Process: LEGAL MANAGEMENT

CODE OF ETHICS

Documento No: M-GSH-16
Versión: 01
Fecha: 26/01/2022
Writer By: Legal Management
DOCUMENTO APROBADO POR
PREPARED BYREVIEWED BYAPPROVED BY
NameIngrith AngaritaMauricio Mosseri Estrada
Juan Camilo Rodriguez
Board of Directors
PositionLawyerPresident
Financial & Administrative
Board of Directors
Date28/12/201728/12/201709/03/2018

1. ÍNDICE

2. HISTORIAL DE VERSIONES

DateVersionAuthorDescription
26/01/202201 Legal ManagementCreation of document.

3. INTRODUCTION

SOPHOS SOLUTIONS S.A.S. together with its affiliates (hereinafter “SOPHOS” or “The Company”) is committed to the development and technological progress of its clients. For this purpose, its employees, administrators and other related parties shall set an example of a transparent and ethical conduct, and of respect to the rules regulating them, the shareholders, clients, members of the Company and regulatory and supervisory entities.

The implementation and application of defined ethical standards and behaviors are essential to build longterm relationships. For this reason, the Company has adopted this Code of Ethics (hereinafter referred to as the “CODE”), which is aimed at reinforcing the SOPHOS commitment to act in conformity with ethics and comply with the legal and regulatory provisions, specifying the guiding principles and rules of conduct applicable to these issues, since it is considered as a mandatory reference and consultation tool for its recipients.

It is important to note that neither the Law nor the CODE are exhaustive, and therefore they do not cover all possible situations that may arise in practice. Consequently, situations not provided for by the Law or the CODE shall be resolved through the reasonable application of the guiding principles set by Article 2, Chapter 1 in the document herein.

4. CHAPTER 1. GENERAL RULES

ARTICLE 1.- SCOPE OF APPLICATION: This CODE is addressed to administrators, employees, among others which are linked to SOPHOS. However, some provisions applicable to the Company’s Shareholders are included, who are also recipients of the CODE regarding such provisions.

For all purposes of this CODE, the term SOPHOS “affiliate” shall mean the corporation or individual which carries out activities and/or systematically collaborates with the Company without establishing an employeremployee relationship in conformity with the provisions governing this matter, therefore they could be associated through a certain type of agreements, such as learning or provision of services, work orders, among other mechanisms which SOPHOS may from time to time establish for the creation of this kind of relationships and their corresponding bond to the organization.

PARAGRAPH ONE: Every administrator, employee and member of SOPHOS shall be held liable for knowing the content of this document, as well as for complying with the principles and rules of conduct that are herein described. The Human Management area shall send a copy of this CODE for consultation and knowledge thereof at the time of accepting new collaborators linked to the Company and shall also inform that its content may be consulted through the corporate website of SOPHOS. The Company Legal Area shall ensure the compliance with the CODE and shall resolve and process all concerns that are raised through email: lineaetica@sophossolutions.com

PARAGRAPH TWO: For advertising purposes and to facilitate consultation, SOPHOS shall disclose and make available on the corporate website, the complete and updated text of the aforementioned CODE.

ARTICLE 2.- GUIDING PRINCIPLES: The activities carried out by employees, administrators of the Company and related parties in compliance with their duties shall be governed by the following principles:

  • Loyalty: Administrators, employees and related parties of SOPHOS shall carry out their operations in good faith and with transparency, ensuring the interests and objectives of the Company and taking into account the interests of its shareholders, without prejudice to the compliance with applicable regulations.
  • Honesty: Recipients of the CODE shall keep an upright and honest conduct in the performance of their functions.
  • Care and diligence: Administrators, employees and related parties of the Company shall carry out their duties with the same care and diligence with which a good businessperson would act, placed in a similar position and under the same circumstances.
  • Compliance with applicable regulations: SOPHOS shall comply with the legal, regulatory and statutory rules applicable to each of the businesses and activities that it carries out, as well as the rules set by the Code of Good Corporate Governance and in this CODE, taking into account not only its wording but also its purpose; hence, SOPHOS shall adopt information mechanisms enabling the recipients of this CODE to keep themselves updated on the modifications to the aforementioned corporate regulations.


ARTICLE 3.- RESPECT TO REGULATIONS: Employees, administrators and those linked to SOPHOS shall ensure the compliance with corporate policies, control measures and procedures defined by the administration, as well as the provisions set forth in the applicable legal regulations. Administrators are liable for the permanent promotion of a culture of prevention, through its permanent spreading through a training and awareness program.

