Whistleblowing Policy

Introduction

The Family Office Co. BSC(c) (“TFO”, “we”, or “us”) is committed to upholding the highest standards of integrity, transparency, and accountability across all aspects of our operations. This Whistleblowing Policy outlines the framework through which stakeholders—including employees, contractors, suppliers, clients, and other affiliated parties—can report suspected misconduct, unethical behaviour, or regulatory breaches in a secure and confidential manner.

This Policy is designed to ensure that individuals who raise concerns in good faith are protected from retaliation and that all reports are handled with the utmost seriousness, confidentiality, and procedural fairness.

This Policy may be updated periodically. Please refer to the latest version published on our website to ensure you are familiar with the current procedures and protections.

1. Scope of Whistleblowing

Whistleblowing refers to the act of reporting serious concerns that may adversely affect TFO’s operations, reputation, or compliance obligations. These concerns may arise from actions or omissions by any party involved in TFO’s activities, including employees, borrowers, promoters, contractors, suppliers, beneficiaries, or other stakeholders.

Examples of reportable concerns include, but are not limited to:

  • Fraud, bribery, or corruption

  • Financial misrepresentation or errors

  • Breaches of legal, regulatory, or internal policies

  • Unethical or illegal conduct

  • Health and safety risks

  • Environmental violations

  • Deliberate concealment of any of the above

This Policy is not intended for employment-related grievances, which should be addressed through the Human Resources channels.

2. Reporting Channels

Stakeholders may report concerns through the following confidential channels:

  • Phone: +973 17576773 (Designated Officer)

  • Email: [email protected]

  • Mail: Addressed to the Designated Officer, Al Zamil Tower, 9th floor Government Avenue, block 305 Manama, Kingdom of Bahrain

  • Web: Accessible via TFO’s website, with options for anonymous reporting

Third parties may also submit reports via the website or through mail.

3. Designated Officer

The Group Head of Compliance serves as the Designated Officer responsible for receiving, investigating, and escalating whistleblowing reports. The Designated Officer maintains a log of all reports and presents a summary to the Audit and Risk Committee (ARC) on a biannual basis.

4. Reporting Process and Escalation

Stakeholders may raise concerns with their primary contact at TFO. If this is not appropriate, they may report directly to the Designated Officer. In cases of heightened sensitivity, reports may be escalated to the CEO, Deputy CEO, or the Chairman of the ARC.

Reports are categorised by risk level and handled accordingly

ChatGPT Image Nov 5, 2025, 11_15_42 AM

5. Investigation Procedure

The nature and scope of investigations depend on the gravity of the reported concern. High-risk cases may be referred to external experts for independent review. All investigations are documented and reviewed by the ARC, with escalation to the Board if warranted.

6. Whistleblower Protection

TFO guarantees protection for whistleblowers who report concerns in good faith. This includes:

  • Protection from dismissal, demotion, harassment, or retaliation

  • Confidentiality of identity unless legally required to disclose

  • Monitoring of whistleblower treatment during and after investigations

  • Allocation of a support contact for reporting retaliation

If an investigation confirms that a report was made maliciously or without factual basis, the Firm may, at its discretion, take appropriate disciplinary action.

7. Confidentiality

TFO treats all whistleblowing reports with strict confidentiality. Identity disclosure will only occur under the following conditions:

  • With the whistleblower’s consent

  • Where legally required

  • Where necessary for effective investigation

  • Where the accused has a legal right to know

In all cases, the whistleblower will be informed prior to any disclosure.

8. Report Contents

Each whistleblowing report should include:

  • Date of receipt

  • Summary of concerns

  • Investigation steps taken

  • Confidentiality measures

  • Individuals aware of the report

  • Outcome and rationale

  • Disclosure decisions to regulators

  • Supporting documentation

9. Record Retention

All whistleblowing reports and related documentation are securely stored in accordance with TFO’s record retention policy and applicable laws. Access is restricted to authorised personnel only.

10. Monitoring and Compliance

The ARC monitors the effectiveness of this Policy through performance metrics such as:

  • Number of reports received

  • Investigation timelines

  • Corrective actions taken

Department heads are responsible for communicating this Policy to their teams. All new stakeholders are informed of the Policy during onboarding.

11. Additional Rights

Depending on applicable laws, whistleblowers may have additional rights under the Bahrain Personal Data Protection Law (Law No. 30 of 2018), the DIFC Data Protection Law No. 5 of 2020, and the Saudi Data and AI Authority Law M/19 of 2021.