Whistleblowing service for Lysa
Note: Are you trying to follow up on a matter you have already reported?
Click here to log into the Whistleblower Portal.
For the Lysa Group (“Lysa”), it is of the utmost importance that suspicions of possible irregularities are detected and remedied as soon as possible. Therefore, an important part of Lysa’s continuous risk management work is the establishment of a whistleblower function to which Lysa’s employees and other stakeholders can openly or anonymously report suspicions of wrongdoing. Lysa also has an obligation under the Anti-Money Laundering Act (2017:630) (“PTL”) to provide a reporting system for the purpose of reporting violations of the PTL.
Lysa’s whistleblower function constitutes an internal reporting channel in accordance with the Act (2021:890) on the protection of persons who report wrongdoing (the “Whistleblower Act”) and comprises all companies within the Lysa Group.
To ensure that anonymous reporting of suspected violations within the business is possible, Lysa has an external whistleblower function through collaboration with an independent actor: CRD Protection AB (“CRD”). CRD receives, handles and investigates reports of suspected violations through a digital whistleblower service that provides anonymity for the reporter.
Whistleblowing in practice: how it’s done, step by step
1. You make a report by filling in the form at the bottom of this page. There you can give an account of the suspected misconduct and the relevant circumstances, attach documents to support the report and make suggestions for further investigation measures. If you choose to be anonymous, no information about you is recorded, not even your IP address or metadata for any files you attach.
2. When you have sent the report, you will receive a confirmation and a password that gives you the opportunity to anonymously log into the Whistleblower Portal to take part in continuous feedback and follow-up questions from CRD. In the Whistleblower Portal, you can also attach pictures and various documents to support your report.
3. When CRD has received the report, CRD will contact you shortly via a message in the Whistleblower Portal and, after assessment by a lawyer, will inform you whether the notification is covered by the Whistleblower Act and what the next step in the processing will be. It is common that at this stage you need to answer some supplementary follow-up questions. At the same stage, CRD notifies the authorized contact person at Lysa and informs that the report has been received together with a short summary of its content.
4. CRD books a meeting with Lysa’s whistleblower group to report on the case and give its recommendations for future handling and investigation. If you have chosen to be anonymous, CRD will anonymize your report in terms of expression and personal characteristics and will only read it out orally. The dialogue with you as a whistleblower continues in parallel.
5. In consultation with CRD, Lysa’s whistleblower group decides on the measures to be taken.
6. If CRD conducts an investigation, there will be ongoing feedback and dialogue with you to a reasonable extent, and you may also be offered to develop your report anonymously during a video or telephone meeting. Anonymized contacts take place as needed with Lysa’s whistleblower group.
Questions and Answers
Who can report?
Everyone who has, or has had, a work-related connection to Lysa, which includes, among other things, employees, contractors, partners, job seekers, interns and board members.
What can be reported?
All suspicions of irregularities or misconduct can be reported. In order for the statutory protection for a whistleblower to apply, it is required that:
1. there is a public interest in the misconduct coming to light, and
2. the notifier has reasonable grounds to believe that the information provided is true.
Examples of what is meant by a public interest can be embezzlement, bribery, fraud, misuse of tax funds or suspected violations of the regulations that apply to Lysa’s operations. There is no requirement that the misconduct constitutes a criminal act.
In some cases, it can be difficult for a whistleblower to determine whether the conditions are of public interest. In order to increase the safety of the whistleblower, in doubtful cases, Lysa shall treat a case as if it is of public interest, and in these cases thus apply the protection for the whistleblower that arises according to law.
The requirement that the reporting party must have a reasonable reason to assume that the information provided is true means that there must be a factual basis for what is stated in the report. The reporting party does not need to have proof of the suspicion but no accusations may be made with malicious intent or with knowledge that the accusation is false.
Also reports about a Lysa company’s suspected violations of regulations in PTL, in accordance with Chapter 6, Section 4 of the same act, can be reported to the whistleblower service.
What is Lysa’s Whistleblower Group and what mandate does it have?
Lysa has appointed a whistleblower group whose task is to decide upon investigations of whistleblower cases.
The ordinary members of Lysa’s whistleblower group consist of the persons at Lysa who at the time of the report hold the following positions: General Counsel for the Lysa Group, Compliance Officer for each company in the Lysa Group and COO. Substitute is the chairperson of Lysa Group AB.
