Stacks Asia DLT Foundation Whistleblower Protection Policy
A. INTRODUCTION
1. Background
1.1. This Whistleblower Protection Policy (“Policy”) applies to all Covered Persons, which includes employees, contractors, advisors, Foundation Council members, advisory board members, consultants, principals, associates, secondees, and any other individuals engaged in activities on behalf of or under the direction of Stacks Asia DLT Foundation (the "Foundation” or “we”), whether on a paid or unpaid basis.
1.2. Version Control Protocol:
• Each section of this Policy contains information regarding the key contact person and initial creation date.
• Further, owing to the evolving nature of the subject matter of this Policy, each section is reviewed and may be amended from time to time such that each section remains up to-date and fit for purpose. Accordingly, details regarding such review and/or update are recorded including:
• The date on which the section was updated or reviewed; and
• The name of the Covered Person approving such update or reviewing such section.
Unless otherwise directed by the Foundation Council (as defined in Article A.2), amendments to any part of this Policy must be approved by at least one authorised member of the Foundation Council or a person delegated with such authority. Where proposed amendments are likely to have a material operational or regulatory impact, such amendments must be approved by the full Foundation Council.
2. Key Contacts & Compliance Officer
2.1. Details of key contacts and compliance officers are set out below:
3. Governance and Structure
The Foundation Council of Stacks Asia DLT Foundation is the primary governing body in accordance with the ADGM DLT Foundations Regulations 2023. It is responsible for ensuring the Foundation’s activities are aligned with its chartered purposes, including advancing the adoption, education, and development of Bitcoin Layer-2 solutions.
The Foundation Council may appoint an Executive Director or other senior officers to oversee the Foundation’s day-to-day operations, implementation of strategic objectives, and compliance with ADGM legal and regulatory obligations.
In accordance with this governance framework, the Foundation Council (and any appointed Executive Management) retains overall responsibility for strategic direction and long-term mission alignment and monitoring and reporting of whistleblowing, AML, and code of conduct compliance.
Where specific operational functions are delegated, such delegation must be documented and approved by the Foundation Council and carried out in compliance with the Foundation’s charter and ADGM DLT Foundations Regulations 2023.
Version Control:
B. WHISTLEBLOWING
1. Background
1.1. The Foundation mandates ethical accountability under ADGM’s Whistleblower Protection Regulations 2024, ADGM DLT Foundations Regulations 2023, and UAE Federal Law by Decree No. (31) of 2021 Promulgating the Crimes and Penalties Law covering Bribery, Fraud and Embezzlement. A "Protected Disclosure" under this policy includes any good faith disclosure regarding suspected violations of ADGM regulations, including but not limited to governance and tokenomics issues, financial and crypto-asset reporting irregularities, smart contract vulnerabilities, insider trading, market abuse, conflicts of interest in grants or token distribution, money laundering, fraud, financial crime, or other misconduct that threatens the public interest. The Company is committed to the highest standards of professional integrity, in accordance with the ADGM DLT Foundations Regulations 2023. All Covered Persons are reminded of their duty to uphold principles of independence, confidentiality, and ethical conduct. This policy safeguards individuals making Protected Disclosures from any form of retaliation or detriment.
1.2. This Policy sets out:
• Purpose of the Policy
• Scope of the Policy
• Legal and Regulatory
• What can be Reported
• Whistleblower Protection
• Reporting Procedure
• Malicious or Vexatious Allegations
2. Purpose of the Policy
2.1. This Policy encourages and enables employees, consultants, stakeholders, token holders, and contributors to raise serious concerns internally in a safe and structured manner. It supports the Foundation’s commitment to integrity, transparency, and accountability, in compliance with the ADGM legal and regulatory framework, including the ADGM DLT Foundations Regulations 2023, ADGM Whistleblower Protection Regulations 2024, and ADGM Regulatory Framework for Virtual Assets.
