{"id":2900,"date":"2026-01-14T10:48:59","date_gmt":"2026-01-14T10:48:59","guid":{"rendered":"https:\/\/www.youradn.com\/whistleblowing-procedures\/"},"modified":"2026-01-21T09:30:53","modified_gmt":"2026-01-21T09:30:53","slug":"whistleblowing-procedures","status":"publish","type":"page","link":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/","title":{"rendered":"WHISTLEBLOWING PROCEDURES"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

WHISTLEBLOWING PROCEDURES\n<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

1. INTRODUCTION AND PURPOSE<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

1.1 Regulatory context<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

TESORA S.p.A. (hereinafter “the Company” or “TESORA”), operating under the trading name YourADN, has implemented this Whistleblowing System in compliance with the following regulatory obligations:
\u2022 Regulation (EU) 2023\/1114 (MiCAr), in particular:
\u25e6 Art. 68, par. 4 (organizational requirements)
\u25e6 Art. 71 (prudential requirements)
\u25e6 Article 74 (Custody of Crypto-Assets and Client Funds)
\u25e6 Art. 116 (Mechanisms for reporting violations)
\u2022 Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law
\u2022 Legislative Decree 24\/2023 (Italian implementation of the Whistleblowing Directive)
\u2022 Regulation (EU) 2016\/679 (GDPR)
\u2022 Legislative Decree 231\/2001 (administrative liability of entities)
\u2022 CONSOB regulations applicable to CASPs
\u2022 Article 116 of Regulation (EU) 2023\/1114 (MiCAr) – which requires crypto-asset service providers (CASPs) to establish effective mechanisms for reporting infringements of the Regulation;
\u2022 Legislative Decree 24\/2023 – Italian implementation of Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law;
\u2022 Article 68, paragraph 4 MiCAr – which requires effective compliance policies and procedures.
The Company is in the process of obtaining authorization to provide the following CASP services by June 30, 2026, through transformation from VASP to CASP with submission of the application to CONSOB in December 2025:
1. Placement of crypto-assets;
2. Custody and administration of crypto-assets on behalf of third parties;
3. Operating a crypto-asset exchange platform;
4. Receiving and transmitting orders regarding crypto-assets on behalf of third parties;
5. Execution of orders relating to crypto-assets on behalf of third parties;
6. Exchange crypto-assets for funds;
7. Crypto-asset consulting.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

1.2 Objectives of the Whistleblowing System<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The TESORA Whistleblowing System pursues the following fundamental objectives:
\u2022 Prevention: Promptly identify non-compliant conduct or conduct that is potentially harmful to corporate integrity;
\u2022 Protection: Protect whistleblowers from any form of retaliation or discrimination;
\u2022 Transparency: Ensure a clear, defined process that is accessible to all legitimate parties;
\u2022 Continuous improvement: Use reporting as a tool to strengthen compliance controls;
\u2022 Regulatory compliance: Comply with the obligations imposed by the MiCAr Regulation and current legislation.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

1.3 Scope of application<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

This document aims to achieve the following objectives:
a) Define the Company’s regulatory compliance system in relation to the MiCAr Regulation and the regulations applicable to CASPs;
b) Establish organizational responsibilities for regulatory compliance;
c) Regulate staff training and awareness programs on legislative and regulatory requirements;
d) Implement a whistleblowing system compliant with Article 116 of the MiCAr Regulation and Directive (EU) 2019\/1937;
e) Ensure the protection of whistleblowers and the proper management of reports of regulatory violations. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

1.4 Guiding principles<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The TESORA Whistleblowing System is based on the following principles:
\u2022 Absolute confidentiality of the whistleblower’s identity;
\u2022 Prohibition of retaliation of any kind against the whistleblower;
\u2022 Accessibility through multiple and easily usable channels;
\u2022 Timeliness in managing and responding to reports;
\u2022 Proportionality of the actions taken to the seriousness of the violation;
\u2022 Traceability of all reports received and actions taken.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2. MiCar REGULATORY COMPLIANCE POLICY<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

2.1 General principles<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The Company bases its business on the following principles of regulatory compliance:
a) Legality and integrity: All activities must be conducted in compliance with laws, regulations, and the provisions of the supervisory authority.
b) Transparency: The Company guarantees maximum transparency in relations with customers, supervisory authorities and stakeholders.
c) Professionalism: The staff operates with competence, diligence and in accordance with best market practices.
d) Culture of compliance: Compliance is the responsibility of all organizational levels and is a central element of corporate culture.
e) Prevention: The Company adopts a proactive approach in identifying and mitigating compliance risks.
f) Continuous improvement: The compliance system is subject to constant review and updating.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

2.2 Scope of application<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The Regulatory Compliance Policy applies to all of the Company’s activities, with particular reference to:
\u2022 Provision of authorized CASP services
\u2022 Custody and administration of crypto-assets
\u2022 Crypto-asset consulting
\u2022 Customer Relationship Management
\u2022 Safeguarding crypto-assets and client funds
\u2022 Prevention of money laundering and terrorist financing
\u2022 Management of conflicts of interest
\u2022 Protection of personal data
\u2022 Cybersecurity and operational resilience<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

