CODE OF ETHICS

ARTICLE 7.-GENERAL ETHICAL STANDARDS: The administrators, employees and associates of SOPHOS undertake to:

• Show loyal, respectful, diligent and honest conduct.
• Recognize the dignity of individuals and respect their freedom and privacy.
• Respect and protect the persons in charge as appropriate.
• Do not discriminate against any person on the basis of gender, marital status, age, religion, race, political opinion, social or economic class, pregnancy, language, ethnic origin, nationality, sexual preference, disability, suffering or contagious diseases.
• Condemn, prohibit and denounce harassment at work.
• Categorically reject any kind of child labor, such as from contractors and suppliers.
• Facilitate constructive dialog between employees and employers so that problems can be freely discussed.
• Reject any forced or coerced labor.
• Promote and facilitate the detection of illegal practices and/or inappropriate behavior, through open communication and formal mechanisms implemented in accordance with the provisions set out in the CODE.
• Do not dismiss, demote, suspend, threaten, harass, interfere with the right to employment or otherwise discriminate against any person for providing information, assisting in the provision of information or assisting in an investigation where it is alleged that the breach of any provision established in the SOPHOS Corporate Policies or in this CODE.
• Comply with the laws, regulations and regulations of Colombia, as well as this CODE, the policies, rules and procedures established by the SOPHOS Administration.
• CODE, the policies, rules and procedures established by the SOPHOS Administration.
• Do not engage in any activity with the intent to restrict trade, or deny doing business with customers, members, or suppliers who share ethical values and have a strong reputation.
• Comply with all provisions of the Anti-Corruption and Anti-Bribery regulations as well as in control and prevention of money laundering and financing of terrorism.
• Refrain from commenting (whether in family, academic or social media) on activities that are carried out within the Company, that are detrimental to it or those who are part of it.
• Protect and preserve the Company’s tangible and intangible assets, as well as their efficient use to contribute to the achievement of business objectives and not for personal gain.
• Do not disclose confidential information relating to processes, methods, strategies, plans, projects, technical, market or any other information.
• Do not use the Company’s name or resources for personal gain.
• Avoid any contact with dishonest persons who intend or may harm SOPHOS.
• Those who participate in political activities of any jurisdiction should not involve SOPHOS, clearly stating that they act in a personal capacity and not on behalf of the Company, since the Company does not influence, support or intervene in any way in such activities.
• To inform in good time and through the channels established by the Company about violations of the CODE and / or situations that violate the rules provided in this CODE.

ARTICLE 8.- HANDLING OF INFORMATION: In the exercise of their functions, administrators, employees and others linked may have knowledge of confidential, reserved or privileged information owned by SOPHOS and / or its clients.

By way of example, the following information is considered confidential, reserved or privileged, regardless of the medium in which it is stored:

1. Financial, commercial, technical, legal, tax and business information of the Company;
2. Company strategic plans;
3. The Company’s shareholder record book;
4. Decisions of the Board of Directors, Technical and Business Development Committee and Coexistence Committee;
5. Information from SOPHOS suppliers, customers and employees;
6. Information about the Company’s relationships with its suppliers, customers and employees.
7. Any information which by its characteristics means that SOPHOS obtains and maintains a competitive and/or economic advantage over third parties in the conduct of commercial activities and in respect of which it has adopted the means or systems to preserve its confidentiality and restricted access thereto
8. Information about the operation of the Anti-Bribery and Anti-Corruption Management System and the Company’s Transparency and Business Ethics Program;
9. Information about the operation of the Company’s Money Laundering and Terrorist Financing Prevention and Control System;
10. Information related to judicial or administrative proceedings to which SOPHOS is a party or otherwise intervenes.
11. Information that SOPHOS Clients or Allies qualify as confidential, reserved or privileged, which SOPHOS and its subsidiaries may access in the provision of contracted services.
12. Other information that by law or by determination of the President of the Company, is classified as confidential, reserved or privileged. Where the Chair makes such a qualification, the information so qualified shall be added to the list set out in this Article.

