Management of whistleblowing disclosures

Stretto di Messina SpA (SDM) has a process for receiving, assessing and dealing with disclosures (including those of an anonymous nature) regarding the Company from third parties or persons within the Company. The process complies with the most recent legislation introduced by Legislative Decree 24 of 10 March 2023, implementing Directive (EU) 2019/1937 of the European Parliament and Council of 23 October 2019, on the protection of persons who report breaches of Union law, and containing measures designed to protect persons who report breaches of Italian law (the “Whistleblowing Decree”).

The process for managing disclosures forms an integral part of SDM’s Organisational, Management and Control Model introduced in compliance with Legislative Decree 231/2001.

SDM has set up a specific IT platform for use by whistleblowers and to manage disclosures. This is the preferred channel for making disclosures.

If you want to make a disclosure to SDM, access the platform here.

WHO CAN MAKE A DISCLOSURE AND WHAT TO REPORT

WHSITLEBLOWING CHANNELS

PROTECTING THE WHISTLEBLOWER

PROTECTING THE PERSON INVOLVED

PROCESS

DATA PROTECTION

The following pay make a disclosure:

employees, self-employed workers, external contractors, volunteers and apprentices, including unpaid workers, who work for SDM;
workers or external contractors who work for organisations supplying goods or services or who perform works for third parties; freelance professionals and consultants who work for SDM; shareholders and persons within SDM with administrative, management, control, oversight or representative roles.

These persons may report breaches of which they have become aware in carrying out their work.

Disclosures may also be made:

when the legal relationship has yet to begin, if the information on the breaches has been acquired during the selection process or during another precontractual phase;
during a trial period;
after termination of the legal relationship if the information on the breaches was acquired during the relationship.

SDM is keen for disclosures to include the name of the Whistleblower, whose confidentiality is guaranteed in compliance with the legislation in force. This makes it easier to investigate the reported events and inform the Whistleblower of the outcome of the checks carried out. Anonymous disclosures are, however, also permitted.

WHAT TO REPORT

Information on breaches regarding events (of any nature, including mere omissions), relating to Persons with the Company or Third Parties, that may concern:

breaches of SDM’s 231 Model and of the related implementing procedures and/or of SDM’s additional Corruption Prevention Measures introduced pursuant to Legislative Decree 231 of 8 June 2001 (the “Additional Measures”) and/or of the Code of Ethics and/or the Company’s internal regulations and/or in any other situation that may harm the Company or may be prejudicial to its interests, including merely in terms of image or reputation;
administrative, accounting, civil or criminal offences;
significant illegal activity, as defined in Legislative Decree 231 of 8 June 2001;
illegal activity falling within the scope of application of EU legislation and the related implementing legislation in Italy;
deeds or omissions harmful to the financial interests of the European Union;
deeds or omissions regarding the internal market (for example: breaches of competition or state aid regulations);
deeds or conduct nullifying the aim or purpose of the provisions of EU legislation.

Disclosures must relate to events of which the Whistleblower has knowledge, where the Whistleblower has reasonable grounds for believing the reported information to be true at the time of the disclosure.

Disclosures must be made promptly when the Whistleblower becomes aware of the events so that it is possible to investigate the concerns raised.

The following do not constitute whistleblowing disclosures: objections, claims or requests linked to the personal interests of the Whistleblower and relating solely to their individual working relationship, or relating to their relationships with their superiors.

INTERNAL WHISTLEBLOWING CHANNELS

In compliance with the provisions of art. 4 of Legislative Decree 24/2023, the Company makes the following internal whistleblowing channels available. The channels are managed by the Corruption Prevention and Transparency Officer alone in compliance with art. 4, paragraph 5 of Legislative Decree 24/2023, Disclosures can be made in writing or verbally:

Whistleblowing platform
Verbally by leaving a voicemail on the above whistleblowing platform

The above channels are, pursuant to the related legislation, able to ensure access to encrypted forms of communication, and anonymisation of the voice in the event of use of the voicemail system, protecting the identity of the Whistleblower, the person involved and any person referred to in the disclosure, and safeguarding the content of the disclosure and the related documentation. Once the process of making a disclosure has been completed, the Platform provides a Unique Identifier Code that enables the whistleblower to check the status of the process and send and receive communications (including in anonymous form).

