# Article 32 — Reporting of breaches **Source:** [Regulation (EU) 2023/1113 — EUR-Lex](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32023R1113) 1. Member States shall establish effective mechanisms to encourage the reporting to competent authorities of breaches of this Regulation. Those mechanisms shall include at least those referred to in Article 61(2) of Directive (EU) 2015/849. 1. Payment service providers and crypto-asset service providers, in cooperation with the competent authorities, shall establish appropriate internal procedures for their employees, or persons in a comparable position, to report breaches internally through a secure, independent, specific and anonymous channel, proportionate to the nature and size of the payment service provider or the crypto-asset service provider concerned. ## What this means in practice This is the **whistleblowing** rule. Two layers: 1. **External** — Member States must put in place mechanisms for reporting ToFR breaches to competent authorities (at minimum, the [AMLD5 Art. 61(2)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32015L0849) mechanisms — secure channels, identity protection, anti-retaliation rules). 2. **Internal** — each PSP and CASP must run its own **secure, independent, specific and anonymous** whistleblowing channel for employees. Proportionate to size — but not optional. For CASPs this typically dovetails with the [Whistleblower Protection Directive (2019/1937)](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32019L1937) internal reporting channel and with MiCA governance requirements. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.mica.wtf/tofr/transfer-of-funds-regulation/chapter-vi-sanctions-and-monitoring/article-32-reporting-of-breaches.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.