IIASA Whistleblowing Reporting System

What is the IIASA Whistleblowing Reporting System and why is it important?

Pursuant to the Whistleblower Protection Act (HinweisgeberInnenschutzgesetz (HSchG)) the IIASA Whistleblowing Reporting System enables individuals to report operational misconduct (e.g., violations of law, scientific misconduct) via an electronic mailbox. The purpose of the Whistleblowing Reporting System is to promote the disclosure of suspected operational malpractice while simultaneously protecting the individuals who report such conduct from retaliation and to protect individuals from false or careless accusations.

Your report can help to limit any physical, financial, or reputational damage to IIASA resulting from gross operational misconduct. We rely on your willingness to report misconduct wherever reasonable suspicion exists. Your report helps to ensure the sustainable success of the institute.

What constitutes scientific misconduct?

Scientific misconduct shall be defined as an action “when researchers intentionally, knowingly, or recklessly violate the guidelines for good scientific practice”. Misconduct does not include honest errors or differences of opinion.

Cases of scientific misconduct and fraud include, but are not limited to:

• Fabrication or falsification of data and results
• Misrepresentation or withholding of results
• Plagiarism or self-plagiarism (i.e., re-publishing substantive parts of one’s own earlier publications, including translations, without duly acknowledging or citing the original)
• Mishandling of research data
• Violation of intellectual property rights
• Non-disclosure of conflicts of interest
• Manipulating authorship
• Delaying, hampering or denigrating the research of others
• Introducing or promulgating bias at the request of funders or sponsors
• Encouragement of scientific misconduct in others, especially junior researchers.

How is the identity of whistleblowers protected?

A report can either be made anonymously or with the disclosure of the identity of the individual making the report. In both cases, the confidentiality of the digitally communicated information is guaranteed by technical security measures.

If you disclose your identity when submitting a report or subsequently, or if conclusions can be drawn about it in the course of an investigation, your identity must be treated confidentially.

Every report is treated with the utmost confidentiality and is handled under strict adherence to the need-to-know basis. This applies to the internal whistleblowing reporting office, any internal offices of the institute, and external offices to which your data may have to be disclosed.

In addition, the general provisions on data protection also apply in any case.

Are only whistleblowers protected?

The measures for confidentiality and protection of whistleblowers also apply to:

• individuals who assist them in reporting the suspected operational misconduct
• individuals associated with the whistleblower who may be affected by retaliation in a professional context, such as colleagues or relatives.

Individuals affected by a report (e.g., under suspicion) are to be protected against prejudgements, false accusations, and defamation. The principle of presumption of innocence applies. The identity of affected individuals must be kept strictly secret and may not be disclosed to anyone without their consent - except to authorized employees of the internal whistleblowing reporting office.

What kind of operational misconduct can be reported?

Violations of the law in the areas specified in Section 3 of the Whistleblower Protection Act (§ 3 HSchG) should be reported via the IIASA Whistleblower Reporting System, in particular in one of the following areas:

• public procurement,
• financial services, financial products and financial markets, and prevention of money laundering and terrorist financing,
• product safety and compliance,
• traffic safety,
• environmental protection,
• radiation protection and nuclear safety,
• food and feed safety, animal health and welfare,
• public health,
• consumer protection,
• protection of privacy and personal data, and security of network and information systems,
• prevention and punishment of criminal offenses under Sections 302 to 309 of the Austrian Criminal Code (§§ 302 bis 309 Strafgesetzbuch (StGB))

Additionally, the institute has chosen to include the following two types of misconduct and affords anyone reporting them the same protection as under the Whistleblowing Protection Act (please see section below)

• property offenses (fraud, theft, embezzlement, etc.)
• scientific misconduct

It is important to note that only conduct that constitutes a gross violation of applicable law, involves (economic) criminal acts, and/or scientific misconduct can be reported via the IIASA Whistleblowing Reporting System. General and minor violations of the institute's internal rules of conduct may not be reported via the system.

Do I face negative consequences if I make a report? What does protection of whistleblowers against disadvantages mean?

If you submit a report and, at the time of submission, you can assume on the basis of the information available to you and average general knowledge (without legal knowledge) that the information you have given is true and falls within the scope of the operational misconduct outlined above, you are protected against retaliatory measures.

Accordingly:

• Whistleblowers are thus not in breach of official secrecy and may also disclose confidential or classified information and operational secrets if this is indispensable to the report.
• The identity of the whistleblower (or information that could lead to their identification) may only be disclosed if an administrative authority, a court, or the public prosecutor's office deems this to be indispensable in the context of administrative or judicial proceedings or investigative proceedings under the Code of Criminal Procedure. This must be deemed to be proportionate with regard to endangering the whistleblower in view of the validity and seriousness of the allegations made. As a rule, the whistleblower shall be informed in advance.
• If the identity of the whistleblower must be disclosed to internal or external bodies during follow-up measures for the processing of a report, the latter shall be obliged to maintain confidentiality.
• Whistleblowers are not liable for the actual or legal consequences of a justified report.

Whistleblowers may not be disadvantaged in any way in response to the report. This includes, for example, termination, transfer, negative performance appraisal, coercion, mobbing, discrimination, etc. Other forms of retaliation that are not permitted include financial sanctions, early termination, or cancellation of a contract for goods or services, and revocation of a license or permit.

What happens in the event of false reports, breaches of confidentiality, or obstruction of leads?

Anyone who:

• obstructs or seeks to obstruct whistleblowers and individuals assisting them in making a report, or exerts pressure through malicious judicial or administrative proceedings,
• takes prohibited actions in retaliation for whistleblowing,
• violates confidentiality provisions,
• knowingly provides a false report,
• commits an administrative offense,

and if the act is not punishable by a stricter penalty under another provision, shall be penalized with a fine of up to 20,000 euros, or up to 40,000 euros in repeated cases.

Who is the IIASA Whistleblower Reporting System aimed at? Who may submit a report via the system?

The platform is aimed at individuals who have obtained information about possible operational misconduct in one of the areas outlined. This includes all institute staff members and all contractual partners, current and former.

What happens if the content of a report turns out to be incorrect in retrospect?

Important is that at the time of reporting you were convinced or had reasonable grounds to believe that the incident was true, and that operational misconduct had taken place. It is not expected that you search for evidence or personally solve the incident. The internal whistleblowing reporting office will coordinate and manage the investigation. It is possible that the investigation reveals that no misconduct took place. In such a case, you should not fear any negative consequences either.

What happens after I submit a report?

All reports are sent via the secure EQS Integrity Line server to the internal whistleblowing reporting office. The whistleblowing reporting office will, upon receipt of the report, initiate the investigation process and will decide on further action. You might be contacted via the IIASA Whistleblowing Reporting System in case of questions or if additional information is needed.

When will I receive a response to my report?

You will receive confirmation of receipt of your report within seven days. A response to your report including whether, and if so, which follow-up measure(s) have been taken or for which reason(s) the report was or will not be pursued is provided to you within 90 days.