3. REPORTABLE VIOLATIONS<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

3.1 Violations of the MiCAr Regulation<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Whistleblowing reports include violations or potential violations of Regulation (EU) 2023\/1114, including in particular:
\u2022 Organizational requirements (art. 68 MiCAr): deficiencies in governance, internal controls, and management of conflicts of interest;
\u2022 Prudential requirements (art. 71 MiCAr): insufficient capital, failure to comply with minimum ratios;
\u2022 Custody of crypto-assets (Article 74 MiCAr): irregularities in the segregation, storage, or transfer of clients’ crypto-assets;
\u2022 Rules of conduct (art. 76-82 MiCAr): improper behavior towards customers, misleading information, unmanaged conflicts of interest;
\u2022 Complaints management (art. 85 MiCAr): failure to manage or record customer complaints;
\u2022 Reporting obligations (Articles 109-110 of the MiCAr): failure to report or false reporting to the competent authorities.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

3.2 Internal procedural violations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Violations of TESORA’s internal operating procedures can also be reported:
\u2022 Custody processes not compliant with the Operations Manual;
\u2022 Cybersecurity policy violations;
\u2022 Behaviors contrary to the company’s Code of Ethics.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

3.3 Related regulatory violations<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Violations of the regulations related to CASP services also fall within the scope of whistleblowing:
\u2022 Anti-money laundering (Legislative Decree 231\/2007): failure to identify customers, failure to report suspicious transactions, violations of due diligence obligations;
\u2022 Personal Data Protection (GDPR): unlawful data processing, unreported data breaches, violations of data subjects’ rights;
\u2022 Digital Operational Resilience (DORA): ICT risk management gaps, unreported incidents;
\u2022 Administrative liability of entities (Legislative Decree 231\/2001): predicate crimes committed in the interest or to the advantage of the Company;
\u2022 Market Abuse: market manipulation, abuse of inside information.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

3.4 Exclusions<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The following do not fall within the scope of whistleblowing:
\u2022 Personal complaints relating to employment relationships (to be handled through internal channels);
\u2022 Differences of opinion on management or strategic choices;
\u2022 Reports that are unfounded or manifestly specious;
\u2022 Information already in the public domain;
\u2022 Commercial disputes with suppliers or partners (to be handled through ordinary channels).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

4. LEGITIMATE SUBJECTS<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The following individuals are authorized to report through the TESORA Whistleblowing System:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

4.1 Customers and third parties<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

\u2022 YourADN platform customers;
\u2022 Any third parties who have become aware of violations in the context of professional or business relationships with TESORA.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

4.2 Definition of \"good faith whistleblower\"<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The protections provided by this Procedure apply exclusively to those who report in good faith, i.e. those who:
\u2022 They have reasonable grounds to believe the information reported is true;
\u2022 Act in the interests of legality and compliance, without ulterior motives;
\u2022 They do not pursue defamatory or slanderous objectives towards other subjects.
Important: Reports that are manifestly false, defamatory, or made in bad faith do not enjoy the protections provided and may result in disciplinary, civil, or criminal liability for the reporter.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

5. REPORTING CHANNELS<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

TESORA guarantees the availability of multiple, secure, and confidential reporting channels, allowing all authorized parties to submit reports easily and securely.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

5.1 Dedicated email channel<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

E-mail address:<\/b><\/p><\/td>

compliance@youradn.com<\/b><\/span><\/p><\/td><\/tr>

Management:<\/b><\/p><\/td>

Compliance Officer Stefano Cezza (exclusive access)<\/p><\/td><\/tr>

Sicurezza:<\/b><\/p><\/td>

server systems used by Tesora SpA<\/p><\/td><\/tr>

Confirm receipt:<\/b><\/p><\/td>

Within 7 working days of receipt<\/p><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

How to use the email channel
1. Send an email to compliance@youradn.com;
2. Indicate “WHISTLEBLOWING REPORT” in the subject line;
3. Describe the violation in detail (facts, dates, locations, people involved);
4. Attach any supporting documentation (in PDF format);
5. Indicate whether you wish to be contacted and how.
Note: You can also submit reports anonymously (without providing your name). However, providing identifying information facilitates the management of the report and any requests for additional information. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

5.2 Confidential letter<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Recipient:<\/b><\/p><\/td>

Compliance Officer – TESORA S.p.A.<\/p><\/td><\/tr>

Address:<\/b><\/p><\/td>

Via Riva di Reno 58, 40122 Bologna<\/p><\/td><\/tr>

Mode:<\/b><\/p><\/td>

Sealed envelope marked “PERSONAL CONFIDENTIAL – WHISTLEBLOWING”<\/p><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The Compliance Officer is the only one authorized to open the envelope, ensuring maximum confidentiality.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

5.3 Direct interview<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

You can request a confidential meeting with the Compliance Officer:
\u2022 By email: write to compliance@youradn.com indicating the request for an interview (without providing details about the report);
The interview will be conducted in a confidential setting. The whistleblower may be assisted by a lawyer or a trusted union representative.
External channels
The whistleblower may alternatively contact the competent authorities directly:
\u2022 CONSOB (Financial Market Supervisory Authority);
\u2022 ANAC (National Anti-Corruption Authority);
\u2022 Judicial Authority in case of crimes. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