ARTICLE 4.- PREDOMINATION OF ETHICS. SOPHOS deems it imperative that the Company, from an institutional – strategic point of view, and its collaborators or employees, put first the adherence to the provisions of this CODE and the rules on prevention and control of ML/TF, towards the achievement of corporate goals.

ARTICLE 5.- REGISTRATION AND WITHHOLDING OF COMPANY COMMUNICATIONS: All Company records and communications shall be clear, truthful and accurate. Exaggeration, conjecture, and derogatory remarks or characterization of individuals or companies are prohibited. This applies to communications of all kinds, including email and “informal” notes or memos”.

ARTICLE 6.- MEDIA PROTOCOLS: All concerns or investigations by the media (press journalists, reporters, television, radio, etc.), and other external third parties should be referred directly to the Executive President of SOPHOS.

By virtue of the foregoing, no administrator, employee or related person is authorized to make comments or maintain any type of correspondence that goes beyond informing that the concerns or requirements made shall be channeled through the Executive President, who shall be in charge of them.

5. CHAPTER 2. RULES OF CONDUCT

ARTICLE 7.- GENERAL ETHICAL RULES: Administrators, employees and related parties of SOPHOS undertake to:
  • Show a loyal, respectful, diligent and honest behavior.
  • Recognize the dignity of people and respect their freedom and privacy.
  • Respect and protect the people under their responsibility in dealing with relevant matters.
  • Refrain from discriminating against any person for reasons of gender, marital status, age, religion, race, political opinion, social or economic class, pregnancy, language, ethnic origin, nationality, sexual preference or disability.
  • Condemn, prohibit and report workplace harassment.
  • Categorically reject any type of child labor, as well as contractors and supplier’s child labor.
  • Facilitate constructive dialogue between employees and employers so that problems can be discussed freely.
  • Reject any type of forced or compulsory labor.
  • Promote and facilitate the detection of illegal practices and/or inappropriate behaviors, through open communication and the formal mechanisms implemented in accordance with the CODE provided regulations.
  • Refrain from firing, degrade, suspend, threaten, harass, interfere with the right to employment or discriminate in any other way against any person for providing information, helping to provide information or collaborating in an investigation where the breach of any provision is presumed established in the SOPHOS Corporate Policies or in this CODE.
  • Avoid reporting an innocent person unfoundedly and in bad faith.
  • Comply with the laws, regulations and ordinances of Colombia, as well as the present
  • CODE, the policies, rules and procedures established by the SOPHOS Administration.
  • Do not participate in any activity with the intention of restricting trade, or deny doing business with clients, members or suppliers who share ethical values and have a solid reputation.
  • Comply with everything stipulated in the regulations for the control and prevention of money laundering and financing of terrorism.
  • Refrain from making comments (whether in family, academic or social media) about activities carried out within the Company, which are detrimental to it or to those who are part of it.
  • Protect and preserve the tangible and intangible assets of the Company, as well as their efficient use to contribute to the achievement of business objectives and not for personal benefit.
  • Do not disclose confidential information related to processes, methods, strategies, plans, projects, technical data, market or of any other type.
  • Do not use the name or resources of the Company for personal gain.
  • Avoid all contact with dishonest people who intend or could harm SOPHOS.
  • Those who participate in political activities of any jurisdiction, should not involve SOPHOS, clearly establishing that they act in a personal capacity and not on behalf of the Company, since it does not influence, support or intervene in any way in such activities.
  • Inform promptly and through the channels established by the Company on violations of this CODE and/or on situations that violate the rules set forth herein.

ARTICLE 8.- INFORMATION HANDLING: In the exercise of their duties, administrators, employees and other related parties may have knowledge of confidential, reserved or privileged information owned by SOPHOS and/or its clients.

By way of example but not restrictive, the following information is considered confidential, reserved or privileged, regardless of the medium in which it is stored:
  1. Financial, commercial, technical, legal, tax and business information of the Company.
  2. The Company strategic plans.
  3. The Company’s shareholders registry book.
  4. The decisions of the Board of Directors, Technical and Business Development Committee and Coexistence Committee.
  5. Information from SOPHOS suppliers, customers and employees.
  6. Information on the Company’s relationships with its suppliers, customers and employees.
  7. Any information that, due to its characteristics, means that SOPHOS obtain and maintain a competitive and/or economic advantage over third parties in carrying out business activities and for which it has adopted the means or systems to preserve its confidentiality and restricted access thereto.
  8. Information about the operation of the Company’s Asset Laundering and Terrorism Financing Prevention and Control System.
  9. Information related to judicial or administrative processes in which SOPHOS is a party or intervenes in any other way.
  10. Information that the Clients or Allies of SOPHOS classify as confidential, reserved or privileged, to which SOPHOS and its dependents can access during the supply of contracted services.
  11. Other information that by law or by determination of the Presidency of the Company, is classified as confidential, reserved or privileged. When the Presidency makes such a qualification, the information thus qualified shall be added to the list established in this article.

