Sophos Solutions is committed to doing business fairly, honestly, with integrity and in accordance with the laws of each of the countries in which it operates, incorporating guidelines under which the different activities of the company are oriented nationally and internationally, advocating compliance with international standards through ISO 37001, the FCPA (USA), the law 1778 (Colombia) as well as the circulars and resolutions that complement it and the ethical parameters of transparency and integrity, with which the organization rejects any illegal or corrupt practices.
The company’s strategy for the fight against bribery and corruption includes, among other related elements and systems, the Code of Ethics, the Internal Control System, the Anti-Bribery and Anti-Corruption Management System, Transparency and business ethics program, and the System for Self-Control and Management of the Integral Risk of Money Laundering and Financing of Terrorism (SAGRILAFT).
This Policy applies to all Sophos employees including subsidiaries and all related parties, stakeholders, shareholders, associates, and business partners, understood as customers, business alliance, contractors, consultants, subcontractors, national and international suppliers, advisors, representatives, intermediaries, and third parties, as well as its analogy to the countries where the subsidiaries operate, in general to all those with whom directly or
indirectly any commercial or contractual relationship is established.
It must be disclosed and applied in an immediate and mandatory manner to all third parties linked to the Organization, so that they can denounce those events of fraud, corruption and/or bribery
Terms appearing with initial capital letters shall have the meaning assigned to them in this Policy and may be used both in the singular and in the plural, provided that the context so requires and unless otherwise indicated.
Shareholders: Those individuals or legal entities that have made a contribution in money, labor or other assets that can be valued in money to a company in exchange for quotas, interest shares, shares or any other form of participation.
Senior Management: They are the natural or legal persons, appointed in accordance with the bylaws or any other internal provision of the Legal Entity, as the case may be, to manage and direct the Legal Entity, whether they are members of collegiate bodies or individuals.
Compliance Audit: It is the systematic, critical and periodic review of the proper implementation of the Anti-Bribery and Anti-Corruption Management System, including the Business Ethics Program and its policies.
Collaborator: An individual who undertakes to render a personal service under subordination to the Organization or to any of its Subordinate Companies, in exchange for remuneration.
Foreign collaborator: Includes and is not limited to employees of any foreign government, its political subdivisions, or local authorities, or in a foreign jurisdiction, whether within a public body, a state enterprise or an entity whose decision-making power is subject to the will of the state, its political subdivisions or local authorities, or a foreign jurisdiction, as well as any employee of an international entity or organization, whether commercial or not.
Contract: An agreement of wills between the parties, whereby one of them undertakes to deliver or do something in exchange for a payment in money.
Corruption: Any deliberate act, including but not limited to the offer, provision, solicitation or acceptance of an incentive or reward, directly or indirectly, with the intention of inducing an inappropriate action, for one’s own benefit or that of a third party and to the detriment of the organization’s interests.
Due Diligence: It refers, in the context of this Policy, to the periodic review to be made of the legal, accounting, and financial aspects related to a national and international business or transaction, whose purpose is to identify and evaluate the risks of Bribery and other forms of Corruption that may affect the Organization, its Subordinate Companies and collaborators, whether foreign or not.
F.C.P.A: The foreign corrupt practices act, prohibits U.S. and U.S.-related companies and citizens from bribing government officials abroad.
Fraud: Intentional distortion of financial statements or other documents by one or more persons, internal or external to the organization, carried out to conceal the embezzlement of assets, obtain an undue, unfair, illicit, or other profit advantage.
Anti-Bribery Law: Law No. 1778 of 2016, which dictates rules on the liability of legal persons for acts of transnational corruption and dictates other provisions on the fight against corruption.
Compliance Officer/Function: Is the natural person appointed by the Senior Management to lead and administer the Anti-Bribery and Anti-Corruption Management System including the Business Ethics Program and its policies.
Organization: It refers to Sophos Solutions S.A.S. and all its subordinate companies, subsidiaries, and affiliates, which are under its authority as a controlling company.
Policy: It refers to this document as the guideline compiling the instructions and practices to be followed for the prevention of bribery and other forms of corruption in the organization.
Business Ethics Program: These are the specific procedures under the Compliance Officer, aimed at operationalizing the Compliance Policies, in order to identify, detect, prevent, manage, and mitigate the risks of Transnational Bribery, as well as others that relate to any act of corruption that may affect a Legal Person.
Anti-Bribery and Anti-Corruption Management System: It is the system oriented to the correct organization of Compliance Policies and interrelated elements of the company that interact to establish policies, objectives, and processes to achieve compliance with international regulations and the Business Ethics Program, as its proper implementation in the Legal Person.
Bribery: Also known as illicit payment is anything (money or gift) that can induce, to the recipient, to grant an official favor or advantage that the payer should not or could not otherwise get.
Transnational Bribery: Act by virtue of which, a legal person, through its employees, administrators, associates or contractors, gives, offers or promises to a foreign public servant, directly or indirectly: sums of money, objects of pecuniary value or any benefit or utility in exchange for that public servant performing, omitting or delaying any act related to his functions and in relation to an international business or transaction.
