ENVEA GROUP THIRD-PARTY DUE DILIGENCE POLICY

ENVEA (“ENVEA” or the “Group”) periodically enters into contracts with agents, distributors, representatives, consultants, business partners, contractors, suppliers, and other partners (collectively, “Third Party Intermediaries”). The laws that apply to the actions of the Group often apply equally to Third Party Intermediaries acting on the Group’s behalf. The Group must therefore ensure that its Third Party Intermediaries are aware of and comply with Group policy and with applicable laws.

Accordingly, to minimize the risk that a Third Party Intermediary will conduct itself improperly, prior to entering into an agreement with a Third Party Intermediary not yet approved, employees responsible for establishing any such agreements must work with the Designated Officer[1] to perform the steps outlined in the Compliance Due Diligence Checklist below. When the Compliance Due Diligence Checklist steps have been completed, the Designated Officer must confirm that the aforementioned due diligence has been conducted both properly and sufficiently. The steps in the Compliance Due Diligence Checklist must be repeated every three years (or more frequently if circumstances warrant) for as long as the Group conducts business with the Third Party Intermediary in question.

It is important to note that these procedures are intended to be risk-based, rather than prescriptive. The appropriate amount of due diligence will depend on the relevant facts and circumstances, including, but not limited to, the Group’s familiarity and past experience with the Third Party Intermediary, the nature of the services the Third Party Intermediary will provide, the scope of the agreement with the Third Party Intermediary, the Third Party Intermediary’s relationship or association with government entities or Government Officials[2], and the nature of interactions the Third Party Intermediary may have with external parties on behalf of the Group.

The Compliance Due Diligence Checklist below reflects standard procedures for performing compliance due diligence on a potential third-party business partner. These procedures generally include the following:

  • assessing the Third Party Intermediary’s risk profile;
  • searching for publicly available information on the Third Party Intermediary;
  • conducting restricted party screening using [SCREENING PROVIDER];
  • providing the Third Party Intermediary with a compliance due diligence questionnaire and reviewing the Third Party Intermediary’s responses;
  • analyzing the Third Party Intermediary’s key risk areas;
  • issuing due diligence findings and recommendations based on those findings;
  • ensuring relevant compliance provisions are included in the contractual agreement with the Third Party Intermediary;
  • compiling and retaining all materials related to the diligence conducted on the Third Party Intermediary; and
  • obtaining the Designated Officer’s approval prior to entering into a relationship with the Third Party Intermediary.

While the aforementioned procedures are intended to provide guidance with respect to diligence, they should be tailored and prioritized according to the circumstances of the contemplated relationship. To adequately document and conduct the due diligence process, employees must submit appropriate documentation to the Designated Officer regarding the agreement and the Third Party Intermediary. The Designated Officer will retain a separate due diligence file for each representative, containing, at a minimum, copies of the Due Diligence Questionnaires and contracts with the representatives up to ten years after the end of the relationship.

Compliance Procedures and Training

All Group Personnel shall receive and review a copy of this Policy. ENVEA will provide periodic training programs or modules to educate Group Personnel about the requirements and obligations of this Policy. Group Personnel must participate in this training when required and the Designated Officer will retain attendance and/or completion records establishing compliance with this requirement.

Reporting Requirements and Speak Up Policy

Group Personnel must report misconduct or suspicion of misconduct. Guidance on reporting misconduct is provided in the ENVEA Speak Up Policy.

[1] A complete list of Designated Officers and corresponding responsibilities is included in Appendix A of the Envea Code of Conduct.

[2] The term “Government Official” or “Public Official” includes all officials or employees of a department, agency or division of a government, and any person who participates in the exercise of public functions, either by popular election or by appointment by a competent authority; it also includes any official or employee of offices issuing permits, authorizations and licenses, as well as customs officials, candidates for public office and officials of international public organizations (e.g., Red Cross). The term also includes officials or employees of companies controlled by the government or owned by the government such as universities, airlines, oil companies, health facilities and other suppliers owned or controlled by the government. The term also includes family members or direct associates of those persons (e.g., it is not permissible to offer a generous gift to the brother, spouse or child of a Government Official if this Policy prohibits the latter fromreceiving the gift).