FIRST PARAGRAPH: For the purpose of safeguarding confidential, proprietary or privileged information, the addressees of the CODE shall comply with the following rules of conduct:

1. Obtain, treat, protect and preserve information as an asset of the Company with responsibility, ethics and in accordance with the Corporate Policies and applicable laws in Colombia.
2. Individuals who, because of their responsibilities in the Company, have access to inside information should take the necessary measures to prevent the disclosure or leakage of such information to unauthorized persons.
3. Obtain and treat personal data responsibly, ethically and in accordance with Corporate Policies and applicable privacy laws in Colombia.
4. Members of the Shareholders’ Meeting, Board of Directors, Board of Directors, Managers and employees or associates who perform activities as professors, exhibitors or students, may only use the public information of the Company for the performance of such activities.
5. Obtain and process personal data responsibly, ethically and in accordance with the Corporate Policies and applicable privacy laws in Colombia.
6. Refrain from disclosing by any means confidential, reserved or privileged information to third parties who have no right to know it, including friends, spouse or permanent partner and relatives in the second degree of consanguinity and affinity, first of affinity or only civil.
7. Not to mention or discuss confidential, proprietary or privileged information in places where there are third parties who do not have the right to know it, such as waiting rooms, restaurants, aircraft and other means of transport, open offices, among others, as well as through telephone calls.
8. Maintain physical, magnetic and electronic documents containing confidential, proprietary or privileged information in secure locations with restricted and controlled access, and delete at the end of any meeting the blackboards on which confidential, proprietary or privileged information has been recorded, and clear the meeting site of any other element containing such information.
9. The use of confidential information for the benefit of personal interests (financial or non-financial), whether own or of a third party, is not permitted.
10. It is not permitted to disclose, exploit in any way, or make use of any information or assets of the Company that may be considered registered, patented or intellectual property, for the benefit of personal interests or a third party.
11. Keep sensitive business information confidential, even to the point of not discussing it with coworkers without authorization for access to this type of information.
12. Do not destroy official and proprietary Company information. However, in the event of requiring the destruction of copies of confidential, proprietary or sensitive Company information, secure and authorized means must be used by SOPHOS for this purpose.
13. In the event that an employee is required to disclose confidential, proprietary or sensitive information of the Company by order of the competent authority, he or she must inform his or her superior and the legal area so that the request can be validated and the necessary measures can be taken to ensure the safe delivery of the information in the event that such delivery is appropriate.

SECOND PARAGRAPH: No information of the Company shall be considered confidential if it can be demonstrated that it was in the public domain at the time of its disclosure, without this representing a violation of this CODE.

THIRD PARAGRAPH: In matters of confidentiality, protection and security of information, the provisions of this CODE and other policies stipulated by the Company, such as the Information Security Policy, will be taken into account.

ARTICLE 9.- DUTY TO REPORT UNLAWFUL OR UNETHICAL ACTIONS: Managers, administrators, employees or associates must inform the SOPHOS Compliance Officer, through the mechanisms provided for this purpose, about facts that they know and that in their opinion imply in any way the breach of ethical principles or rules of conduct enshrined in the CODE.

For the purpose of informing the aforementioned actions, managers, employees and related must follow the incident reporting procedure defined through the Ethics Line.

The Ethics Line Administrator shall forward the information to the competent SOPHOS bodies for the purpose of carrying out the respective investigation and shall inform the President of the initiation of investigations, in the case of facts relating to members of the Board of Directors and legal representatives, and the Administration in the case of other employees.

The Ethics Line Administrator shall submit to the SOPHOS President on a semi-annual basis a report on the number and nature of the reports received under this Article, the processing thereof and the results thereof.

ARTICLE 10.- KNOWLEDGE OF CUSTOMERS, SUPPLIERS, EMPLOYEES OR OTHER THIRD PARTIES: The addressees of the CODE, particularly those participants and responsible for linking customers, suppliers, employees or other third parties must comply with the procedures established for the knowledge of them, be they natural and/or legal persons, in seeking to know their activities and businesses, determine whether the activities they carry out are consistent with those reported in the linking process or annual update of data and with any other information available or collected about them.

Employees responsible for bonding will be especially demanding and careful in the bonding and monitoring processes of domestic or foreign individuals who, by their profile or by the functions they perform, may relate to recognized LA/FT typologies, fraud, corruption or bribery.

