Protected Disclosures Annual Report for 2017

Section 22 of the Protected Disclosures Act 2014 requires the publication of an Annual Report relating to Protected Disclosures received. Pursuant to this requirement, CIÉ hereby confirms that no reports were received. Protective Disclosures are processed in accordance with CIÉ’s Group Protective Disclosures Policy and Procedure.

Chief Operating Officer

CIÉ Protected Disclosure Policy

1. Introduction 

CIÉ which includes its operating subsidiaries, Bus Átha Cliath, Bus Éireann, Iarnród Éireann and CIÉ Tours International is committed to the highest standards of propriety, quality, honesty, openness and accountability in their dealings with all of their customers, staff and business partners.(1)

(1) The reference to “CIÉ” in this Statement shall refer to CIÉ or to each of its operating subsidiaries, as appropriate.

A Code of Business Ethics for Employees has been circulated to each employee in the Group. This Code establishes the principles of honesty, integrity and legality (amongst other principles) with which CIÉ employees are expected to conduct their business.

This CIÉ Protected Disclosure Policy sets out the framework within the organisation for disclosing information of alleged wrongdoing, the roles and responsibilities of those operating the policy, the company’s response to any such reports and safeguards for those reporting reasonably held suspicions. Each company in the CIÉ Group should put in place this Policy. The Chief Executive or Chief Financial Officer of each company should bring it to the attention of each employee.

The policy addresses the responsibilities of employees and management for the detection and reporting of any alleged wrongdoing. It also sets out the actions to be taken in the event of such wrongdoing. The response plan provides an outline of how reports under this policy will be handled within the organisation.

2. Policy Statement 

CIÉ considers that the responsibility for the prevention of wrongdoing in its operations, including, detection, awareness and investigation, rests with the management at all levels within the Group. This Policy Statement covers two key areas namely allegations in relation to fraud (which includes corruption) and the definition of a disclosure under the Protected Disclosures Act 2014 (as set out below). (2.2)

CIÉ operates a zero tolerance policy in respect of harassment, sexual harassment and bullying. In so far as allegations of harassment, sexual harassment and bullying and also health and safety matters are concerned, separate policies are in place to deal with these issues. This document outlines the policy and procedures in so far as allegations of fraud, and wrongdoing generally are concerned. All matters raised by any source relating to any of the aforementioned will be taken seriously and investigated.

It is CIÉ's policy to:

  • Encourage all employees to bring any instance of alleged fraudulent activity or wrongdoing of which they are aware to the attention of the organisation.
  • Encourage any employee, customer or other person who has information or reasonably held suspicions or concerns regarding any alleged wrongdoing on the part of the organisation, its management or its staff to come forward and voice those concerns at an early stage without fear of victimisation, subsequent discrimination or disadvantage. These concerns may relate to:
    • issues that are currently occurring, took place in the past, or are likely to happen in the future. Such concerns must   be genuine and not known to be false or not believed to be true.
  • Encourage anyone raising a concern under this policy to do so in an open manner under the protections offered by this policy. However, if necessary, CIÉ will facilitate confidential reports and at the discretion of the directors of the relevant company, CIÉ, will consider anonymous reports.
  • Establish procedures and internal controls across all of its businesses and processes that will minimise the risk of fraud or any wrongdoing. It is the responsibility of all employees to perform their duties within these procedures.
  • Provide a management structure and process to facilitate the reporting and investigation of alleged fraudulent activity or wrongdoing.
  • Adopt formal and professional procedures to investigate any reported, discovered or suspected incidence of fraudulent activity or wrongdoing.
  • Pursue whatever internal disciplinary, civil or legal remedies that are available under the law.
  • Seek full recovery of all assets misappropriated under any fraudulent activity or wrongdoing.
  • Conduct general awareness campaigns on all aspects of this policy and provide training to relevant employees.

2.1 Actions Constituting Fraud

For the purpose of this policy, fraud shall include but not be limited to:

  • Theft or misappropriation of company assets.
  • Submitting false claims for payments or reimbursement.
  • Accepting or offering a bribe or accepting gifts under circumstances that might lead to the inference that the gift or favour was intended to influence an employee’s decision-making while serving the employer.
  • Accepting a commission from or paying same to a third party.
  • Blackmail or extortion.
  • Deception.
  • 'Off Books' Accounting or making false or fictitious entries to the accounting system.
  • Knowingly creating and / or distributing false or misleading financial reports.
  • Paying of excessive prices or fees where justification thereof is not formally approved.
  • Violation of the company’s procedures with the aim of personal gain or to the detriment of the company.
  • Wilful negligence intended to cause damage to the material interest of the company.