  1. Classify Third-Party Risk Profile (Low, Medium, and High-Risk Third Party Intermediaries): Determine the level of risk the relationship with the Third Party Intermediary is likely to pose to the business. Exempt Third Party Intermediaries[1] need not be subject to any of the procedures identified on this checklist. The below classifications establish guidelines. The Designed Officer has sole discretion to modify the risk classification for the diligence process of any Third Party Intermediary should circumstances warrant it. The reasoning for such alteration should be documented in the diligence file. Factors that may warrant elevating the risk ranking include:
    • Third Party Intermediaries that have been subject to regulatory actions or legal proceedings as a result of alleged breaches of anti-corruption laws and/or are the subject of other negative information;
    • Third Party Intermediaries who solicit payment by unusual means (g., payments split into small amounts and deposited to multiple accounts); and
    • Third Party Intermediaries who are to be retained because a Government Official encouraged or required their selection.
    High-Risk Third Party Intermediaries
    • Third Party Intermediaries that will act on behalf[2] of the Group with Government Entities or Government Officials
    • Third Party Intermediaries that will act on behalf of the Group with other parties (i.e., agents) with an annual expenditure (i.e., payment from ENVEA to a Third Party) in excess of EUR 200,000
    • Any Third Party Intermediary that is more than [25%] owned by a Government Official or otherwise known to have substantial government connections
    Medium-Risk Third Party Intermediaries
    • Third Party Intermediaries that will act on behalf of the Group with other non-governmental parties (i.e., agents) with an annual expenditure of less than EUR 200,000
    Low-Risk Third Party Intermediaries
    • All Third Party Intermediaries who do not qualify as a High-Risk, Medium-Risk or Exempt Third Party Intermediary. This includes most suppliers and other service providers.
    Exempt Third Party

    Intermediaries
    • “Big Four” global audit and tax firms (PwC, Deloitte, Ernst & Young, and KPMG) and their local affiliates
    • Utility and telecommunication providers (electric, water, sewer, natural gas, phone, ENVEA.) and national mail companies
    • Publicly-traded companies whose primary stock market listing is in a country that scores 50 or greater on Transparency International’s Corruption Perceptions Index[3]
    • Law firms that have their main office in a country that scores 50 or greater on Transparency International’s Corruption Perceptions Index
    • Suppliers and servicer providers with an annual expenditure of less than EUR 10,000
  2. Reputational Due Diligence Vendor Check (High-Risk Third Party Intermediaries Only): For Third Party Intermediaries that present an exceptionally high degree of risk, the Designated Officer should retain a reputational due diligence vendor to conduct checks on the Third Party Intermediary and its key personnel. Although background checks are not required, the Designated Officer shall evaluate all risk factors associated with the Third Party Intermediary to determine whether exceptional circumstances exist and reputational due diligence is warranted.
  3. Perform Sanctions Database Check (Low, Medium, and High-Risk Third Party Intermediaries): Check [SCREENING PROVIDER] for the name of the Third Party Intermediary, its subsidiaries and affiliates who will be involved in dealings with, or on behalf of, ENVEA. For High Risk Third Party Intermediaries, a sanctions check should also be perfomed on its officers and directors. Any potential “hits” on the Third Party Intermediary should be immediately flagged for review by the Designated Officer.
  4. Conduct Public Search (Low, Medium, and High-Risk Third Party Intermediaries)[4]: Conduct a Google or similar internet search to identify any historical corruption, fraud or other reputational, financial or legal issues in publicly available media. This search should include the name of the Third Party Intermediary, its subsidiaries and affiliates along with the following terms: corruption, bribery, fraud, laundering, and sanctions, as well as the local language translation of the aforementioned five terms. For High Risk Third Party Intermediaries, the public record search should include officers and directors. All relevant findings should be summarized and documented, with copies of the original sources retained electronically or in hard copy.
  5. Provide Third-Party Due Diligence Questionnaire (Medium-Risk and High-Risk Third Party Intermediaries Only): Circulate the Third-Party Due Diligence Questionnaire inquiring into historical compliance issues, existing compliance policies/programs, and other controls that tend to reduce compliance risks. Review the written responses to determine any questions or requests that require further information or documentation from the Third Party Intermediary, and obtain that information or documentation. Discuss any answers of potential concern with the Designated Officer to determine necessary follow-up.
  6. Describe Additional Information-Gathering Steps Taken, If Any:
    ________________________________________________________________________________________________________________________________________________
  7. Analyze and Assess Key Areas Related to Relationship, including, but not limited to:
    • Third Party Intermediary’s existing anti-corruption and economic/trade sanctions compliance program;
    • The activity that the Third Party Intermediary will be performing on behalf of ENVEA; and
    • Any interactions the Third Party Intermediary will have on behalf of ENVEA with other external parties.