ARTICLE 11.- RELATIONSHIP WITH SHAREHOLDERS: The purpose of SOPHOS is the continuous creation of value for its shareholders, so it undertakes to provide objective, transparent, adequate, clear and timely information on the evolution of the Company and under conditions of equality for all its shareholders. Likewise, SOPHOS commits to develop the necessary bases for the participation of its shareholders in the decisions that correspond to them.

ARTICLE 12.- RELATIONSHIP WITH COMPETITION: Those who have contact with representatives of competitors must show a professional attitude, adhering to the principles and values of SOPHOS. Avoiding issues that could create risks or potential contingencies for SOPHOS in terms of internal policies, products, compliance with competition laws and regulations. In no event shall the SOPHOS employee, administrator or affiliate attempt to obtain business secrets or any other confidential information from a competitor.

ARTICLE 13.- RELATIONSHIP WITH SUPPLIERS AND COLLABORATING COMPANIES: SOPHOS considers its suppliers and collaborating companies an indispensable part for the achievement of its objectives of growth and improvement of the quality of service, seeking to establish relations with them based on trust and mutual benefit according to the following rules of conduct:

1. Those who negotiate the acquisition of the goods and services are obliged to offer and demand from suppliers and collaborating companies fair and honest treatment in each transaction, always looking for the best interests of the Company.
2. The basic criteria authorized to decide between one supplier and another are the quality of its product or service, the economic conditions in which it offers them, the opportunity of delivery or provision, the service it ensures and the seriousness, solvency and solidity of the firm.
3. Any employee or associate who, by reason of his or her functions, must acquire or approve the acquisition of goods and/or services for the Company, or who is in a position to substantially influence the decision, must have no interest in the selling or supplying companies, either personally or through relatives or third parties. This is equally true where in such companies their family members or relatives have interests.
4. No employee, administrator or affiliate may provide Company data or Information, for the benefit of potential suppliers, for whom such information gives them an advantage over others who also aspire to contract with it.
5. No gift, gift, detail, attention, object, benefit, advantage, hospitality, food, travel, accommodation or form of entertainment should be given or accepted if it can be given by SOPHOS employees, administrators or associates, if it creates the appearance of being able to influence or unduly influence directly or indirectly, contractual or commercial relations, if it alters independence, if it creates obligations, or causes a potential discredit and/or violates the law or policies of SOPHOS
6. Solutions. The foregoing, in accordance with the provisions of the Gifts, Gifts, Hospitalities Policy and others.
7. Recipients of this CODE must refuse any type of remuneration, loans, commissions, profit participation, or any other kind of financial compensation offered to them by persons or entities with whom the Company has or may have business relations.

ARTICLE 14.- RELATIONSHIP WITH THE AUTHORITIES: SOPHOS, its administrators, associates and employees undertake to:

1. Cooperate at all times with the competent authorities for the full exercise of their powers and act in accordance with the law in defense of the legitimate interests of SOPHOS.
2. Relations with State or parastatal bodies or with public entities exercising official oversight and control functions shall always be governed by legal rules and procedures. SOPHOS disapproves the offer or granting of payments in money or in kind, at the initiative of its own employees or officials, in order to obtain or expedite decisions favorable to it.
3. The employees of the Company who, by reason of their functions, have to deal with state agencies, should conduct the relationship with them with the highest professionalism, seriousness and high ethical level, seeking the achievement of an unsuspecting and objective attitude on the part of them towards the affairs of the Company, in accordance with the applicable laws.

ARTICLE 15.-SOCIAL BEHAVIOR: SOPHOS wishes that all persons associated with it, without distinction, observe norms of conduct consistent with the ethical principles of this, even in their particular actions, both in the personal, family and social fields. All this under the conviction that, in each of its actions, the employee or linked affects positively or negatively, the image of the Company to which it is linked.

SOPHOS rejects any manifestation of physical, psychological, moral or abuse of authority harassment, as well as any other conduct that may generate an intimidating or offensive environment with the rights of individuals.

ARTICLE 16.- INSTITUTIONAL PRACTICES:

1. Exercise of authority: The addressees of this CODE must maintain a respectful relationship with their colleagues and request, when necessary, their professional opinion in their area of competence, as well as recognize their contribution. Employees with staff in charge should treat them fairly and involve them in decisions that impact each employee, so that everyone is given an equal opportunity to develop their skills.


