeness, integrity and storage of the reporting, and maintain the identity of the whistleblower confidential or preserve their anonymity, in addition to also maintaining the confidentiality of the identity of third parties mentioned in the reporting and preventing access by non-authorised persons.

     

    2.     For the purposes of receiving and following up on reports, the internal whistleblowing channel provided by Corbroker is operated internally by the Whistleblowing Officer (WO).

     

    3.     For the situations identified in the previous paragraph, Corbroker guarantees independence, impartiality, confidentiality, data protection, secrecy and absence of conflicts of interest in the performance of functions.

     

    4. The WO is responsible for:

    a)    Providing any interested person with information on the procedures for reporting, guaranteeing the confidentiality of any advice given and the identity of the persons involved;

    b)   Receiving and following up on reports;

    c)    Providing the whistleblower with reasoned information on measures that are planned or that have been adopted to follow up on the reporting, and requesting further information where necessary.

Article 6
Method and admissibility of internal reporting

 

1.      The internal whistleblowing channel provided by Corbroker only accepts reports that are submitted in writing, either anonymously or with the inclusion of the whistleblower’s identity.

 

 

2.   If a whistleblower expresses an interest in submitting a report orally, they should be informed and advised to submit it in writing, using the channel identified in Article 11, at the risk of the internal reporting otherwise not being received or followed up.

Article 7
Follow up of internal reporting

  1. Corbroker, via the WO, will notify the whistleblower within 7 days (provided the whistleblower has indicated how they can be contacted) that their report has been received and will inform them, in a clear and accessible manner, of the requirements, competent authorities and method and admissibility of external reporting.

 

  1. Once the report has been submitted, Corbroker, via the WO, will take the necessary internal steps to confirm the allegations contained in it and, where appropriate, to bring the reported breach to an end, including commencing an internal investigation or informing the competent authority to investigate the breach.

 

  1. Corbroker will notify the whistleblower (provided the whistleblower has indicated how they can be contacted) of the measures that are planned or that have been adopted to follow up on the report together with the grounds for these, within three months of the report being received.

 

  1. The whistleblower may, at any time, request that Corbroker notify them (provided they have indicated how they can be contacted) of the outcome of the analysis of the report, within 15 days of its completion.

Article 8
Admissibility of external reporting

The whistleblower may only use external reporting channels when:

  1. They have reasonable grounds to believe that the breach cannot be effectively discovered or resolved internally by Corbroker or that there is a risk of retaliation;
  2. They have first submitted an internal report to Corbroker and no information has been provided regarding the measures planned or adopted following that report, within the three months following its receipt; or
  3. The breach constitutes a crime or administrative offence punishable with a fine of over € 50,000.

Article 9
Competent authorities and method of external reporting

1.    External reporting is to the authorities which, in accordance with their powers and duties, should or may consider the subject matter in the report, including:

a)    The Public Prosecution Service;

b)   The criminal police authorities;

c)    Bank of Portugal;

d)   Independent administrative authorities, including ASF;

e)    Public institutes;

f)     General inspectorates and similar bodies and other State central administration services with administrative autonomy;

g)   Local authorities; and

h)   Public associations.

 

1.      When a report is submitted to an authority that does not have competence to address it, it is forwarded to the competent authority, with a requirement that the whistleblower is informed of this. In this case, the receipt date of the report is deemed to be the date on which the competent authority received it.

 

2.     Where there is no competent authority to consider the report or where the report relates to a competent authority, it should be sent to the National Anti-Corruption Mechanism and, when the latter is the authority to which it relates, to the Public Prosecution Service, which will follow it up, namely by commencing an investigation whenever the facts described in the report constitute a crime.

 

3.     If the breach relates to a crime or administrative offence, external reports may always be submitted via the Public Prosecution Service’s external reporting channels or those of the criminal police authorities, in relation to a crime, and those of the competent administrative authorities – which includes the ASF – or the police and inspection authorities, in relation to an administrative offence.

 

4.    External reporting channels accept reports that are submitted in writing or orally, either anonymously or with the inclusion of the whistleblower’s identity.

 

5.     External reporting channels accept oral reports by telephone or through other voice messaging systems, and, at the request of the whistleblower, by means of a physical meeting.

 

6.    Reports are filed, without any follow up, when the competent authorities consider, and notify the whistleblower of such fact with the reasons for this, that:

a)    The reported breach is minor in terms of severity, insignificant or clearly irrelevant;

b)   The report is repetitive and does not contain any new legal or factual circumstances that justify a different follow-up to that given to a previous report; or

 

c)    The report is anonymous and no evidence of a breach can be drawn from it.

Article 10
Confidentiality

 

1.      The identity of whistleblowers, and of any person or persons mentioned in the report as having committed the breach or as being associated with it, and any information from which their identity may be directly or indirectly deduced, is confidential and access to it is restricted to the persons responsible for receiving or following up on reports.

 

2.     The duty of confidentiality mentioned in the previous paragraph also extends to persons who have received information on reports, even if they are not responsible for or do not have competence to receive or handle these.