PARAGRAPH ONE: For the purposes of safeguarding confidential, reserved or privileged information, the recipients of the CODE shall comply with the following rules of conduct:
  1. Obtain, treat, protect and preserve information as an asset of the Company with responsibility, ethics and in accordance with Corporate Policies and laws in force in Colombia.
  2. People who, due to their responsibilities in the Company, have access to privileged information, shall take the necessary measures to prevent the disclosure or leakage of said information to unauthorized parties.
  3. The members of the Shareholders’ Meeting, Board of Directors, Executive Committees, managers and employees or related parties who carry out activities as professors, exhibitors or students, may only use the Company’s public information for performing said activities.
  4. Obtain and treat personal data responsibly, ethically and in accordance with Corporate Policies and applicable privacy laws in Colombia.
  5. Refrain from disclosing confidential, reserved or privileged information by any means to third parties who do not have the right to know it, including friends, spouse or permanent partner and relatives in the second degree of consanguinity and affinity, first of affinity or only civil.
  6. Do not mention or discuss confidential, reserved or privileged information, in places where there are third parties who do not have the right to know it, such as waiting rooms, restaurants, airplanes and other means of transport, open offices, among others, as well as through of phone calls.
  7. Keep physical, magnetic and electronic documents that contain confidential, reserved or privileged information in safe places with restricted and controlled access, and erase at the end of every meeting the blackboards on which confidential, reserved or privileged information has been written, and clear the place of the meeting from all other elements containing such information.
  8. The use of confidential information for the benefit of personal interests (financial or non-financial), whether their own or that of a third party, is not allowed.
  9. It is not allowed to disclose, exploit in any way, or make use of any information or corporate assets that may be deemed as registered, patented or intellectual property, for the benefit of personal interests or that of a third party.
  10. Maintain the confidentiality of sensitive commercial information, even to the point of not discussing it with co-workers without the authorization to access this type of information.
  11. Not destroy official and proprietary information of the Company. Notwithstanding the foregoing, in case of requiring the destruction of copies of confidential, reserved or sensitive information of the Company, secure means shall be used and authorized by SOPHOS for this purpose.
  12. In the case in which an employee shall disclose confidential, reserved or sensitive information of the Company by order of the competent authority, he shall report it his hierarchical superior and to the legal area so that the request is validated, and necessary measures are adopted to make the safe delivery of the information in case this delivery is appropriate.

PARAGRAPH TWO: Confidential information of the Company shall not include that with respect to which it can be proved that it was in the public domain at the time of its disclosure, without this representing a violation to this CODE.

PARAGRAPH THREE: Regarding confidentiality, protection and information security, the provisions of this CODE and all other policies provided by the Company, such as the Information Security Policy, shall be taken into account.

ARTICLE 9.- DUTY TO REPORT ILLEGAL OR ANTI-ETHIC ACTIONS: Directors, administrators, employees or related parties shall report to the President of SOPHOS, through the mechanisms provided for that purpose, about facts that they are aware of and that in their discretion imply in any way the breach of ethical principles or rules of conduct herein set forth.

For the purposes of making the aforementioned actions known, managers, administrators, employees and related parties shall follow the incident reporting procedure defined through the Ethics Line.

The Administrator of Ethics Line shall transfer the information to the competent authorities of SOPHOS, in order to make sure that the respective investigation is carried out and shall report on the starting with the investigations to the President, when it deals with facts related to members of the Board of Directors and legal representatives and, to the Administration when it comes to the other employees.

The Ethics Line Administrator shall submit a semi-annual report to SOPHOS President regarding the number and nature of reports received under the terms of this article, the procedure applicable to them and their results.

ARTICLE 10.- KNOWLEDGE OF CLIENTS, SUPPLIERS, EMPLOYEES OR ANY OTHER THIRD PARTY: Recipients of this CODE, particularly those participants and those responsible for the customers’ affiliation, suppliers, employees or other third parties shall comply with the procedures established for their knowledge, whether they are individuals and/or legal persons, in order to know their activities and businesses, determine if the activities they carry out are consistent with those reported in the process of affiliation or annual data updating and with any other information available or gathered about them.