2. Professionalism: The Company’s employees, associates and administrators must:
   
   • Comprehensively follow established policies and procedures, as well as comply with orders from the immediate chief.
   • Comply with all Company rules and regulations as well as orders issued by the Company Presidency.
   • In the event of positions on specific matters that differ from those of the Company; these should not interfere with the performance of the functions of SOPHOS employees and administrators.
   • Make effective use of the stipulated time for regular working hours.
   • The wardrobe must be sober, decent and respectful to project a good image.


3. Harassment: : Abusive, harassing or offensive behavior is unacceptable, whether verbal, physical or visual, i.e. derogatory remarks based on gender, racial or ethnic characteristics and improper sexual advances.


4. Use of the Company’s assets: The use of SOPHOS assets, facilities or services is intended for the Company’s business activities.
• All SOPHOS employees and associates have the responsibility to protect SOPHOS assets, as well as those assets over which the Company enjoys its mere possession, that have been entrusted to it from loss, damage, misuse or theft.
• Do not alter or destroy any SOPHOS assets, records or files.


5. Health and safety: SOPHOS employees and associates must respect the relevant health and safety requirements and act to resolve or report to the immediate manager any situation that may pose a risk to health or safety.

In order to protect the safety of all employees, each of SOPHOS employees and associates must present themselves in the workplace free of the influence of any hallucinogenic and/or alcoholic substance that may prevent the execution of their work activities safely and effectively.

SOPHOS, promotes a work environment of understanding and free of discrimination for those affected by any disease, including HIV/AIDS.

ARTICLE 17.- POLICY OF THE SYSTEM OF SELF-CONTROL AND INTEGRAL RISK MANAGEMENT OF THE OPHOS/FT/FPADM (SAGRILAFT):
To ensure the efficient, effective and timely functioning of the System of Self-Control and Comprehensive Risk Management of Money Laundering, Terrorist Financing and the Financing of the Proliferation of Weapons of Mass Destruction, SOPHOS administrators, associates and employees must comply with this CODE and with the provisions of the SOPHOS SAGRILAFT Policy, subject to the sanctions indicated in Article 34 of this CODE.

ARTICLE 18.- CORRUPTION AND BRIBERY: Corruption and bribery appear when collaborators use unethical practices to obtain some benefit for the Company or for themselves. Corruption and bribery are one of the categories of fraud.
SOPHOS declares itself against influencing the will of persons outside the Company to obtain any benefit through the use of unethical practices. Nor will it allow other individuals or entities to use such practices with their partners. Likewise, it publicly declares the commitment of SOPHOS SOLUTIONS and the Senior Management to an ethical and transparent procedure before their stakeholders, and to conduct business in a responsible way, acting under an ideology of Zero Tolerance with those situations that would contradict the fight against Acts of Corruption, Bribery and Transnational Bribery.

SOPHOS operates the Anti-Bribery and Anti-Corruption Management System (SGAA), the Corporate Transparency and Ethics Program, the Anti-Bribery and Other Forms of Corruption Policy, Gift Policy, Gifts, Hospitalities and others, based on compliance with the anti-corruption laws of the countries in which it operates, including the Prevention of Corruption, Bribery and Transnational Bribery Act and the other guidelines set out in the SGAA, which applies as follows:

• We observe fair and transparent business practices to ensure compliance with Colombian laws and regulations and prevent bribery and extortion practices.
• In our activities within and outside the Company or on behalf of the Company, we do not participate, order, authorize, promise, conspire, induce or assist anyone in corrupt practices, either directly or through a third party.
• Sophos Solutions prohibits bribes, extortions or payments to third parties to obtain business or profits in any country or geography where business is held or considered. The above, in addition to payments, includes payments in kind, investments, shares and jobs.

ARTICLE 19.- CORPORATE IMAGE AND REPUT: SOPHOS will not have any commercial relationship with companies or persons that deviate from ethical standards, or with those societies or persons known to be involved in illicit or degrading activities, or that do not fully and fully comply with current legal provisions.

ARTICLE 20.- LOYALTY TO THE COMPANY AND CONFLICT OF INTEREST: It is the duty of SOPHOS managers, associates and employees to avoid situations of interference between areas of interest that may result in oversight omissions, poor diligence in the procedures of knowledge of the customer in pursuit of a personal benefit or a third party.