Through the platform it is possible:

make a disclosure;
modify or update a disclosure made;
consult the status of a disclosure made;
receive a response on the outcome of the disclosure.

The platform enables:

the Whistleblower’s details to be separated from the content of the disclosure, using codes in place of the identifying data, thereby ensuring that the disclosure is processed in anonymous form;
the confidentiality of the content of the disclosure to be maintained throughout the management process, restricting access to authorised persons alone;
the adoption of secure protocols for electronic transmission of the data and encryption of the content of the disclosure and any attached documentation;
interaction with the Whistleblower, ensuring their anonymity.

Where the Whistleblower is unable to use the Whistleblowing Platform, the following internal channels for disclosures have been made available:

ordinary mail: by sending a registered letter to the registered office at via Marsala 27 – 00135 Rome, indicating on the envelope “For the attention of Stretto di Messina SpA’s Corruption Prevention and Transparency Officer”;
email: to whistleblower@strettodimessina.it;
verbally through a statement to be made by the Whistleblower during a specifically arranged meeting with the Corruption Prevention and Transparency Officer, to be minuted and signed by the Whistleblower.
Disclosure Management Procedure of 26 November 2024 (strettodimessina.it)

As required by law, SDM ensures the Whistleblower’s confidentiality from the time the disclosure is received and prohibits (and punishes to the extent of its powers and authority) any direct or indirect form of retaliatory or discriminatory actions or behaviour towards the Whistleblower as a result of the disclosure, including omissions, whether attempted or threatened, and those directed at third parties connected with the Whistleblower, such as family members, colleagues, legal persons of which the Whistleblower is the owner or for which they work, and that operate within a work environment linked to the Company.

To ensure that there is no retaliatory action towards the Whistleblower, including some time after the disclosure is made, the work situations of any Whistleblowers among SDM’s employees are monitored for a period of two years from the date of the disclosure.

Persons for any reason involved in managing disclosures are required, within the limits provided for by law, to ensure that the existence and content of the disclosure received and any related actions remain confidential. The identity of the Whistleblower must also remain confidential as required by law.

The Whistleblower is provided with a proof of receipt of the disclosure within 7 days of the date of receipt. The Whistleblower is also informed of the outcome of any related investigations.

SDM protects the rights of Persons Involved, above all safeguarding their confidentiality by ensuring that any communication regarding their identity strictly complies with the “need to know” principle (meaning that a person is authorised to have access to certain information only if necessary – and to the extent necessary – to conduct the tasks assigned to them as part of their role within a company).

The Person Involved has the right to the informed of the outcome of any investigation. Subject to an appropriately recorded assessment, informing the Person Involved may be delayed or not carried out at all or in part where it appears necessary to await the actions of the public authorities, or if the reason to believe that, by informing them, the confidentiality of the Whistleblower’s identity, to be protected by law, may be put at risk.

Disclosures are to be addressed to the Corruption Prevention and Transparency Officer and/or SDM’s Supervisory Board.
The Supervisory Board handles disclosures regarding breaches or attempted breaches of SDM’s 231 Model and/or the related implementing procedures or breaches of the Code of Ethics that have relevance or that may have relevance for the purposes of Legislative Decree 231/2001.

Any investigations, designed to confirm the reported events or otherwise, are conducted by a specially established internal committee, coordinated by the Corruption Prevention and Transparency Officer, and the Supervisory Board, if necessary with the assistance of SDM ‘s Internal Audit department.

As part of the disclosure management process, personal data are handled in accordance with the relevant legislation (EU Regulation 679/2016 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018). Information on how personal data is managed is provided in the privacy policy.