2.2. Protected Disclosures may be made anonymously or with identification through the following channels:
1. Internal: Email to Whistleblowing Hotline whistleblower@stacksasia.foundation or whistleblower@stacks.asia using an anonymized email if desired
2. External: Direct reporting to ADGM Registration Authority, FSRA, or ADGM Office of Data Protection.
2.3. The Foundation strictly prohibits any attempts to identify anonymous whistleblowers. All disclosures will be handled with utmost confidentiality, with information shared only on a need-to-know basis. Whistleblowers are granted immunity from any civil, criminal, or administrative liability pursuant to Article 7 of the ADGM Whistleblower Protection Regulations 2024 when making Protected Disclosures in good faith and in the public interest. Records of all Protected Disclosures will be securely maintained for a minimum of six years in compliance with ADGM requirements.
2.4. All investigations will be conducted by appropriately qualified and independent investigators, either internal or external, who have no conflicts of interest with the matter being investigated. Managers must not be involved in investigating disclosures relating to their own team/own client matters that they manage.
2.5. The Foundation commits to:
1. Acknowledging receipt of disclosures within 5 business days
2. Providing regular updates on investigation progress
3. Completing investigations within 90 days where practicable
4. Protecting whistleblowers from any form of retaliation including adverse employment actions, harassment, or discrimination
3. Scope of the Policy
This Policy applies to all categories of Covered Persons defined above.
4. Legal Framework
This Policy has been developed in accordance with the ADGM Whistleblower Protection Regulations 2024 and reflects the Foundation's commitment to transparency, accountability, and integrity as a regulated entity under the ADGM's Distributed Ledger Technology Foundations framework (DLT Foundations Regulations 2023). The Policy is based on:
• ADGM’s Whistleblower Protection Regulations 2024
• ADGM Employment Regulations 2024 (Non-Discrimination and Victimisation)
• ADGM Data Protection Regulations 2021 (confidential handling of disclosures)
5. What can be Reported?
This Policy applies to Protected Disclosures, meaning any good faith report of suspected misconduct, unlawful activity, regulatory breaches, or other matters that may adversely affect the Foundation, its stakeholders, or the public interest.
Protected Disclosures may relate to the following categories of concern (non-exhaustive list):
A. General Legal, Regulatory, and Ethical Violations
• Breach of legal or regulatory obligations, including violations of:
• ADGM DLT Foundations Regulations 2023
• ADGM Anti-Money Laundering Regulations and FSRA Rules
• ADGM Data Protection Regulations 2021
• Criminal conduct, including fraud, bribery, corruption, theft, or embezzlement
• Professional misconduct, such as abuse of authority, concealment of conflicts of interest, or breach of fiduciary duties
• Discrimination, bullying, or harassment, including any conduct prohibited under ADGM Employment Regulations 2024
• Threats to health, safety, or the environment, including cybersecurity breaches impacting operational resilience
• Deliberate concealment or misrepresentation of any of the above
B. DLT-Specific and Blockchain Governance Concerns
Given the Foundation’s unique mandate within the ADGM DLT ecosystem, the following issues are also expressly within the scope of this Policy:
• Governance irregularities relating to Foundation operations or project oversight
• Financial misreporting or accounting irregularities involving crypto-assets or treasury reserves
• Smart contract vulnerabilities that could lead to exploitation, loss, or systemic failure
• Insider trading or market abuse involving tokens or digital assets under the Foundation’s ecosystem
• Conflicts of interest in connection with grant awards, ecosystem funding, developer incentives, or token allocation
• Blockchain protocol governance failures, including improper influence, censorship, or collusion
• Cybersecurity weaknesses or threats compromising the Foundation’s digital infrastructure
• Misuse or misappropriation of crypto-assets, wallets, staking rewards, or protocol treasury assets
All Covered Persons are reminded of their duty to act in accordance with the highest standards of professional and ethical conduct, consistent with the Foundation’s Charter, ADGM regulations, and the foundational principles of integrity, independence, and transparency in the blockchain ecosystem.
