ADGM Supplementary Guidance on Whistleblowing (July 2025)

Confidential ADGM Supplementary Guidance – Regulatory Framework for Whistleblowing July 2025

Confidential TABLE OF CONTENTS

1. DEFINITIONS.............................................................................................................................................. 3

2. BACKGROUND ........................................................................................................................................... 3

3. IMPLEMENTATION..................................................................................................................................... 4

4. WHISTLEBLOWING.................................................................................................................................... 4

5. DISCLOSURES OUTSIDE ADGM .............................................................................................................. 5

6. PROTECTED DISCLOSURES.................................................................................................................... 5

7. WHISTLEBLOWER PROTECTION AND AWARENESS............................................................................ 7

8. ANONYMITY ............................................................................................................................................... 9

9. REQUIREMENT FOR ORGANISATIONAL ARRANGEMENTS................................................................. 9

10. REQUIREMENT FOR WRITTEN POLICIES AND PROCEDURES ..................................................... 10

11. RECORD-KEEPING.............................................................................................................................. 12

12. CONFIDENTIALITY AND DUE PROCESS........................................................................................... 12

13. CULTURE.............................................................................................................................................. 13

14. NON-COMPLIANCE WITH REQUIREMENTS ..................................................................................... 13

15. DEFINITIONS 1.1 Unless otherwise defined or the context requires, the terms contained in this Guidance have the meanings set out in the ADGM Whistleblower Protection Regulations 2024. 1.2 In this Guidance, these terms have the following meaning: Term Definition ADGM entity Means a Global Market Establishment as defined in the WB Regulations. AML Means the Anti-Money Laundering and Sanctions Rules and Guidance issued by the FSRA. Courts Means the ADGM Courts. CR 2020 Means the Companies Regulations 2020. ER 2019 Means the Employment Regulations 2019. Framework Means the ADGM regulatory framework for whistleblowing as defined in paragraph 2.2 of this Guidance. FSMR Means the Financial Services and Markets Regulations 2015. FSRA Means the Financial Services Regulatory Authority of ADGM, defined as the ‘Financial Services Regulator’ in the WB Regulations. GEN Means the General Rulebook issued by the FSRA. GPM Means the Guidance and Policies Manual issued by the FSRA. Guidance Means this Whistleblowing Framework Supplementary Guidance. MIR Means the Market Infrastructure Rulebook issued by the FSRA. RA Means the Registration Authority of ADGM, defined as the ‘Registrar’ in the WB Regulations. Relevant Categories Means the categories of ADGM entity that are required to have written policies and procedures in place, as defined in paragraph 10.1 of this Guidance. WB Program Includes the arrangements contemplated by sections 6(1) to 6(3) of the WB Regulations, together with the other policies, procedures, organisational infrastructure and corporate culture that make up the whistleblowing program of an entity. WB Regulations Means the Whistleblower Protection Regulations 2024.

16. BACKGROUND 2.1 ADGM believes fairness, transparency and integrity are fundamental to a thriving and sustainable international financial centre. It is important to ensure that ADGM entities conduct their activities to the highest standards of business practice. This protects the ADGM business community and maintains confidence in ADGM. 2.2 In line with global movements favouring transparency, accountability and integrity, ADGM believes a culture that supports speaking up with confidence forms part of any progressive business environment. With that in mind, ADGM has implemented its regulatory framework for whistleblowing (the “Framework”). The Framework includes