Situations that give rise to conflicts of interest are considered, with regard to the prevention and control of LA/FT, among others: In the analysis of unusual transactions, it is understood that there is a conflict of interest, the determination of suspicious transactions, reports to the Financial Information and Analysis Unit (UIAF), the taking of a decision, the making of any regulatory report, or in the delivery of information requested by a competent authority, when in these activities are related to the spouse or permanent partner, relative within the second degree of consanguinity, second of affinity or only civil employee who is carrying out the analysis and the latter can bring his own interest or the interest of a third party to the interest of society.

Conflict of interest for the purposes of this CODE means any situation or event in which the personal interests, direct or indirect, of the employee, whatever his level, linked or of the administrators, or those of his family members or close associates are or may be in opposition to those of the Company, interfere or may interfere with the duties incumbent on him or lead him or may lead him to act in his performance for reasons other than the righteous and actual fulfillment of his responsibilities.

Therefore, SOPHOS managers, associates, collaborators and administrators undertake to:

• Comply with the provisions of Chapter 1 Title Vll of the SOPHOS Code of Good Corporate Governance and the Conflict of Interest Policy.
• Avoid any situation that may cause a conflict of interest. You may not present any kind of interest, of a family, financial, commercial, etc. nature, direct or indirect, or participate in any commercial activity, transaction or professional activity that is in conflict with the due performance of our duties.
• You must not use the SOPHOS name, trademark, or position in our Company to:
• Promote personal interests, monetary or non-monetary, for themselves or for family members or acquaintances.
• To obtain goods or services or preferential treatment for himself or for third parties.
• Coerce any citizen or gain any kind of benefit, either for himself or for third parties. Attention should be paid to any situation where the personal interest may conflict with the duty as employee, associate or manager.


• Activities outside the functions of the employees and/or associates should not affect the reputation of the Company, nor interfere with its duties. Employees are not allowed to engage in internships or pursue personal interests that, either directly or indirectly, conflict with SOPHOS interests. You must not engage (even without remuneration) in any outside employment, commercial interests or other activities that may interfere with your duties at SOPHOS, except where express approval has been requested and granted. Employees are required to disclose any potential conflict of interest to the immediate manager.
• Upon termination of the employment relationship between the employee and SOPHOS, the employee shall provide the Company with all documents, files, customer lists, policies, memories, equipment, reports and records containing any SOPHOS or private information, as well as all copies of such information.

ARTICLE 21.- TREATMENT OF THE SUSPICIOUS TRANSACTION: Iif the Company through its employees, associates or administrators reasonably suspects that a transaction is preceded by illegal activities or that a person who intends to link as a client has the purpose of financing them or is associated with them, they will make the corresponding internal report, as established in the Manual of the SAGRILAFT, without prejudice to making the report to the competent authorities. The Company will, in accordance with its own policies, established procedures, contractual clauses and the current legal regime, seek legal mechanisms aimed at terminating any link with the customer, employee or any third party related to such conduct

If the Company, through its employees or associates, reasonably suspects that a transaction is preceded by illegal activities or that a person who intends to link as a customer, supplier, employee or other third party, intends to finance them or is associated with them, they will make the corresponding internal report, without prejudice to making the report to the competent authorities.

The Company will, in accordance with its own policies, established procedures, contractual clauses and the current legal regime, seek legal mechanisms to terminate any link with the customer, supplier, employee or any other third party, that carries out a transaction that, in the opinion of the Administration, is suspicious.

ARTICLE 22.- COLLABORATION WITH AUTHORITIES: The Company, through its employees, associates and administrators, will actively collaborate with the authorities, supplying in the terms indicated by the Law, all the information they require for the prevention, investigation and control of criminal activities. The reservation does not apply to requests for information made specifically by the authorities in the exercise of their functions, in accordance with article 15 of the Constitution and article 63 of the Commercial Code, or with any rules that add, modify or replace them.

The Company, through its employees, will actively collaborate with the authorities, supplying in the terms indicated by the Law, all the information they require for the prevention, investigation and control of criminal activities.