Protected Disclosures may be submitted even where the reporter is unsure whether misconduct has occurred, provided the report is made in good faith and based on reasonable belief.
6. Whistleblower Protection
The Foundation prohibits any form of retaliation against individuals who make disclosures in good faith. Anonymity will be preserved to the maximum extent permissible under law, and senior management is explicitly prohibited from attempting to identify anonymous whistleblowers. The Foundation maintains a zero-tolerance policy for retaliation. Retaliatory conduct includes, but is not limited to: dismissal, demotion, harassment, exclusion from work or meetings, negative performance reviews, denial of promotion, reduction in compensation, professional ostracism, adverse changes to duties, forced resignation, loss of benefits, threats, or any other form of detriment. The Foundation will actively monitor for signs of retaliation and provide support services including counselling and legal advice to whistleblowers who experience or fear retaliation. Any Covered Person found to have engaged in retaliation will be subject to disciplinary action, up to and including dismissal.
Disclosures will be handled:
• Confidentially
• Independently (where appropriate)
• In accordance with relevant data protection regulations and principles
All records of whistleblowing disclosures, investigations, and outcomes will be securely stored in compliance with the ADGM Data Protection Regulations 2021. Access to these records is strictly limited to those with a legitimate need to know. The identity of whistleblowers and the content of disclosures will be protected at all stages, and information will only be shared on a 'need to know' basis.
Anonymous reporting is encouraged and facilitated via email to whistleblower@stacksasia.foundation
or whistleblower@stacks.asia. The Company will never attempt to identify anonymous whistleblowers.
7. Reporting Procedure
The Foundation has established a transparent and secure process for the submission, investigation, and resolution of whistleblowing disclosures. This process is designed to protect the rights of whistleblowers, ensure fair handling of disclosures, and promote accountability across all levels of governance.
Step 1: Internal Reporting Channels
▪ Primary Contact: Disclosures may be submitted via the Foundation’s whistleblowing hotline or secure compliance email address: whistleblower@stacksasia.foundation or whistleblower@stacks.asia
Whistleblowers are encouraged to use anonymized email accounts if preferred.
▪ Escalation for Senior-Level Concerns: Where a disclosure involves the Executive Director, a member of the Foundation Council, or any other senior governance figure, the report must be directed to an independent ADGM-licensed compliance consultant or legal advisor appointed by the Foundation Council.
▪ External Reporting Rights: Under Article 5 of the ADGM Whistleblower Protection Regulations 2024, whistleblowers are entitled to report directly to external authorities without any obligation to report internally first.
These authorities include:
▪ ADGM Registration Authority
▪ ADGM Financial Services Regulatory Authority (FSRA)
▪ ADGM Office of Data Protection
▪ UAE law enforcement agencies
▪ Legal Immunity: In accordance with Article 7 of the ADGM Whistleblower Protection Regulations 2024, any individual making a Protected Disclosure in good faith shall be immune from civil, criminal, or administrative liability.
▪ Conflict-Free Investigations: Individuals who are the subject of a disclosure—or who may reasonably be perceived to have a conflict of interest—are strictly excluded from participating in the investigation. This includes line managers or team leads who oversee the reporting individual or the alleged wrongdoer.
Step 2: Written Submission
▪ Disclosures should be made in writing and provide sufficient detail to facilitate a proper investigation.
▪ Anonymous submissions are permitted and encouraged where necessary for whistleblower protection. Reports may be sent using anonymized email accounts to the Foundation's designated reporting channel.
Step 3: Acknowledgment of Receipt
▪ The Foundation will acknowledge receipt of the disclosure within five (5) working days of submission, unless the report is made anonymously and no return contact is provided.
Step 4: Investigation Process
▪ A fair, impartial, and timely investigation will commence within ten (10) working days of receipt.