the WB Regulations; amendments to ER 2019, GEN, MIR and GPM; and this Guidance. 2.3 This Guidance is issued jointly by the RA under section 3(3) of the WB Regulations and the FSRA under section 15(2) of FSMR. It should be read in conjunction with the Framework. 2.4 This Guidance is not an exhaustive source of the RA’s or the FSRA’s policies. The RA and the FSRA are not bound by the statements contained in this Guidance. 2.5 In November 2022, ADGM published its Guiding Principles on Whistleblowing. Those Principles have been incorporated into this Guidance to the extent appropriate, and accordingly the Principles themselves no longer represent current guidance. 3. IMPLEMENTATION 3.1 The WB Regulations and amendments to the other ADGM legislation that comprise the Framework took effect upon publication. This means that the protections applicable to Protected Disclosures and the individuals who make them are currently in effect. 3.2 The requirement that ADGM entities have appropriate and effective arrangements in place to facilitate the making of Protected Disclosures takes effect on 31 May 2025. 4. WHISTLEBLOWING 4.1 The terms “whistleblowing” or “whistleblower” may mean different things in different circumstances. In general terms, “whistleblowing” means reporting suspected wrongdoing to an appropriate recipient. A “whistleblower” is generally the person who makes such a report; that person might be part of the relevant organisation, such as a member of staff, or an external third party. 4.2 Whistleblowing may be internal, for example, through raising a concern internally to a manager, or may be external, for example, through the filing of a report with a regulator. 4.3 Whistleblowing is different to raising an employee grievance or a customer complaint: a) Grievances typically relate to how an individual employee is treated. For example, concerns about a possible breach of the terms of an employment relationship between an employer and an individual employee. Separate processes and protections apply to the raising of employee grievances. b) Customer complaints relate to issues between two parties to a commercial contract for goods or services. ADGM entities should ensure that clear, easy-to-understand information is available to help their staff and customers understand the differences. 4.4 Whistleblowing usually involves misconduct in an organisational context. The actions of individuals in their personal lives are generally not appropriate for whistleblowing. While the Framework provides for the reporting of financial crime, in general crimes should be reported to the police. 4.5 The criminal laws of the UAE apply in ADGM. Some provisions of these laws might be interpreted to cover disclosures made by whistleblowers in certain circumstances. To the extent that this is a risk, and to ensure the Framework operates in relative harmony with applicable criminal laws, a Protected Disclosure can only be made to the

recipients specified in the WB Regulations. Furthermore, external reporting channels are subject to appropriate confidentiality requirements (see paragraphs 6.15 to 6.21). 4.6 The Framework protects only disclosures that meet the requirements of a Protected Disclosure as set out in the WB Regulations. While the Framework defines what falls within the scope of a Protected Disclosure from a regulatory perspective, ADGM entities are encouraged to consider using a broad definition of the kinds of suspected misconduct that can be raised when formulating their own WB Program in support of an open and effective culture of speaking up. 5. DISCLOSURES OUTSIDE ADGM 5.1 There are limits to the protections the Framework can provide for a whistleblower who makes a Protected Disclosure outside the jurisdiction of ADGM. Conflict of laws and jurisdictional issues may prevent the Courts from affording a whistleblower the relevant protection. For example, this may be the case where employment laws in another jurisdiction, rather than the ER 2019, govern the relationship between the whistleblower and their employer. 5.2 Conflict of laws and jurisdictional issues arise in cross-border whistleblowing arrangements in other jurisdictions. Whistleblowers should be mindful of these issues when making a Protected Disclosure. ADGM does not encourage making Protected Disclosures where doing so would be in breach of applicable laws in another jurisdiction. 6. PROTECTED DISCLOSURES 6.1 Only disclosures that meet the requirements of a Protected Disclosure as set out in the WB Regulations are protected by the Framework. What follows is a summary rather than a substitute for reading, understanding and applying the WB Regulations. Summary of requirements 6.2 A Protected Disclosure must be: a) information related to knowledge or reasonable suspicion; b) that an ADGM entity or one of its officers, employees or agents has or may have contravened, or is likely to contravene any ADGM regulations or rules or legislation administered by any ADGM authority; or has or may have engaged, or is likely to engage, in money laundering, fraud or any other financial crime. c) made in good faith; and d) made through one or more: i. “internal reporting channels” – directors, officers, managers and any other recipients designated by that ADGM entity; or ii. “external reporting channels” - specified ADGM or UAE authorities including the FSRA and the RA. Requirement 1: Knowledge or reasonable suspicion 6.3 A Protected Disclosure requires the whistleblower to “know” of the misconduct, as a matter of fact, or have a “reasonable suspicion” of the reported misconduct.

