Whistleblowing Policy – First Crypto

1. Policy Statement

At First Crypto ("the Company/Firm", "We" and "Our"), integrity, transparency, and accountability form the foundation of our operations and corporate culture. In line with our commitment to upholding the highest ethical and regulatory standards, this Whistleblowing Policy and Procedures ("Policy") has been established to provide a secure and confidential mechanism for raising concerns about misconduct or improper behaviour within the organization.

This Policy applies to all individuals engaged by First Crypto, including permanent and temporary employees, secondees, agency workers, contractors, and external consultants, regardless of their length of service.

No minimum tenure is required to report a concern under this Policy. The purpose of this Policy is to encourage the prompt reporting of any suspected violations, including but not limited to illegal activities, financial or operational discrepancies, suspected fraud, breaches of internal rules, or unethical conduct. First Crypto expects all employees to conduct themselves with honesty and due diligence, in accordance with applicable laws, regulations, and internal policies.

This Policy sets out the procedures for reporting concerns ("Whistleblowing"), ensuring that disclosures are handled fairly, sensitively, and in a timely manner. It also outlines the protections offered to whistleblowers, including strict confidentiality and protection against retaliation or adverse treatment as a result of a disclosure made in good faith.

Through this Policy, First Crypto reaffirms its zero-tolerance stance toward misconduct and its commitment to fostering a safe and open environment where individuals feel empowered to speak up without fear.

2. Application

The Policy covers the reporting of any genuine concerns related to suspected misconduct, unethical behavior, or violations of applicable laws, regulations, or internal policies. Concerns may include, but are not limited to:

• Financial irregularities such as misstatements, fraud, or embezzlement
• Breach of legal or regulatory obligations
• Misuse of company resources or assets
• Violation of data protection or confidentiality rules
• Danger to health and safety or the environment
• Unethical conduct or professional misconduct
• Improper behaviour involving clients, vendors, or other stakeholders
• Attempts to conceal any of the above

Reports can be made regardless of whether the incident occurred recently or in the past, provided there is a reasonable basis to believe that the issue raised is true or likely to be true. Concerns must be raised in good faith, with honest intention and without malicious motives.

This Policy is not intended to replace or override existing grievance or complaint procedures related to personal employment matters (e.g., performance evaluations, salary disputes, interpersonal conflicts), unless such matters involve broader misconduct or policy violations affecting the integrity of the Company.

3. Protection and Security of Whistleblowers

First Crypto is committed to fostering an open, safe, and accountable culture where employees and relevant stakeholders can raise concerns without fear of retaliation. The Company will take all reasonable steps to ensure that individuals who report genuine concerns in good faith are protected from adverse consequences, regardless of whether the concerns are ultimately substantiated.

3.1 Protection Against Retaliation

The Company strictly prohibits any form of retaliation, reprisal, or victimisation against a whistleblower. This includes but is not limited to:

• Dismissal, demotion, or suspension
• Harassment or intimidation
• Discrimination or unfair treatment
• Threats or any action intended to silence, punish, or isolate the whistleblower
• Any employee or associated person found to have retaliated against a whistleblower will be subject to disciplinary action, which may include termination of employment or engagement.

3.2 Confidentiality and Anonymity

Whistleblowers may choose to report concerns anonymously. Regardless of whether a report is made anonymously or not, all disclosures will be treated with the highest level of confidentiality. First Crypto will ensure that the identity of the whistleblower is not revealed without their consent, unless required by law or regulatory obligation.

The information shared will only be accessible to those directly responsible for assessing and investigating the concern, and any investigation will be carried out discreetly and sensitively.

3.3 Support and Well-being

Whistleblowers will have access to support throughout the process, including the option to seek guidance from HR or an independent advisor designated by the Company. Where appropriate, reasonable steps will be taken to safeguard the emotional and professional well-being of the whistleblower during and after the investigation process.

Should the whistleblower experience stress or anxiety as a result of reporting or participating in an investigation, First Crypto will facilitate access to internal or external support services.

3.4 False or Malicious Reporting

While First Crypto encourages all employees to raise concerns, deliberately making false or malicious allegations is a serious matter. Any individual found to have knowingly reported untrue information with the intent to cause harm may be subject to disciplinary procedures. However, no action will be taken against a whistleblower who raises a concern in good faith, even if the concern is ultimately found to be unsubstantiated.

4. Reporting Procedures

First Crypto has established a structured, confidential, and accessible process to enable employees and relevant stakeholders to report concerns in good faith. The objective is to ensure that potential misconduct is identified, addressed, and corrected at the earliest possible stage.

4.1 Reporting Channels

Concerns may be reported through any of the following official channels:

• Designated Whistleblowing Officer – Employees may report concerns directly to the appointed Whistleblowing Officer either in person, via email, or in writing.
• Confidential Email Address – A dedicated whistleblowing email account is maintained for confidential reporting: whistleblowing@fce.global.
• Online Reporting Form – Submit a Report online using our secure form below.
• Anonymous Submission Box – First Crypto provides a secure digital or physical anonymous reporting box to accommodate individuals who wish to remain unidentified.
• Line Manager or Supervisor – Employees may choose to raise concerns with their immediate supervisor, who is required to escalate the matter confidentially to the Whistleblowing Officer.

