Process: RISK MANAGEMENT

GIFTS, PRESENTS, HOSPITALITY AND OTHERS

Document No: PL-SGC-05
Version: 02
Date: 26/05/2022
Writer By: Risk Management Group
DOCUMENTO APROBADO POR
REVIEWED BYAPPROVED BY
NameVictor Hugo Riaño DelaossaBoard of Directors
PositionRisk and Compliace Officer LeadN/A
Date26/05/202226/05/2022

1. ÍNDICE

2. VERSION

DateVersionAuthorDescription
07/01/202201Andrea Catalina
Garcia Lopez
Creation
26/05/202202Andrea Catalina
Garcia Lopez
Upgrade, as per ISO 37001 requirements, Business Ethics and Transparency Program and cost update

3. POLICY OF GIFTS, PRESENTS, HOSPITALITY AND OTHERS

3.1 COMMITMENT
This Policy of Gifts, Presents, Hospitality and Others, develops certain aspects of the Anti-Bribery and AntiCorruption Management System, the Transparency and Business Ethics Program, the Anti-Bribery and other forms of Corruption Policy and the statements made in the Code of Ethics, whose purpose is to continue with the commitment and strengthening of transparent and mutually beneficial relationships between Sophos Solutions and business partners and stakeholders.

Sophos Solutions is committed to complying with the rules aimed at the Prevention of national and transnational bribery, adopting policies, procedures and high standards of transparency, honesty, integrity, and legality in the fight against Acts of Corruption through the management of risks and the strengthening of the Government and our corporate principles.

No gift, present, detail, attention, object, benefit, advantage, hospitality, food, travel, accommodation, or form of entertainment should be given or accepted if it can, or if it creates the appearance of being able to unduly influence directly or indirectly in contractual or commercial relations, if it alters its independence, if it creates obligations, or causes potential discredit and/or violates the law or policies of Sophos Solutions.
3.2 PURPOSE AND SCOPE
The purpose of this policy is to establish a framework of action on the business position and acceptable limits against the attentions between the parties through gifts, social attentions, meals, entertainment, among others, for the Parent and subsidiaries of Sophos Solutions giving scope and clarity to all third parties with whom you have an interaction as collaborators, related parties, stakeholders, associates, and business partners 1

We seek to protect the good name of Sophos Solutions and each of the members of senior management and its collaborators when they are immersed in a real or potential conflict of interest, associated with gifts, presents, hospitality, attention, and others.

This Policy takes into consideration the interests of the Company, and the needs and expectations of its internal and external third parties.


1 Understood as customers, business alliance, contractors, consultants, subcontractors, national and international suppliers, among others and their analogy before the countries that operate the subsidiaries, in general to all those with whom directly or indirectly some commercial or contractual relationship is established.
3.3 PRINCIPLES
Through this Policy Sophos solutions aims to ensure that all employees, as well as third parties with whom it maintains business relationships, comply with the provisions of the main existing anti-bribery standards, among the compliance is the standards set in the ISO 37001 standard, FCPA law, and Law 1778 of 2016, Transparency and Business Ethics Program, Anti-bribery Law, and any other applicable rules or policies

Any gift, detail, or other incentive, that is sent to any collaborator of the company in compliance with this policy, regardless of whether it arrives at the company’s facilities or the place of residence of the person, must be reported and as the case may be made available to the Compliance Officer/Function.

Collaborators, associates and administrators of Sophos shall refrain, directly or through their spouses, permanent partners and relatives in the second degree of consanguinity or affinity, or only civil, from offering, giving, soliciting and accepting from customers and in general from any natural or legal person, gifts, invitations or other incentives that give rise to a personal commitment or to the Company and that may detract from its objectivity in making decisions in matters related to that person or entity to which the incentive has been offered, given, requested or accepted.
3.4 GENERAL RULES
Sophos Solutions, its collaborators or third parties acting on behalf of the company do NOT offer, promise, deliver, grant, accept or request gifts, presents, details, attentions, objects, benefits, advantages, hospitality, or entertainment if these:

  • Are understood or seem to be understood, as an obligation or a bribery.
  • Are made to influence the decisions of any public official, authority or any other third party.
  • It is done in exchange for granting an advantage or ignoring any procedure, in favor or against a third party.
  • It is generated when the making of a decision is pending or the judgment of a third party may be affected.
  • Affect the company’s reputation or violate its ethical principles.
  • They are made with the purpose of obtaining or maintaining a certain business or a business advantage.
  • Are intended to obtain or exchange favorable deals.
  • Create the impression, or implicit obligation, that the offer is entitled to preferential treatment
  • May give rise to conflicts of interest.
  • Are gifts in cash, money, gift cards or other support that allows the transmission of money, which are expressly prohibited.
  • Do not correspond to an action derived from the provision of the services.
  • Contravenes current legislation.
  • Socially unacceptable content or nature.

Any gift received that is considered inappropriate in accordance with the provisions of this Policy, must be returned by the collaborator who receives it, communicating this circumstance to the immediate boss, who in turn will communicate it to the Compliance Officer/ Function.
3.5 RECEPTION
Before accepting gifts and attentions, it must be verified that they are reasonable in cost, frequency and quantity, therefore, it is necessary to verify that they are:
  • In accordance with applicable laws and reasonable and in accordance with the uses and customs of courtesy or gratitude.
  • Are offered or received in an open and transparent manner.
  • The value is less than 50 USD or its equivalent in local currency.
  • Maximum twice in the calendar year without exceeding the above cost
  • Each time a gift, attention, or other benefit is received it must be reported in writing to the email funcioncumplimientoaa@sophossolutions.com
  • Gifts or objects commonly known as merchandising such as countermarked pens with corporate branding, notebooks, calendars, institutional pendrive´s,, caps, t-shists, umbrellas and in general, all advertising material of little value should not be reported.
It is NOT considered merchandising or corporate branding, objects valuable with corporate Brand such as watches, tablets, among others.
In the event that they send gifts or offer attentions that exceed the maximum value established, in general, the return or rejection of the attention through a cordial communication will be preferred, wherever if this is not possible, we must inform the immediate boss and the compliance officer / function, so that in conjunction with the intern audit they determine the actions to follow.

It is necessary to remember that:
  • We discourage third parties from offering us gifts or attentions.
  • We reject all gifts or attention that we do not meet the parameters established here.
  • Gifts or presents received wish are considered to exceed the condition of this policy will be return to the person who supplied them.
  • In case of not be able to make the return this will be put in custody of risk management to be raffled throughout the company.
  • It is not considered Bribery, the internal benefits that are established within the company, nor the attention that can be given in the area if these do not generate some type of undue pressure or harassment at work.
  • The Compliance Officer/Function shall report at planned intervals to the Board of Directors, senior management and the Audit and Compliance Committee, gifts, presents, hospitality, or other incentives received in the organization and the treatment given to each of them.
3.6 GRANT
No employee shall provide gifts, presents, payments, or loans, or grant any unreasonable favor on behalf of Sophos Solutions to customers, suppliers, competitors or business partners, in order to influence the failure directly or indirectly to the truth or to keep quiet about it in whole or in part, act, delay or stop acting in connection with the performance or in exchange for the latter performing or omitting any act in the xercise of its functions.

Only members of senior management or management may offer gifts and attention. In the event that it is carried out by an unauthorized collaborator for this purpose, he must request express written permission from the immediate boss and the compliance officer / function, which will indicate, where appropriate, the maximum authorized amount and / or place of service, and other instructions to follow.

At the time of delivery, the following guidelines should be verified:
  • The gifts or details will be made under a budget, with the aim of generating a possible mass acquisition (by Volume), and this will be approved by the Board of Directors both in the purchase and distribution of these for each third party.
  • Commercial services (invitations to eat, meetings, etc.) with customers or prospects will be limited to $120,000 COP per person in Colombia and $100 USD per person outside Colombia
  • We always respect our level of attribution for the realization of invitations or granting of gifts or gifts to third parties.
  • The gifts and invitations we offer directly or indirectly must be reasonably related to a business that is taking place between the parties and must be duly documented.
  • We consider the nature, value, and transparency of any gift and also the value of the gift from the point of view of the recipient.
  • Always respect the gift and attention policies of Sophos Solutions or that of the third parties to whom they are addressed.
  • Gifts should not be frequent, only given maximum twice in the calendar year


For cases where force majeure exceeds these amounts, the acceptance of the detail, attention or hospitality must be authorized by the immediate boss, the Compliance officer / function or the Compliance and audit Committee.

