WHISTLEBLOWING PROCEDURES

1.0YourAdnhttps://www.youradn.com/en/WHISTLEBLOWING PROCEDURES - YourAdnrich600338<blockquote class="wp-embedded-content" data-secret="uRpcHP82iF"><a href="https://www.youradn.com/en/whistleblowing-procedures/">WHISTLEBLOWING PROCEDURES</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.youradn.com/en/whistleblowing-procedures/embed/#?secret=uRpcHP82iF" width="600" height="338" title="“WHISTLEBLOWING PROCEDURES” — YourAdn" data-secret="uRpcHP82iF" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script> /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); </script> WHISTLEBLOWING PROCEDURES 1. INTRODUCTION AND PURPOSE 1.1 Regulatory context TESORA S.p.A. (hereinafter “the Company” or “TESORA”), operating under the trading name YourADN, has implemented this Whistleblowing System in compliance with the following regulatory obligations:• Regulation (EU) 2023/1114 (MiCAr), in particular:◦ Art. 68, par. 4 (organizational requirements)◦ Art. 71 (prudential requirements)◦ Article 74 (Custody of Crypto-Assets and Client Funds)◦ Art. 116 (Mechanisms for reporting violations)• Directive (EU) 2019/1937 on the protection of persons reporting breaches of Union law• Legislative Decree 24/2023 (Italian implementation of the Whistleblowing Directive)• Regulation (EU) 2016/679 (GDPR)• Legislative Decree 231/2001 (administrative liability of entities)• CONSOB regulations applicable to CASPs• Article 116 of Regulation (EU) 2023/1114 (MiCAr) – which requires crypto-asset service providers (CASPs) to establish effective mechanisms for reporting infringements of the Regulation;• Legislative Decree 24/2023 – Italian implementation of Directive (EU) 2019/1937 on the protection of persons reporting breaches of Union law;• Article 68, paragraph 4 MiCAr – which requires effective compliance policies and procedures. The Company is in the process of obtaining authorization to provide the following CASP services by June 30, 2026, through transformation from VASP to CASP with submission of the application to CONSOB in December 2025:1. Placement of crypto-assets;2. Custody and administration of crypto-assets on behalf of third parties;3. Operating a crypto-asset exchange platform;4. Receiving and transmitting orders regarding crypto-assets on behalf of third parties;5. Execution of orders relating to crypto-assets on behalf of third parties;6. Exchange crypto-assets for funds;7. Crypto-asset consulting. 1.2 Objectives of the Whistleblowing System The TESORA Whistleblowing System pursues the following fundamental objectives:• Prevention: Promptly identify non-compliant conduct or conduct that is potentially harmful to corporate integrity;• Protection: Protect whistleblowers from any form of retaliation or discrimination;• Transparency: Ensure a clear, defined process that is accessible to all legitimate parties;• Continuous improvement: Use reporting as a tool to strengthen compliance controls;• Regulatory compliance: Comply with the obligations imposed by the MiCAr Regulation and current legislation. 1.3 Scope of application This document aims to achieve the following objectives:a) Define the Company’s regulatory compliance system in relation to the MiCAr Regulation and the regulations applicable to CASPs;b) Establish organizational responsibilities for regulatory compliance;c) Regulate staff training and awareness programs on legislative and regulatory requirements;d) Implement a whistleblowing system compliant with Article 116 of the MiCAr Regulation and Directive (EU) 2019/1937;e) Ensure the protection of whistleblowers and the proper management of reports of regulatory violations. 1.4 Guiding principles The TESORA Whistleblowing System is based on the following principles:• Absolute confidentiality of the whistleblower’s identity;• Prohibition of retaliation of any kind against the whistleblower;• Accessibility through multiple and easily usable channels;• Timeliness in managing and responding to reports;• Proportionality of the actions taken to the seriousness of the violation;• Traceability of all reports received and actions taken. 2. MiCar REGULATORY COMPLIANCE POLICY 2.1 General principles The Company bases its business on the following principles of regulatory compliance:a) Legality and integrity: All activities must be conducted in compliance with laws, regulations, and the provisions of the supervisory authority.b) Transparency: The Company guarantees maximum transparency in relations with customers, supervisory authorities and stakeholders.c) Professionalism: The staff operates with competence, diligence and in accordance with best market practices.d) Culture of compliance: Compliance is the responsibility of all organizational levels and is a central element of corporate culture.e) Prevention: The Company adopts a proactive approach in identifying and mitigating compliance risks.f) Continuous improvement: The compliance system is subject to constant review and updating. 2.2 Scope of application The Regulatory Compliance Policy applies to all of the Company’s activities, with particular reference to:• Provision of authorized CASP services• Custody and administration of crypto-assets• Crypto-asset consulting• Customer Relationship Management• Safeguarding crypto-assets and client funds• Prevention of money laundering and terrorist financing• Management of conflicts of interest• Protection of personal data• Cybersecurity and operational resilience 3. REPORTABLE VIOLATIONS 3.1 Violations of the MiCAr Regulation Whistleblowing reports include violations or potential violations of Regulation (EU) 2023/1114, including in particular:• Organizational requirements (art. 68 MiCAr): deficiencies in governance, internal controls, and management of conflicts of interest;• Prudential requirements (art. 71 MiCAr): insufficient capital, failure to comply with minimum ratios;• Custody of crypto-assets (Article 74 MiCAr): irregularities in the segregation, storage, or transfer of clients’ crypto-assets;• Rules of conduct (art. 76-82 MiCAr): improper behavior towards customers, misleading information, unmanaged conflicts of interest;• Complaints management (art. 85 MiCAr): failure to manage or record customer complaints;• Reporting obligations (Articles 109-110 of the MiCAr): failure to report or false reporting to the competent authorities. 3.2 Internal procedural violations Violations of TESORA’s internal operating procedures can also be reported:• Custody processes not compliant with the Operations Manual;• Cybersecurity policy violations;• Behaviors contrary to the company’s Code of Ethics. 3.3 Related regulatory violations Violations of the regulations related to CASP services also fall within the scope of whistleblowing:• Anti-money laundering (Legislative Decree 231/2007): failure to identify customers, failure to report suspicious transactions, violations of due diligence obligations;• Personal Data Protection (GDPR): unlawful data processing, unreported data breaches, violations of data subjects’ rights;• Digital Operational Resilience (DORA): ICT risk management gaps, unreported incidents;• Administrative liability of entities (Legislative Decree 231/2001): predicate crimes committed in the interest or to the advantage of the Company;• Market Abuse: market manipulation, abuse of inside information. 3.4 Exclusions The following do not fall within the scope of whistleblowing:• Personal complaints relating to employment relationships (to be handled through internal channels);• Differences of opinion on management or strategic choices;• Reports that are unfounded or manifestly specious;• Information already in the public domain;• Commercial disputes with suppliers or partners (to be handled through ordinary channels). 4. LEGITIMATE SUBJECTS The following individuals are authorized to report through the TESORA Whistleblowing System: 4.1 Customers and third parties • YourADN platform customers;• Any third parties who have become aware of violations in the context of professional or business relationships with TESORA. 4.2 Definition of “good faith whistleblower” The protections provided by this Procedure apply exclusively to those who report in good faith, i.e. those who:• They have reasonable grounds to believe the information reported is true;• Acthttps://www.youradn.com/wp-content/uploads/2026/01/Screenshot-2026-01-14-121240.png577828