The employees responsible for affiliations shall be especially demanding and careful in the linking and monitoring processes of national or foreign people who, due to their profile or functions they perform, can be related to the ML/TF recognized types.

ARTICLE 11.- RELATIONSHIP WITH SHAREHOLDERS: The purpose of SOPHOS is the continuous creation of value for its shareholders, for which it is committed to providing objective, transparent, adequate, clear and timely information on the evolution of the Company and under conditions of equality for all its shareholders. Similarly, SOPHOS undertakes to develop the necessary bases for the participation of its shareholders with respect to their decisions.

ARTICLE 12.- RELATIONSHIP WITH COMPETITORS: Those who have contact with representatives of competitors, shall show a professional attitude, attached to the principles and values of SOPHOS. Avoiding issues that could generate risks or possible contingencies for SOPHOS in terms of internal policies, products, compliance with laws and regulations on competition. In no case shall SOPHOS employee, administrator or related party attempt to obtain trade secrets or any other confidential information from a competitor.

ARTICLE 13.- RELATIONSHIP WITH SUPPLIERS AND COLLABORATING COMPANIES: SOPHOS considers its suppliers and collaborating companies as an essential player for the achievement of its growth and service quality improvement objectives, seeking to establish relationships with them based on trust and mutual benefit in accordance with the following rules of conduct:
  1. Those who negotiate the acquisition of goods and services are obliged to offer and demand from suppliers and collaborating companies a fair and honest treatment in each transaction, always seeking the best interests of the Company.
  2. The basic criteria authorized to decide between one supplier, and another are the quality of its product or service, economic conditions under which they are supplied, timeliness of delivery or provision, service it ensures and seriousness, solvency and soundness of the corporation.
  3. Any employee or related party who by reason of his functions shall acquire or approve the acquisition of goods and/or services for the Company or is in a position to substantially influence the decision, shall have no interests in the selling or supplying companies, either personally or through family members or third parties. This is equally valid when their family members or close associates have interests in such companies.
  4. No employee, administrator or related parties may provide data or information of the Company, for the benefit of potential suppliers, for whom this information gives them an advantage over others who also hope to enter into an agreement with it.
  5. No employee, administrator or related parties may accept gifts or other types of advantages or benefits from our suppliers of merchandise or services, such as gifts, payment of leisure expenses, travel expenses or walks, accommodation in real estate for recreation, usufruct of vehicles, training trips not authorized by SOPHOS and any other benefit that has a monetary value greater than $500 USD, for which they shall be obliged to return any type of gift whose monetary value exceeds the aforementioned amount. If such a return is not possible, the employees, administrators or related parties shall be under the duty donating that gift and inform SOPHOS about such donation. The foregoing is equally valid when said benefits come from third parties eventually interested in becoming suppliers of the Company.
  6. Recipients of this CODE shall refuse any type of remuneration, loans, commissions, profit sharing, or any other type of economic compensation that is offered to them by persons or entities with whom the Company maintains or may have business relationships.

ARTICLE 14.- RELATIONSHIP WITH AUTHORITIES: SOPHOS, its administrators, affiliated parties and employees undertake to:
  1. Collaborate at all times with the competent authorities for the full exercise of their powers and act in accordance with the law in defense of SOPHOS legitimate interests.
  2. Relations with state or para-state bodies or with public entities that exercise official surveillance and control functions shall always be governed by legal norms and procedures. SOPHOS disapproves the offer or concession of payments in money or in kind, at the initiative of its own collaborators or officials, in order to obtain or hasten decisions favorable to it.
  3. Employees of the Company who, by reason of their functions, have to do with state agencies, shall conduct the relationship with them with the utmost professionalism, seriousness and high ethical level, seeking to achieve an unsuspecting and objective attitude on the part of them towards the affairs of the Company, in accordance with the applicable laws.

ARTICLE 15.-SOCIAL BEHAVIOR: SOPHOS wishes that all people affiliated to it, without any exceptions whatsoever, abide to rules of conduct consistent with its ethical principles, even in their own personal actions, both in the personal field, as well as in the family and social fields. All this under the conviction that, in each of their actions, employee or related party positively or negatively affects the image of the Company to which he is affiliated.

SOPHOS rejects any manifestation of physical, psychological, moral harassment or abuse of authority, as well as any other conduct that may result in an intimidating or offensive setting to the rights of people.

