Violation Reporting System
pursuant to Legislative Decree 24/2023 and EU Directive 2019/1937
Society | MyGold S.p.A. |
Registered office | Piazzale Cadorna Luigi 9, Milan |
Legal Representative | Luca Canella |
Version | March 2026 |
Revision | Annual |
Recipients | Internal workers, collaborators, customers and third parties |
Website | www.therealmoney.com |
Whistleblowing is the reporting by a person—an employee, collaborator, customer, or other individual—of unlawful, irregular, or non-compliant behavior that they have become aware of in the context of a work context or a professional or commercial relationship.
MyGold SpA (hereinafter ” MyGold ” or “the Company”), a Professional Gold Operator authorised by the Bank of Italy and registered with the OAM, has adopted this Whistleblowing System in the belief that timely reporting of any violations is a fundamental tool for:
MyGold Whistleblowing System is adopted in compliance with Legislative Decree 24/2023 and represents, for a Professional Gold Operator — Banco Metalli, a voluntary choice of best practices in governance, legality, and transparency, consistent with the highest standards in the precious metals sector and with the AML/CFT obligations set forth by current legislation. |
The system adopted by the Company is based on tools that guarantee the utmost confidentiality of the whistleblower’s identity, the protection of personal data, and the absolute prohibition of retaliation of any kind against those who make a report in good faith.
MyGold Whistleblowing System pursues the following fundamental objectives:
1.3 Scope of application
This document governs the Company’s whistleblowing system and, in particular:
MyGold ‘s Whistleblowing System is based on the following principles:
Pursuant to Article 2 of Legislative Decree No. 24 of 10 March 2023, the following definitions apply:
Term | Definition |
Reporting | The natural person who reports or publicly discloses information about violations acquired in the context of his/her work |
Internal reporting | Written or oral communication of information on violations, carried out through the internal reporting channel activated by the Company pursuant to Article 4 of Legislative Decree 24/2023 24/2023 |
External reporting | Written or oral communication of information on violations, carried out through the external reporting channel activated by ANAC pursuant to Article 7 of Legislative Decree 24/2023 24/2023 |
Public disclosure | Making information about violations public through the press, electronic media, or means of dissemination capable of reaching a large number of people, pursuant to art. 15 of Legislative Decree 24/2023 24/2023 |
Violations | Actions or omissions, committed or likely to be committed by the Company, which harm the public interest or the integrity of the entity and which consist of: administrative, accounting, civil or criminal offenses; unlawful conduct relevant pursuant to Legislative Decree 231/2001; offenses falling within the scope of application of European Union or national acts. |
Information on violations | Information, including reasonable suspicions, regarding violations committed or likely to be committed in the organization with which the whistleblower interacts in the context of his/her work |
Work context | Work or professional activities, present or past, carried out in the context of employment relationships with the Company, through which individuals acquire information about violations |
Person involved | The natural or legal person mentioned in the report as the person to whom the violation is attributed or as a person otherwise implicated in the reported violation |
Facilitator | The natural person who assists the whistleblower in the reporting process, operating in the same work context and whose assistance must be kept confidential |
Retaliation | Any behavior, act or omission, even if only attempted or threatened, carried out as a result of the report and which causes or may cause unjust damage to the reporting person |
Protective measures | Measures aimed at protecting the whistleblower, the facilitator and the subjects connected to the whistleblower from retaliation |
Report Manager | The individual designated by the Company, with autonomy and independence, responsible for managing the internal reporting channel, identified in the MyGold Compliance Officer . |
Anonymous report | Reports made without identifying the whistleblower; if the whistleblower is subsequently identified, the protections provided by Legislative Decree 24/2023 apply. 24/2023 |
This Procedure is adopted in accordance with the European and national regulatory frameworks regarding whistleblowing, compliance, personal data protection, and corporate risk prevention. Specifically, MyGold ‘s reporting system is governed by the following main regulatory sources:
MyGold ‘s Whistleblowing System is accessible to anyone who, in a work, professional, or commercial context, becomes aware of violations pursuant to applicable law. Reports may be made by both internal and external parties, who are granted the same protections provided by applicable law.
All individuals who work or have worked for MyGold in any capacity are entitled to make reports:
External parties who have or have had professional or commercial relationships with the Company are also entitled to make reports, including:
The protections provided by this Procedure apply to whistleblowers who submit reports pursuant to Legislative Decree 24/2023, provided that, at the time of reporting, they have reasonable grounds to believe that the information communicated is true and falls within the scope of the relevant violations pursuant to applicable legislation. Specifically, the report must be made:
Reports made with intent or gross negligence, as well as those that are manifestly false, unfounded, or instrumental, are excluded from protection. Such reports may result in disciplinary liability for workers, civil liability for damages caused to third parties, and criminal liability for defamation (Article 368 of the Criminal Code) or slander (Article 595 of the Criminal Code).
Violations — or reasonable suspicions of violations — of the following categories of internal rules and procedures applicable to the Company may be reported:
Pursuant to Legislative Decree 231/2007:
Suspicious transaction reports (SOS) must be made through dedicated AML channels and not through the whistleblowing system.
Pursuant to Law 7/2000 and Bank of Italy provisions:
Pursuant to Legislative Decree 231/2001 and internal procedures:
Pursuant to Regulation (EU) 2016/679 (GDPR):
The following are not included in the scope of this whistleblowing system:
The reporting system does not replace ordinary assistance or complaint channels.
MyGold provides whistleblowers with a reporting system compliant with current legislation, designed to ensure confidentiality, security, and protection of the whistleblower. Reports can also be submitted anonymously. However, providing a personal contact information can facilitate any requests for clarification or updates.
The Company will issue an acknowledgement of receipt of the report within 7 days, pursuant to Article 5 of Legislative Decree 24/2023.
