Whistleblowing Policy
1. Policy Statement:
XchangeOn FZCO ("XchangeOn" or the “Company”) is committed to integrity, transparency and full compliance with UAE law and Virtual Assets Regulatory Authority (VARA) requirements. This Policy provides a confidential, secure path for employees and stakeholders to raise concerns about wrongdoing without fear of retaliation.
2. Purpose
- Encourage good‑faith disclosure of misconduct that could harm clients, markets or XchangeOn.
- Ensure reports are assessed promptly, impartially and confidentially.
- Protect whistleblowers from reprisals, thereby reinforcing our culture of accountability.
3. Scope
Applies to:
- All employees (permanent, contract, temporary, interns), officers and directors.
- Consultants, vendors, influencers, volunteers and any person acting for, or on behalf of, XchangeOn, and it covers the following concerns (non‑exhaustive):
- Fraud, bribery, corruption or ABC breaches
- Money‑laundering / terrorist‑financing
- Violations of VARA regulations or licence conditions
- Serious ethical, fiduciary or market‑conduct breaches
- Misuse of client assets or confidential data
- Health, safety or environmental hazards
- Attempts to conceal any of the above
4. Governance & Responsibilities
| Function | Responsibility |
|---|---|
| Board of Directors | Owns this Policy; approves changes; receives quarterly whistleblowing dashboard; signs annual VARA attestation. |
| Chief Compliance Officer/MLRO (Whistleblowing Officer) | Receives & logs reports; safeguards confidentiality; appoints Investigating Officer; updates Board & VARA; maintains Policy & training. |
| Investigating Officer / Committee | Conducts objective investigation; gathers evidence; issues findings & recommendations. |
| All Personnel & Stakeholders | Must report genuine concerns; must not obstruct investigations or retaliate. |
5. Protection & Safeguards
- Non‑Retaliation: Any good‑faith whistleblower is protected from dismissal, demotion, harassment or blacklisting.
- Good‑Faith Standard: Reports must be honest and reasonable; malicious reporting may face discipline.
- Confidentiality: Identity disclosed strictly on “need‑to‑know”; anonymous reports accepted.
- Support: Alleged retaliation can be escalated directly to the Board Chair or VARA.
6. Reporting Channels
- Line Manager: first point, unless implicated.
- Whistleblowing Officer/MLRO
- Email: report@xchangeon.io
- Board Chair: Compliance@xchangeon.io (if Officer implicated).
- External: VARA or law enforcement, if internal channels are exhausted
7. Investigation Process
| Step | SLA |
|---|---|
| Acknowledgement | Within 5 BD of receipt. |
| Preliminary Assessment | Within 10 BD to confirm scope & materiality |
| Full Investigation | Evidence gathering, interviews, report; target 30BD (extendable). |
| Decision & Remediation | Board/ARC approve actions; VARA notified if material. |
| Feedback | Outcome shared with whistleblower where permissible. |
8. Record-Keeping & Confidentiality
- All whistleblowing files stored in encrypted SharePoint vault, access limited to Whistleblowing Officer, Investigators and Board Chair.
- Records retained 8 years in line with VARA Rulebooks.
9. Training & Awareness
- Mandatory onboarding + annual refresher e‑learning (≥95% completion KPI).
- Policy hosted on intranet & public website; posters in common areas.
10. Review & Amendments
Reviewed at least annually or upon: VARA rule change, major incident, organisational restructure. Amendments require Board approval; updated Policy circulated within 10 BD.
Approval & Acknowledgement:
Approved by the Board of Directors on 5 June 2025.
Signed By Chief Compliance Officer / MLRO on 5 June 2025
Subscribe to Our
Newsletter
Get the Latest Updates on Digital
Currency Trading!