ARTICLE 16.- INSTITUTIONAL PRACTICES:
  1. Exercise of authority: Recipients of this CODE shall maintain a respectful relationship with their coworkers and request, when necessary, their professional opinion in their area of competence, as well as acknowledge their contribution. Staff officers responsible for employees shall treat them fairly and involve them in decisions having an impact on each employee, so that all are given equal opportunities to develop their skills.

  2. Professionalism: Company employees, associates and administrators shall:
    • Thoroughly follow the established policies and procedures, as well as comply with the orders of their boss.
    • Abide by all the corporate rules and regulations as well as orders issued by the Company’s Presidency.
    • In the case of opinions on specific matters which differ from the Company criteria; they should not interfere with the performance of the duties of SOPHOS employees and administrators.
    • Make effective use of the time provided for the normal working hours.
    • Clothing shall be sober, decent and respectful to project a good image.

  3. Harassment: Abusive, harassing or offensive conduct is unacceptable, whether verbal, physical or visual, i.e., derogatory comments based on gender, racial or ethnic characteristics and improper sexual insinuations.

  4. Use of the Company’s assets: The use of SOPHOS assets, facilities or services is exclusively intended for the Company’s business activities.
    • All SOPHOS employees and affiliates are responsible for the protection of SOPHOS assets against loss, damage, misuse or theft, and assets that the Company has under its mere possession, which have been entrusted to the company
    • Do not alter or destroy any of the assets, records or files of SOPHOS.

  5. Health and safety: SOPHOS employees and associates shall respect the relevant health and safety requirements and act to solve or report to the immediate boss any situation that may represent a risk to health or safety.

    In order to protect the safety of all collaborators, each of SOPHOS employees and related parties shall appear at the workplace free from the influence of any hallucinogenic and/or alcoholic substance that may hinder the performance of their work activities in a safe and effective manner.

    SOPHOS, fosters a work environment of understanding and free from discrimination for those affected by any disease, including HIV/AIDS.


ARTICLE 17.- POLICY OF THE CONTROL AND PREVENTION SYSTEM FOR MONEY LAUNDERING AND FINANCING OF TERRORISM (ML/FT):
To guarantee the efficient, effective and timely operation of ML/FT Control and Prevention System, the administrators, associates and employees of SOPHOS shall comply with this CODE and the provisions of the Policy for the Control and Prevention of Money Laundering and Financing of Terrorism as set by SOPHOS, under penalty of the sanctions provided by Article 34 of this CODE.

ARTICLE 18.- CORRUPTION AND BRIBERY: Corruption and bribery appear when employees use unethical practices to obtain some benefit for the Company or for themselves. Corruption and bribery are one of the categories of fraud.
SOPHOS declares itself against influencing the willingness of people outside the Company to obtain any benefit through the use of unethical practices. Nor shall it allow other people or entities to use these practices with its collaborators.
SOPHOS shall abide by the anti-corruption laws of the countries in which it operates, which include the Prevention of Corruption Law, which applies at the local level as follows:
  • We abide to fair and transparent business practices to ensure compliance with Colombian laws and regulations and prevent bribery and extortion practices.
  • In our activities inside and outside the Company or on its behalf, we do not participate, order, authorize, promise, conspire, induce or assist someone in corrupt practices, either directly or through a third party.


ARTICLE 19.- IMAGE AND CORPORATE IMAGE: SOPHOS shall not have any commercial relationship with companies or people who deviate from ethical standards, nor with those companies or people whose participation in illegal or degrading activities is known, or who do not fully and fully comply with current legal provisions.

ARTICLE 20.- LOYALTY TO THE COMPANY AND CONFLICT OF INTEREST: It is the duty of the administrators, related parties and employees of SOPHOS, to avoid situations of interference between spheres of interest that may lead to omissions of control, deficient diligence in the procedures of knowing the client in search of a personal benefit or of a third party.

Situations that give rise to conflicts of interest are considered, in relation to the prevention and control of ML/TF, among others, the following: In the analysis of unusual operations it is understood that there is a conflict of interest, the determination of suspicious operations, the reports to the Financial Information and Analysis Unit -UIAF-, the making of a decision, the realization of any regulatory report, or in the delivery of information requested by a competent authority, when the spouse or permanent partner is related to these activities , relative within the second degree of consanguinity, second of affinity or only civil of the employee who is carrying out the analysis and he can interpose his own interest or the interest of a third party to the interest of the company.