In the event that a member is suspected of having a conflict of interest in relation to a specific whistleblowing case, he or she does not participate in the handling of the case. If all the members have a conflict of interest, the substitute will step in. If the substitute is also suspected of having a conflict of interest, CRD will appoint a suitable representative with Lysa.
If you already suspect in advance that there is a conflict of interest, it is important to mention this when making your report.
What does the distribution of roles and the transfer of information look like between Lysa's whistleblower group and CRD Protection?
CRD is responsible for receiving, assessing and handling incoming reports, as well as all communication with the whistleblower. After consultation with Lysa’s whistleblower group, CRD may be assigned an independent investigation mandate and is then responsible for the subsequent investigation. Lysa’s whistleblower group is responsible for all decisions.
As far as the whistleblower’s identity and personal data are concerned, there is confidentiality between CRD and Lysa. CRD decides independently if anything in the information you have provided could risk indirectly identifying you. Such information remains with CRD.
How can I be sure that my identity is not revealed?
All information that can directly or indirectly identify you as a whistleblower is subject to confidentiality with CRD.
The reporting is done via a Swedish-developed whistleblower portal that is tailored based on whistleblowers’ needs for anonymity and security. This means that you can report anonymously and follow up on your report using a personal login. The portal does not save any information about you, not even your IP address. If you wish to upload documents to the responsible investigator, so-called metadata (information about which person or user created or edited the file) is automatically cleared. All material stored with CRD is deleted according to law when it is no longer needed and no later than two years after the end of the investigation.
What protection do I have as a whistleblower?
Lysa may not prevent a whistleblower from reporting wrongdoings.
Lysa may not take any form of retaliation against a whistleblower, anyone at Lysa who assists the whistleblower in reporting or who has a connection to the whistleblower, or against a legal entity that the whistleblower has a connection to. Lysa may also not take any form of retaliation because someone consults their employee organization for consultation regarding reporting or try to prevent such consultation.
Anyone who is guilty of a crime by reporting or by obtaining information is not protected against retaliations.
Information that may be disclosed when whistleblowing in relation to the duty of confidentiality
A whistleblower may disclose information that is subject to a duty of confidentiality* (for example, customer confidentiality or conditions regarding Lysa’s operations that are subject to confidentiality according to the employment contract) if the whistleblower has reasonable grounds to assume that it is necessary to reveal the wrongdoing. If the whistleblower is entitled to disclose information covered by a duty of confidentiality, the whistleblower may not be held responsible for having breached the duty of confidentiality.
However, the whistleblower is not entitled to disclose documents that are covered by confidentiality.
A whistleblower also has the right to obtain information that the whistleblower typically does not have the right to access, provided that the obtaining does not in itself constitute a criminal act and provided that it is necessary to reveal the wrongdoing.
* Information which, according to the Public Access to Information and Secrecy Act (2009:400), is protected by qualified confidentiality, concerning things such as national security or sensitive health information, may never be disclosed, not even verbally.
Can my IP address be tracked? Can I submit my application from any computer or phone?
CRD does not save any IP addresses or information about the user of the Whistleblowing Portal. Certain clients can keep a list of which websites its employees visit in the service. If you suspect this to be the case, you can, for additional protection of your identity, use a computer or device outside the employer’s network when submitting your report or logging into the Whistleblower Portal.
Is it possible to make a report in a different way than digitally?
Reporting via the Whistleblower Portal provides the best conditions for anonymity, feedback and efficient handling. If you wish, the report can also be made by letter (CRD Protection AB, Norra Obbolavägen 89, 904 22 UMEÅ) or telephone (+46 (0)90-77 79 00).
Save username and password!
Remember to save the username and password that is created when you have reported your case via the form below, and log in regularly to be able to anonymously follow your case and answer follow-up questions from the external partner. For questions about the whistleblower function, you can send an email to viselblas@crdprotection.com. Regarding the business’ handling of whistleblower matters, please contact your nearest manager or contact person at Lysa.
A report shall mainly contain the following:
• A description of the irregularity which is as detailed as possible.
• Specific information regarding when and where the irregularity took place and, where applicable, who was affected.
• Information regarding who was responsible for the irregularity in those cases where it is known.
• Information or documents supporting your assertions or proposals for specific investigative measures. The main task of the investigator is to examine whether your information can be confirmed, and it is of the greatest importance that you as a whistleblower contribute any and all information which can facilitate the investigation.
• Information regarding additional witnesses or persons who may have knowledge of the irregularity.
• Also state whether you suspect bias on the part of anyone in the group at the operator with whom CRD works.