1. Introduction
1.1. Background
At Ciklum we are committed to doing business in accordance with our core principles – transparency and integrity, which in particular means avoiding bribery and corruption of all kinds and in wider sense this relates to not facilitating or engaging in any Financial Crime. This includes bribery and corruption, money laundering and sanctions.
Ciklum defines these areas of financial crime as:
Detailed definitions can be found in Sections 4, 5 and 6 of this Policy.
1.2. Purpose of this Policy
The purpose of this Policy is to guide Ciklumers and to ensure that Ciklum’s core values of transparency and integrity are maintained at all levels of Ciklum. This policy is also designed to manage Ciklum’s compliance risk, and to protect Ciklum, our shareholders, and customers.
Managing compliance risk in the context of this policy refers to the risks presented by national and international financial crime laws and regulations. It is essential that Ciklum has in place processes, systems and controls to manage this compliance risk as without it Ciklum’s integrity, profitability and future growth ambitions could be comprised. To manage this compliance risk Ciklum will:
This Policy applies to all Ciklumers, including officers and directors. In addition, Ciklum will require third parties who represent it (such as agents, consultants, and contractors) to conduct themselves where applicable in a manner consistent with this Policy.
Ciklum will seek to comply with all applicable laws, rules and regulations in the jurisdictions in which it operates including those relating to anti-bribery and corruption (ABC), anti-money laundering (AML) and sanctions. For the purpose of combatting financial crime the decision has been taken to use the regulations imposed by the European Union (EU), United Nations (UN) and United States (US) as a benchmark.
This decision has been made as these regulations are directly applicable to certain Ciklumers and they are also seen as being the highest global standards to combat financial crime. In each jurisdiction Ciklum operates in there are laws and regulations relating to bribery and corruption, money laundering and sanctions. Where these conflict with the requirements outlined by the EU, UN and US Ciklum will take a decision on the appropriate course of action on a case by case basis.
Core Anti- Bribery and Corruption regulations – U.S. Foreign Corrupt Practices Act (“FCPA”) and the U.K. Bribery Act prohibit bribery of foreign government officials (broadly defined later in this policy), and with regard to the FCPA in particular, mandate that companies establish and maintain accurate books and records and sufficient internal controls. The UKBA also prohibits private sector (commercial) bribery.
A violation of financial crime regulations can lead to severe civil and criminal penalties and is cause for disciplinary action (up to and including termination of employment or contract with Ciklum1); it is vital that every Ciklumer2 not only understands and appreciates the importance of these policies and procedures, but also complies with them in daily assignments.
1.3. Compliance risk
Compliance risk (also referred as Financial Crime risk) is an indispensable part of Ciklum’s overall risk. It is a risk Ciklum may suffer in failure to comply with applicable laws, rules and standards including FCPA, UKBA, Anti-Money Laundering regulations, sanctions and embargo programs, and the Code of Conduct applicable to Ciklum’s activities.
Compliance risk is also an integrity risk, because Ciklum’s reputation is closely connected with its adherence to principles of transparency, integrity and fair dealing.
Compliance risk must be identified, assessed, advised on, monitored and reported timely to protect Ciklum from any damage or losses such as legal or regulatory enforcement or sanctions, material financial losses, reputational losses, financial crime and corruption (destroying shareholders’ value).
1.4. Compliance principles
Ciklumers, at all levels, are required to strictly abide with the principles outlined below while performing their duties in the Ciklum. Abiding by these principles will help to manage the risk that Ciklum, and/or Ciklumers, are found to breach local laws, international laws and Ciklum’s own compliance controls.
1.4.1. Compliance with Laws, Rules & Regulations
Ciklumers have to act according to Ciklum’s written policies and procedures in order to ensure full compliance with laws, rules and standards helping to maintain Ciklum’s reputation, and meet the expectations of its customers, the relevant regulatory bodies, the markets and society as a whole; treating customers fairly, and ensuring suitability of customer advice.