6. SIGNAL PROTECTION<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

TESORA guarantees maximum protection to those who report in good faith, in accordance with Legislative Decree 24\/2023 and Article 116 of the MiCAr Regulation. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

6.1 Confidentiality guarantees<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Identity of the whistleblower
\u2022 Known exclusively by the Compliance Officer (or by the Board of Statutory Auditors in the case of an alternative report);
\u2022 Not disclosed to third parties without the whistleblower’s explicit consent;
\u2022 Omitted from all reports and communications to the Board of Directors or other bodies.
Exceptions to the prohibition on disclosure
The whistleblower’s identity may be disclosed only in the following cases:
a) Legal obligation: when requested by the judicial authorities in the context of criminal investigations;
b) Defense necessity: when essential to guarantee the rights of defense of the alleged perpetrator, subject to the authorization of the judicial authorities;
c) Explicit consent: when the whistleblower expressly authorizes the disclosure of his or her identity.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

6.2 Prohibition of retaliation<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

TESORA expressly prohibits any form of retaliation, discrimination, or prejudicial behavior towards the whistleblower.
Prohibited retaliation includes, but is not limited to:
\u2022 Dismissal or early termination of employment;
\u2022 Suspension or sizing;
\u2022 Failure to renew a fixed-term or consultancy contract;
\u2022 Forced transfer of office or duties;
\u2022 Reduction in pay or company benefits;
\u2022 Changes in job descriptions for the worse;
\u2022 Negative ratings not justified by objective performance parameters;
\u2022 Missing deserved promotions or pay raises;
\u2022 Mobbing or isolation in the workplace;
\u2022 Pressure, intimidation or threats of any kind.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

6.3 Extended protection<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The protections provided by this Procedure also extend to:
\u2022 Facilitators: people who assist the whistleblower in the reporting process (e.g. union representative, lawyer);
\u2022 Colleagues: People who work in the same workplace as the whistleblower and who may suffer retaliation in connection with the report;
\u2022 Entities controlled by the reporting party: companies or entities where the reporting party works or in which he or she holds shares.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

6.4 Reports in bad faith<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Reports that are manifestly false, slanderous, or defamatory do not enjoy the protections provided.
A reporter acting in bad faith may face:
\u2022 Disciplinary responsibility (sanctions up to dismissal);
\u2022 Civil liability for damages to unjustly accused persons;
\u2022 Criminal liability for slander (Article 368 of the Criminal Code) or defamation (Article 595 of the Criminal Code).<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

7. REPORT MANAGEMENT<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

TESORA adopts a structured process for managing whistleblowing reports, divided into 6 phases with defined timeframes.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

7.1 Complete operational flow<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

PHASE<\/b><\/span><\/span><\/p><\/td>

DAYS<\/b><\/span><\/span><\/p><\/td>

ACTIVITY<\/b><\/span><\/span><\/p><\/td>

RESPONSIBLE<\/b><\/span><\/span><\/p><\/td><\/tr><\/thead>

1. Reception<\/b><\/p><\/td>

Day 0<\/p><\/td>

Recording, logging, and segregation of confidential data<\/p><\/td>

Compliance Officer<\/p><\/td><\/tr>

2. Recognition<\/b><\/p><\/td>

Within 7<\/p><\/td>

Confirmation of receipt to the reporting party, practice code, timeframes<\/p><\/td>

Compliance Officer<\/p><\/td><\/tr>

3. Assessment<\/b><\/p><\/td>

Within 30<\/p><\/td>

Analysis of admissibility, severity, and urgency. Request for additional information. <\/p><\/td>

Compliance Officer<\/p><\/td><\/tr>

4.Investigation<\/b><\/p><\/td>

Within 90<\/p><\/td>

Document collection, hearings, technical checks, regulatory analysis<\/p><\/td>

Compliance Officer + any consultants<\/p><\/td><\/tr>

5. Resolution<\/b><\/p><\/td>

Within 90<\/p><\/td>

Board of Directors report, resolves corrective\/disciplinary actions<\/p><\/td>

CdA<\/p><\/td><\/tr>

6. Feedback<\/b><\/p><\/td>

Within 90<\/p><\/td>

Communication of outcome to the whistleblower, implementation of actions<\/p><\/td>

Compliance Officer<\/p><\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Important: All activities are conducted with the utmost confidentiality, without disclosing the identity of the whistleblower. Confidentiality is extended to all parties involved. <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

7.2 Roles and responsibilities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Compliance Officer
Sole person responsible for the operational management of reports:
\u2022 Receives and records all reports;
\u2022 Manages reporting channels (emails, letters, interviews);
\u2022 Conducts the investigations;
\u2022 It guarantees the confidentiality of the whistleblower’s identity;
\u2022 Prepares reports for the Board of Directors;
\u2022 Keeps the Report Register up to date;
\u2022 Communicate the outcome to the reporter.
Requirements:
\u2022 Operational independence;
\u2022 Direct access to the Board of Directors;
\u2022 Specific training on whistleblowing;
\u2022 Strengthened confidentiality obligation.
Board of Directors
\u2022 Receives quarterly reports on all complaints;
\u2022 Decide on significant corrective actions;
\u2022 Monitor the effectiveness of the whistleblowing system;
\u2022 Ensures protection of whistleblowers;
\u2022 Approves changes to this Procedure.
Board of Auditors
\u2022 Receives alternative reports in case of conflict of interest of the Compliance Officer;
\u2022 It manages such reports with the same guarantees of confidentiality;
\u2022 Supervises the proper functioning of the whistleblowing system.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