The official internal channel for submitting reports is the dedicated digital platform:
( INSERT MITWHISTLE LINK — to be completed )
The platform allows:
Alternatively, and only if it is not possible to use the platform, it is possible to:
These channels, however, guarantee the confidentiality of the whistleblower and are managed according to the same protections provided by the legislation.
If the conditions set forth by applicable legislation are met, the reporting party may submit a report through the external channel managed by ANAC, pursuant to Article 6 of Legislative Decree 24/2023. 24/2023. Use of the external channel is permitted, among other things, in the following cases:
In the cases provided for by law, the whistleblower may publicly disclose information, for example through the press or media, if: an internal or external report has not been followed up; there is an imminent or evident danger to the public interest; or there are reasonable grounds to believe that the report will not receive an adequate response (Article 15 of Legislative Decree 24/2023).
To enable effective management of the report, it is helpful — but not mandatory — to provide the following information:
The whistleblower does not need to be absolutely certain that the violation has occurred: it is sufficient to have reasonable grounds to believe that the reported facts are true. Pursuant to Legislative Decree 24/2023, the whistleblower’s protection applies regardless of the outcome of subsequent investigations.
MyGold guarantees maximum protection to those who report in good faith, in compliance with Legislative Decree 24/2023 and EU Directive 2019/1937.
The identity of the whistleblower is treated with the utmost confidentiality. It is known only to those authorized to handle the report and is not disclosed to third parties without the whistleblower’s explicit consent. All reports and documents relating to the report are prepared so as not to contain references that could allow the whistleblower to be identified.
The identity of the whistleblower may be revealed only in the following cases provided by law:
In such cases, where possible and not prejudicial to the investigation or the safety of the whistleblower, the Company will inform the whistleblower in advance.
The Company prohibits any form of retaliation, discrimination, or detrimental behavior toward the whistleblower, their colleagues, or their family members as a result of reporting. Retaliation includes, for example:
Reporters who believe they have suffered retaliation can use the internal channel via the dedicated platform or, in cases provided for by law, contact external channels (ANAC) or public disclosure.
The protections provided by this Procedure also extend to:
The whistleblower’s personal data is processed in compliance with Regulation (EU) 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018 101/2018. Processing occurs exclusively for purposes related to managing the report and is based on fulfillment of a legal obligation pursuant to Art. 6, paragraph 1, letter c) of the GDPR. The data is retained for the time strictly necessary to manage the report and in any case no longer than 5 years after the closure of the proceeding, unless otherwise required by law. For further information, please refer to the privacy policy available on the company website.
MyGold adopts a structured six-phase reporting process, with defined timeframes in compliance with the terms set by Legislative Decree 24/2023: 24/2023:
Phase | Timing | Activity | Responsible |
1. Reception | Day 0 | Receipt via the MITWhistle platform , automatic logging and registration in the confidential register, with segregation of the reporting person’s identifying information | Compliance Officer / MITWhistle System |
2. Confirmation | Within 7 days | Sending a receipt acknowledgement to the reporting party via the platform, with the practice code and an indication of the timing, pursuant to Legislative Decree 24/2023 24/2023 | Compliance Officer |
3. Evaluation | Within 30 days | Admissibility analysis, assessment of severity and urgency, and possible request for additions to the reporting party | Compliance Officer |
4. Investigation | Within 90 days | Documentation collection, interviews with those involved, technical checks, and regulatory analysis. External consultants may be involved, ensuring confidentiality is maintained. | Compliance Officer + any consultants |
5. Resolution | Within 90 days | Report submission to the Board of Directors, resolution on corrective and/or disciplinary actions | Board of Directors on the proposal of the Compliance Officer |
6. Feedback | Within 90 days | Communication of the outcome to the reporting party (within the limits of confidentiality), initiation of the corrective actions decided upon | Compliance Officer |
All stages of the process are conducted with the utmost confidentiality by the whistleblower manager. Confidentiality regarding the whistleblower’s identity extends to all parties involved. The Whistleblower Register is kept confidential and segregated, accessible only to the Compliance Officer and the Board of Statutory Auditors.
MyGold SpA has implemented specific measures to ensure the independent management of reports in cases where conflicts of interest may arise.
If a report concerns the Compliance Officer, it is managed through the MITWhistle platform and assigned directly to the Chairman of the Board of Directors, who is responsible for its investigation. The Compliance Officer is excluded from any access or activity related to the report.
If the report concerns one or more members of the Board of Directors, the Board of Statutory Auditors is responsible for its management, acting as an independent supervisory body. Reports can be submitted via the MITWhistle platform by selecting the option “reports with conflicts of interest,” or, in cases provided for by law, via the ANAC external channel. The Board of Statutory Auditors may, where necessary, avail of independent external consultants.
MyGold cooperates fully with the relevant supervisory authorities:
ANAC | National Anti-Corruption Authority — external whistleblowing channel pursuant to Legislative Decree 24/2023 — whistleblowing.anticorruzione.it |
Privacy Guarantor | For questions regarding the processing of personal data — garanteprivacy.it |
Judicial Authority | For reports concerning crimes – ordinary procedure |
MyGold guarantees that the use of the internal channel does not in any way prejudice the reporting party’s right to use external channels provided for by applicable legislation, in the cases and under the conditions set forth in Article 6 of Legislative Decree 24/2023.
MyGold undertakes to ensure that all subjects to whom this Procedure is addressed are adequately informed and trained on the Whistleblowing System:
This Procedure is subject to annual review by the Compliance Officer and the Board of Directors, or whenever significant regulatory changes occur. Any changes are approved by the Board of Directors and promptly communicated to all employees. The updated version is always available on the company website in the Whistleblowing section.