1.4.2. Promote and Engage in Ethical Conduct
Ciklumers, at all levels, are required to carry out their duties acting professionally and honestly, in good faith and with integrity respecting Ciklum’s Code of Conduct; perform duties as described by their contracts or job descriptions; avoid misuse of authorities; properly use accessible information; not engage in any unethical/ illegal activities that may damage Ciklum’s reputation; act with full transparency and in a bona fide; and report any illegal activities/ unethical behaviour/ suspicion of any illegal act, as per applicable policies and procedures.
1.4.3. Avoid any Conflict of Interest
Ciklumers should act in the best interests of Ciklum without giving any preference to any third party on the basis of personal considerations ensuring their private matters do not interfere with the interests of Ciklum.
1.4.4. Protect Confidentiality
Ciklumers have to maintain the confidentiality of information which may be related to Ciklum and its clients (and entrusted to them) except when disclosure is authorised or required by law; even when they leave Ciklum.
1.4.5. Protect Ciklum’s Assets
Ciklumers should protect and use Ciklum’s property and assets for legitimate business purposes.
1.4.6. Act in the Customer’s Best Interest
Ciklumers should provide services to Ciklum’s customers with care, honesty and fairness; they should strictly avoid manipulation, or any unfair dealings. Accordingly, Ciklum will ensure careful review of customers’ complaints, process them in a timely manner and document replies.
1.4.7. Raise any issues or concerns
Ciklumers are encouraged to report any violation of Ciklum’s policies, Code of Conduct, potential violations of applicable laws and regulations, as well as other types of misconduct. Ciklum pledges to protect all Ciklumers against any kind of harassment from any other employee for reporting a potential violation in good faith.
2. Governance
The approach of Ciklum’s compliance governance is based on clear roles and responsibilities for both Operational management (the first line of defence) and Compliance (the second line of defence). This is supported by oversight and challenge from senior management in the form of the Risk Management Committee (RMC). The roles and responsibilities of these functions is detailed below.
2.1. Involvement of the Senior Management
Ciklum’s Senior Management are integral in developing and ensuring the continued effectiveness of Ciklum’s compliance framework. Ciklum’s Senior Management (Leadership team & Invited Members) support the compliance process by:
2.2. Operational Management as the first line of defence
Ciklum’s operational management includes branch, line and function managers. The principal role of Operational Management in the compliance framework is to support the identification, assessment and management of compliance risks by supporting risk mitigation activities and implementing including internal controls.
Operational line managers are the owners of business processes in Ciklum. It is for this reason that they are responsible for ensuring compliance with laws, rules and regulations within the areas they oversee. The specific responsibilities of operational management include:
Operational management will have easy access to the Compliance Function which deals with any concerns quickly and effectively, escalating whenever necessary. Operational Management is encouraged to highlight good practice, share examples of near misses and help Ciklumers to learn from them.
2.3. Compliance Function as the second line of defence
Ciklum’s Compliance Function includes both the Compliance Director and the Compliance Department. Compliance operates as the second line of defence in Ciklum’s compliance risk framework.
The principle role of the Compliance Function is to facilitate and monitor the implementation of compliance risk management practices by Operational Management (first line of defence), analyse and report on compliance performance, provide valuable insight and advice. The mission of the Compliance Function is to provide expert advice in relation to compliance risk management, understand Ciklum’s financial crime risks and lead risk mitigation activities to help support the businesses.
Compliance Function responsibilities include:
2.4. Risk Management Committee
Ciklum’s RMC is a formal sub-Committee of the Board of Directors. The Committee has been established to assist the Board in the discharge of its duties and responsibilities relating to financial crime Compliance. The RMC will facilitate the establishment and oversight of Ciklum’s financial crime controls by setting the top level rules that dictate the formation and approval of key financial crime Policies. The roles and responsibilities of the RMC are set out in its Terms of Reference but will include:
The RMC should be seen to be, and acts as, independent from both the first and second line functions in its role as providing oversight and assurance on the robustness and application of Ciklum’s compliance risk framework. The members of the RMC and Terms of Reference dictating the operation of the function will seek to ensure that this occurs.
2.5. Responsibilities of Ciklumers
Ciklumers are key to ensuring that Ciklum does not breach any laws or regulations. Compliance with all applicable laws, rules and regulations as well as with Ciklum’s policies and principles is therefore the responsibility of every Ciklumer.