3. Responsibilities

The Chief Executive Officers (CEO) of the operating subsidiaries have responsibility for the management of this policy within their respective companies. The Chief Operating Officer (COO), CIÉ, has responsibility for the management of this policy in the CIÉ Holding Company. The Managing Director, CIÉ Tours International has responsibility for the management of this policy in CIÉ Tours. The CIÉ Holding Company and each of the operating companies will designate an Officer (“the Designated Officer”), reporting direct to the CEO or COO CIÉ, as appropriate, with responsibility for the administration of the policy in their organisation. The Designated Officer shall be the Human Resources Manager (or his/her nominee) of each operating company and of the CIÉ Holding Company.

It is the responsibility of management to be familiar with the types of improprieties or wrongdoing that might occur in their area and be alert for any indication that improper activity, or wrongdoing is, was or is likely to be in existence within their area. Management is required to support and work with any officials, from within the organisation or from any external agency, appointed as part of an investigation.

Employees at all levels are responsible for exercising due diligence and control to prevent, detect and report acts of alleged fraud, or wrongdoing.

4. Protected Disclosure - Relevant Wrongdoing

Section 5(1) of the Protected Disclosures Act 2014 defines a protected disclosure as follows;

A protected disclosure means any disclosure of relevant information made by a worker which in the reasonable belief of the worker making the disclosure the information concerned shows or tends to show one or more of the following:

Relevant Wrongdoing

  • That an offence has been, is being or is likely to be committed.
  • That a person has failed, is failing or is likely to fail to comply with any legal obligation.
  • That a miscarriage of justice has occurred, is occurring or is likely to occur.
  • That the health and safety of any individual has been, is being or is likely to be endangered.
  • That the environment has been, is being or is likely to be damaged.
  • That an unlawful or otherwise improper use of funds or resources of a public body, or of other public money, has occurred, is occurring or is likely to occur.
  • That an act or omission by or on behalf of a public body is oppressive, improperly discriminatory, or grossly negligent, or constitutes gross mismanagement.
  • That information tending to show that any matter falling within any one of the preceding paragraphs has been, is being or is likely to be concealed or destroyed.

5. Safeguards

5.1 Harrasment or Victimisation

CIÉ recognises that the decision to report a concern can be a difficult one to make, not least because of the fear of victimisation by the person named in the disclosure or by their employer. CIÉ and its operating subsidiaries will not tolerate any harassment or victimisation (including informal pressures) and will take appropriate action which could include disciplinary or legal action in order to protect the staff member who raises a concern even if they were mistaken.

5.2 Confidentiality

As far as possible CIÉ will protect the identity of any person who raises a concern and does not want his/her name to be disclosed but this confidentiality cannot be guaranteed. It must be appreciated that any investigation process may require the person reporting the concern to make a statement as part of the evidence. Where a person has requested that his/her identity not be revealed, management will discuss the matter with him/her before embarking on any course of action whereby their identity will need to be disclosed.

5.3 Anonymity

Concerns expressed anonymously are much less persuasive but nevertheless, will be considered at the discretion of CIÉ. In cases where the person raising a concern feels that he/she must do so anonymously, the directors of the relevant company will decide whether or not to consider the matter. This will depend on the seriousness of the allegations made and whether an investigation can be carried out based on the information provided.

6. What Type of Concern Should Not be Raised

This policy does not replace the organisations general employment policies and procedures. Where the issue relates to an individual’s contract, terms or conditions of employment, this should be addressed under the relevant Grievance Procedure. Personal grievances should be reported in line with the relevant Grievance Procedure or any other relevant procedure, e.g. CIÉ’s Policy on Discrimination, Harassment, Sexual Harassment and Bullying i.e. the Protecting the Workplace document.

7. False and Malicious Claims

CIÉ and its operating subsidiaries will protect itself and its employees from false and malicious expressions of concern, or those made for personal gain, by taking disciplinary or legal action where appropriate.

A concern which is genuinely believed to be true may prove to be unfounded on investigation. If an allegation is made but is not confirmed by the investigation, no action will be taken against the person who made the allegation. CIÉ and its operating subsidiaries will make every effort to ensure that the negative impact of either a malicious or unfounded allegation about any person is minimised. A person that makes a statement which he/she knows to be false or does not believe to be true could be guilty of a criminal offence.

8. Criminal Matters

Where a report raises a concern about a potential criminal matter, this will be reported to An Garda Síochána as soon as it is practicable to do so. CIÉ’s ability to commence/ conclude any investigation will be subject to its own internal legal advice.

9. Overall Authority

The CEOs in the case of the operating companies or the COO, CIÉ, in the case of the CIÉ Holding Company, will have the final authority over all decisions resulting from the investigation. Where any potential conflict arises with the forgoing office holders, including the determination of any potential conflict, the relevant Board will assume the overall final authority.


1. Reporting Policy

CIÉ is committed to the highest possible standards of propriety, quality, honesty, openness, and accountability and to dealing with all allegations of fraud and other forms of wrongdoing reported. All instances of alleged fraud, or any other wrongdoing under this policy will be recorded and investigated.

2. Reporting Procedure

How to Report Concerns

Employees of CIÉ or any of its operating subsidiaries should first raise their concern(s) with their immediate supervisor or manager who shall report the concern to the Designated Officer.