7.3 Management of conflicts of interest<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Case 1: Report concerning the Compliance Officer
\u2022 The report is handled directly by the Chairman of the Board of Directors;
\u2022 The same confidentiality guarantees apply;
\u2022 The Compliance Officer is excluded from any investigative activity.
Case 2: Report concerning the Board of Directors or its members
\u2022 Option of reporting directly to the Authority;
\u2022 Possible involvement of an independent external consultant appointed by the Board of Statutory Auditors.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t\t
\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

WHISTLEBLOWING PROCEDURES 1. INTRODUCTION AND PURPOSE 1.1 Regulatory context TESORA S.p.A. (hereinafter “the Company” or “TESORA”), operating under the trading name YourADN, has implemented this Whistleblowing System in compliance with the following regulatory obligations:\u2022 Regulation (EU) 2023\/1114 (MiCAr), in particular:\u25e6 Art. 68, par. 4 (organizational requirements)\u25e6 Art. 71 (prudential requirements)\u25e6 Article 74 (Custody of Crypto-Assets and Client Funds)\u25e6 Art. 116 (Mechanisms for reporting violations)\u2022 Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law\u2022 Legislative Decree 24\/2023 (Italian implementation of the Whistleblowing Directive)\u2022 Regulation (EU) 2016\/679 (GDPR)\u2022 Legislative Decree 231\/2001 (administrative liability of entities)\u2022 CONSOB regulations applicable to CASPs\u2022 Article 116 of Regulation (EU) 2023\/1114 (MiCAr) – which requires crypto-asset service providers (CASPs) to establish effective mechanisms for reporting infringements of the Regulation;\u2022 Legislative Decree 24\/2023 – Italian implementation of Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law;\u2022 Article 68, paragraph 4 MiCAr – which requires effective compliance policies and procedures. The Company is in the process of obtaining authorization to provide the following CASP services by June 30, 2026, through transformation from VASP to CASP with submission of the application to CONSOB in December 2025:1. Placement of crypto-assets;2. Custody and administration of crypto-assets on behalf of third parties;3. Operating a crypto-asset exchange platform;4. Receiving and transmitting orders regarding crypto-assets on behalf of third parties;5. Execution of orders relating to crypto-assets on behalf of third parties;6. Exchange crypto-assets for funds;7. Crypto-asset consulting. 1.2 Objectives of the Whistleblowing System The TESORA Whistleblowing System pursues the following fundamental objectives:\u2022 Prevention: Promptly identify non-compliant conduct or conduct that is potentially harmful to corporate integrity;\u2022 Protection: Protect whistleblowers from any form of retaliation or discrimination;\u2022 Transparency: Ensure a clear, defined process that is accessible to all legitimate parties;\u2022 Continuous improvement: Use reporting as a tool to strengthen compliance controls;\u2022 Regulatory compliance: Comply with the obligations imposed by the MiCAr Regulation and current legislation. 1.3 Scope of application This document aims to achieve the following objectives:a) Define the Company’s regulatory compliance system in relation to the MiCAr Regulation and the regulations applicable to CASPs;b) Establish organizational responsibilities for regulatory compliance;c) Regulate staff training and awareness programs on legislative and regulatory requirements;d) Implement a whistleblowing system compliant with Article 116 of the MiCAr Regulation and Directive (EU) 2019\/1937;e) Ensure the protection of whistleblowers and the proper management of reports of regulatory violations. 1.4 Guiding principles The TESORA Whistleblowing System is based on the following principles:\u2022 Absolute confidentiality of the whistleblower’s identity;\u2022 Prohibition of retaliation of any kind against the whistleblower;\u2022 Accessibility through multiple and easily usable channels;\u2022 Timeliness in managing and responding to reports;\u2022 Proportionality of the actions taken to the seriousness of the violation;\u2022 Traceability of all reports received and actions taken. 2. MiCar REGULATORY COMPLIANCE POLICY 2.1 General principles The Company bases its business on the following principles of regulatory compliance:a) Legality and integrity: All activities must be conducted in compliance with laws, regulations, and the provisions of the supervisory authority.b) Transparency: The Company guarantees maximum transparency in relations with customers, supervisory authorities and stakeholders.c) Professionalism: The staff operates with competence, diligence and in accordance with best market practices.d) Culture of compliance: Compliance is the responsibility of all organizational levels and is a central element of corporate culture.e) Prevention: The Company adopts a proactive approach in identifying and mitigating compliance risks.f) Continuous improvement: The compliance system is subject to constant review and updating. 