6.4 A whistleblower does not need to be right about the suspected wrongdoing, or prove it. They only need to show that they had some reasonable basis or grounds for suspecting that there has been some misconduct. Whether or not a suspicion of the relevant misconduct was genuinely held, and such suspicion was reasonable, will depend on the particular factual circumstances in each case. 6.5 Reasonable suspicion does not require reasonable belief. Having grounds to suspect the relevant misconduct is sufficient. Drawing inference from the relevant circumstances is acceptable, and a standard of proof does not apply. 6.6 This means that disclosure of suspected misconduct made by a whistleblower that was mistaken but based on a genuine misunderstanding should still be protected. Requirement 2: Relevant types of misconduct 6.7 Only disclosures of information regarding contraventions of ADGM’s regulations and rules, or legislation administered by an ADGM authority, will meet the requirements of being a Protected Disclosure. 6.8 Disclosures of information concerning actual or suspected money laundering, fraud or any other financial crime will meet the requirements of a Protected Disclosure, as the FSRA is designated the supervisory authority for Federal AML Legislation1 . As an international financial centre, ADGM is committed to promoting the reporting of financial crime. 6.9 ‘Financial crime’ covers any misconduct relating to money or to financial services or markets that is designated as such by the broader UAE’s legislative regime. It may include, amongst other things, money laundering2 ; handling the proceeds of crime; fraud including embezzlement; insider trading; market abuse; bribery and corruption. 6.10 Information disclosed about contraventions of other laws, beyond those outlined in paragraph 6.7, will not be a Protected Disclosure. However, an ADGM entity's internal WB Program could protect a broader range of good faith disclosures, and this is encouraged. Requirement 3: Good faith 6.11 In order to be a Protected Disclosure, the disclosure must be made “in good faith”. 6.12 What constitutes good faith will depend on the context. It will usually require the disclosure to have been made honestly, properly, and generally in the public interest instead of solely serving a personal interest. 6.13 A disclosure about misconduct that affects people other than just the whistleblower would fall in the public interest. A disclosure predominantly motivated by improper or malicious motives is unlikely to meet the requirement of good faith. 6.14 Effective WB Programs will not protect deliberately false disclosures or those made exclusively in the reporter's self-interest. In certain circumstances, it may be appropriate to discipline staff making these kinds of reports. Requirement 4: Made to a specified recipient 6.15 In order to be a Protected Disclosure, the information must be reported to one or more specified recipients. “Internal reporting channels” are certain specified staff within the 1 As defined in FSMR. 2 Money laundering includes terrorist financing, proliferation financing, the financing of unlawful organisations and sanctions non-compliance. Refer to AML.

ADGM entity or other recipients it has designated. “External reporting channels” include the RA and the FSRA. It is important to note that both channels may be available alongside each other, i.e. a Protected Disclosure may be made through either or both channels. 6.16 The Framework does not require a disclosure to be made via internal reporting channels before being reported via external reporting channels for it to be a Protected Disclosure and ADGM entities should not require this. Internal reporting channels 6.17 Protected Disclosures can be made to directors, officers and any person in a management position at the relevant ADGM entity. For entities that the FSRA regulates, Protected Disclosures can also be made internally to individuals performing a Controlled Function or acting as a Key Individual (as applicable). Disclosures to external auditors are also protected. 6.18 In addition, a Protected Disclosure can be made to persons designated by the ADGM entity to receive Protected Disclosures as part of its WB Program. These may include: a) Staff in a particular function within that ADGM entity, such as a designated person(s) within its compliance, legal and/or internal audit function(s). b) Staff located outside ADGM, such as a human resources or compliance officer working in a group entity. c) A third party, such as a third-party whistleblowing service provider that an ADGM entity or its wider group has engaged to receive Protected Disclosures. Staff or third parties might administer a platform or portal for receiving disclosures. The ADGM entity may designate the staff or third parties administering that platform. External reporting channels 6.19 Protected Disclosures can be made directly to the RA, the FSRA, the ADGM Office of Data Protection and law enforcement agencies in the UAE, collectively termed “specified authorities”. 6.20 A disclosure will be protected where made to any of the specified authorities. Various statutory obligations of confidentiality govern specified authorities. While, operationally, it is preferred that a disclosure is made to the authority with administrative responsibility for the relevant misconduct, a good faith whistleblower will not lose protection simply by disclosing to a different specified authority. 6.21 Transmission of a Protected Disclosure to the appropriate specified authority, subject to appropriate protections, will be undertaken by the receiving authority. The RA’s and the FSRA’s statutory obligations of confidentiality, such as those contained in section 967 of CR 2020 and section 199 of FSMR, will permit the sharing of Protected Disclosures, where necessary, between the RA, the FSRA and other specified authorities. This is addressed in the WB Regulations. 7. WHISTLEBLOWER PROTECTION AND AWARENESS 7.1 Whistleblowers are more likely to report suspected misconduct where they are afforded appropriate protection against some of the negative consequences that may result from speaking up.

