1. Member States shall ensure that competent authorities establish effective mechanisms to enable reporting of potential or actual infringements of the provisions of Regulation (EU) No 600/2014 and of the national provisions adopted in the implementation of this Directive to competent authorities.
The mechanisms referred to in the first subparagraph shall include at least:
(a) specific procedures for the receipt of reports on potential or actual infringements and their follow-up, including the establishment of secure communication channels for such reports;
(b) appropriate protection for employees of financial institutions who report infringements committed within the financial institution at least against retaliation, discrimination or other types of unfair treatment;
(c) protection of the identity of both the person who reports the infringements and the natural person who is allegedly responsible for an infringement, at all stages of the procedures unless such disclosure is required by national law in the context of further investigation or subsequent administrative or judicial proceedings.
2. Member States shall require investment firms, market operators, data reporting services providers, credit institutions in relation to investment services or activities and ancillary services, and branches of third-country firms to have in place appropriate procedures for their employees to report potential or actual infringements internally through a specific, independent and autonomous channel.