Considering Sophos Solutions’ background in relation to gifts, attentions, hospitality, and travel provided by customers, it is necessary:
  • Allow only the necessary trip for the correct development of the function of the collaborator.
  • Inform the immediate boss and anti-bribery compliance officer / function of the travel and hospitality that were provided.
  • Restrict payments to necessary travel, accommodation, and subsistence, directly associated with a reasonable travel itinerary
  • The reimbursement of expenses corresponding to travel, meals or leisure may not be made for individuals who do not belong to Sophos Solutions, unless the contractual relationship establishes that the expenses must be reimbursed and provided that the expense incurred has been previously authorized by the Company.
  • In general, it is forbidden to pay the expenses of family members or friends who are not foreseen or authorized by Sophos or to perform any indispensable administrative act by collaborators or candidates to be employed.
  • The payment of holiday or recreation expenses is prohibited.


Is necessary to remember that:
  • It is forbidden to offer promise deliver grant, accept, or request a gift or undue advantage (financial or otherwise) of any value to public officials, authorities, or public bodies whether national or international, or any natural or legal person.
  • It is forbidden for the relatives and close friends of the collaborators to accept gifts or attentions of a third party related to Sophos Solutions, and Sophos Solutions will not offer gifts or attention to relatives of the third parties with whom it maintains a relationship.
  • The collaborators and directors of Sophos Solutions must inform third parties with whom they maintain commercial or contractual relations of the existence of this Policy of Gifts, presents, Hospitality and Others.
3.7 CHARITABLE CONTRIBUTIONS AND SPONSORSHIPS
Sophos Solutions may offer sponsorships, this to support the advancement of knowledge in Innovation and Digital Transformation or to support other socially beneficial purposes.
  • This must be approved by the Board of Directors and the presidency
  • The third party must be evaluated according to the procedure of linking third parties and due Diligence will be performed by the Risk area.
  • Cash donations are not allowed.
  • Due diligence will be conduct on the charity or other recipient to determinate if they are legitimate and are not being use as a channel to give a bribery.
  • Will be disclosed in an open and transparent manner.
  • Ensure the payment is permitted by applicable laws and regulations, and shall only apply to the legal person of the beneficiary.
  • Referencing of foundations or non-profit organizations of public servants is not allowed.
  • Follow-up on completion of charitable contribution will be done by the Officer/Compliance Function

As part of the process:
  • Minutes of the Board of Directors through which the approval of the donation is made
  • Endorsements of the approval of the donation by the Presidency.
  • Due diligence support provided to the donor
  • Evidence of receipt of the Donation
3.8 POLITICAL CONTRIBUTIONS
Sophos Solutions prohibits its employees’ officers and third parties acting on behalf of the company, (both parent and subsidiary) from making political contributions to political parties or candidates.
3.9 INTERNAL BENEFITS
The benefits offered by Sophos Solutions to each of its employees are not considered Bribery, these internal benefits that are established by the company’s directives, and must be granted according to the procedures established from Work Environment and Quality of Life (https://go4plus.sophosproyectos.com/#/benefits)

  • Agreements
  • Quality of life
  • Benefits on demand

The recognitions, integrations, or internal attentions by each of the areas are not considered bribes either, these are carried out in an open and transparent manner with prior authorization, however, if this generates any type of undue pressure it must be reported to the Compliance officer / function or to the ethical channel.
3.10 DOUBTS OR INAPPLICABILITY
Sophos Solutions has had mechanisms that allow confidential reporting of any type of complaint with all collaborator, without distinction of level, shareholders, third parties, individual or any person who is foreign or national must be diligent and promptly report any indication, suspicion or violation of the Anti-Bribery and Anti-Corruption laws of the code of ethics, Transparency and Business Ethics Program, the Anti-Bribery and other forms of Corruption policy, or any conduct, potential or existing, illegal or immoral, that they are aware of.