▪ Investigations will be conducted by qualified, independent personnel or third-party professionals with no personal, professional, or organizational conflicts of interest.
▪ All disclosures and investigative records will be handled with strict confidentiality in accordance with the ADGM Data Protection Regulations 2021.
Step 5: Outcome and Feedback
▪ Subject to legal and confidentiality constraints, feedback will be provided to the whistleblower within thirty (30) days of the initiation of the investigation.
▪ Where misconduct is substantiated, appropriate remedial or disciplinary actions will be taken, and regulatory authorities will be notified if required.
▪ In cases involving systemic risks or regulatory breaches, escalation to the Foundation Council and/or external authorities will occur without delay.
8. Malicious or Vexatious Allegations
The Foundation maintains a zero-tolerance policy toward the intentional misuse of the whistleblowing process.
While individuals are encouraged to report concerns in good faith, any person found to have knowingly made a false, misleading, or malicious allegation—with the intent to cause harm, disrupt operations, or retaliate against another individual—may be subject to appropriate disciplinary or legal action, including potential dismissal or removal from the Foundation’s ecosystem.
This provision does not apply to disclosures made in error but in good faith, even if the allegations are ultimately found to be unsubstantiated. The Foundation recognises that individuals may have reasonable concerns based on incomplete or mistaken information and will not penalise such disclosures.
All assessments of potential bad faith will be handled with caution, ensuring procedural fairness and in line with the principles set out in the ADGM Whistleblower Protection Regulations 2024 and relevant employment and data protection regulations.
9. Oversight and Review
• The Compliance Officer is responsible for maintaining a Whistleblowing Register
• Annual reports on disclosures (anonymised) will be presented to the Foundation Council
• This Policy will be reviewed annually or upon regulatory changes
Version Control:
1. Background
1.1. This Whistleblower Protection Policy (“Policy”) applies to all Covered Persons, which includes employees, contractors, advisors, Foundation Council members, advisory board members, consultants, principals, associates, secondees, and any other individuals engaged in activities on behalf of or under the direction of Stacks Asia DLT Foundation (the "Foundation” or “we”), whether on a paid or unpaid basis.
1.2. Version Control Protocol:
• Each section of this Policy contains information regarding the key contact person and initial creation date.
• Further, owing to the evolving nature of the subject matter of this Policy, each section is reviewed and may be amended from time to time such that each section remains up to-date and fit for purpose. Accordingly, details regarding such review and/or update are recorded including:
• The date on which the section was updated or reviewed; and
• The name of the Covered Person approving such update or reviewing such section.
Unless otherwise directed by the Foundation Council (as defined in Article A.2), amendments to any part of this Policy must be approved by at least one authorised member of the Foundation Council or a person delegated with such authority. Where proposed amendments are likely to have a material operational or regulatory impact, such amendments must be approved by the full Foundation Council.
2. Key Contacts & Compliance Officer
2.1. Details of key contacts and compliance officers are set out below:
Foundation Council | Shahbaz Ali Khan – shahbaz@oasysae.com |
Muhammad Hassan Baig – hassan@oasysae.com | |
Designated Data Protection Officer | Shahbaz Ali Khan – shahbaz@oasysae.com |
Compliance Officer – MLRO | Shahbaz Ali Khan – shahbaz@oasysae.com |
3. Governance and Structure
The Foundation Council of Stacks Asia DLT Foundation is the primary governing body in accordance with the ADGM DLT Foundations Regulations 2023. It is responsible for ensuring the Foundation’s activities are aligned with its chartered purposes, including advancing the adoption, education, and development of Bitcoin Layer-2 solutions.
The Foundation Council may appoint an Executive Director or other senior officers to oversee the Foundation’s day-to-day operations, implementation of strategic objectives, and compliance with ADGM legal and regulatory obligations.
In accordance with this governance framework, the Foundation Council (and any appointed Executive Management) retains overall responsibility for strategic direction and long-term mission alignment and monitoring and reporting of whistleblowing, AML, and code of conduct compliance.