7.2 In addition to the protections set out in the WB Regulations and the ER 2019 (as amended), an ADGM entity should ensure its WB Program adequately protects whistleblowers from retaliation. This policy of non-retaliation should be supported at the highest level in the entity to be credible and convincing. ADGM condemns any retaliation or discrimination resulting from whistleblowing, including any threat of retaliation. 7.3 Retaliation may include various forms of detriment or disadvantage, including: a) withholding of promotions or training; b) harassment; c) loss of status or benefits; d) an adverse change in role duties; e) changes to hours of work; f) physical harm; g) being dismissed from employment; h) being forced to retire or resign; or i) pursuing civil or contractual remedies. 7.4 Under ER 2019, an employer threatening to take retaliatory measures or readying itself to take retaliatory measures will be considered to have retaliated. This is a summary and not a substitute for reading, understanding and applying the WB Regulations and ER 2019 with respect to retaliation. 7.5 Whistleblowers should be aware of matters relating to the Framework and whistleblowing generally. These include the following: a) The legislative protections only apply to disclosures that meet the requirements of a Protected Disclosure under the ADGM legislative framework (see section 6). An ADGM entity may provide broader protection through its own WB Program. b) The protections the Framework provides may only be enforced by the individual whistleblowers themselves. For example, where a whistleblower loses their job as a consequence of making a disclosure, only the whistleblower can take action against their employer through seeking compensation where they have grounds. This course of action may need to be pursued through the Courts. c) The RA and the FSRA are not able to intervene to address retaliation against any whistleblower. d) The protections offered by any whistleblowing regime, including those contained in the Framework, may not always be completely effective. Being a whistleblower may carry some risks and can be stressful; some forms of retaliation might not be fully addressed by compensation and may be difficult to prove. In addition, as highlighted in paragraph 4.5 above, in some circumstances certain provisions of the UAE’s criminal laws could be interpreted to cover disclosures made by whistleblowers pursuant to the Framework. For this reason, the external reporting channels have been specifically prescribed and confidentiality obligations apply to Protected Disclosures.

e) The difference between whistleblowing and raising a grievance as an employee is important (see paragraphs 4.3 and 4.4). While external reporting channels to make disclosures are available, whistleblowers could consider raising suspected wrongdoing internally first where it is appropriate to do so, for example, by speaking to a manager. ADGM entities can encourage this by creating the right culture where ‘speaking up’ is supported. f) Whistleblowers do not need to provide evidence when reporting suspected wrongdoing. A whistleblower should aim to make a disclosure stating the facts as understood by them and associated suspicions. In order to be actionable, disclosures should not be solely allegations or opinions. Obtaining evidence is not the same as making a disclosure; it is not required or protected by the Framework. When a whistleblower collects evidence, they should ensure they do not commit misconduct themselves. g) Whistleblowers are not entitled to know the outcome of reporting suspected wrongdoing. For example, when an employer investigates the behaviour of another individual and disciplines them as a result, that is confidential information between the employer and that other individual. 8. ANONYMITY 8.1 The WB Regulations allow Protected Disclosures to be made anonymously. 8.2 Anonymous disclosures have certain drawbacks. Communicating with the whistleblower is invaluable to thoroughly investigating any disclosure, and anonymity may make such communication difficult, although solutions exist to facilitate this. Anonymity may result in an entity being unable to communicate to the whistleblower that the disclosure has been received and addressed. 8.3 In some circumstances, whistleblower anonymity may impact an ADGM entity’s ability to take action in relation to a disclosure. These shortcomings are outweighed by the need to encourage reporting of suspected wrongdoing from whistleblowers regardless of whether they feel able to disclose their identity. 9. REQUIREMENT FOR ORGANISATIONAL ARRANGEMENTS 9.1 The WB Regulations require all ADGM entities to have appropriate and effective arrangements in place to facilitate the making of Protected Disclosures by 31 May 2025. 9.2 The WB Regulations recognise the importance of giving appropriate flexibility to smaller ADGM entities to put in place arrangements that are suitable but do not impose a disproportionate administrative burden. Accordingly, the WB Regulations clarify that the arrangements should be proportionate to the size and complexity of the ADGM entity’s business and operations. 9.3 As a minimum, all ADGM entities should arrange to communicate the protections afforded under the Framework, the available internal reporting channels, and the availability of external reporting channels to specified authorities. They should also have processes to protect a person who makes a Protected Disclosure from retaliation, to protect the confidentiality of disclosures made in confidence, and to assess and escalate Protected Disclosures where necessary.