In compliance with this CODE, a conflict of interest is understood to be any situation or event in which the employee’s personal interests, both direct or indirect, whatever his level is, either affiliated or a member of the administration, or of his relatives or close friends are or may come to be in opposition to those of the Company, interfere or may interfere with the duties that he shall comply with it inside the company or lead him or may lead to him to act in his performance of duties, for reasons other than the correct and actual fulfillment of his responsibilities.

Therefore, directors, associates, employees and administrators of SOPHOS undertake to:
  • Comply with the provisions set forth in Chapter 1 Title VII of the SOPHOS Good Corporate Governance Code.
  • Avoid any situation that may cause a conflict of interest. No type of interest, either family, financial, commercial, etc., direct or indirect, or participate in any commercial activity, transaction or professional activity that is in conflict with the due fulfillment of our duties.
  • Refrain from using the SOPHOS name, brand, or position in our Company to:

    • Promote personal interests, monetary or non-monetary, for themselves or for relatives or acquaintances.
    • To obtain goods or services or preferential treatment for himself or for third parties
    • Coerce any citizen or get any kind of benefit, either for himself or for third parties. Attention should be paid to any situation in which it is possible that personal interest may be in conflict with his duty as an employee, associate or administrator.

  • Activities outside the functions of employees and/or related parties shall not affect the reputation of the Company, nor interfere with their duties. Employees are not allowed to participate in practices or pursue personal interests that, either directly or indirectly, conflict with the interests of SOPHOS. An employee shall not engage (even without pay) in any outside employment, business interests, or other activities that may interfere with his duties at SOPHOS, except where express approval has been requested and granted. Employees have the obligation to disclose any possible conflict of interest to their immediate manager.
  • Once the employment relationship between the employee and SOPHOS has been terminated, the former shall deliver to the Company all the documents, files, client list, policies, memories, equipment, reports and records that contain any type of SOPHOS information or of any private nature, as well as all copies of such information.


ARTICLE 21.- TREATMENT OF SUSPICIOUS TRANSACTIONS: If the Company, through its employees, associates or administrators, reasonably suspects that an operation is preceded by illicit activities or that a person who is intended to be linked as a client has the purpose of financing them or is associated with them, they shall carry out the corresponding internal report, as established in the ML/TF Prevention System Manual, without prejudice to sending the report to the competent authorities. The Company, in accordance with its own policies, established procedures, contractual clauses and the current legal regime, shall seek legal mechanisms to terminate any relationship with the client, employee or any third party related to said type of conduct.

If the Company, through its employees or related parties, reasonably suspects that an operation is preceded by illicit activities or that a person that is intended to be linked as a client, supplier, employee or other third party, has the purpose of financing them or is associated with them, they shall prepare the corresponding internal report, without prejudice to sending the report to the competent authorities.

The Company, in conformity with its own policies, established procedures, contractual clauses and the current legal regime, shall seek legal mechanisms to terminate any relationship with the client, supplier, employee or any other third party that carries out an operation that, in the opinion of the Administration, is suspicious.

ARTICLE 22.- COLLABORATION WITH AUTHORITIES: The Company, through its employees, associates and administrators, shall actively collaborate with the authorities, providing, in the terms provided by the Law, all the information they require for the prevention, investigation and control of criminal activities. The reserve of information is not opposed to requests for information made specifically by the authorities within the framework of their powers, in accordance with the provisions set by article 15 of the Political Constitution and article 63 of the Business Code, or in those regulations that add, modify or replace them.

The Company, through its employees, shall actively cooperate with the authorities, providing, in the terms indicated by the Law, all the information they require for the prevention, investigation and control of criminal activities.

ARTICLE 23.- FAIR COMPETITION AND GOOD FAITH: SOPHOS employees and administrators shall act in good faith and in a fair manner with clients, suppliers and competitors, and shall respect fair competition practices and restrictive competition practices provisions. To comply with the foregoing, SOPHOS employees and administrators and their subordinates shall apply the following guidelines: 1. It is prohibited to make formal or informal agreements aiming to increase, decrease or fix prices, or limit the availability of products, or block clients, territories or brands, with people who are competitors of SOPHOS or its subordinates. 2. Contact with competitors should be kept to the minimum necessary. 3. Whenever there exists any contact with competitors, employees should act as if they were acting before the public in general.