 

3.     The whistleblower’s identity is only revealed as a result of a legal obligation or a court decision.

 

 

4.    Without prejudice to the provisions in the applicable legislation, the whistleblower will be sent written notice prior to the disclosure of any information (provided the whistleblower has indicated how they can be contacted), and this notice will indicate the reasons for the disclosure of the confidential information in question, unless providing that information jeopardises the related investigations or judicial proceedings.

 

Article 11
Contact information for submitting internal reports of breaches

Corbroker provides whistleblowers with the following means for reporting breaches:

a)    By letter to:

Corbroker – Corretores de Seguros, S.A.

Responsável pelo Tratamento de Denúncias (RTD)

Av 5 de Outubro, 17 – 2º

1050-047 Lisboa

 

b)   By e-mail to: denuncias@corbroker.pt

 

Article 12
Protection of the person concerned

The rules set out in this Whistleblowing Policy and System do not interfere with any rights or procedural guarantees granted, under the terms of the law, to persons who are mentioned in the report as having committed the breach or as being associated with it, namely the presumption of innocence and the guarantees of defence in criminal proceedings.

Article 13
Storage of reports

Corbroker keeps a record of reports received and stores them for at least five years and, irrespective of that time period, while any judicial or administrative proceedings are pending in relation to the report.

 

Article 14
No retaliation

 

1.      Corbroker is prohibited from engaging in any acts of retaliation against the whistleblower.

 

2.     An act of retaliation is deemed to be an act or omission that occurs in a work-related context and is prompted by internal reporting and that unjustifiably causes or may cause the whistleblower to suffer material or non-material harm.

 

3.     Threats of and attempted acts and omissions mentioned in the previous paragraph are also  deemed to be acts of retaliation.

 

4.    Persons engaging in acts of retaliation must compensate the whistleblower for the harm caused.  

 

5.     Irrespective of any potential civil liability, the whistleblower may request any measures appropriate to the circumstances of the case, with the aim of preventing the harm from occurring or increasing.

 

6.    The provisions in the previous paragraph are equally applicable to:

 

a)    Any natural person who assists the whistleblower in the reporting process and whose assistance must be confidential;

b)   Any third party who is connected to the whistleblower, namely any work colleague or family member, and who may be the target of retaliation in a work-related context; and

 

c)    Legal persons or equivalent undertakings that are held or controlled by the whistleblower, or that the whistleblower works for or is otherwise connected with in a work-related context.

 

Article 15
Anti-fraud policy

Corbroker complies with the policies on the prevention, detection and reporting of insurance fraud implemented by the insurance companies that it works with, and, on request, it provides its clients, policyholders, insured persons, beneficiaries or injured third parties with general information on this subject that it considers relevant.

 

Article 16
Personal data processing

1.      Processing of the personal data of whistleblowers, with or without the use of computerised means, is performed in strict compliance not only with the Privacy and Personal Data Protection Policy adopted by Corbroker, but also with the applicable legal rules, in particular with that established in Regulation (EU) no. 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data [General Data Protection Regulation (GDPR)],  in Law no. 58/2019, of 8 August, which executes the GDPR in the Portuguese legal system, in Law no. 59/2019, of 8 August, which approves the rules on the processing of personal data for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the technical and organisational security rules appropriate to the risk that the data processing presents and represents.

 

 

2.     Personal data which is clearly irrelevant for the handling of the report is not stored, and is immediately erased.

 

Article 17
Dissemination of the whistleblower policy

In addition to approving, implementing and conducting appropriate monitoring of this Whistleblowing Policy and System and ensuring it is reflected in relevant documents that are inherent to the exercise of insurance distribution, Corbroker also ensures the necessary dissemination and explanation of the rules contained in the Policy, and in particular the contact details for submitting reports and the related form, as per the attached draft, in order to ensure that all persons are fully aware of and comply with it. The Policy is permanently available at www.corbroker.pt.

 

ANNEX REPORTING FORM

Name (optional)

 

Identification document number (optional)

 

Address (optional)

 

Mobile number (optional)

 

e-mail (1)

 

Subject

 

Business area (2)

 

Objective description of the facts (3)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Place (optional)

 

Date

 

Signature (optional)

 

In submitting this form, I acknowledge that Corbroker, as the Person Responsible for Handling the Report, will use my personal data in accordance with the options expressed in the report and in the terms of its Privacy and Personal Data Protection Policy.

 

 

NOTES:

  • However, if you wish to be able to follow the report, you should indicate at least one means of contacting you, namely an e-mail address.
  • Indicate the business area of the act you wish to report:
    1. Public procurement;
    2. Financial services, products and markets, and prevention of money laundering and terrorist financing;
    3. Insurance and insurance distribution;
    4. Product safety and compliance;
    5. Transport safety;
    6. Protection of the environment;
    7. Radiation protection and nuclear safety;
    8. Food and feed safety, animal health and welfare;
    9. Public health;
    10. Consumer protection;
    11. Protection of privacy and personal data, and security of network and information systems;
    12. Act or omission which is contrary and detrimental to the financial interests of the European Union;
    13. Act or omission contrary to the internal market rules, including competition and State aid rules, as well as corporate tax rules;
    14. Violent crime, especially violent and highly organised crime, as well as organised crime and economic and financial crime;
    15.  
  • Description of the facts that prompted the report, identifying the persons involved and the date the facts took place.