FSTechnology S.p.A.adopts a process to receive, analyse and manage whistleblower reports (including anonymous reports) relating to the Company sent by Third Parties or by FS Italiane Group Personnel.

The process complies with the regulatory changes introduced by Legislative Decree No. 24 of 10 March 2023 implementing Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of whistleblowers who report breaches of European Union law and on provisions for the protection of whistleblowers who report breaches of national laws (so-called “Whistleblowing Decree”).

The procedure for managing reports forms an integral part of FSTechnology S.p.A., Management and Control Model pursuant to Legislative Decree No. 231/2001.

FSTechnology S.p.A. implements a dedicated IT platform, which is the preferred channel for the sending of whistleblower reports.

Who can submit a report?

The following people can submit a report:

  • employees, self-employed workers, contractors, volunteers and trainees, including non-paid people, who work for  FSTechnology S.p.A.
  • workers or collaborators, who work for organisations providing goods or services or that carry out works for third parties; freelancers and consultants working for  FSTechnology S.p.A.;  FSTechnology's shareholders and individuals with administrative, management, control, supervisory or representative roles.

These people report on breaches of which they have become aware as part of their job.

Reports may be submitted:

  • when the legal relationship has not yet begun, if information on breaches was acquired during the recruitment process or at other pre-contractual stages;
  • during the probationary period;
  • after the termination of the legal relationship if the information on breaches was acquired during the relationship.

 FSTechnology S.p.A. encourages that the Whistleblower's identity be disclosed in the report, for which confidentiality is guaranteed in compliance with the legislation in force, so that the reported facts can be verified more easily and the Whistleblower can be informed of the results of the investigations carried out. However, reports may be made anonymously.

What to report

Information on breaches involving facts (of any nature whatsoever, even if merely omissive), attributable to FS Italiane Group Employees or Third Parties, which may constitute:

  • breaches of the  FSTechnology S.p.A. Model 231 and procedures for its implementation and/or of the Anti-Corruption Policy and the  FSTechnology S.p.A. Anti-Bribery&Corruption management system (hereinafter "ABC system") and/or of the Code of Ethics and/or of the company's internal regulations and/or in any case likely to cause damage or harm, even only in terms of image or reputation, to the FS Group;
  • administrative, accounting, civil or criminal offences;
  • unlawful conduct pursuant to Legislative Decree No. 231 of 8 June 2001;
  • offences under the scope of European Union and national provisions implementing them;
  • acts or omissions detrimental to the financial interests of the European Union;
  • acts or omissions concerning the internal market (e.g. competition and state aid violations);
  • acts or conduct that undermine the object or purpose of the European Union provisions.

The reports must concern facts of which the Whistleblower has direct knowledge, with the Whistleblower having well-founded reasons to believe that the information reported is true at the time of the report.

Reports must be made promptly upon becoming aware of the facts in question in order to ensure that verification is fully possible. 

The following do not constitute so-called whistleblowing reports: disputes, claims or requests relating to a personal interest of the whistleblower that relate exclusively to his/her individual employment relationship, or relating to his/her relationship with hierarchically superior people; reports or complaints concerning commercial activities or services to the public.

Internal Reporting Channels

Reports may be sent through: i) the IT platform accessible from the FS SpA website and the corporate intranet; ii) e-mail to the dedicated e-mail addresses; iii) ordinary mail to the corporate bodies responsible for handling the report; iv) verbally, through a statement issued by the whistleblower at a special hearing. A dedicated telephone line/voice messaging system is being implemented.

The IT platform is the preferred tool for sending and managing reports, as it is best suited to protecting, through IT methods, the confidentiality of the whistleblower's identity while ensuring adequate information security measures.

The platform can be used to:

  • send a report;
  • modify or update a submitted report;
  • determine the status of a submitted report;
  • receive a follow-up on the report.