9.4 There is no one-size-fits-all approach to creating an effective WB Program for individual ADGM entities. Each WB Program, including appropriate resources to support it, will vary depending on the size, business, risk profile and complexity of the relevant ADGM entity. Smaller entities may elect to focus on external rather than internal reporting channels for whistleblowing in certain circumstances and integrate the arrangements required by the WB Regulations into existing arrangements, such as communications from senior management, the company code of ethics, human resources policies or procedures and employment contracts. 9.5 For SPVs, given they are not operational and do not have employees, it may be sufficient for the Board Secretary to provide a briefing on the WB Regulations to the Board of Directors of the SPV, for example. 9.6 The appropriateness, proportionality and effectiveness of whistleblowing arrangements and, where applicable, written policies and procedures (see section 10 below) should be periodically reviewed, and records of reviews should be kept. 9.7 An ADGM entity should ensure compliance with applicable data protection legislation, including the Data Protection Regulations 2021, in operating its WB Program. 10. REQUIREMENT FOR WRITTEN POLICIES AND PROCEDURES 10.1 Some categories of ADGM entity (“Relevant Categories”) are required to document the arrangements in written policies and procedures, as follows. a) Authorised Persons and Recognised Bodies3 ; b) Designated Non-Financial Businesses or Professions (DNFBPs)4 ; c) DLT Foundations 5 ; and d) ADGM entities that qualify as a Large Establishment, as defined in the WB Regulations. 10.2 An ADGM entity in a Relevant Category will need to create written policies and procedures in line with the requirements of the WB Regulations. Where an ADGM entity is in a Relevant Category other than Large Establishment on or after the date the WB Regulations come into force, it must have written policies and procedures by the later of: a) the date it falls within a Relevant Category; or b) 31 May 2025. 10.3 Large Establishments are required to have written policies and procedures by the beginning of the financial year subsequent to the first financial year in which they qualify as a Large Establishment, or 31 May 2025, whichever is the later. 10.4 Once an ADGM entity has been required to create written policies and procedures it must continue to do so, even where it is no longer in a Relevant Category. 10.5 A Large Establishment is an ADGM entity that has: a) more than USD 13.5 million turnover in any financial year; or 3 As defined in FSMR. 4 As defined in FSMR and AML. 5 As defined in the Distributed Ledger Technology Foundations Regulations 2023.

b) holds, administers or controls assets with an aggregate value exceeding USD 13.5 million at any point during a financial year; and c) more than 35 employees in the same financial year that either of the financial thresholds set out in (a) or (b) above are met. 10.6 The turnover threshold is reached when an ADGM entity achieves more than USD 13.5 million turnover in a financial year. If applicable, where the ADGM entity is a parent company, the RA considers that the turnover of such ADGM entity should be calculated on a group basis in accordance with section 370 of CR 2020. If the group headed by the parent ADGM entity qualifies as a small group in a financial year, then the parent ADGM entity will qualify as a small company and not a Large Establishment in that financial year. For a period that is an ADGM entity’s financial year but not in fact a year, the maximum figures for turnover must be proportionately adjusted. Determination of the number of employees in any financial year should follow the approach set out in section 369 of CR 2020. 10.7 Taking a risk-based and proportionate approach, it is expected that written whistleblower policies and procedures would address the following as a minimum: a) Periodic communication of the ADGM entity’s whistleblowing policies/procedures, including the available internal and external reporting channels and the confidentiality and non-retaliation protections. b) Identification of appropriate internal reporting channels for Protected Disclosures. c) Mechanisms to provide feedback to a whistleblower, where appropriate. d) Processes to protect the identity of a whistleblower where the disclosure is made confidentially, including protecting the content of a disclosure and allowing for anonymous reporting. e) Reasonable measures to protect a whistleblower from retaliation. f) Procedures to assess a Protected Disclosure in order to identify the next steps required, including investigation where warranted. g) Procedures to escalate a Protected Disclosure, where necessary, within the entity and to the relevant ADGM or UAE authorities, where appropriate. h) The approach that will be taken to ensure the fair and objective treatment of all persons accused of wrongdoing by a whistleblower, including how to address any conflict of interests that may arise. 10.8 Policies and procedures should be developed and approved following the ADGM entity’s applicable governance arrangements. 10.9 Written policies and procedures implemented as part of a WB Program should be clear, simple, accessible and easily understood, whether they are stand-alone or incorporated into other policies or procedures. 10.10 It is not required to file with the RA copies of written policies and procedures, nor a confirmation of steps taken to implement the WB Regulations.