    Evaluate the risk of each key area; identify mitigation steps; decide whether to proceed and recommend actions to minimize risk to the Group.

  8. Ensure Appropriate Documentary Protections are Included in Contract: Please refer to the Compliance Documentary Protections for Third-Party Agreements document for guidance. Any modifications from the language contained in this document must be approved by the Designated Officer.
  9. Compile and Retain Record of Diligence: Retain a copy of this checklist documenting due diligence performed and all related materials for future reference. Note, in the file, the date that the due diligence was completed; this diligence process must be repeated every three (3) years from this date for as long as the Group conducts business with this Third Party Intermediary.
  10. Obtain the Designated Officer’s Approval: Present the Designated Officer with this form, with Steps 1-9 completed, along with all Group documentation as compiled in Step 9. Discuss diligence process and findings with the Designated Officer and obtain sign-off prior to engaging the Third Party Intermediary.
  11. Provide Additional Contextual Information, If Any:
    ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________Completed By (Name and Title): _______________________________________________________________________________________________________________________________

[1] See the body of this Policy for categories of entities that qualify as Exempt Third Party Intermediaries.

[2] Third Party Intermediaries considered to be “acting on behalf of the Group” are those who will interact with external parties in a capacity where they are representing the Group. Such Third Party Intermediaries include, amongst others, agents, distributors, lawyers who will interact with courts or government agencies in performance of their mandate.

[3] See https://www.transparency.org/cpi2018

[4] Step 4 is not required if a reputational due diligence vendor is retained to conduct checks on the Third Party Intermediary and its key personnel, as described in Step 2.

  1. Does the Company have any contracts, or otherwise conduct business, with governmental entities?
  2. Does the Company currently, and in connection with the proposed engagement will it, interact with any government departments, agencies, or other public or regulatory entities (e.g., customs and other capital/goods exports, government contracts, state-run entities, real estate, licensing and permits)? If so, identify the licenses, permits, certifications and other regulatory approvals the Company (including its affiliates) obtains or will obtain from government entities in the course of its business.
  3. How many full-time employees (or equivalents) does the Company employ? Part-time/contract workers? Explain what checks or diligence the Company performs on its own employees, including whether it determines whether they are government/public officials or otherwise have political exposure.
  4. Does the Company or any of its affiliates employ any former foreign officials or employees? If so, please identify them and describe what roles those employees play at the Company.
  5. In connection with the proposed engagement, has the Company, or any person on behalf of the Company, provided anything of value, including gifts, travel, entertainment, internships, or employment, to any customer (or a family member of a customer) in order to obtain or retain business or to otherwise secure an advantage, or does it plan to do so? If so, please explain the circumstances.
  6. In connection with the proposed engagement, has the Company, or any person on behalf of the Company, made a charitable donation, political contribution, or any educational or research grant either (i) at the request of a government official or (ii) to an organization or entity for which a government official or close relative of a government official serves as an officer or director? Does it plan to do so? If so, please explain the circumstances.
  7. Please identify the role of agents, distributors, third parties, representatives or consultants that the Company (including any of its affiliates) will use in connection with ENVEA business and describe what anti-corruption screening and monitoring procedures are in place with respect to those third parties.
  8. Does the Company have a compliance program in place (e.g., policies, procedures, training and monitoring) that covers anti-corruption topics? Who is responsible for the administration of the compliance program (g., board of directors, General Counsel, Compliance Officer, CFO)?
  9. Does the Company use protective measures, such as diligence, written contracts with anti-corruption representations and warranties, training and certification, or compliance assessments, to mitigate risk in its relationships with third parties?
  10. In connection with the proposed engagement, does the Company anticipate using cash payments? Explain what processes are in place for tracking and recording cash payments made in the course of the Company’s business.
  11. Does the Company (i) provide services, (ii) export any goods, or (iii) have any other relations, directly or indirectly, to or with countries or entities organized under the laws of or doing business in Cuba, Iran, North Korea, Syria, or the Crimea region of Ukraine? If so, please provide details (including the date of last activity involving any of these markets, if no current activity).
  12. Describe the Company’s policies and/or internal controls in place to ensure that it does not transact business with (i) persons or entities who are the subject of economic sanctions or asset freezes imposed by the E.U., U.K., or U.S. governments, or (ii) governments who are the subject of comprehensive sanctions (e.g., Cuba, Iran, North Korea, Syria, or the Crimea region of Ukraine).
  13. In the past 10 years, has the Company (including any of its affiliates), in any country, been the subject of any investigation, inquiry, or legal proceeding related to bribery, corruption, or violation of trade sanctions or export controls laws?
  14. In the last 10 years, has the Company had any suspicion of, or any occasion to internally investigate or review, any allegations of corruption, fraud or breach of sanctions issues? Explain any adverse findings and what remedial measures the Company implemented.