On this platform it is possible to implement the following measures:

  1. separate the identifying data of the Whistleblower from that contained in the report, providing for the adoption of replacement codes for the identifying data, so that the report can be processed anonymously;
  2. keep the content of the report confidential during the entire management phase, allowing access only to authorised parties;
  3. adopt secure protocols for transporting data on the network as well as the utilisation of cryptographic tools on that contained in the report and any attached documentation;

interact with the whistleblower, ensuring his or her anonymity.

External reporting and public disclosure

Legislative Decree No. 24/2023 provides for the possibility of making external reports to the National Anti-Corruption Authority (ANAC) and public disclosures of violations in the cases expressly provided for in the regulation. External reporting to the ANAC is permitted only in the following cases:

  • if the internal reporting channel is not active or if it does not comply with legal requirements;
  • if the Whistleblower has already made an internal report that has not been followed up;
  • in cases where the Whistleblower has reasonable grounds to believe that, if he/she were to make an internal report, the report would not be effectively followed up, or that the report might lead to retaliation;
  • in cases where the Whistleblower has reasonable grounds to believe that the breach may constitute a clear or immediate danger to the public interest.

In compliance with the provisions of the law, FSTechnology S.p.A. guarantees the confidentiality of the Whistleblower’s identity as soon as the report is received and prohibits (and penalises to the extent permitted by its powers and authority) any direct or indirect form of retaliation or discrimination against the Whistleblower as a result of a report, including omissive conduct, also attempted or threatened, or directed at third parties associated with the Whistleblower, such as relatives, colleagues, legal entities owned by or working for the Whistleblowers, who are operating with the FS Italiane Group.

To ensure that there will be no retaliation against the Whistleblower even after the report has been made, FSTechnology S.p.A. employees are monitored for a period of two years from the date of the report.

Individuals who are involved in any capacity in the management of reports are required, within the limits provided for by law, to maintain confidentiality as to the existence and content of the report received and the activity carried out in this regard, and to protect the confidentiality of the Whistleblower's identity in accordance with the provisions of the applicable legislation.

The Whistleblower is informed that the report has been received within 7 days from the date of receipt. The Whistleblower is also informed of the results of the investigation into the matter.

FSTechnology S.p.A protects the rights of the Involved Persons, first and foremost by ensuring, to ensure appropriate confidentiality, that any disclosure of their identity strictly follows the “need to know” criterion (principle whereby a person is authorised to access certain information only if necessary - and within the limits of what is necessary - for the performance of the activities for which he/she is responsible according to his/her company's assigned tasks).

The Involved Person is informed of the existence and content of the report and receives a copy of the same, excluding any reference to the Whistleblower's identity, which may not in any event be disclosed to the Involved Person, except in the cases expressly provided for by law.

The Involved Person has the right to be informed of the outcome of the investigation. After due assessment, information to the Involved Person may be delayed or not provided completely or only partially if it intervention by the public authorities is deemed necessary, or if it is reasonable to believe that, by providing the information, the confidentiality of the Whistleblower's identity, which is protected by law, may be at risk.

Reports are addressed to the FSTechnology S.p.A. Ethics and Reporting Committee and/or to the Supervisory Board.

The Supervisory Board handles the reports of violations or attempted violations of FSTechnology S.p.A.’s Model 231 and/or of the implementing procedures or violations of the Code of Ethics that have or may have consequences pursuant to Legislative Decree No. 231/2001.

The investigation activities, designed to ascertain whether or not the facts reported are well-founded, are carried out by the FSTechnology S.p.A. Internal Audit structure.

As part of the reporting management process, personal data is processed in compliance with current legislation on the matter (EU Regulation 679/2016 and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018). Information on the processing of personal data can be found below.

Do you have a report you would like to send to FSTechnology S.p.A.? Here is a short guide with instructions on how to make a report and a list of reporting channels.

If you are a FSTechnology S.p.A. employee, please also consult the appropriate procedure available on the company intranet.