On receiving notification of a suspicion that fraud may be occurring / have occurred, Line
management should inform the Head of Compliance (or in his absence a member of the
Compliance Team) and seek advice on further action, as appropriate to the seriousness and
sensitivity of the matters identified. Compliance will determine what additional measures are
necessary in accordance with the potential seriousness and likely impact of the alleged offences.
This should include where necessary alerting the appropriate law enforcement and /or regulatory
authorities.
Note that any incidence of fraud (actual, attempted or suspected) concerning information security
and/or data protection should be reported separately under the relevant requirements maintained
by NIBC’s Corporate Information Security Officer (“CISO”) and Data Protection Office (“DPO”).
Line management should also record any known incidence of fraud as an Operational Risk Event, if
necessary, in consultation with ORM. In case of suspicious fraud cases the Head of Compliance
shall be informed. Similarly, where deemed applicable, the requirements of the Incidents and/or
Special Investigations Policies should also be observed. Where an employee makes a good faith
disclosure to a Confidential advisors under the Whistleblowing Policy, the confidentiality
requirements of that Policy should be treated as paramount.
3.6 Whistleblowing
Employees are reminded that, notwithstanding the above arrangements and requirements, they have
the right to report any concerns of illegal behaviour or serious misconduct within NIBC anonymously
to a Confidential Advisors under the Whistleblowing Policy. The Confidential Advisors shall not be
required to disclose such matters in accordance with Section 3.6 of this Policy (see above). This
applies in specific circumstances where employees have personal reservations that they may be
treated unfairly despite disclosing such matters in good faith.
It is NIBC's policy that no employee will be sanctioned for making a report in good faith, even if
this results in the loss of business or some other detriment.
3.7 Record-keeping and retention of documents
All business and support units within NIBC should maintain detailed and accurate financial records
and have appropriate internal controls in place to act as evidence for all receipts and payments.
Transactions or disbursements that appear unusual and/or suspicious, not properly authorised, or
approved and / or have no obvious rationale or explanation should be considered as potential ‘red
flags’ and reported to the line manager, thereafter to the Head of Compliance, for further query
and investigation.
Where suspicions of fraud are escalated and reported within NIBC, any records and documentation
pertaining to the matters reported must be retained securely and in strict confidence, as these may
be subject to external investigation, including by law enforcement and / or regulatory agencies. It
is generally deemed to be a serious offence intentionally to destroy, delete, dispose of, alter, or
tamper with any such records or documents, or make any attempt to do so, and accordingly,
access should be restricted to a ‘need to know’ basis.
4. POLICY EXCEPTIONS, MONITORING COMPLIANCE
AND SANCTIONS
4.1 Policy Exceptions
Due to the potential legal and reputational consequences of fraud, it is not anticipated that
exceptions to this Policy will arise or be requested.