The purpose of the whistle-blowing mechanism, approved by the General and Supervisory Board, is to ensure the transparency and regularity of the financial and accounting information within the EDP Group.
Under the applicable laws, and in accordance with the recommendations from the Corporate Governance Code of the Portuguese Securities Market Commission (CMVM), EDP's whistle-blowing mechanism is intended for the receipt and treatment, in a direct and confidential manner, of any denunciation from employees and other stakeholders regarding the occurrence of any irregularities in the EDP Group, in the following "covered matters":
b) Internal accounting controls
d) Fight against corruption, banking and financial crime.
Communications presented outside the scope of these "covered matters" will not be subject to treatment. Under the general terms of the law, abusive and malicious use of this whistle-blowing mechanism could expose its author to disciplinary sanctions and judicial proceedings.
Under the terms of the Regulation, the communication of irregularities under the "covered matters" must:
a) identify the communication as confidential and, in the case of letters and faxes, choose a format that ensures confidentiality, until it is received by the respective recipient
b) identify the author of the communication, who must explicitly state whether they want to keep their identity confidential.
c) Contain a description of the facts supporting the alleged irregularity.
The communication must contain the identification of the author. Anonymous information will only be accepted and processed in exceptional circumstances.
Any communication of alleged irregularities must be addressed to the Commission for Financial Affairs of EDP - Energias de Portugal, S.A., through one of the following contacts:
a) E-mail: <email@example.com>
b) Address: Avenida José Malhoa, Lote A 13 – 7º, 1070-157 Lisboa
c) Fax : 21 001 2929
Under the terms of data protection and the information security standards, the whistle-blower has the rights of access, rectification (of inaccurate, incomplete or equivocal information) and deletion of the information reported via a written statement to the Commission for Financial Affairs, except in circumstances where any of these actions may conflict with other rights that should prevail.
Under the terms of the data protection and information security standards, those accused of denunciations have the rights of notice, access and rectification of the personal data concerning them, except in circumstances where the exercise of these rights can conflict with other rights that should prevail:
a) Information about the author of the communication cannot, in any case, be provided.
b) These rights must be exercised via a written statement to the Commission for Financial Affairs, except for the processing of information in order to determine the veracity of suspicions of criminal offense, in which case the access rights of the accused will be exercised through the Portuguese Data Protection Authority
Legality of process
The Commission for Financial Affairs is responsible for conducting the process, and must comply with and ensure compliance with the applicable laws and internal rules of the Company.
Under the terms defined by this Regulation, communication of irregularities is treated as confidential information, in particular by the General and Supervisory Board, the Commission for Financial Matters and the support staff responsible for the operational management of the mechanisms and procedures for the receipt, retention and processing of communications of irregularities.
Prohibition of retaliation
EDP cannot dismiss, threaten, suspend, repress, harass, withhold or suspend wage payments and/or benefits, demote, transfer or take any disciplinary or retaliatory action related to the terms and conditions of the employment contract of an employee, agent or representative of EDP, because such person legally communicated an irregularity or provided any information or assistance in the investigation of any communications of irregularities submitted.
Right of defense
Persons involved in any process of inquiry must be advised about their right to hire legal advice before speaking with an investigator.
The Commission for Financial Affairs must promote the implementation of appropriate security measures to protect the information and data contained in communications and their respective records.
After receiving a communication, the Commission for Financial Affairs must take the necessary actions to conduct an initial confirmation that there are sufficient grounds
for an investigation.
The initial confirmation reports and the supporting documentation of the process are assessed by the Commission for Financial Matters, which decides on the continuation, namely:
a) To discontinue the proceedings, for not falling in the "covered matters", lack of grounds or irrelevance for the purposes of the Regulation;
b) To initiate a process of inquiry.
The process of inquiry is conducted and supervised by the Commission for Financial Affairs, with the support of the General and Supervisory Board's Support Office and other employees of the Company, and it may resort to contract external auditors or other experts to assist in the investigation, under the terms of the respective internal rules of the General and Supervisory Board.
In situations of clear urgency and severity, the Commission for Financial Matters shall take or promote appropriate measures to protect the interests of EDP against the irregularities detected.
As a result of the investigation that has been carried out and following the consideration and final evaluation of its respective results, the CFM shall propose to the GSB:
a) The discontinuance of proceedings
b) The adoption or promotion of appropriate measures, including:
i. Changes to processes and control methods or policies of the Company;
ii. Corrections or adjustments to documents;
iii. Reporting to the relevant regulatory authorities;
iv. Cessation of contractual relations;
v. Disciplinary proceedings, or loss of position within a social body;
vi. Prosecution, criminal complaint or others measures of a similar nature
The Financial Matters Committee must ensure that records and information are kept confidentially and securely in accordance with the following principles:
a) Personal data that is the subject of denunciation must be destroyed immediately, if proven inaccurate or useless;
b) In the absence of disciplinary or judicial proceedings, the evidence must be destroyed within 6 months of the closure of enquiries;
c) In the case of a disciplinary or judicial procedure, data must be kept until the end of such procedure. In this case, it is kept within a restricted‐access information system for a period not exceeding that of the legal proceedings.