• GENE Chapter 4A GENE Chapter 4A Protected reporting

    • GENE Part 4A.1 GENE Part 4A.1 General

      • GENE 4A.1.1 Introductory

        This Chapter provides a framework for making confidential reports about alleged wrongdoing by authorised firms or persons connected with such firms. Protected reporting is often called whistleblowing. The maker of such a report is often (but not necessarily) an employee of the firm concerned.

        Inserted by QFCRA RM/2018-3 (as from 1st May 2018).

      • GENE 4A.1.2 Meaning of protected report and protected reporter

        (1) In this Chapter:
        protected report means a report that meets all of the following requirements:
        (a) it is made in good faith;
        (b) it is about an authorised firm or a person connected with such a firm;
        (c) it is made to the firm itself or an authority or officer specified or referred to in subrule (3);
        (d) if it is made to an authority or officer, the authority or officer is responsible for matters of the kind reported;
        (e) it gives information that the reporter believes shows that any of the following has happened, is happening, or is likely to happen:
        (i) a criminal offence (whether under the law of Qatar or of another jurisdiction);
        (ii) a contravention of a relevant requirement, or a failure to comply with a legal obligation of another kind;

        Note For contravention of a relevant requirement, see FSR, article 84.
        (iii) the endangering of the health and safety of an individual;
        (iv) a breach of an authorised firm's policies and procedures (including, for example, a breach of any code of conduct or policy in relation to ethical behaviour);
        (v) the deliberate concealment of a matter referred to in any of subparagraphs (i) to (iv).

        protected reporter means an individual who makes a protected report.

        Guidance
        Nothing in this Chapter requires that a protected reporter be an employee of the authorised firm about which the report is made.
        (2) For this Chapter, a report is made in good faith only if the individual who made it believes on reasonable grounds that it is true.
        (3) For this Chapter, a report with the characteristics set out in the definition of protected report in subrule (1) is a protected report whether it is made to:
        (a) the authorised firm concerned;
        (b) the Regulatory Authority;
        (c) an officer of the State to whom crimes may be reported under Law No. (23) of 2004, or whose responsibilities include the matters that are referred to in the report; or
        (d) a regulatory or governmental authority, body or agency in a jurisdiction outside the QFC (whether in Qatar or not), including a body or officeholder responsible for enforcing the criminal law of the jurisdiction.
        Inserted by QFCRA RM/2018-3 (as from 1st May 2018).

      • GENE 4A.1.3 Reports to be treated as protected until contrary established

        (1) An authorised firm that receives a report that purports to be a protected report:
        (a) must treat the individual who made the report as a protected reporter; and
        (b) must treat the report as a protected report; until the firm has decided, on the basis of a proper investigation, that the report is not a protected report.
        (2) Subrule (3) applies if an authorised firm becomes aware that an individual has made a report that purports to be a protected report about the firm to an authority or officer specified or referred to in rule 4A.1.2 (3).
        (3) The firm must treat the individual as a protected reporter until the firm establishes that the report is not a protected report.
        Inserted by QFCRA RM/2018-3 (as from 1st May 2018).

    • GENE Part 4A.2 GENE Part 4A.2 Protected reporting policies

      • GENE 4A.2.1 Obligation to have protected reporting policy

        (1) An authorised firm must establish a written policy on protected reporting that:
        (a) is approved by the firm's governing body;
        (b) complies with this Part; and
        (c) is appropriate for the nature, scale and complexity of the firm's business.
        (2) An authorised firm that is a branch, or is a member of a corporate group, may rely on the protected reporting policy of its head office, or a group-wide protected reporting policy, provided that the policy substantially complies with this Part.
        Inserted by QFCRA RM/2018-3 (as from 1st May 2018).

      • GENE 4A.2.2 Content of protected reporting policy

        (1) An authorised firm's protected reporting policy must comply with all of the following requirements:
        (a) it must provide 2 or more independent channels for making a protected report;

        Guidance
        For example, a firm's policy could provide both a dedicated email address and a dedicated telephone number to which reports can be made.