2.2 Scope of application The Regulatory Compliance Policy applies to all of the Company’s activities, with particular reference to:\u2022 Provision of authorized CASP services\u2022 Custody and administration of crypto-assets\u2022 Crypto-asset consulting\u2022 Customer Relationship Management\u2022 Safeguarding crypto-assets and client funds\u2022 Prevention of money laundering and terrorist financing\u2022 Management of conflicts of interest\u2022 Protection of personal data\u2022 Cybersecurity and operational resilience 3. REPORTABLE VIOLATIONS 3.1 Violations of the MiCAr Regulation Whistleblowing reports include violations or potential violations of Regulation (EU) 2023\/1114, including in particular:\u2022 Organizational requirements (art. 68 MiCAr): deficiencies in governance, internal controls, and management of conflicts of interest;\u2022 Prudential requirements (art. 71 MiCAr): insufficient capital, failure to comply with minimum ratios;\u2022 Custody of crypto-assets (Article 74 MiCAr): irregularities in the segregation, storage, or transfer of clients’ crypto-assets;\u2022 Rules of conduct (art. 76-82 MiCAr): improper behavior towards customers, misleading information, unmanaged conflicts of interest;\u2022 Complaints management (art. 85 MiCAr): failure to manage or record customer complaints;\u2022 Reporting obligations (Articles 109-110 of the MiCAr): failure to report or false reporting to the competent authorities. 3.2 Internal procedural violations Violations of TESORA’s internal operating procedures can also be reported:\u2022 Custody processes not compliant with the Operations Manual;\u2022 Cybersecurity policy violations;\u2022 Behaviors contrary to the company’s Code of Ethics. 3.3 Related regulatory violations Violations of the regulations related to CASP services also fall within the scope of whistleblowing:\u2022 Anti-money laundering (Legislative Decree 231\/2007): failure to identify customers, failure to report suspicious transactions, violations of due diligence obligations;\u2022 Personal Data Protection (GDPR): unlawful data processing, unreported data breaches, violations of data subjects’ rights;\u2022 Digital Operational Resilience (DORA): ICT risk management gaps, unreported incidents;\u2022 Administrative liability of entities (Legislative Decree 231\/2001): predicate crimes committed in the interest or to the advantage of the Company;\u2022 Market Abuse: market manipulation, abuse of inside information. 3.4 Exclusions The following do not fall within the scope of whistleblowing:\u2022 Personal complaints relating to employment relationships (to be handled through internal channels);\u2022 Differences of opinion on management or strategic choices;\u2022 Reports that are unfounded or manifestly specious;\u2022 Information already in the public domain;\u2022 Commercial disputes with suppliers or partners (to be handled through ordinary channels). 4. LEGITIMATE SUBJECTS The following individuals are authorized to report through the TESORA Whistleblowing System: 4.1 Customers and third parties \u2022 YourADN platform customers;\u2022 Any third parties who have become aware of violations in the context of professional or business relationships with TESORA. 4.2 Definition of “good faith whistleblower” The protections provided by this Procedure apply exclusively to those who report in good faith, i.e. those who:\u2022 They have reasonable grounds to believe the information reported is true;\u2022 Act<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-2900","page","type-page","status-publish","hentry"],"yoast_head":"\nWHISTLEBLOWING PROCEDURES - YourAdn<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WHISTLEBLOWING PROCEDURES - YourAdn\" \/>\n<meta property=\"og:description\" content=\"WHISTLEBLOWING PROCEDURES 1. INTRODUCTION AND PURPOSE 1.1 Regulatory context TESORA S.p.A. (hereinafter “the Company” or “TESORA”), operating under the trading name YourADN, has implemented this Whistleblowing System in compliance with the following regulatory obligations:\u2022 Regulation (EU) 2023\/1114 (MiCAr), in particular:\u25e6 Art. 68, par. 4 (organizational requirements)\u25e6 Art. 71 (prudential requirements)\u25e6 Article 74 (Custody of Crypto-Assets and Client Funds)\u25e6 Art. 116 (Mechanisms for reporting violations)\u2022 Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law\u2022 Legislative Decree 24\/2023 (Italian implementation of the Whistleblowing Directive)\u2022 Regulation (EU) 2016\/679 (GDPR)\u2022 Legislative Decree 231\/2001 (administrative liability of entities)\u2022 CONSOB regulations applicable to CASPs\u2022 Article 116 of Regulation (EU) 2023\/1114 (MiCAr) – which requires crypto-asset service providers (CASPs) to establish effective mechanisms for reporting infringements of the Regulation;\u2022 Legislative Decree 24\/2023 – Italian implementation of Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law;\u2022 Article 68, paragraph 4 MiCAr – which requires effective compliance policies and procedures. The Company is in the process of obtaining authorization to provide the following CASP services by June 30, 2026, through transformation from VASP to CASP with submission of the application to CONSOB in December 2025:1. Placement of crypto-assets;2. Custody and administration of crypto-assets on behalf of third parties;3. Operating a crypto-asset exchange platform;4. Receiving and transmitting orders regarding crypto-assets on behalf of third parties;5. Execution of orders relating to crypto-assets on behalf of third parties;6. Exchange crypto-assets for funds;7. Crypto-asset consulting. 1.2 Objectives of the Whistleblowing System The TESORA Whistleblowing System pursues the following fundamental objectives:\u2022 Prevention: Promptly identify non-compliant conduct or conduct that is potentially harmful to corporate integrity;\u2022 Protection: Protect whistleblowers from any form of retaliation or discrimination;\u2022 Transparency: Ensure a clear, defined process that is accessible to all legitimate parties;\u2022 Continuous improvement: Use reporting as a tool to strengthen compliance controls;\u2022 Regulatory compliance: Comply with the obligations imposed by the MiCAr Regulation and current legislation. 