Sign Up Login
Legal

Whistleblowing Policy

Malum is committed to operating with integrity. This policy encourages workers, contractors, suppliers, customers and merchants to speak up about wrongdoing without fear of retaliation, in line with the UK Public Interest Disclosure Act 1998, the FCA whistleblowing rules (SYSC 18), and the EU Whistleblower Protection Directive.

Last modified 05/12/2026 Malum Legal Team

Table of Contents

  1. Who can raise a concern
  2. What you can raise
  3. How to raise a concern
  4. Protection from retaliation
  5. Confidentiality and anonymity
  6. Investigation
  7. Feedback and outcomes
  8. External reporting
  9. Records
  10. Contact

Who can raise a concern

This policy is open to everyone with a working or commercial relationship with Malum: employees and former employees, contractors and freelancers, agency workers, interns, applicants, board members, suppliers and their staff, merchants, customers, end-users, and members of the public.

What you can raise

You can raise a concern about any matter you reasonably believe is in the public interest, including:

  • Criminal offences (fraud, theft, bribery, market abuse, money laundering, terrorist financing).
  • Breaches of legal or regulatory obligations (sanctions, payment-services rules, data protection, consumer protection).
  • Miscarriage of justice or coercion of staff.
  • Danger to health, safety, or the environment.
  • Improper use of customer or merchant funds; failures of safeguarding controls.
  • Deliberate concealment of any of the above.

Personal grievances and HR disputes should normally be raised through the grievance procedure rather than this policy, but they are not excluded where there is a clear public-interest element.

How to raise a concern

  • Confidential email: [email protected] — routed to the Whistleblowers' Champion and the MLRO only.
  • Independent third-party hotline: available to all Malum personnel via the internal intranet; provided by an independent reporting service to allow anonymous web and phone disclosure.
  • Post: Whistleblowing — Strictly Private & Confidential, Malum Limited, Office 961 House of Francis, Ile du Port, Mahe, Seychelles.

Protection from retaliation

Anyone making a disclosure under this policy is protected from retaliation, including dismissal, demotion, harassment, blacklisting, contract termination, withdrawal of services, and any other detriment. Retaliation against a whistleblower is a serious disciplinary offence and, where it amounts to a breach of statutory rights, may give rise to personal liability.

Confidentiality and anonymity

We treat the identity of a whistleblower as confidential and will not disclose it without consent except where disclosure is required by law or by a competent authority. You may submit a disclosure anonymously; doing so may limit our ability to investigate or to provide feedback, but anonymous reports are still taken seriously.

Investigation

Disclosures are assessed within five (5) business days by the Whistleblowers' Champion. Investigations are conducted by independent personnel who have no conflict of interest. Where appropriate, external advisers (legal, forensic) are appointed. Investigations are completed as quickly as possible consistent with thoroughness, and findings are reported to the Audit Committee or Board.

Feedback and outcomes

You will receive acknowledgement of your disclosure within seven (7) days and an update on outcome within three (3) months, subject to legal and confidentiality constraints. Substantiated wrongdoing leads to corrective action, which may include disciplinary measures, contract termination, regulatory notification, restitution, and control changes.

External reporting

You can report concerns directly to a prescribed regulator at any time without first raising the matter internally. Prescribed regulators include:

  • Financial Conduct Authority (FCA) — fca.org.uk/whistleblowing
  • HM Revenue & Customs (HMRC).
  • The Information Commissioner's Office (ICO) for data-protection matters.
  • The National Crime Agency (NCA) for suspected money laundering.
  • The Pensions Regulator, Health & Safety Executive, etc. as relevant.

Records

Whistleblowing disclosures and the results of investigations are recorded and retained securely for at least six (6) years. The Board reviews the whistleblowing programme at least annually.

Contact

[email protected] — reviewed only by the Whistleblowers' Champion and the MLRO.

Last modified 05/12/2026