(1) The Bank shall have in place adequate procedures for the transmission of personal data of the reporting person and reported person inside and outside of the Bank.
(2) The Bank shall ensure that the transmission of data related to a report of infringement within or outside the Bank does not reveal, directly or indirectly, the identity of the reporting person or reported person or any other references to circumstances that would allow the identity of the reporting person or reported person to be deduced, unless such transmission is in accordance with the confidentiality regime referred to in Regulation 17(1)(d).