MANAGEMENT POLICY

[vc_row css=”.vc_custom_1613005123022{margin-bottom: 90px !important;}”][vc_column][vc_custom_heading text=”MANAGEMENT POLICY FOR THE PREVENTION OF FRAUD- CORRUPTION AND BRIBERY” font_container=”tag:h1|font_size:38px|text_align:left|color:%23c80028|line_height:45px” google_fonts=”font_family:Roboto%20Condensed%3A300%2C300italic%2Cregular%2Citalic%2C700%2C700italic|font_style:700%20bold%20regular%3A700%3Anormal” css=”.vc_custom_1613005274600{margin-top: 90px !important;margin-bottom: 30px !important;}”][vc_column_text]

1. goals

• The main objective of this policy is to establish the general guidelines and parameters that must be followed by all employees, administrators, shareholders, directors, suppliers and interested parties to the business group Heinsohn Business Technology SA (hereinafter Heinsohn), in order to minimize the materialization of situations associated with Fraud.
• Promote an ethical and integrity culture in the organizational environment, aimed at preventing fraud or corruption events
• Ensure that behaviors that violate business integrity and the organizational code of ethics are not allowed in the organization.

2. Scope: Applies to all employees who enter the company after the publication and disclosure of this policy, current employees, administrators, shareholders, directors, suppliers, customers and other interested parties to the Heinsohn business group.
3. Duration: Permanent.
4. Description:

The culture and position of our company is based on zero tolerance for Fraud, Corruption and/or bribery. Therefore, Heinsohn permanently seeks to implement best practices against these activities. Therefore, it is imperative to put the observance of the ethical principles of transparency, fairness, equality and impartiality before the achievement of corporate goals, considering it essential to generate a culture aimed at applying and enforcing this policy.

In the interests of policy compliance, Heinsohn:

• You refrain from participating in any form of Fraud, Bribery, or Corruption practice, directly or indirectly.
• Promotes and establishes within the entire organization, an anti-fraud, anti-bribery and anti-corruption institutional culture.
• It does not tolerate that its Employees, Managers, Shareholders, Directors, Suppliers and Associated Third Parties obtain direct or indirect economic, commercial or any other kind of results, in exchange for violating the law or acting dishonestly.
• It has a code of ethics which regulates the conduct of employees in order to prevent the promotion of any form of Fraud. The guidelines and rules of the code of ethics are understood to be incorporated into this policy.
• It generates an environment of transparency, maintaining the appropriate channels to favor the communication of said matters within the organization and coordinating the set of actions necessary to prevent, detect and respond to possible situations of Fraud and Corruption.
• Take the necessary measures at the disciplinary level to combat Fraud, bribery and Corruption, in any form or type in question.
• Prohibits bribery in any form: A bribe is defined as the act of giving, offering, promising, soliciting or receiving anything of value as consideration for an undue benefit or improper advantage or as consideration for the performance of any public or private function, regardless of whether such offer, promise or solicitation is for yourself or a third party, in that person’s own name or on behalf of a third party. The Heinsohn group of companies strictly prohibits bribery in any form, including directly and indirectly or through or in connection with any third party; Consequently, it is totally forbidden to offer, pay, promise to pay, authorize payment, request, receive or authorize the receipt of money or anything of value, either directly or indirectly, for the purpose of obtaining, retaining or directing business to any person or for any other type of improper advantage.

5. Actions that may constitute fraud.

The following list is not limited to the actions that may constitute fraud or any dishonest or illegal act that goes against this policy, some of these actions are contemplated in the criminal regulations of the country and the legal and judicial provisions of each will apply. jurisdiction:

Misappropriation of assets:

• Taking company money or assets improperly or without authorization.
• Divert money from an organization account for personal benefit or that of a third party.
• Misuse of petty cash funds.
• Obtaining a benefit, help or contribution through deception or by completely or partially keeping the truth hidden.
• Falsify or alter any type of document or record, in order to obtain a personal benefit or for a third party.
• Buy, with company resources, goods or services for personal use or that of a third party.
• Subtract or abusively use company assets for personal benefit or that of a third party, such as goods, equipment, furniture, inventories, investments, among others.
• Make double, unauthorized payments or incur expenses that are not supported by formal documents.
• Improper manipulation of treasury surpluses for their own benefit or that of a third party.
• Improper handling or use of the organization’s information assets for personal benefit or that of a third party.

Money laundering:

• Legitimize income from illegal actions through fictitious transactions.
• Favor a third party in its intention to legitimize income from illegal actions
• Acquire, accept or manage goods or money within the organization knowing that they are the product, proceed or originate from the commission of a crime.
• Unusual transactions in accordance with the provisions of the Comprehensive System for the Prevention of Money Laundering and Financing of Terrorism ML/TF.

Intellectual property infringement:

• Obtain, by whatever means, industrial secrets of companies without the authorization of it or its authorized user.
• Improperly sell, offer, disclose or use information of the Heinsohn group of companies, including proprietary information, confidential information or other intellectual property.
• Copy, reproduce or distribute unauthorized software developments.
• Destroy, erase, disable or improperly use the digital records of the organization.

6. Internal use

• Prioritizes Fraud, Bribery and Corruption prevention activities, without reducing efforts aimed at detecting and correcting situations related to the same scourges.
• Evaluates the indications of alleged acts of Fraud, Bribery or Corruption, under the principles of confidentiality, integrity, transparency, objectivity, independence and autonomy of those responsible for the evaluations.
• It manages in a timely manner all reports of acts related to Fraud, Bribery or Corruption, regardless of their amount or the personnel involved, guaranteeing confidentiality, objectivity, respect and transparency. No official will suffer negative consequences for preventing, rejecting or denouncing an act of this nature.
• It does not maintain links with Employees, Administrators, Directors, Suppliers or Associated Third Parties who have been convicted of criminal activities related to Fraud, Bribery or Corruption.
• It has the Transparency communication channel, through which complaints of non-compliance with the provisions of the Code of Ethics are received, including incorrect acts related to Fraud, Bribery and Corruption.