As a Ciklumer, you must:
As a Ciklumer, you must not:
2.6. Compliance “Red Flags”
There are a number of signals that warrant Ciklumers’ special attention, and/or call for the examination of a particular transaction or relationship for a potential bribery issue. Those signals or “red flags” that call for further attention include, but may not be limited to:
2.7. Code of Conduct
The foundation of Ciklum’s compliance framework is the Code of Conduct. The primary function of the Code of Conduct is to provide a unified set of principles and behaviours, which are designed to act as a guide for Ciklumers to help them make the right business and behavioural decisions. It is the responsibility of all Ciklumers to ensure they read, understand and act in accordance with the Code of Conduct and that all policies, procedures and processes do not conflict with requirements outlined in the Code. We should also require our suppliers and vendors to adhere to our Code or adopt similar ethical standards.
2.8. Compliance Function and Compliance Programme
This section provides further information on the role and purpose of Ciklum’s Compliance Function. This section should be read in conjunction with Section 2.3 of this Policy.
Compliance with all applicable laws, rules and regulations as well as with Ciklum’s policies and principles is the responsibility of every Ciklumer. Nevertheless, a Compliance Function has been implemented and operates to ensure effective management of the compliance risk and maintain Ciklum’s reputation with its shareholders, customers, contractors and employees, the relevant regulatory bodies, and the markets.
Ciklum’s Compliance Function is represented by the Group Compliance Director and by the Compliance Department that in its turn, comprises the Compliance Manager and Compliance Experts.
The Compliance Function performs its responsibilities which consist primarily of monitoring the business and providing advice when needed on a proactive basis or upon request.
The Function has an independent status, sufficient resources and authority to perform its duties and responsibilities and access all information which may be necessary for the proper exercise of its duties.
2.8.1. Objectives and Purpose of the Compliance Function
Ciklum’s Compliance Function as been established to:
2.8.2. Responsibilities and Duties of the Compliance Function
The responsibilities of the Compliance Function include, but are not limited to:
2.8.3. Preconditions of the Compliance Function
To ensure that Ciklum’s Compliance function can operate effectively the Ciklum Board of Directors are committed to ensure the Compliance function are able to operate in accordance with the key principles of authority and independence.
2.8.4. Compliance Programme
The responsibilities of the Compliance Function are carried under the Compliance Programme (also referred as Ciklum Compliance Reinforcement Programme or “CCRP”).
The Compliance Programme is Ciklum’s compliance roadmap which details the Function’s planned activities (for example the implementation and review of specific policies and procedures).
The Compliance program is risk based and will be subject to the oversight by the Group Compliance Director to ensure appropriate coverage across businesses and coordination among risk management functions. On at least an annual basis the CCRP will be shared with Senior Management/ the RMC for independent review and challenge.
3. Risk-Based Approach
3.1. Risk appetite statement
Ciklum has zero tolerance for financial crime, wherever and in whatever form that may be encountered. Ciklum performs assessment of financial crime risks that will inform the development of controls.
3.2. Firm-Wide risk assessment
On an annual basis Ciklum will conduct a firm-wide financial crime and ethics risk assessment. As part of this risk assessment Ciklum will consider, among other criteria, the inherent risk of Ciklum’s services, operations and Third Parties as well as the risks present in jurisdictions where Ciklum has operations.
In addition to the firm-wide risk assessment performed at least an annual basis, other events which might drive the need to revisit the risk assessment more frequently include:
3.3. Third party risk assessment
Ciklum may suffer reputational damage or face legal liability if associated with business partners and intermediaries that engage in unethical or illegal conduct. We therefore need to ensure that our business relationships are transparent and ethical. Ciklum applies a risk based approach to inform decision making before engaging with third parties (customers, agents, contracts, vendors etc.). The depth of subsequent due diligence procedures is based on an assessment of the risk profile of the engagement, including the following risk factors:
Throughout the risk assessment and further due-diligence procedures, a comprehensive record of relevant documents and decisions is maintained to ensure we can demonstrate proper application of the Policy and prove that decisions to engage with partners or third parties were made in good faith.