11. RECORD-KEEPING 11.1 The WB Regulations require ADGM entities to maintain records related to a Protected Disclosure for at least six years from the date that the determination of all matters relevant to the Protected Disclosure has been completed and closed. 11.2 The six-year retention period is specified as a minimum, taking into account that a more extended period may be specified in other ADGM regulations. The reference to determining all matters relevant to the Protected Disclosure is to ensure that the duration of the record-keeping requirement runs from an appropriate starting point. For example, an internal investigation or regulatory enforcement investigation or action arising in respect of the subject matter of the Protected Disclosure could run for several years. In that case, an ADGM entity should retain the relevant records for the duration of that investigation or enforcement action and any associated actions, and at least six years after that.
12. CONFIDENTIALITY AND DUE PROCESS 12.1 Effective whistleblowing arrangements protect the identity of a whistleblower and the subject of any disclosure through strict adherence to confidentiality principles. ADGM entities should have controls in place to prevent unauthorised access to whistleblowing disclosures, particularly any information that might inadvertently or inappropriately reveal the identity of a whistleblower or the subject(s) of any whistleblowing disclosure. 12.2 Preservation of confidentiality ensures that the subject(s) of any whistleblowing disclosure are appropriately protected and reduces the risk of retaliation against the whistleblower and allegations of retaliation being made by the whistleblower. Details and identities should only be shared on a strictly ‘need to know’ basis. Management reporting, where necessary, should be made on an aggregated or anonymised basis. Senior management within an ADGM entity and members of the Board should not ask about the whistleblower's identity or try to identify them and should communicate the expectation that others follow this example. 12.3 An ADGM entity should take due care when designating certain persons as being appropriate to receive Protected Disclosures. The designated persons should be selected and approved via the appropriate governance requirements of that entity. Where a designated person is located outside ADGM, the laws in that jurisdiction should be assessed to ensure they do not hinder the application of the WB Regulations. 12.4 Appropriate disclosure of information to the specified authorities through prescribed external whistleblowing channels - such as a regulator - should be expressly exempted from an ADGM entity’s approach to protecting the entity’s confidential information. An ADGM entity’s whistleblowing arrangements may encourage, but should not require, internal reporting channels to be used first. The corporate culture of an ADGM entity can support this. 12.5 Effective WB Programs do not support deliberately false disclosures or those made exclusively in self-interest. Where these are particularly problematic, these may need to be addressed with disciplinary measures in the case of employees. However, ADGM entities should ideally handle these situations gently and with discretion, to avoid negatively impacting efforts to create an open and transparent culture. 12.6 ADGM entities should be careful not to assume that a disclosure is made in bad faith due to the context in which it is made. For example, valid reports of suspected

misconduct warranting investigation and appropriate protection may be raised by individuals undergoing employment-related disciplinary processes. 12.7 ADGM entities should ensure that appropriately independent skilled professionals are involved in assessing, managing and investigating whistleblowing disclosures, whether members of staff from the entity itself or from its wider group or contracted external support. Investigations should not take an unduly long time, relative to the sensitivity and complexity of the matter. It will usually be appropriate to provide feedback to a whistleblower that the entity is looking into the matter and to advise a whistleblower when the matter is considered closed. However, it will usually not be necessary or appropriate to share the specific outcomes of an investigation with a whistleblower. 13. CULTURE 13.1 The purpose of an effective WB Program is to protect entities and the wider market from the effects of misconduct by implementing arrangements that foster an organisational culture of trust and transparency. Effective disclosure mechanisms are just one element of this. 13.2 A well-documented WB Program may be ineffective if an ADGM entity’s culture does not, in practice, support speaking up. Substance over form is important. WB Programs will likely be undermined by under-resourcing, low responsiveness to disclosures, inappropriate management involvement, inadequate investigation and poor confidentiality practices. 13.3 To build a true organisational culture of transparency, ADGM encourages ADGM entities to communicate clearly a “tone from the top,” supporting legitimate whistleblowing and make it known that there are arrangements in place to protect whistleblowers. Training and communication initiatives should be considered, as should easy access to the relevant policies, procedures and disclosure channels. 13.4 The best WB Programs are usually sponsored and ultimately overseen by the relevant entity’s Board of Directors – being independent of management – with support from functions with the requisite level of objectivity or third parties, as appropriate. 13.5 Staff with responsibilities in relation to whistleblowing in an ADGM entity should receive appropriate training. Management and managers should lead by example and demonstrate their commitment to creating an open culture where disclosures are welcome, ultimately in the best interests of all. 14. NON-COMPLIANCE WITH REQUIREMENTS 14.1 In deciding whether to take action against any ADGM entity for non-compliance with the requirements of the Framework, the RA or the FSRA, as appropriate, will take into consideration the extent to which an ADGM entity has followed the approach set out in this Guidance.