If for any reason this is not possible or appropriate, concerns should be reported to the Designated Officer who will in turn report the concerns to the Head of Department, Finance Manager, Head of Internal Audit, Chief Executive Officer (CEO) of the relevant operating subsidiary or to the Chief Operating Officer (COO), CIÉ, as appropriate.

Concerns may be raised verbally, however it is preferable that concerns are raised in writing. Should a concern be raised verbally a written record of the complaint will be made with a copy provided to the person making the complaint. Where a concern is raised in writing, it should give the background and history of the concern, giving relevant details, insofar as is possible, such as dates, sequence of events and description of circumstances.

Non CIÉ staff should report their concerns to the Head of Internal Audit or to the COO, CIÉ.

Where the concern is about the Designated Officer it should be reported to the CEO of the operating subsidiary or to the COO, CIÉ, as appropriate.

Where the concern is about the CEO of one of the operating subsidiaries, it should be reported to the Chairman of that company. Where the concern is about the Chairman of an operating subsidiary it should be reported to the Chairman of the Audit Review Group of that company.

Where the concern is about the COO, CIÉ, it should be reported to the Chairman of the CIÉ Holding Company. Where the concern is about the Chairman of CIÉ or any Board member of the Holding Company or subsidiary, it should be reported to the Chairman of the CIÉ Board Audit and Risk Committee.

The earlier a concern is raised, the easier it will probably be to take effective action.

The CEOs of the operating subsidiaries will make an annual report to their Boards on the issues contained in this policy in so far as their respective companies are concerned. The COO, CIÉ, will make an annual report to the CIÉ Board Audit and Risk Committee in so far as the CIÉ Holding Company is concerned.

3. Response Plan

All concerns or reports made under this policy will be passed on to the CEO of the relevant operating subsidiary or the COO, CIÉ. The Designated Officer will notify the relevant CEO or COO, CIÉ of receipt of such concerns or reports and a preliminary investigation will take place. Depending on the circumstances and findings resulting from that investigation, the CEO or the COO, CIÉ, will respond in accordance with the response plan.

The company concerned undertakes to provide feedback to anyone making a report by way of an acknowledgement of the receipt of the report within two weeks. This acknowledgement will endeavour to provide as much information as possible, including how CIÉ or its operating subsidiary intends to deal with the matter, but it must be appreciated that the necessity to maintain confidentiality and to be fair to all parties involved will remain a priority.

When a report under this policy is received it will be handled in accordance with the following general principles:

3.1 Reporting

In accordance with this Policy Statement, reports of possible alleged fraud or any alleged wrongdoing can be received at any level within the organisation. On receipt of such a report, it is the responsibility of the employee receiving the report to ensure that it is formally communicated to the Designated Officer in the company and that the report is formally recorded in the company’s report register.

3.2 Recording the report

Each company will maintain a report register under the control of the Designated Officer. The status of each report will be maintained by a Designated Officer as it is processed.

3.3 Investigating Officer

Where the report is deemed credible and warrants further consideration, an Investigating Officer will be appointed by the CEO or COO of CIÉ, as appropriate. The Investigating Officer will have access to all necessary records and staff and may co-opt other staff and resources as required, under the ultimate control of the CEO or COO in the case of the CIÉ Holding Company.

3.4 Group Internal Audit

The CEO or COO, CIÉ, may request support from Group Internal Audit and/or any other relevant competency at any time once the report has been evaluated.

3.5 Dealing with the person who has made the report

The staff member making the report will receive the protections provided by the Policy (Section 5). He/she will be advised of the advantages of open reporting versus confidential reporting. Where confidentiality is required, he/she will be advised of the restrictions as per the Policy. He/she will be provided with as much feedback as is possible taking account of the rights of the individuals involved.

3.6 Dealing with staff member(s) about whom the report has been made

Staff members subject to an investigation resulting from a concern raised under this policy will be advised of the report as early as possible in the investigation, at a time deemed prudent by the CEO or COO, CIÉ, taking account of both the constitutional and contractual rights of the individuals and allowing for a successful outcome to the investigation. He/she will be advised to seek HR/ trade union/ legal support as necessary and will be advised to be represented by such at formal interviews.

3.7 Investigation Resources

For the purposes of the investigation, the Investigating Officer will have access to all necessary records, staff and facilities as required.

3.8 Conducting the Investigation

The investigation will proceed having due regard for the highest standards of professional investigations under the following headings:

  • Appointment of an investigation team.
  • Drafting terms of reference.
  • Planning and recording work completed.
  • Working arrangements.
  • File management - hardcopy.
  • File management - digital.
  • Interview Methodology
  • Preservation of evidence - digital.
  • Preservation of evidence - hardcopy.

Click below for PDF document:

Protected Disclosures Policy and Procedures 2016

(Right-click and click 'save link as'/'save target as' to download PDF file)

NTA website link
TFI website link