1.3 Scope of application This document aims to achieve the following objectives:a) Define the Company’s regulatory compliance system in relation to the MiCAr Regulation and the regulations applicable to CASPs;b) Establish organizational responsibilities for regulatory compliance;c) Regulate staff training and awareness programs on legislative and regulatory requirements;d) Implement a whistleblowing system compliant with Article 116 of the MiCAr Regulation and Directive (EU) 2019\/1937;e) Ensure the protection of whistleblowers and the proper management of reports of regulatory violations. 1.4 Guiding principles The TESORA Whistleblowing System is based on the following principles:\u2022 Absolute confidentiality of the whistleblower’s identity;\u2022 Prohibition of retaliation of any kind against the whistleblower;\u2022 Accessibility through multiple and easily usable channels;\u2022 Timeliness in managing and responding to reports;\u2022 Proportionality of the actions taken to the seriousness of the violation;\u2022 Traceability of all reports received and actions taken. 2. MiCar REGULATORY COMPLIANCE POLICY 2.1 General principles The Company bases its business on the following principles of regulatory compliance:a) Legality and integrity: All activities must be conducted in compliance with laws, regulations, and the provisions of the supervisory authority.b) Transparency: The Company guarantees maximum transparency in relations with customers, supervisory authorities and stakeholders.c) Professionalism: The staff operates with competence, diligence and in accordance with best market practices.d) Culture of compliance: Compliance is the responsibility of all organizational levels and is a central element of corporate culture.e) Prevention: The Company adopts a proactive approach in identifying and mitigating compliance risks.f) Continuous improvement: The compliance system is subject to constant review and updating. 2.2 Scope of application The Regulatory Compliance Policy applies to all of the Company’s activities, with particular reference to:\u2022 Provision of authorized CASP services\u2022 Custody and administration of crypto-assets\u2022 Crypto-asset consulting\u2022 Customer Relationship Management\u2022 Safeguarding crypto-assets and client funds\u2022 Prevention of money laundering and terrorist financing\u2022 Management of conflicts of interest\u2022 Protection of personal data\u2022 Cybersecurity and operational resilience 3. REPORTABLE VIOLATIONS 3.1 Violations of the MiCAr Regulation Whistleblowing reports include violations or potential violations of Regulation (EU) 2023\/1114, including in particular:\u2022 Organizational requirements (art. 68 MiCAr): deficiencies in governance, internal controls, and management of conflicts of interest;\u2022 Prudential requirements (art. 71 MiCAr): insufficient capital, failure to comply with minimum ratios;\u2022 Custody of crypto-assets (Article 74 MiCAr): irregularities in the segregation, storage, or transfer of clients’ crypto-assets;\u2022 Rules of conduct (art. 76-82 MiCAr): improper behavior towards customers, misleading information, unmanaged conflicts of interest;\u2022 Complaints management (art. 85 MiCAr): failure to manage or record customer complaints;\u2022 Reporting obligations (Articles 109-110 of the MiCAr): failure to report or false reporting to the competent authorities. 3.2 Internal procedural violations Violations of TESORA’s internal operating procedures can also be reported:\u2022 Custody processes not compliant with the Operations Manual;\u2022 Cybersecurity policy violations;\u2022 Behaviors contrary to the company’s Code of Ethics. 3.3 Related regulatory violations Violations of the regulations related to CASP services also fall within the scope of whistleblowing:\u2022 Anti-money laundering (Legislative Decree 231\/2007): failure to identify customers, failure to report suspicious transactions, violations of due diligence obligations;\u2022 Personal Data Protection (GDPR): unlawful data processing, unreported data breaches, violations of data subjects’ rights;\u2022 Digital Operational Resilience (DORA): ICT risk management gaps, unreported incidents;\u2022 Administrative liability of entities (Legislative Decree 231\/2001): predicate crimes committed in the interest or to the advantage of the Company;\u2022 Market Abuse: market manipulation, abuse of inside information. 3.4 Exclusions The following do not fall within the scope of whistleblowing:\u2022 Personal complaints relating to employment relationships (to be handled through internal channels);\u2022 Differences of opinion on management or strategic choices;\u2022 Reports that are unfounded or manifestly specious;\u2022 Information already in the public domain;\u2022 Commercial disputes with suppliers or partners (to be handled through ordinary channels). 4. LEGITIMATE SUBJECTS The following individuals are authorized to report through the TESORA Whistleblowing System: 4.1 Customers and third parties \u2022 YourADN platform customers;\u2022 Any third parties who have become aware of violations in the context of professional or business relationships with TESORA. 4.2 Definition of “good faith whistleblower” The protections provided by this Procedure apply exclusively to those who report in good faith, i.e. those who:\u2022 They have reasonable grounds to believe the information reported is true;\u2022 Act\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/\" \/>\n<meta property=\"og:site_name\" content=\"YourAdn\" \/>\n<meta property=\"article:modified_time\" content=\"2026-01-21T09:30:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png\" \/>\n\t<meta property=\"og:image:width\" content=\"577\" \/>\n\t<meta property=\"og:image:height\" content=\"828\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/\",\"url\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/\",\"name\":\"WHISTLEBLOWING PROCEDURES - YourAdn\",\"isPartOf\":{\"@id\":\"https:\/\/www.youradn.