Whistleblowing Procedure

La governance di Subaru is founded on principles of transparency, accountability, and compliance with regulations, with the aim of ensuring sound and sustainable management in the interests of all stakeholders.

Italian Version

Overview

Reference laws and regulations
Who is the Whistleblower
What can be reported
Internal Whistleblowing report
Whistleblowing Manager
External Whistleblowing report
Public Disclosure

MANAGEMENT OF THE VIOLATION REPORTING SYSTEM

This document summarizes the main operational guidelines contained in the Whistleblowing Procedure, to be consulted for further details and information.

  • Legislative Decree no. 24/2023 “Implementation of Directive (EU) 2019/1937 of the European Parliament and of the Council, of 23 October 2019, on the protection of persons who report breaches of Union law and containing provisions for the protection of persons who report breaches of domestic regulatory provisions”.
  • Legislative Decree no. 231/2001 – “Regulation on the administrative liability of legal entities, of companies and of associations, including those with no legal personality”, as regulated by article 11 of Law no. 300 dated 29 September 2000”

  • Employees: Current and former employees within the organization
  • Public civil servants: Individuals holding public office or civil service roles
  • Freelancers & Consultants: Self-employed contractors and external consultants who work for the Company
  • Volunteers & Trainees: Paid and unpaid volunteers and interns who work for the Company
  • Management & Control Functions: Shareholders and persons with administrative, management, control, supervisory or representative functions

  • Criminal or administrative offenses: fraud, corruption, tax or environmental violations
  • Safety or health risks: lack of safety at work, dangers to the public or the environment
  • Internal/regulatory violations: abuse, harassment, favoritism, manipulation of data or documents
  • Damage to the company: misuse of resources, accounting fraud, acts that cause financial or reputational damage.

Furthermore, although not covered by Legislative Decree 24/2023:

  • Internal compliance with policies, procedures, standards, and guidelines
  • Regulatory compliance with national and international regulations
  • Sexual harassment.

The Whistleblower is required to provide all useful information to allow for the necessary and appropriate checks of the facts reported in the Internal Report:

  • Personal details (except where opting for an anonymous Internal Report)
  • Clear and thorough description of the facts
  • If known, the time and place of the facts
  • Identity of any other persons who can report on the facts
  • If known, the personal details or other elements (such as position and service details of the perpetrator) which may help identify the individual who carried out the facts
  • Details of any documents that can confirm the validity of such facts
  • Any other information that may provide useful confirmation of the reported facts

Anonymous reports: evaluated based on severity and completeness.

Internal Whistleblowing reports can be filed as follows:

in writing

Through the IT platform provided by a specialized service provider and accessible on the Company’s website and available at the following link https://subaru-it.grantthornton-whistle.com

This platform is structured so as to ensure that:

  • the Whistleblower can send the internal Whistleblowing Report as “Anonymous” or “Confidential”;
  • during the whistleblowing process, the information acquired complies with the principles of personal data protection and utmost confidentiality;
  • relevant information is accessible exclusively to the Whistleblowing Manager;

is available continuously 24 hours a day, 7 days a week.

in writing

This platform is structured so as to ensure that:

  • the Whistleblower can send the internal Whistleblowing Report as “Anonymous” or “Confidential”;
  • during the whistleblowing process, the information acquired complies with the principles of personal data protection and utmost confidentiality;
  • relevant information is accessible exclusively to the Whistleblowing Manager;
  • is available continuously 24 hours a day, 7 days a week.

in oral form

By requesting a direct meeting with the Whistleblowing Manager, whether through the aforementioned platform or by any other means suitable to ensure that it has been received. The request must carry the subject “Request for a direct meeting with the Whistleblowing Manager” without specifying any reasons or other references regarding the subject of the Whistleblowing Report. The meeting must be arranged within a reasonable time.

 

Below is the flow to manage Whistleblowing reports:

WHISTLEBLOWING PROCEDURE – Reporting Management Flow

  • The only person authorized to access internal channels and reports (subject to written authorization from the Company)
  • Must protect reports from loss, destruction, or unauthorized access
  • Reports received from other parties are forwarded to the Whistleblowing Manager within 7 days
  • Must notify an acknowledgment of receipt to the Whistleblower within 7 days.

The Whistleblower may make an External Whistleblowing Report to the Italian Anti-Corruption Authority (ANAC), if:

  • The internal channel does not work or does not comply with the law
  • A previous internal report was not followed up within the expected timeframe
  • There are reasons to believe that internal reporting would be ineffective or risky (retaliation)
  • The violation poses an imminent or obvious danger to the public interest
  • The Whistleblowing Manager is involved in a conflict of interest.

Channels: written (ANAC platforms) or oral (telephone/recorded voice).
Confidentiality: ANAC guarantees the protection of the identity of the whistleblower and the individuals involved.

Anyone who suffers retaliation can report it to ANAC, which will inform the National Labor Inspectorate.

The Whistleblower may disclose publicly only if:

  • Already made an internal and external report, or an external report without response within the legal deadline
  • The violation poses an imminent or obvious danger to the public interest
  • There are reasonable grounds to believe that external reporting would be ineffective or risky, for example, risk of retaliation, destruction of evidence, or collusion by those who received the report.

Please note that the procedure is designed to protect individuals who report violations from retaliation.