        (b) if appropriate, it must provide for such a report to be made in a language other than English;
        (c) it must recognise that such a report could be made by anybody with the necessary information (not only by an officer or employee);
        (d) it must allow a protected report to be made anonymously;
        (e) it must provide for the identity of a protected reporter to be kept confidential (so far as possible);

        Guidance
        The Regulatory Authority recognises that the investigation of a protected report may reveal the identity of a protected reporter or make it possible to infer it.
        (f) it must provide for reasonable measures to protect a protected reporter, anyone who assists in investigating a protected report, and anyone who cooperates with the investigation, against retaliation;
        (g) it must explicitly recognise a protected reporter's right (and, in certain cases, obligation) to report to or communicate with the Regulatory Authority, another regulator or an authority of the State;

        Note 1 Under the Criminal Procedures Code of the State (Law No. (23) of 2004), article 32, a person who has knowledge of certain crimes must report it to the State Prosecutor's Office or a judicial commissioner.

        Note 2 For the firm's obligation to cooperate with the Regulatory Authority, see rule 1.2.14.
        (h) it must provide a suitable set of guiding principles, and clear procedures, for the assessment, investigation and escalation of a protected report;
        (i) it must provide for the investigation of a protected report to be independent of the individual or business unit concerned;

        Guidance
        This could include making arrangements for the investigation to be done by a third party.
        (j) it must provide for a protected report to be acknowledged, and for the protected reporter who made it to be kept informed (to the extent that is appropriate in the circumstances) about the progress and outcome of the investigation;
        (k) it must provide for the reporting, monitoring and investigation of retaliation, attempts at retaliation and threats of retaliation;
        (l) it must provide for retaliation, an attempt at retaliation, or a threat of retaliation to be treated as gross misconduct;
        (m) it must provide for appropriate reporting to the firm's governing body and the Regulatory Authority about protected reports, the investigation of such reports and the outcome of the investigations.
        (2) The firm must set out the policy clearly in a document, and must ensure that all of the firm's officers and employees have access to, and understand, the document.
        (3) The document must also clearly set out statements of:
        (a) the benefits to the firm of the protected reporting policy; and
        (b) the firm's commitment to it.
        Inserted by QFCRA RM/2018-3 (as from 1st May 2018).

      • GENE 4A.2.3 Implementation of protected reporting policy

        (1) The senior management of an authorised firm must ensure that the firm's protected reporting policy is fully implemented.
        (2) In particular, the firm's senior management must take reasonable steps to ensure that a protected reporter, anyone who assists in investigating a protected report, and anyone who cooperates in the investigation, are protected against retaliation.

        Note Under the Employment Regulations of the QFC, article 16, a person "...who in good faith raises concerns about or reports crimes, contraventions (including negligence, breach of contract, breach of law or requirements), miscarriages of justice, dangers to health and safety or the environment and the cover up of any of these by their Employer shall not be dismissed or otherwise penalised directly or indirectly for such acts, including in respect of any prohibition against disclosure of nonpublic information.".

        Guidance
        1 Retaliation or an attempt at retaliation against an employee who has made a report referred to in the Employment Regulations, article 16, would therefore be a contravention of a legal requirement (see rule 4A.1.1 (1), definition of protected report, paragraph (e) (ii)), and could itself be the subject of a protected report.
        2 Also, see FSR, article 84 (1) (B) — retaliation against such an employee would contravene article 16 of the Employment Regulations, thus is a contravention of a relevant requirement, and could therefore give rise to disciplinary or enforcement action under FSR, Part 9.
        3 However, article 16 protects only employees; this Chapter requires anybody who makes a protected report to be protected against retaliation.
        (3) An authorised firm must nominate an appropriately senior individual to oversee the implementation of the firm's protected reporting policy.

        Guidance
        The individual nominated need not be an employee or even a board member, but could for example be a legal adviser in an outside law firm.
        (4) An authorised firm that receives a protected report must notify the Regulatory Authority within 5 business days.
        (5) An authorised firm's governing body must ensure that the firm's protected reporting policy is reviewed at least once every 3 years by:
        (a) the firm's internal auditor; or
        (b) an independent and objective external reviewer.
        (6) An authorised firm must provide regular training for all of its officers and employees on its protected reporting policy and the applicable procedures. In particular, the firm must provide appropriate specialist training for the officers and employees who are responsible for key elements of the policy.
        (7) An authorised firm may outsource the implementation of its protected reporting policy. If the firm does so, it must ensure that the outsourcing agreement:
        (a) nominates the individual referred to in subrule (3); and
        (b) otherwise provides appropriately for the implementation of the firm's obligations under the policy.
        Inserted by QFCRA RM/2018-3 (as from 1st May 2018).
        Amended by QFCRA RM/2021-1 (as from 1st July 2021)