Below are sample documentary protections that are intended as a resource for ENVEA when negotiating agreements with Third Party Intermediaries. Examples are provided of language that may be suitable for a contract with Low- and Medium-Risk Third Party Intermediaries and with High-Risk Third Party Intermediaries.

The nature of the Third Party Intermediary, the level of risk assigned to the Third Party Intermediary and other commercial factors will always affect the level of representation and warranty protection that is suitable (and possible) to include in each agreement.

For Use with Low- and Medium-Risk Third Parties

[The Third Party] warrants and represents that each of the below is true, complete and accurate:

  1. It has not and will not violate any applicable anti-corruption laws, including without limitation the United States Foreign Corrupt Practices Act of 1977, the U.K. Bribery Act of 2010, Sapin II Act, any applicable European Union directives, and related local laws, and all national and international laws enacted to implement the OECD Convention on Combating Bribery of Foreign Officials in International Business Transactions.
  2. It has not and will not violate, or cause ENVEA to violate, any applicable sanctions laws, including without limitation all laws, regulations and Executive Orders administered by the U.S. Treasury Department Office of Foreign Assets Control (“OFAC”), the United Nations Security Council, Her Majesty’s Treasury, the European Union, or any other jurisdiction that has or will in the future issue a restrictive trade law applicable to [Third Party].
  3. It has not and will not violate any applicable anti-money laundering laws.
  4. It has not and will not in the future conduct business in any country or territory that is the subject of country-wide or territory-wide sanctions, including, but not limited to, as of the date of this Agreement, Iran, Cuba, Syria, Sudan, Crimea, and North Korea, or with a person or entity that is targeted by list-based sanctions maintained by the United States, United Kingdom, European Union, or United Nations.
  5. It has effective controls that are sufficient to provide reasonable assurances that violations of applicable anti-corruption, sanctions, and anti-money laundering laws and regulations will be prevented.
  6. It shall immediately notify ENVEA of any violation or potential violation of applicable laws and shall be responsible for any damages to ENVEA from [Third Party’s] or its agents’ violation or potential violation of such laws.
  7. It has reviewed ENVEA’s Anti-Corruption Compliance Policy and Trade Compliance Policy agreed to abide by its terms in connection with all dealings on behalf of ENVEA.

For Use with Elevated Risk Third Parties

Definitions

Anti-Corruption Laws” means laws, regulations or orders relating to anti-bribery, influence peddling or anti-corruption (governmental or commercial), which apply to the business and dealings with a Third Party, each subsidiary of the Third Party, and the shareholders of the Third Party; including, without limitation, laws that prohibit the corrupt payment, offer, promise, or authorization of the payment or transfer of anything of value (including gifts or entertainment), directly or indirectly, to any Government Official, commercial entity, or any other Person in order to obtain an improper business advantage; such as, without limitation, the U.S. Foreign Corrupt Practices Act of 1977, as amended from time to time (the “FCPA”), the UK Bribery Act 2010 and all national and international laws enacted to implement the OECD Convention on Combating Bribery of Foreign Officials in International Business Transactions.

Anti-Money Laundering Laws” means laws, regulations, rules or guidelines relating to money laundering, including, without limitation, financial recordkeeping and reporting requirements, which apply to the business and dealings of the [Target Company], each subsidiary of the [Target Company], and the shareholders of the [Target Company]; such as, without limitation, the U.S. Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, Public Law 107-56, the U.S. Currency and Foreign Transaction Reporting Act of 1970, as amended, the U.S. Money Laundering Control Act of 1986, as amended, the UK Proceeds of Crime Act 2002, the UK Terrorism Act 2000, as amended, as well as all money laundering-related laws of other jurisdictions where the Company and its subsidiaries conduct business or own assets, and any related or similar Law issued, administered or enforced by any Governmental Entity.

Governmental Entity” means (i) any national, federal, state, county, municipal, local, or foreign government or any entity exercising executive, legislative, judicial, regulatory, taxing, or administrative functions of or pertaining to government; (ii) any public international organization; (iii) any agency, division, bureau, department, or other political subdivision of any government, entity or organization described in the foregoing clauses (i) or (ii) of this definition; (iv) any company, business, enterprise, or other entity owned, in whole or in part, or controlled by any government, entity, organization, or other Person described in the foregoing clauses (i), (ii) or (iii) of this definition; or (v) any political party.