Subordinate Company: A company shall be subordinated or controlled when its decision-making power is subject to the will of another person or persons who will be its parent or controlling company, either directly, in which case it will be called a subsidiary or with the assistance or through the subordinates of the parent, in which case it will be called a subsidiary.
Business Partner: External party with which the organization has, or plans to establish, some kind of commercial or contractual relationship.
The Colombian Government has made several international agreements for the treatment of bribery such as the Inter-American Convention against Corruption of the Organization of American States of 1997, the United Nations Convention against Corruption (UNCAC) of 2005, Convention to Combat Bribery of Foreign Public Officials in International Commercial Transactions of the Organization for Economic Cooperation and Development (OECD) of 2012, as a result of these agreements, national laws were enacted such as Law 1474 of 2011, Law 1778 of 2016, Resolution 100-002657 of 2016, External Circular 100-000003 of 2016 issued by the Superintendency of Companies.
Sophos Solutions’ Anti-Bribery and Other Forms of Corruption Policy complies with all current legal regulations and is based on the following legal framework.
Law 1474 of 2011: By which rules are issued aimed at strengthening the mechanisms for the prevention, investigation and punishment of acts of corruption and the effectiveness of the control of public management. (Anti-Corruption Statute)
http://wp.presidencia.gov.co/sitios/normativa/leyes/Documents/Juridica/Ley%201474%20de%2012%20de%20Julio%20de%202011.pdfLaw 1778 of 2016: By which rules are issued on the responsibility of legal persons for acts of transnational corruption and other provisions on the fight against corruption.
https://www.funcionpublica.gov.co/eva/gestornormativo/norma_pdf.php?i=67542External Circular 100-000003 of 2016: Guidance aimed at implementing business ethics programs for
the prevention of the conducts provided for in Article 20 of Law 1778 of 2016, which includes a Guide to Good Practices in Internal Controls, Ethics and Compliance of the Organization for Economic Cooperation and Development and the guidelines on compliance programs related to the Foreign Corrupt Practices Act of the United States and the Anti-Bribery Act of the United Kingdom.
https://www.supersociedades.gov.co/delegatura_aec/Documents/Circular_Externa_100-000003_del_26_de_julio_de_2016.pdfAct No. 2195 of 2022 Adopting measures in the area of transparency, prevention and fight against corruption and adopting other provisions
https://dapre.presidencia.gov.co/normativa/normativa/LEY%202195%20DEL%2018%20DE%20ENERO%20DE%202022.pdfOn the other hand, there is implementation of international standards such as ISO 37001, which presents requirements for international application in accordance with the FCPA Law of the United States, thus allowing the implementation of an Anti-Bribery Management System based on good practices recognized globally.
ISO 37001: International standard that is applicable only for bribery. It sets out the requirements and provides guidance for a management system designed to help an organization prevent, detect and address bribery and comply with anti-bribery laws and voluntary commitments applicable to its activities.
UKBA Law: The UK Anti-Bribery Act or The Bribery Act of the United Kingdom (UK Bribery Act) criminalizes bribery of domestic officials, bribery of foreign officials and bribery in a commercial context.
Considering the legal presence of Sophos internationally through each of the subsidiaries, it also has the application of the law regulations or regulations of each of the regions, however, this application is covered by international standards.
United StatesFCPA law: The Foreign Corrupt Practices Act (FCPA) is a law that prohibits U.S. companies or any of their
subsidiaries, regardless of where their operations and employees are located, from directly or indirectly encouraging bribery of public officials abroad in order to benefit from this action.
MexicoGeneral Law of the National Anti-Corruption SystemIt establishes bases for the proper functioning of the National Anti-Corruption System with the enactment of 7 packages of legislation to prevent and combat corruption.
PanamaLaw 59 of 1999It regulates article 299 (now 304) of the Political Constitution and dictates other provisions against administrative corruption.
PeruLaw N°30424Law that Regulates the Administrative Responsibility of Companies for Crimes of Bribery or kickbacks. This Law establishes that legal entities are obliged to implement a Prevention Model, likewise, it holds organizations responsible for any possible fraud initiated by a collaborator of the company.
ChileLaw N. 20.393It regulates a system of criminal liability of legal persons applicable only to the crimes of money laundering, financing of terrorism and bribery of national and international public officials.
Law N. 21.121It amends rules on corruption and other offences, creates new criminal offences and extends the criminal liability of legal persons.
The following Principles will serve as paths of interpretation, in the execution of all measures and actions aimed at the prevention of Bribery and other forms of Corruption, within which interpretations that seek to give the appearance of legality to conduct or operations, which are classified as contrary to international best practices, will not be admissible, such as those described in ISO 37001 and the FCPA, as well as those provided for in the Anti-Bribery Act; therefore, the Policy will be mandatory in the Organization.