Likewise, Sophos allows staff to receive advise from an appropriate person (Anti-Bribery and Anti-Corruption compliance officer / function) on what to do if they face a problem or situation that can involve bribery, also ensuring that the compliant o report that is generated will be kept confidential and will be analyze property.

In case of doubts as to the viability of receiving or offering gifts or attentions or if it is not possible to apply the parameters established herein, or that any circumstance does not expressly include in this Policy occurs, as well as for any exception to the provisions thereof, we must immediately report the concern to the Compliance officer / function for resolution, and if necessary, the express written authorization. Depending on the relevance of the situation and once the respective evaluation has been carried out, the Compliance officer / function will submit the situation to the Compliance and audit Committee for consideration.
3.11 COMMUNICATION CHANNELS
Sophos Solutions will treat all complaints with the utmost confidentiality and will analyze them appropriately. No contributor shall be reprimanded, retaliated, discriminated against, or disciplined (threatened, isolated, degraded, prevented from promoting, fired, bullying, victimized, or otherwise harassed) for:
  • Refusing to participate in, or rejecting, any activity for which they have reasonably judged that there is more than a low risk of bribery that has not been mitigated by the organization.
  • Concerns raised or reports made in good faith or on the basis of a reasonable belief, actual intent or suspected bribery or violations of the anti-bribery policy or anti-bribery management system (except where the individual participated in the violation).

Whether communications are anonymous or non-anonymous, Sophos will take legal steps to protect the confidentiality and anonymity of any complaints made.

The mechanisms established by Sophos for the filing of complaints are:

Likewise, Sophos Solutions being a company supervised by the SuperSociedades, promotes the Transnational Bribery Complaints Channel and the Corruption Complaints Channel of the Transparency Secretariat.

Transnational Bribery Complaints Channel
https://www.supersociedades.gov.co/delegatura_aec/Paginas/Canal-deDenuncias-SobornoInternacional.aspx

Channel of Complaints for Acts of Corruption
http://www.secretariatransparencia.gov.co/observatorio-anticorrupcion/portalanticorrupcion
3.12 CONSEQUENCES OF NON-COMPLIANCE
Sophos Solutions considers a SERIOUS MISCONDUCT the non-compliance of the Anti-Bribery and AntiCorruption Management System, the Transparency and Business Ethics Program, Anti-Bribery and other forms of corruption policy, the omission or breach of the Code of Ethics, the Internal Labor Regulations, the Labor Contract and any of the controls, information management or other guidelines defined herein for the prevention, detection and control of activities that contradict the fight against Acts of Corruption and Bribery, without prejudice to applicable legal sanctions. As a result of the serious infringement and breach of the employee’s duties towards the Company, the Company will undertake disciplinary and/or legal action as appropriate.

In the case of Sophos collaborators, the penalty procedure to be followed is that determined in the section “SCALE OF MISDEMEANORS AND DISCIPLINARY SANCTIONS” of the Internal Labor Regulations, without prejudice to the applicable legal sanctions. For those linked to the company, the penalties set out in the contracts and/or in the law as appropriate will be taken into consideration.

Legal sanctions against bribery and corruption are severe and may involve fines, administrative or criminal sanctions, such as, for example, imprisonment for the persons involved, as stipulated by international laws in which prison sentences of 7 to 10 years and/or unlimited fines are agreed.

In addition, Sophos Solutions could face serious fines or other criminal penalties for bribery and corrupt activities by third parties 2. However, Sophos will investigate any activity that violates this Policy and, where appropriate, will inform the competent authorities of any event of fraud or corruption and will initiate and accompany into the legal actions that are pertinent, in addition to taking the appropriate disciplinary measures and sanctions that may even involve the termination of the employment or commercial relationship.

Ignorance or inadequate understanding of this policy does not entitle its recipients to breach it.

“Sophos Solutions S.A.S reserves the right to modify this document according to the changes that arise within the company”.


2 Article 2 (Law 1778/2016) Administrative liability of legal persons who, through one or more employees, contractors, administrators, associates, or any subordinate legal person.