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png\",\"datePublished\":\"2026-01-14T10:48:59+00:00\",\"dateModified\":\"2026-01-21T09:30:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#primaryimage\",\"url\":\"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png\",\"contentUrl\":\"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.youradn.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WHISTLEBLOWING PROCEDURES\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.youradn.com\/#website\",\"url\":\"https:\/\/www.youradn.com\/\",\"name\":\"YourAdn\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.youradn.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.youradn.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.youradn.com\/#organization\",\"name\":\"YourAdn\",\"url\":\"https:\/\/www.youradn.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.youradn.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.youradn.com\/wp-content\/uploads\/2025\/05\/Logo-ADN.png\",\"contentUrl\":\"https:\/\/www.youradn.com\/wp-content\/uploads\/2025\/05\/Logo-ADN.png\",\"width\":1280,\"height\":546,\"caption\":\"YourAdn\"},\"image\":{\"@id\":\"https:\/\/www.youradn.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WHISTLEBLOWING PROCEDURES - YourAdn","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/","og_locale":"en_US","og_type":"article","og_title":"WHISTLEBLOWING PROCEDURES - YourAdn","og_description":"WHISTLEBLOWING PROCEDURES 1. INTRODUCTION AND PURPOSE 1.1 Regulatory context TESORA S.p.A. (hereinafter “the Company” or “TESORA”), operating under the trading name YourADN, has implemented this Whistleblowing System in compliance with the following regulatory obligations:\u2022 Regulation (EU) 2023\/1114 (MiCAr), in particular:\u25e6 Art. 68, par. 4 (organizational requirements)\u25e6 Art. 71 (prudential requirements)\u25e6 Article 74 (Custody of Crypto-Assets and Client Funds)\u25e6 Art. 116 (Mechanisms for reporting violations)\u2022 Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law\u2022 Legislative Decree 24\/2023 (Italian implementation of the Whistleblowing Directive)\u2022 Regulation (EU) 2016\/679 (GDPR)\u2022 Legislative Decree 231\/2001 (administrative liability of entities)\u2022 CONSOB regulations applicable to CASPs\u2022 Article 116 of Regulation (EU) 2023\/1114 (MiCAr) – which requires crypto-asset service providers (CASPs) to establish effective mechanisms for reporting infringements of the Regulation;\u2022 Legislative Decree 24\/2023 – Italian implementation of Directive (EU) 2019\/1937 on the protection of persons reporting breaches of Union law;\u2022 Article 68, paragraph 4 MiCAr – which requires effective compliance policies and procedures. The Company is in the process of obtaining authorization to provide the following CASP services by June 30, 2026, through transformation from VASP to CASP with submission of the application to CONSOB in December 2025:1. Placement of crypto-assets;2. Custody and administration of crypto-assets on behalf of third parties;3. Operating a crypto-asset exchange platform;4. Receiving and transmitting orders regarding crypto-assets on behalf of third parties;5. Execution of orders relating to crypto-assets on behalf of third parties;6. Exchange crypto-assets for funds;7. Crypto-asset consulting. 1.2 Objectives of the Whistleblowing System The TESORA Whistleblowing System pursues the following fundamental objectives:\u2022 Prevention: Promptly identify non-compliant conduct or conduct that is potentially harmful to corporate integrity;\u2022 Protection: Protect whistleblowers from any form of retaliation or discrimination;\u2022 Transparency: Ensure a clear, defined process that is accessible to all legitimate parties;\u2022 Continuous improvement: Use reporting as a tool to strengthen compliance controls;\u2022 Regulatory compliance: Comply with the obligations imposed by the MiCAr Regulation and current legislation. 1.3 Scope of application This document aims to achieve the following objectives:a) Define the Company’s regulatory compliance system in relation to the MiCAr Regulation and the regulations applicable to CASPs;b) Establish organizational responsibilities for regulatory compliance;c) Regulate staff training and awareness programs on legislative and regulatory requirements;d) Implement a whistleblowing system compliant with Article 116 of the MiCAr Regulation and Directive (EU) 2019\/1937;e) Ensure the protection of whistleblowers and the proper management of reports of regulatory violations. 1.4 Guiding principles The TESORA Whistleblowing System is based on the following principles:\u2022 Absolute confidentiality of the whistleblower’s identity;\u2022 Prohibition of retaliation of any kind against the whistleblower;\u2022 Accessibility through multiple and easily usable channels;\u2022 Timeliness in managing and responding to reports;\u2022 Proportionality of the actions taken to the seriousness of the violation;\u2022 Traceability of all reports received and actions taken. 2. MiCar REGULATORY COMPLIANCE POLICY 2.1 General principles The Company bases its business on the following principles of regulatory compliance:a) Legality and integrity: All activities must be conducted in compliance with laws, regulations, and the provisions of the supervisory authority.b) Transparency: The Company guarantees maximum transparency in relations with customers, supervisory authorities and stakeholders.c) Professionalism: The staff operates with competence, diligence and in accordance with best market practices.d) Culture of compliance: Compliance is the responsibility of all organizational levels and is a central element of corporate culture.e) Prevention: The Company adopts a proactive approach in identifying and mitigating compliance risks.f) Continuous improvement: The compliance system is subject to constant review and updating. 