Where specific operational functions are delegated, such delegation must be documented and approved by the Foundation Council and carried out in compliance with the Foundation’s charter and ADGM DLT Foundations Regulations 2023.
Version Control:
Key Contact: | Created: | |||
Last Amended: | Last Approved By: | |||
Last Review: | Last Reviewed By: |
B. WHISTLEBLOWING
1. Background
1.1. The Foundation mandates ethical accountability under ADGM’s Whistleblower Protection Regulations 2024, ADGM DLT Foundations Regulations 2023, and UAE Federal Law by Decree No. (31) of 2021 Promulgating the Crimes and Penalties Law covering Bribery, Fraud and Embezzlement. A "Protected Disclosure" under this policy includes any good faith disclosure regarding suspected violations of ADGM regulations, including but not limited to governance and tokenomics issues, financial and crypto-asset reporting irregularities, smart contract vulnerabilities, insider trading, market abuse, conflicts of interest in grants or token distribution, money laundering, fraud, financial crime, or other misconduct that threatens the public interest. The Company is committed to the highest standards of professional integrity, in accordance with the ADGM DLT Foundations Regulations 2023. All Covered Persons are reminded of their duty to uphold principles of independence, confidentiality, and ethical conduct. This policy safeguards individuals making Protected Disclosures from any form of retaliation or detriment.
1.2. This Policy sets out:
• Purpose of the Policy
• Scope of the Policy
• Legal and Regulatory
• What can be Reported
• Whistleblower Protection
• Reporting Procedure
• Malicious or Vexatious Allegations
2. Purpose of the Policy
2.1. This Policy encourages and enables employees, consultants, stakeholders, token holders, and contributors to raise serious concerns internally in a safe and structured manner. It supports the Foundation’s commitment to integrity, transparency, and accountability, in compliance with the ADGM legal and regulatory framework, including the ADGM DLT Foundations Regulations 2023, ADGM Whistleblower Protection Regulations 2024, and ADGM Regulatory Framework for Virtual Assets.
2.2. Protected Disclosures may be made anonymously or with identification through the following channels:
1. Internal: Email to Whistleblowing Hotline whistleblower@stacksasia.foundation or whistleblower@stacks.asia using an anonymized email if desired
2. External: Direct reporting to ADGM Registration Authority, FSRA, or ADGM Office of Data Protection.
2.3. The Foundation strictly prohibits any attempts to identify anonymous whistleblowers. All disclosures will be handled with utmost confidentiality, with information shared only on a need-to-know basis. Whistleblowers are granted immunity from any civil, criminal, or administrative liability pursuant to Article 7 of the ADGM Whistleblower Protection Regulations 2024 when making Protected Disclosures in good faith and in the public interest. Records of all Protected Disclosures will be securely maintained for a minimum of six years in compliance with ADGM requirements.
2.4. All investigations will be conducted by appropriately qualified and independent investigators, either internal or external, who have no conflicts of interest with the matter being investigated. Managers must not be involved in investigating disclosures relating to their own team/own client matters that they manage.
2.5. The Foundation commits to:
1. Acknowledging receipt of disclosures within 5 business days
2. Providing regular updates on investigation progress
3. Completing investigations within 90 days where practicable
4. Protecting whistleblowers from any form of retaliation including adverse employment actions, harassment, or discrimination
3. Scope of the Policy
This Policy applies to all categories of Covered Persons defined above.
4. Legal Framework
This Policy has been developed in accordance with the ADGM Whistleblower Protection Regulations 2024 and reflects the Foundation's commitment to transparency, accountability, and integrity as a regulated entity under the ADGM's Distributed Ledger Technology Foundations framework (DLT Foundations Regulations 2023). The Policy is based on:
• ADGM’s Whistleblower Protection Regulations 2024
• ADGM Employment Regulations 2024 (Non-Discrimination and Victimisation)
• ADGM Data Protection Regulations 2021 (confidential handling of disclosures)
5. What can be Reported?
This Policy applies to Protected Disclosures, meaning any good faith report of suspected misconduct, unlawful activity, regulatory breaches, or other matters that may adversely affect the Foundation, its stakeholders, or the public interest.
