Whistleblowing

Baumann & Partners S.A. (B&P) has established a whistleblowing system that enables employees, former and prospective employees, service providers, and third parties to report misconduct such as criminal activities, suspicions of money laundering and terrorism, regulatory violations, or unethical criminal behavior affecting our company, employees, or business partners.

The purpose of the reporting system is to identify potential risks early, counteract them, and protect our company, employees, and business partners from harm.

It must not be abused for false accusations or untruthful reports, as this would undermine trust in lawful and ethical behavior, as well as a structured and trustworthy reporting procedure for actual or suspected violations without fear of retaliation.

Please note that the whistleblowing system is not intended for submitting complaints. For this purpose, please use the link https://bpam.lu/de/complaints/, where you will find information about complaint management.

You can submit a whistleblower report through various reporting channels:

1. By mail to the Compliance department
   Personal/Confidential
   Compliance / Chief Compliance Officer
   Baumann & Partners S.A.
   5, Heienhaff
   L-1736 Senningerberg

2. By phone to the Compliance department
   00352/24 69 35 34
   or
   00352/24 69 35 47
   
   
3. Per email to the compliance department
   Whistleblowing@bpam.lu

You can also request a physical meeting through the established whistleblowing systems to present the report orally.

All reports are carefully examined, treated with strict confidentiality, and handled in accordance with data protection regulations.

You reach out to us via one of the aforementioned reporting channels, facilitating the classification of the report and its prompt processing by providing as much detailed information as possible.

The following should help you in drafting your report:

1.  Reason for the Report

It is primarily important to briefly state the reason for your report, i.e., whether it is a regulatory tip-off or one related to data protection.

Below are categories with subcategories to help you classify your report.

1.1. Regulation & Compliance

• Violation of MiFID II guidelines
• Non-compliance with KYC/AML regulations (anti-money laundering)
• Circumvention of regulatory reporting obligations
• Inadequate risk or compliance control
• Violation of CSSF requirements
• Incomplete or manipulated reporting to supervisory authorities

1.2. Client Business & Asset Management

• Conflicts of interest in asset management services
• Commissions/kickbacks without disclosure
• False or misleading product information to clients
• Churning (excessive trading to generate fees)
• Misuse of client information for proprietary trading

1.3. Internal Misconduct & Ethics

• Insider trading or market manipulation
• Corruption (e.g., preferential treatment of certain clients)
• Breaches of confidentiality
• Discrimination, bullying, or intimidation of employees
• Manipulation of performance indicators (KPIs) for bonus enhancement
• Whistleblower retaliation (reprisals against whistleblowers)

1.4. Data Protection & IT

• Data protection violations (e.g., GDPR breaches)
• Security breaches concerning client data or internal systems
• Unauthorized access to internal databases
• Use of insecure or unlicensed software

1.5. Sustainability & ESG Violations

• Greenwashing in financial products
• False ESG reporting
• Disregard of sustainability risks
  
  

2. Personal Data

To contact you, for example, if there are follow-up questions, we need your contact details:

Name:

First Name:

Email:

We assure you that this data will be treated with strict confidentiality and processed only by the Compliance department. You, as a whistleblower, are protected against the disclosure of your personal data.

We are interested in whistleblower reports to prevent harm, not in you as a whistleblower.

3. Description of the Incident

To process and review the matter, it is important that you describe as precisely as possible what happened, i.e., when the incident occurred (date, possibly time), where it happened, and which persons, if you know their names, were involved.

4. Further Information or Evidence

If there are witnesses, documents, or other materials such as links or screenshots, you are welcome to submit them.

Privacy Notice

B&P is, per the Luxembourg Implementation Act of May 16, 2023, which implements Directive (EU) 2019/1937 on the protection of persons who report breaches of Union law, obliged to offer a whistleblowing system also to external parties.

The whistleblowing system processes named tips and ensures the confidentiality of the identity of the whistleblower and the persons who are the subject of the report, as well as any others mentioned.

B&P processes and stores personal data only as long as necessary to achieve the purposes for which they were collected or processed. Generally, the documentation of internal and external reports is deleted three years after the conclusion of the procedure initiated by the tip, according to legal regulations. However, documentation may be retained longer to meet legal and/or regulatory requirements as necessary and proportionate.

Choice between Internal and External Reporting Channel

There is a choice whether the whistleblower reports to an internal reporting channel within the company or to an external reporting channel with the authorities.

Whistleblowers should prefer an internal channel if the violation can be effectively addressed internally and they do not fear reprisals.

If you wish to contact the external reporting channel, here is the link to the Commission de Surveillance du Secteur Financier (CSSF) https://www.cssf.lu/en/whistleblower-protection/, where anyone wishing to report violations can do so in French, Luxembourgish, German, or English.

What happens after my whistleblower report?

The Compliance department will conduct a preliminary review of the reported matter to determine if it falls within the scope of the whistleblowing system.

You will receive confirmation of receipt of your whistleblower report within seven days, provided you have left your contact details.

After the preliminary review and admission into the whistleblowing system, the Compliance department will undertake further steps to clarify the matter.

Upon conclusion of the investigations, appropriate measures will be taken if a breach is confirmed.

You will receive feedback on the outcome or status of the investigations within three months after the receipt confirmation, provided you have left your contact details, with due regard for data protection regulations, ensuring you remain adequately protected as a whistleblower.