ARTICLE 24.- INTELLECTUAL AND INDUSTRIAL PROPERTY: The employees, associates and administrators of SOPHOS and their subordinates have the responsibility of properly using the name and brand of the Company, as well as that of its parent company. Copyrights owned by SOPHOS and its subordinates, such as books, articles and software development, among others, are protected by copyright. Consequently, whenever it is intended to copy, reproduce or alter any of the aforementioned documents, a special authorization from the Company shall be required. The documents that employees, associates or administrators of SOPHOS or its subordinates produce in the development of their activities shall be the Company’s property.

ARTICLE 25.- GIFTS AND INVITATIONS: The employees, associates and administrators of SOPHOS, shall refrain, directly or through their spouses, permanent partners and relatives in the second degree of consanguinity or affinity, or only civil, from offering, giving, requesting and accepting from clients and in general of any natural or legal person, gifts, invitations or other incentives that originate a personal commitment or for the Company and that may reduce objectivity in decision-making in matters related to said person or entity to which it has been offered, given, requested or accepted the incentive. In any case, employees, related parties and administrators may not accept from the same person or entity, and within the same year, gifts whose monetary value is greater than $ 500 USD, for which they shall be obliged to return any type of gift whose value monetary amount exceeds the aforementioned amount. If this return is not possible, they shall be obliged to donate it and inform SOPHOS about said donation.

ARTICLE 26.- KNOWLEDGE OF THE CODE OF ETHICS: SOPHOS shall send employees, administrators and related parties a copy of this CODE, which they shall know, in the same way, once they establish a relationship with SOPHOS, they are obliged to carry out their activities and work in compliance with the provisions of this CODE, under penalty of the sanctions herein described.

Employees, administrators and related parties are obliged to know the content of the CODE and the updates that may take place, which shall be communicated in a timely manner by SOPHOS and consulted at any time through the Corporate Website. The lack of knowledge of the precepts stipulated herein does not justify its non-compliance nor does it constitute a sufficient basis of liability waiver.

SOPHOS facilitates access and the corresponding consultation of the CODE through its website www.sophossolutions.com.

ARTICLE 27.- PREVENTIVE ATTITUDE: SOPHOS employee, administrator or related party who has any well-founded and reasonable suspicion about the activity of a client, employee, administrator or a third party, which may lead to motivated mistrust of the lawful origin of their resources or to presume that they are using the Company to transfer, handle, take advantage of or invest money or resources from criminal activities, shall adhere to the procedures and mechanisms provided in the Manual of the ML/TF Prevention System, and in the Anti-Fraud Program.

The employee or person in charge of the relationship who has any reasoned and reasonable suspicion about the activity of a client, supplier, employee or a third party, which may lead to a reasoned mistrust of the lawful origin of their resources or to presume that they are using the Company to transfer, manage, take advantage of or invest money or resources from criminal activities, shall use the mechanisms provided in the ML/TF Prevention Policy.

ARTICLE 28. – CONFIDENTIALITY: Taking into account that the information about the operation of ML/TF prevention systems, and the Internal Control Policies are confidential, employees, administrators or other related parties should not disclose details about them to clients and/or third parties in general, without the previous written consent from the SOPHOS administration.

Taking into account that the information about the implementation of ML/TF prevention practices, and the Internal Control measures are confidential, employees and those responsible for affiliates should not disclose details about them to clients and/or third parties in general, without the previous written consent from SOPHOS administration.

ARTICLE 29.- RESERVATION: Administrators, employees or other related parties who have knowledge regarding the detection of unusual operations, have the legal obligation to maintain a reservation on the individual, under penalty of incurring in the applicable legal sanctions.

6. CHAPTER 3. CLAIMS

ARTICLE 30.- CLAIMS SYSTEM:
  • Any person linked to the Company is liable to formally report, to his immediate boss or respective director, any behavior, of their own or that of other people, that breaches the rules herein provided.
  • Every employee, administrator or related party is under the duty to report any circumstance that results in or could cause conflicts of interest, in order to adopt the pertinent measures.
  • It is the duty of all those who hold leadership or direction of people within the Company, to promote the appropriate climate of trust so that behaviors contrary to what has been provided in this CODE are promptly reported.
  • Likewise, it is the duty of all directors, immediately inform of the facts that could result in a violation to the norms of this CODE, keep the President of SOPHOS aware of the facts and objectively investigate them and adopt timely disciplinary sanctions and measures as applicable.
  • Without exception and when the nature of the facts indicate the possibility that the conduct involved is typified and sanctioned as an offense by the criminal law, the Executive Director and/or Legal Director, and after legal consultations, shall proceed to establish or order that the corresponding criminal report be filed before the competent authorities and, if applicable, to designate the necessary attorneys to obtain compensation for damages that such offense may have caused to the Company.