ARTICLE 23.- FAIR COMPETITION AND GOOD FAITH: SOPHOS employees and administrators must act in good faith and in a fair manner with customers, suppliers and competitors, and must respect fair competition practices and the provisions on restrictive practices. To comply with the above, SOPHOS employees and administrators and their subordinates must follow the following guidelines: 1. Formal or informal agreements aimed at increasing, decreasing or fixing prices, or limiting the availability of products, or blocking customers, territories or brands with persons who are competitors of SOPHOS or its subordinates are prohibited. 2. Contact with competitors should be kept to the minimum necessary. 3. Whenever you have contact with competitors, you should act as if you are conducting yourself before the general public.

ARTICLE 24.- INTELLECTUAL AND INDUSTRIAL PROPERTY: The employees, associates and administrators of SOPHOS and its subordinates have the responsibility to properly use the name and brand of the Company, as well as that of its parent. Copyright works owned by SOPHOS and its subordinates, such as books, articles and software development, among others, are protected by copyright. Therefore, whenever it is intended to copy, reproduce or alter any of the aforementioned documents, a special authorization by the Company will be required. The documents produced by SOPHOS employees, associates or administrators or their subordinates in the course of their activities shall be the property of the Company.

ARTICLE 25.- GIFTS AND INVITATIONS: The employees, associates and administrators of SOPHOS, shall refrain, directly or through their spouses, permanent partners and relatives in the second degree of consanguinity or affinity, or only civil, from offering, giving, requesting and accepting from clients and in general of any natural or legal person, gifts, invitations or other incentives that originate a personal commitment or for the Company and that may reduce objectivity in decision-making in matters related to said person or entity to which it has been offered, given, requested or accepted the incentive. In any case, employees, related parties and administrators may not accept from the same person or entity, and within the same year, gifts whose monetary value is greater than $ 500 USD, for which they shall be obliged to return any type of gift whose value monetary amount exceeds the aforementioned amount. If this return is not possible, they shall be obliged to donate it and inform SOPHOS about said donation.

ARTICLE 26.- KNOWLEDGE OF THE CODE OF ETHICS: SOPHOS shall send employees, administrators and related parties a copy of this CODE, which they shall know, in the same way, once they establish a relationship with SOPHOS, they are obliged to carry out their activities and work in compliance with the provisions of this CODE, under penalty of the sanctions herein described.

Employees, administrators and related parties are obliged to know the content of the CODE and the updates that may take place, which shall be communicated in a timely manner by SOPHOS and consulted at any time through the Corporate Website. The lack of knowledge of the precepts stipulated herein does not justify its non-compliance nor does it constitute a sufficient basis of liability waiver.

SOPHOS facilitates access and the corresponding consultation of the CODE through its website www.sophossolutions.com.

ARTICLE 27.- PREVENTIVE ATTITUDE: SOPHOS employee, administrator or related party who has any well-founded and reasonable suspicion about the activity of a client, employee, administrator or a third party, which may lead to motivated mistrust of the lawful origin of their resources or to presume that they are using the Company to transfer, handle, take advantage of or invest money or resources from criminal activities, shall adhere to the procedures and mechanisms provided in the Manual of the ML/TF Prevention System, and in the Anti-Fraud Program.

The employee or person in charge of the relationship who has any reasoned and reasonable suspicion about the activity of a client, supplier, employee or a third party, which may lead to a reasoned mistrust of the lawful origin of their resources or to presume that they are using the Company to transfer, manage, take advantage of or invest money or resources from criminal activities, shall use the mechanisms provided in the ML/TF Prevention Policy.

ARTICLE 28. – CONFIDENTIALITY: Taking into account that the information about the operation of ML/TF prevention systems, and the Internal Control Policies are confidential, employees, administrators or other related parties should not disclose details about them to clients and/or third parties in general, without the previous written consent from the SOPHOS administration.

Taking into account that the information about the implementation of ML/TF prevention practices, and the Internal Control measures are confidential, employees and those responsible for affiliates should not disclose details about them to clients and/or third parties in general, without the previous written consent from SOPHOS administration.

ARTICLE 29.- RESERVATION: Administrators, employees or other related persons who have knowledge of the detection of unusual transactions have a legal obligation to maintain a reservation on the matter or face the applicable legal penalties.