By virtue of the principle of integrity, all actions that must be carried out derived from compliance with this Policy, as well as all members of the Organization who exercise them, must act under a constant assessment of rectitude, respect and transparency in all professional interactions that are developed in fulfillment of the mission and vision of the Organization.
By virtue of the principle of morality, all actions to be performed in compliance with this Policy must be carried out with rectitude, loyalty and honesty towards all levels of the Organization.
By virtue of the principle of coherence, all members of the Organization will seek that all their actions in the fulfillment of their functions are consistent with the provisions of this Policy, the Code of Ethics of the Organization, the Business Ethics Program and its corresponding manual, as well as with the other internal and external rules that may modify the subject matter of these.
By virtue of the principle of effectiveness, all actions carried out as a result of compliance with this Policy must always be aimed at achieving a sufficient degree of planning to enable the achievement of the expected results.
By virtue of the principle of communication, all actions to be carried out as a result of compliance with this Policy, as well as all members of the Organization who carry them out, must emphasize effective, assertive, clear, express and respectful communication, which allows for the continuous improvement of the Organization’s Business Ethics Program
Each collaborator and third parties acting on behalf of Sophos are prohibited from negotiating, receiving, offering, promising, paying, providing, or authorizing (directly or indirectly) bribes, undue advantages, payments, gifts, travel, the transfer of any Thing of Value to any person, whether public official or not, to influence or reward any action, omission, favorable treatment or decision of such person for the benefit of Sophos.
Anti-corruption and anti-bribery laws penalize people who pay bribes, and those who acted to incentivize the payment of bribes, that is, they apply to any individual who:
- Approve the bribery’s payment.
- Provide or accept fraudulently issued invoices.
- Relay instructions for the payment of bribes.
- Cover the payment of the bribe.
- Cooperate with the payment of the bribe.
Sophos prohibits the offering, promising, authorizing, payment, receiving and performing bribery, however, the FCPA law allows the facilitation payment, which is the payment that is made to promote routine actions of the government, is an exception that is made only by Migration Management, and is stipulated the procedure of the internal Policies of the area.
Nonperson shall receive a repression reprimand or penalty for loss of business resulting from declining to pay a bride.
Payment of bribes to contractors and suppliers on behalf of Sophos is prohibited, likewise we refuse to do business with third parties that have reputation and integrity questioned, in addition it is not admitted, under any circumstances, that a third party exercises any type of inappropriate influence for the benefit of the company on any person, whether this public official or not performing a due diligence to each of the parties to vivificate the antecedents.
On the other hand, all contracts signed with national, or international Legal or Natural Persons must include the Anti-Bribery and Anti-Corruption Clauses of compliance for both parties, to ensure compliance with anticorruption laws and therefore the acceptance of the sanctions that may be generated for their noncompliance.
All procurement processes must be conducted on merit and respect for rules and policies, and not through he improper use of influence over any person, whether public official or not. No contributor or third party acting on behalf of Sophos may receive or offer any gift, present, advantage, benefit, or attention, from or to any person, natural or legal, whether public official or not
Sophos Solutions considers a SERIOUS MISCONDUCT the non-compliance of the Anti-Bribery and AntiCorruption Management System, the Transparency and Business Ethics Program, Anti-Bribery and other forms of corruption policy, the omission or breach of the Code of Ethics, the Internal Labor Regulations, the Labor Contract and any of the controls, information management or other guidelines defined herein for the prevention, detection and control of activities that contradict the fight against Acts of Corruption and Bribery, without prejudice to applicable legal sanctions. As a result of the serious infringement and breach of the employee’s duties towards the Company, the Company will undertake disciplinary and/or legal action as appropriate.
In the case of Sophos collaborators, the penalty procedure to be followed is that determined in the section “SCALE OF MISDEMEANORS AND DISCIPLINARY SANCTIONS” of the Internal Labor Regulations, without prejudice to the applicable legal sanctions. For those linked to the company, the penalties set out in the contracts and/or in the law as appropriate will be taken into consideration.
Legal sanctions against bribery and corruption are severe and may involve fines, administrative or criminal sanctions, such as, for example, imprisonment for the persons involved, as stipulated by international laws in which prison sentences of 7 to 10 years and/or unlimited fines are agreed.
In addition, Sophos Solutions could face serious fines or other criminal penalties for bribery and corrupt activities by third parties2. However, Sophos will investigate any activity that violates this Policy and, where appropriate, will inform the competent authorities of any event of fraud or corruption and will initiate and accompany into the legal actions that are pertinent, in addition to taking the appropriate disciplinary measures and sanctions that may even involve the termination of the employment or commercial relationship.
Ignorance or inadequate understanding of this policy does not entitle its recipients to breach it.
2 Article 2 (Law 1778/2016) Administrative liability of legal persons who, through one or more employees, contractors, administrators, associates, or any subordinate legal person “Sophos Solutions S.A.S reserves the right to modify this document according to the changes that arise within the company”.