Government Official” means (i) any official, officer, employee, or representative of, or any Person acting in an official capacity for or on behalf of, any Governmental Entity; (ii) any political party or party official or candidate for political office; (iii) a Politically Exposed Person (PEP) as defined by the Financial Action Task Force (FATF) or Groupe d’Action Financière sur le Blanchiment de Capitaux (GAFI); or (iv) any official, officer, employee, or representative of a company, business, enterprise or other entity owned, in whole or in part, or controlled by any Governmental Entity.

Sanctions Laws and Regulations” means (i) all laws, regulations and Executive Orders administered by the U.S. Treasury Department Office of Foreign Assets Control (“OFAC”), including without limitation, the Trading With the Enemy Act, the International Emergency Economic Powers Act, the Iran Sanctions Act, the United Nations Participation Act, and the Syria Accountability and Lebanese Sovereignty Act, all as amended, regulations found at Title 31, Subtitle B, Chapter 5 of the U.S. Code of Federal Regulations (C.F.R.) and any enabling legislation or executive order relating to any of the above, as collectively interpreted and applied by the U.S. Government at the prevailing point in time; (ii) any U.S. sanctions related to or administered by the U.S. Department of State; or (iii) any sanctions laws, regulations, directives, measures or embargos imposed or administered by the United Nations Security Council, Her Majesty’s Treasury, the European Union, or any other jurisdiction that has or will in the future issue a restrictive trade law applicable to the Company.

Sanctions Target means: (i) any country or territory that is the subject of country-wide or territory-wide Sanctions, including, but not limited to, as of the date of this Agreement, Iran, Cuba, Syria, Sudan, Crimea, and North Korea, where such activities would be prohibited by applicable law; (ii) a person or entity that is on the list of Specially Designated Nationals and Blocked Persons published by OFAC, the European Union, or any equivalent list of sanctioned persons issued by the U.S. Department of State or other relevant government entities; or (iii) a person or entity that is located in or organized under the laws of a country or territory that is identified as the subject of country-wide or territory-wide Sanctions Laws and Regulations.

Contractual Provisions

[Third Party] warrants and represents that each of the below is true, complete and accurate [in connection with the Third Party’s work on behalf of [THE COMPANY]]:

  1. It has not taken and will not take any action that would constitute a violation, or implicate ENVEA in a violation of, any Anti-Corruption Laws.
  2. It has not offered, paid, promised to pay, authorized the payment of, received, or solicited anything of value under circumstances such that all or a portion of such thing of value would be offered, given, or promised, directly or indirectly, to any person to obtain any improper advantage, and will not do so in the future.
  3. Neither it, nor its shareholders, officers, directors, or ultimate beneficial owners, is a Government Official [except as disclosed in Schedule X].
  4. It has maintained and will maintain complete and accurate books and records, including records of payments to any agents, consultants, representatives, third parties, and Government Officials in accordance with international financial reporting standards, and it will allow ENVEA to review its books and records maintained in connection with activities on behalf of ENVEA.
  5. Neither it, nor or any of its affiliates, directors, employees, independent contractors, representatives or agents is a Sanctions Target or is acting on behalf of, directly or indirectly, of any Sanctions Target.
  6. It has not and will not engage, either directly or indirectly, in any business or dealings with any Sanctions Targets.
  7. It has not taken and will not take any action that would constitute a violation, or implicate ENVEA in a violation of, any Sanctions Laws and Regulations.
  8. It has not taken and will not take any action that would constitute a violation, or implicate ENVEA in a violation of, any Anti-Money Laundering Laws.
  9. It has effective controls that are sufficient to provide reasonable assurances that violations of applicable Anti-Corruption and Anti-Money Laundering Laws and Sanctions Laws and Regulations will be prevented. If a violation is detected, it will immediately notify ENVEA and shall be responsible for any damages to ENVEA as a result.
  10. It agrees to cooperate with any compliance audit or investigation by ENVEA and to provide all reasonable information and assistance requested upon an investigation or inquiry by a Governmental Entity directed to ENVEA.
  11. It has reviewed ENVEA’s Anti-Corruption Compliance Policy and Trade Compliance Policy agreed to abide by its terms in connection with all dealings on behalf of ENVEA.