4.2 Information to Include in a Report

To ensure efficient assessment and handling of the reported concern, whistleblowers are encouraged to provide the following information (to the extent possible):

• A clear and factual description of the issue or misconduct
• The name(s) of individuals or departments involved
• Dates, locations, and relevant circumstances
• Any supporting evidence or documentation
• Whether the concern has been raised previously and with whom Reports should be made in good faith and based on a genuine belief that the information disclosed is accurate and relevant.

4.3 Acknowledgment and Initial Review

Upon receiving a whistleblowing report:

• The Whistleblowing Officer will conduct a preliminary assessment to determine whether the concern warrants a formal investigation.
• If a matter falls outside the scope of the Whistleblowing Policy, it will be redirected to the appropriate internal process (e.g., HR, Legal, or Compliance).

4.4 Investigation Process

If the concern proceeds to formal investigation:

• An impartial and independent investigation will be initiated without undue delay.
• The process may involve interviews, document reviews, and cooperation with relevant departments.
• The investigation will be conducted with due care, confidentiality, and adherence to the principles of fairness and non-retaliation.
• The whistleblower will be kept informed of the progress and outcome to the extent permissible by law and confidentiality obligations.

4.5 Resolution and Corrective Action

Following the conclusion of an investigation:

• Appropriate corrective actions will be taken where misconduct is substantiated.
• Recommendations may include disciplinary action, policy changes, training, or escalation to regulatory authorities if required.
• All outcomes will be documented, and lessons learned may be incorporated into risk mitigation strategies to prevent recurrence.

5. Investigation Oversight and Escalation

First Crypto is committed to ensuring that all whistleblowing reports arehandled with the highest degree of integrity, professionalism, and impartiality. Investigations into concerns raised under this Policy will be conducted promptly, objectively, and in a manner that protects the rights of all parties involved.

Oversight and Responsibility

The primary responsibility for the oversight of whistleblowing investigations rests with the Head of Compliance, who acts as the Designated Whistleblowing Officer. This individual is responsible for:

• Ensuring that all disclosures are appropriately acknowledged, recorded, and investigated;
• Assigning an internal or external investigator, where necessary, based on the nature and complexity of the issue;
• Safeguarding the whistleblower's confidentiality and ensuring protection from retaliation;
• Reporting material findings to senior management and/or the Board, as appropriate.
• Escalation Protocol

Depending on the severity, nature, and scope of the matter reported, escalation may occur in the following manner:

• Routine concerns (e.g., minor internal policy breaches) will be handled at the departmental or compliance level;
• Significant concerns (e.g., fraud, regulatory non-compliance, or conduct involving senior employees) will be escalated to the Board of Directors, or a delegated committee thereof;

Urgent or critical disclosures (e.g., imminent regulatory breaches, cybersecurity incidents, or criminal activities) will be escalated immediately to the General Manager and Board, with simultaneous notification to relevant regulatory authorities where legally required.

Investigation Process

All investigations will follow a structured process that includes:

• A preliminary assessment to determine the scope and credibility of the report;
• A full fact-finding review, including interviews, documentation review, and forensic analysis where necessary;
• A conclusion report with findings, recommendations, and, where applicable, remedial actions;
• Regular updates to the whistleblower, where appropriate and feasible, without compromising confidentiality or the integrity of the investigation.
• Reporting and Documentation

A formal record of all whistleblowing reports and their outcomes will be maintained in a secure and confidential manner. Summarized findings (excluding personally identifiable information) will be presented periodically to the Board or its delegated committee for oversight and transparency.

6. Policy Review and Record-Keeping

The Policy will be reviewed at least annually by the Head of Compliance, or more frequently if triggered by:

• Significant changes in regulatory or legal requirements;
• Internal restructuring or operational changes;
• Lessons learned from past whistleblowing investigations or risk assessments;
• Feedback received from employees or other stakeholders regarding the application or clarity of the Policy.

Following each review, any necessary revisions will be proposed and submitted to the Board of Directors for approval. Approved updates will be promptly communicated to all employees and relevant external stakeholders, and training or awareness sessions will be conducted where needed.

Record-Keeping

First Crypto recognizes the importance of preserving accurate and confidential records of all whistleblowing-related activities. In accordance with applicable legal and regulatory obligations:

• All whistleblowing reports, investigation documentation, correspondence, and outcomes will be securely stored in a dedicated, access-controlled system.
• Records involving employee personnel or subjects of investigations will be maintained in accordance with applicable data protection laws and confidentiality obligations.

The Company maintains investigation records, including those of employee personnel, for a minimum of eight years from the date of closure of the case or conclusion of the investigation, unless a longer retention period is required by applicable law or regulation.

Access to such records is strictly limited to authorized personnel, including the Head of ompliance, designated investigators, and members of the Board or committees where oversight is required. All records are protected against unauthorized access, alteration, and disclosure.

Submit a Report

Use the form below to report concerns securely. You may choose to submit anonymously, or provide your contact information if you would like to receive updates on the investigation.