ARTICLE 31.- NOTIFICATION PROCEDURES: Recipients of the CODE shall, in case of doubts about what is a proper conduct, consult with at least one of the following collaborators: immediate boss, Human Talent Directorate, Legal Area.

The Company agrees that in the event of concerns arising from this policy, it shall make every effort to keep the confidentiality of the person raising the matter or concern.

ARTICLE 32.- ETHICS LINE: In compliance with this CODE, the Ethical Line shall be understood as the means enabled by SOPHOS for the communication of concerns, requests or comments on the content of this CODE, or for reporting of behaviors that contradict the provisions set forth herein, or in other Corporate Policies or in the Law.

Through the SOPHOS ethical line, collaborators, managers, clients and even suppliers can file their claims by sending an email to the following address:

lineaetica@sophossolutions.com and to the Ethical Channel available on this website: https://sophossolutions.com/

Claims filed shall be properly founded and/or in good faith; therefore, SOPHOS requires a detailed account of facts to be reported, as well as the supply of supports and evidence intended to backup the reported behaviors, facilitating the investigation and taking of measures as applicable.

In order to promote transparency, security, trust and avoid possible reprisals for claims filed, SOPHOS allows the report thereof, keeping anonymity through the website; otherwise, if the claimant’s contact information is provided through this means, such information shall be treated in accordance with the Company’s Data Processing Policy.

SOPHOS guarantees confidentiality and objectivity in the review of complaints, comments and suggestions sent through the ethical channel available on the Company’s website and the email of the ethical line.

ARTICLE 33.- BREACH OF THE CODE:
  • SOPHOS considers any violation of the CODE a serious matter and a breach of the employee’s duties towards the Company.
  • The Company shall take disciplinary and/or legal measures as applicable.
  • The Company is committed to an impartial and anonymous reporting system, which gives Collaborators the opportunity to freely report any deviation from the CODE in which they can be aware of.


ARTICLE 34.- SANCTIONS: Non-observance or non-compliance with the guidelines contained in this CODE and in the ML/FT Prevention Policy shall constitute a SERIOUS offense, without prejudice to the applicable legal sanctions. In the case of SOPHOS employees, the sanctioning procedure to be followed is determined in the section known as “SCALE OF FAULTS AND DISCIPLINARY SANCTIONS” of the Internal Work Regulations, without prejudice to the applicable legal sanctions. For those linked to the company, the sanctions provided in contracts and/or in the law as appropriate shall be taken into consideration.

“Sophos Solutions S.A.S. reserves the right to amend this document according to changes that arise within the company or legal provisions that determine it, it is the duty of employees, administrators and other related parties to know the different updates and changes to be made.”
6.1 DECLARATION OF KNOWLEGDE AND IMPLEMENTATION OF THE CODE OF ETHICS FOR RELATED PARTIES
SOPHOS SOLUTIONS S.A.S.

I hereby declare that I have read and understood the terms and conditions stated in the SOPHOS Code of Ethics and confirm the acceptance, adherence and commitment to compliance with provisions therein.

I am aware and I acknowledge that the non-compliance with the contents of this code may have different consequences in the relationship that I currently keep at SOPHOS. Depending on the severity of the breach, these can range from a simple warning notice with respect to the breach, withdrawal, termination and/or liquidation of the bond, compensation for damages, collection of sanctions or penalties or other actions as provided in the contract; without prejudice to other legal or administrative actions as applicable.

In testimony whereof, I sign this document on the __ day of ______________ of year ____.




Cordially yours,

Name

ID

Status:
6.2 DECLARATION OF CONFLICTS OF INTEREST
SOPHOS SOLUTIONS S.A.S.

I hereby declare that I have one or more of the following conflicts of interest: Family Details Suppliers Clients Employment and external activities, I am aware and acknowledge that having a conflict of interest and not reporting it results in a breach of the Code of Ethics, as well as not following the procedure defined by the Company when the conflict of interest arises. Such non-compliance can lead to sanctions that can range from a call for attention, discharges, or even dismissal for just cause in case of being an employee of SOPHOS, or the termination of the relationship, compensation for damages, among other consequences derived from my condition of associate to the Company, depending on the seriousness of the offense, applying a scale that is made following the current procedure of the Company or whatever the law determines.

In conformity with the above I sign this document on the ______________ day of ______________ of year __________.




Cordially yours,

Name

ID

Position