Protected Disclosures may relate to the following categories of concern (non-exhaustive list):
A. General Legal, Regulatory, and Ethical Violations
• Breach of legal or regulatory obligations, including violations of:
• ADGM DLT Foundations Regulations 2023
• ADGM Anti-Money Laundering Regulations and FSRA Rules
• ADGM Data Protection Regulations 2021
• Criminal conduct, including fraud, bribery, corruption, theft, or embezzlement
• Professional misconduct, such as abuse of authority, concealment of conflicts of interest, or breach of fiduciary duties
• Discrimination, bullying, or harassment, including any conduct prohibited under ADGM Employment Regulations 2024
• Threats to health, safety, or the environment, including cybersecurity breaches impacting operational resilience
• Deliberate concealment or misrepresentation of any of the above
B. DLT-Specific and Blockchain Governance Concerns
Given the Foundation’s unique mandate within the ADGM DLT ecosystem, the following issues are also expressly within the scope of this Policy:
• Governance irregularities relating to Foundation operations or project oversight
• Financial misreporting or accounting irregularities involving crypto-assets or treasury reserves
• Smart contract vulnerabilities that could lead to exploitation, loss, or systemic failure
• Insider trading or market abuse involving tokens or digital assets under the Foundation’s ecosystem
• Conflicts of interest in connection with grant awards, ecosystem funding, developer incentives, or token allocation
• Blockchain protocol governance failures, including improper influence, censorship, or collusion
• Cybersecurity weaknesses or threats compromising the Foundation’s digital infrastructure
• Misuse or misappropriation of crypto-assets, wallets, staking rewards, or protocol treasury assets
All Covered Persons are reminded of their duty to act in accordance with the highest standards of professional and ethical conduct, consistent with the Foundation’s Charter, ADGM regulations, and the foundational principles of integrity, independence, and transparency in the blockchain ecosystem.
Protected Disclosures may be submitted even where the reporter is unsure whether misconduct has occurred, provided the report is made in good faith and based on reasonable belief.
6. Whistleblower Protection
The Foundation prohibits any form of retaliation against individuals who make disclosures in good faith. Anonymity will be preserved to the maximum extent permissible under law, and senior management is explicitly prohibited from attempting to identify anonymous whistleblowers. The Foundation maintains a zero-tolerance policy for retaliation. Retaliatory conduct includes, but is not limited to: dismissal, demotion, harassment, exclusion from work or meetings, negative performance reviews, denial of promotion, reduction in compensation, professional ostracism, adverse changes to duties, forced resignation, loss of benefits, threats, or any other form of detriment. The Foundation will actively monitor for signs of retaliation and provide support services including counselling and legal advice to whistleblowers who experience or fear retaliation. Any Covered Person found to have engaged in retaliation will be subject to disciplinary action, up to and including dismissal.
Disclosures will be handled:
• Confidentially
• Independently (where appropriate)
• In accordance with relevant data protection regulations and principles
All records of whistleblowing disclosures, investigations, and outcomes will be securely stored in compliance with the ADGM Data Protection Regulations 2021. Access to these records is strictly limited to those with a legitimate need to know. The identity of whistleblowers and the content of disclosures will be protected at all stages, and information will only be shared on a 'need to know' basis.
Anonymous reporting is encouraged and facilitated via email to whistleblower@stacksasia.foundation
or whistleblower@stacks.asia. The Company will never attempt to identify anonymous whistleblowers.
7. Reporting Procedure
The Foundation has established a transparent and secure process for the submission, investigation, and resolution of whistleblowing disclosures. This process is designed to protect the rights of whistleblowers, ensure fair handling of disclosures, and promote accountability across all levels of governance.