7. Processes to avoid fraud

Heinsohn contemplates within its processes and business areas, the following activities to prevent fraud:

• Selection and recruitment of personnel: In order to hire suitable and trustworthy personnel who comply with the code of ethics, within the process of selection and recruitment of personnel, Heinsohn has a verification process (Security Study) before carrying out the recruitment.
• Selection and knowledge of the Client: Heinsohn carries out a preliminary validation of the prospects before establishing a commercial link. For which, the marketing area performs a SARLAFT validation. In case of presenting a result that does not comply or is not aligned with the company’s Fraud management policy, it is prohibited to start commercial relations with said third party.
• Signature of Commitments and Policies: At the time of initiating any employment relationship with third parties, Heinsohn will sign a certificate of acceptance of our fraud management policies.
• Control Activities: Heinsohn’s financial area will audit Heinsohn’s bank accounts every six months in order to identify any sign of fraud. On the other hand, three audits a year will be carried out by the tax auditor, where a thorough review of the company’s financial information is carried out.
• IT User Access Control: Formal procedures exist to control proper access to technology systems. Access procedures should cover all stages of the user life cycle, from the initial registration of new users, to their withdrawal.
• Facilitation payments: Facilitation payments, understood as payments made to secure or expedite the fulfillment of Heinsohn’s obligations to third parties, are prohibited.
• Gifts and entertainment: Employees must refrain from receiving or offering gifts or entertainment that exceed 10% SMMLV (Current Legal Minimum Monthly Wage) and that are contrary to this policy. Business gifts 1 may be received or offered not to exceed the amount set forth above.
• Publication of this policy: Heinsohn has published this policy on the website https://www.heinsohn.com.co/politica-de-gestion/ with the aim that any third party is aware of this policy.
• Within the process of induction and re-induction of employees, Heinsohn presents the socialization and training of employees in anti-fraud and anti-corruption policies with the aim of making new and old employees aware of the importance of knowing and complying with this policy. .
• Fraud, corruption and/or bribery prevention committee: The business group has a fraud management committee made up of the financial manager, human management manager and legal analyst, who must review the cases of possible fraud presented in the company. In addition, they must make a quarterly report (when applicable) to senior management on the cases reported in the media established in this policy. Finally, they must establish actions to prevent fraud/corruption and/or bribery.
• This policy will be included in the contracts with any third party in order to inform third parties (customers, suppliers, contractors, employees and/or others) of Heinsohn’s position regarding proactive management against fraud, corruption and/or or bribe.
• At least once a year, this policy will be sent to the company’s suppliers in order to reiterate Heinsohn’s position against fraud, corruption and/or bribery.

[1] Business gifts are understood to be any item given or received as a result of a business relationship and for which a market value is not paid. Example agendas, pens, mugs, etc.

8. Processes for reporting fraud

Heinsohn will have the following means of transparency to report irregular situations contemplated in this policy:

1. Email for employees or any third party to report possible fraud, theft, corruption or bribery or any irregularity:reportefraude@heinsohn.com.co
   Within the email, the third parties related to the fraud and the facts that support it must be included. Heinsohn through this policy will guarantee the confidentiality of the report made.
2. Service desk: For Heinsohn employees, there is also an internal service desk where incidents, fraud, theft, signs of corruption or bribery or any irregularity can be registered, within the “Report Fraud” option.

In order to maintain confidentiality and avoid jeopardizing investigations, employees should not discuss it with other employees or anyone else to avoid information leaks.

Heinsohn will proceed to carry out the respective investigations of fraud, theft or any irregularity with the areas related to it. If within the investigations it is identified that said fraud, theft or irregularity actually materializes, the sanctions must be assessed.

After the investigation is complete, it is necessary to determine what action will be taken based on the findings. In some cases, it may be necessary to take certain actions before the investigation is complete (for example, preserving evidence, maintaining confidence in witnesses, or mitigating losses). This could require the suspension or physical change of individuals or legal action to secure the assets.

9. sanctions

After carrying out the respective investigation, when applicable, the imposition of the disciplinary sanctions that apply in accordance with the substantive labor and legal code will result. Any action that applies to all levels of employees, including senior management, must be appropriate to the circumstances, and must be taken only after consultation with those responsible for such decisions. Consultation with the Legal and human management area is necessary before taking disciplinary, civil or criminal action.

Any investigation and disciplinary sanction must be carried out without regard to the offender’s position, title or relationship with our company. In the event that the situation involves a third party, supplier, client and/or contractor, the relationship with said third party will be terminated immediately, constituting just cause to unilaterally and immediately terminate the contracted relationship, without any compensation whatsoever. favor of any of the parties and/or their partners, administrators, and/or subsidiaries during the development of any contractual relationship, and will be included in the database where the prohibition to re-hire and/or establish a business relationship is recorded. with said third party. This database will be stored in the repository of the Financial Management.

The areas in charge of reviewing the case must make a report to the presidency where the facts are presented and a corrective action plan must be carried out to analyze the situation presented and generate actions so that said situation does not repeat itself.

10. Approval:

Approved by:	Approval date:	Last update
Presidency Presidency	March 20, 2019 September 15, 2020	March 20, 2019 September 15, 2020

[/vc_column_text][/vc_column][/vc_row]