(1) The Bank shall establish effective mechanisms to enable the reporting of potential or actual contraventions of the provisions of these Regulations and of Regulation (EU) No 600/2014.
(2) These mechanisms shall include at least -
(a) specific procedures for the receipt of reports on potential or actual contraventions and their follow-up, including the establishment of secure communication channels for such reports,
(b) appropriate protection for employees of a financial institution who report contraventions committed within the financial institution at least against retaliation, discrimination or other types of unfair treatment, and
(c) protection of the identity and personal data of both the person who reports a contravention and the natural person who is allegedly responsible for a contravention, at all stages of the procedures unless such disclosure is required in the context of further investigation or subsequent administrative or judicial proceedings in accordance with the Data
…