Step 1: Internal Reporting Channels
▪ Primary Contact: Disclosures may be submitted via the Foundation’s whistleblowing hotline or secure compliance email address: whistleblower@stacksasia.foundation or whistleblower@stacks.asia
Whistleblowers are encouraged to use anonymized email accounts if preferred.
▪ Escalation for Senior-Level Concerns: Where a disclosure involves the Executive Director, a member of the Foundation Council, or any other senior governance figure, the report must be directed to an independent ADGM-licensed compliance consultant or legal advisor appointed by the Foundation Council.
▪ External Reporting Rights: Under Article 5 of the ADGM Whistleblower Protection Regulations 2024, whistleblowers are entitled to report directly to external authorities without any obligation to report internally first.
These authorities include:
▪ ADGM Registration Authority
▪ ADGM Financial Services Regulatory Authority (FSRA)
▪ ADGM Office of Data Protection
▪ UAE law enforcement agencies
▪ Legal Immunity: In accordance with Article 7 of the ADGM Whistleblower Protection Regulations 2024, any individual making a Protected Disclosure in good faith shall be immune from civil, criminal, or administrative liability.
▪ Conflict-Free Investigations: Individuals who are the subject of a disclosure—or who may reasonably be perceived to have a conflict of interest—are strictly excluded from participating in the investigation. This includes line managers or team leads who oversee the reporting individual or the alleged wrongdoer.
Step 2: Written Submission
▪ Disclosures should be made in writing and provide sufficient detail to facilitate a proper investigation.
▪ Anonymous submissions are permitted and encouraged where necessary for whistleblower protection. Reports may be sent using anonymized email accounts to the Foundation's designated reporting channel.
Step 3: Acknowledgment of Receipt
▪ The Foundation will acknowledge receipt of the disclosure within five (5) working days of submission, unless the report is made anonymously and no return contact is provided.
Step 4: Investigation Process
▪ A fair, impartial, and timely investigation will commence within ten (10) working days of receipt.
▪ Investigations will be conducted by qualified, independent personnel or third-party professionals with no personal, professional, or organizational conflicts of interest.
▪ All disclosures and investigative records will be handled with strict confidentiality in accordance with the ADGM Data Protection Regulations 2021.
Step 5: Outcome and Feedback
▪ Subject to legal and confidentiality constraints, feedback will be provided to the whistleblower within thirty (30) days of the initiation of the investigation.
▪ Where misconduct is substantiated, appropriate remedial or disciplinary actions will be taken, and regulatory authorities will be notified if required.
▪ In cases involving systemic risks or regulatory breaches, escalation to the Foundation Council and/or external authorities will occur without delay.
8. Malicious or Vexatious Allegations
The Foundation maintains a zero-tolerance policy toward the intentional misuse of the whistleblowing process.
While individuals are encouraged to report concerns in good faith, any person found to have knowingly made a false, misleading, or malicious allegation—with the intent to cause harm, disrupt operations, or retaliate against another individual—may be subject to appropriate disciplinary or legal action, including potential dismissal or removal from the Foundation’s ecosystem.
This provision does not apply to disclosures made in error but in good faith, even if the allegations are ultimately found to be unsubstantiated. The Foundation recognises that individuals may have reasonable concerns based on incomplete or mistaken information and will not penalise such disclosures.
All assessments of potential bad faith will be handled with caution, ensuring procedural fairness and in line with the principles set out in the ADGM Whistleblower Protection Regulations 2024 and relevant employment and data protection regulations.
9. Oversight and Review
• The Compliance Officer is responsible for maintaining a Whistleblowing Register
• Annual reports on disclosures (anonymised) will be presented to the Foundation Council
• This Policy will be reviewed annually or upon regulatory changes
Version Control:
Key Contact: | Created: | |||
Last Amended: | Last Approved By: | |||
Last Review: | Last Reviewed By: |