- The information relating to reports on infringements, including the identity of the person accused of an infringement, falls under the rules governing professional secrecy. These rules mean that the Chairman and the members of the Management Committee, the members of the Supervisory Board, the member of the Sanctions Committee and the FSMA staff may not disclose the confidential information which they have received in the course of carrying out their tasks to any other persons or authorities, except in special cases that are specifically laid down by law[1]. The identity of the person accused of an infringement is protected for as long as the FSMA's investigation carried out in response to the report is ongoing.
- The FSMA guarantees the confidentiality of the reporting person, even where it transmits the report to another person or authority (such as the Public Prosecutor's Office or another financial supervisory authority) in one of the exceptional cases laid down by law. In the latter case, the FSMA will do everything it reasonably can to ensure that the transmission of the data to another person or authority does not reveal, directly or indirectly, the identity of the reporting person. A derogation from this obligation is possible only if the reporting person consents to the FSMA revealing his or her identity to another person or authority or if the FSMA is legally required to do so. Moreover, if the FSMA has a legal obligation to disclose the identity of the reporting person, it will inform this person before his or her identity is disclosed, unless providing such information would jeopardise the investigations or judicial proceedings in this matter. However, the foregoing does not apply when the FSMA transmits a report of an infringement for which it is not (solely) competent to the (other) competent authority. In these cases, in order for the (other) competent authority, which is also subject to confidentiality rules, to be able to handle the report usefully, the report is transmitted unchanged (see also: 'What procedures apply to reports?').
Unless the reporting person consents, the FSMA will refuse any request to consult, receive explanations or a copy of information held by the FSMA ('administrative documents') if doing so jeopardizes the protection of the reporting person's identity. - The data relating to the report of an infringement, including the identity of the person whom the report accuses of the infringement, is disclosed within the FSMA only to persons for whom access to that data is necessary to perform their professional duties. An even stricter confidentiality regime is laid down by the FSMA as regards the identity of the reporting person: in principle, only the dedicated staff members are given this information, and they do everything they reasonably can to ensure that if they transmit the report of an infringement to persons inside the FSMA, the transmission does not reveal, directly or indirectly, the identity of the reporting person. Only with the reporting person's consent can his or her identity be disclosed to the other persons within the FSMA for whom that is necessary to perform their professional duties. In such a case - that is, only where the reporting person consents - the identity of the reporting person will also be included in the dossier drawn up on the basis of the report of the infringement.
[1] Article 20, § 2 of the Law of 28 November 2022 on the protection of whistleblowers reporting infringements of European Union or national law identified within a legal entity in the private sector and Article 74, second paragraph, of the Law of 2 August 2002 on the supervision of the financial sector and on financial services.