2.2 Scope of application The Regulatory Compliance Policy applies to all of the Company’s activities, with particular reference to:\u2022 Provision of authorized CASP services\u2022 Custody and administration of crypto-assets\u2022 Crypto-asset consulting\u2022 Customer Relationship Management\u2022 Safeguarding crypto-assets and client funds\u2022 Prevention of money laundering and terrorist financing\u2022 Management of conflicts of interest\u2022 Protection of personal data\u2022 Cybersecurity and operational resilience 3. REPORTABLE VIOLATIONS 3.1 Violations of the MiCAr Regulation Whistleblowing reports include violations or potential violations of Regulation (EU) 2023\/1114, including in particular:\u2022 Organizational requirements (art. 68 MiCAr): deficiencies in governance, internal controls, and management of conflicts of interest;\u2022 Prudential requirements (art. 71 MiCAr): insufficient capital, failure to comply with minimum ratios;\u2022 Custody of crypto-assets (Article 74 MiCAr): irregularities in the segregation, storage, or transfer of clients’ crypto-assets;\u2022 Rules of conduct (art. 76-82 MiCAr): improper behavior towards customers, misleading information, unmanaged conflicts of interest;\u2022 Complaints management (art. 85 MiCAr): failure to manage or record customer complaints;\u2022 Reporting obligations (Articles 109-110 of the MiCAr): failure to report or false reporting to the competent authorities. 3.2 Internal procedural violations Violations of TESORA’s internal operating procedures can also be reported:\u2022 Custody processes not compliant with the Operations Manual;\u2022 Cybersecurity policy violations;\u2022 Behaviors contrary to the company’s Code of Ethics. 3.3 Related regulatory violations Violations of the regulations related to CASP services also fall within the scope of whistleblowing:\u2022 Anti-money laundering (Legislative Decree 231\/2007): failure to identify customers, failure to report suspicious transactions, violations of due diligence obligations;\u2022 Personal Data Protection (GDPR): unlawful data processing, unreported data breaches, violations of data subjects’ rights;\u2022 Digital Operational Resilience (DORA): ICT risk management gaps, unreported incidents;\u2022 Administrative liability of entities (Legislative Decree 231\/2001): predicate crimes committed in the interest or to the advantage of the Company;\u2022 Market Abuse: market manipulation, abuse of inside information. 3.4 Exclusions The following do not fall within the scope of whistleblowing:\u2022 Personal complaints relating to employment relationships (to be handled through internal channels);\u2022 Differences of opinion on management or strategic choices;\u2022 Reports that are unfounded or manifestly specious;\u2022 Information already in the public domain;\u2022 Commercial disputes with suppliers or partners (to be handled through ordinary channels). 4. LEGITIMATE SUBJECTS The following individuals are authorized to report through the TESORA Whistleblowing System: 4.1 Customers and third parties \u2022 YourADN platform customers;\u2022 Any third parties who have become aware of violations in the context of professional or business relationships with TESORA. 4.2 Definition of “good faith whistleblower” The protections provided by this Procedure apply exclusively to those who report in good faith, i.e. those who:\u2022 They have reasonable grounds to believe the information reported is true;\u2022 Act","og_url":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/","og_site_name":"YourAdn","article_modified_time":"2026-01-21T09:30:53+00:00","og_image":[{"width":577,"height":828,"url":"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/","url":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/","name":"WHISTLEBLOWING PROCEDURES - YourAdn","isPartOf":{"@id":"https:\/\/www.youradn.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#primaryimage"},"image":{"@id":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#primaryimage"},"thumbnailUrl":"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png","datePublished":"2026-01-14T10:48:59+00:00","dateModified":"2026-01-21T09:30:53+00:00","breadcrumb":{"@id":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#primaryimage","url":"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png","contentUrl":"https:\/\/www.youradn.com\/wp-content\/uploads\/2026\/01\/Screenshot-2026-01-14-121240.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.youradn.com\/en\/whistleblowing-procedures\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.youradn.com\/"},{"@type":"ListItem","position":2,"name":"WHISTLEBLOWING PROCEDURES"}]},{"@type":"WebSite","@id":"https:\/\/www.youradn.com\/#website","url":"https:\/\/www.youradn.com\/","name":"YourAdn","description":"","publisher":{"@id":"https:\/\/www.youradn.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.youradn.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.youradn.com\/#organization","name":"YourAdn","url":"https:\/\/www.youradn.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.youradn.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.youradn.com\/wp-content\/uploads\/2025\/05\/Logo-ADN.png","contentUrl":"https:\/\/www.youradn.com\/wp-content\/uploads\/2025\/05\/Logo-ADN.png","width":1280,"height":546,"caption":"YourAdn"},"image":{"@id":"https:\/\/www.youradn.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/pages\/2900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/comments?post=2900"}],"version-history":[{"count":2,"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/pages\/2900\/revisions"}],"predecessor-version":[{"id":2902,"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/pages\/2900\/revisions\/2902"}],"wp:attachment":[{"href":"https:\/\/www.youradn.com\/en\/wp-json\/wp\/v2\/media?parent=2900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}