4. Anti-Bribery and Corruption
4.1. Applicable laws and regulations
As a multi-national corporation Ciklum has numerous legal requirements relating to anti-bribery and corruption. For the purpose of this Policy, Ciklum will use the standards set forth in the UK Bribery Act 2010 (“the Bribery Act”) and in the US Foreign Corrupt Practices Act (“FCPA”) as a basis for its compliance efforts. The reason for using these regulations as a base is that not only will these regulations be directly applicable to certain Ciklumers but they are also seen as being the highest global ABC standard. In each jurisdiction in which Ciklum operates there are laws and regulations outlawing bribery and corruption. Where these conflict Ciklum will take a decision on the appropriate course of action on a case by case basis.
4.1.1. What is a bribe?
Ciklum defines a bribe as an inducement, payment or reward, offered or received to gain an improper business advantage. Improper business advantage includes:
In addition, the bribe is any payment to:
4.1.2. What is the Risk?
Potential penalties for the Company include unlimited fines, costly litigation and adverse publicity. For individuals, penalties can include very large fines. Additionally, in the UK, US and some other countries, long terms of imprisonment are also possible:
Criminal and Civil Penalties
For corporations
FCPA:
UK Bribery Act:
Criminal and Civil Penalties:
For individuals
FCPA Anti-bribery Provisions:
FCPA Books and Records Provisions:
UK Bribery Act:
Criminal and Civil Penalties
4.2. Gifts, Entertainment and Hospitality
Ciklumers must not provide or accept gifts, hospitality or entertainment that seeks to influence or reward any business activity, including the anticipation of further business. It is important to remember that excessive or otherwise inappropriate gifts and/or hospitality can lead to the appearance of improper influence (including bribery) or conflicts of interest.
This is not to say the provision of hospitality and reasonable gifts is prohibited, however there must be a legitimate business reason for the provision of entertainment or receipt of a gift. All gifts and entertainment given or received must be recorded in accordance with the requirements detailed below as well as Ciklum’s Gifts, Entertainment and Hospitality Procedure.
4.2.1. What is gift?
A gift can be an item, but it can also include event tickets or the provision of services when the gift provider is not otherwise involved in the event or service (e.g. the giver provided the tickets but does not accompany the recipient to the event).
4.2.2. What is entertainment and hospitality?
Entertainment or hospitality is distinguished from a gift as it typically involves meals, events or other forms of entertainment (e.g. sporting events, concerts, shows) where the provider participates in the meal, event or other form of entertainment or hospitality.
4.2.3. Ciklum’s approach to giving and receiving Gifts, Entertainment and Hospitality
Gifts, entertainment and hospitality in Ciklum should always be clearly separate from the business decision-making process. Any business decisions must not be influenced (or seen to be influenced) by the giving or receiving of gifts, entertainment or hospitality. As a Ciklumer you have to avoid putting yourself and Ciklum into a position where gifts, entertainment or hospitality affect your business judgment or could be perceived to affect the outcome of any business transaction.
The following key principles apply to all Ciklumers relating to gifts, entertainment and hospitality:
4.2.4. Recording of Gifts, Entertainment and Hospitality
Ciklum will maintain a register of gifts, entertainment and hospitality provided by or to company staff in accordance with the principles outlined above. This register will be subject to regular quality assurance and will be maintained by Compliance. For further detail regarding permissible gifts, entertainment and hospitality please refer to the Gifts, Entertainment and Hospitality Procedure listed in section 4.7.
4.3. Critical Contributions and Appointments
Political contributions or donations in cash or kind on behalf of Ciklum are not permitted without Board approval.
In considering whether or not a donation should be approved, the Board will need to be assured that there is no potential conflict of interest affecting a material transaction in connection with the contribution and to protect the Company’s reputation. Furthermore, any Ciklumers who obtain or are looking to obtain appointment to a public office must obtain approval of the Board before doing so.
4.4. Charitable Donations and Sponsorship
Charitable donations and sponsorship may only be provided to recognized non-profit charitable organisations with the prior approval of Compliance Function. Any charitable donations will not be made in recognition or anticipation of a business relationship with Ciklum.
All charitable donations have to be:
Charitable donations should not:
It should be ensured that there is no potential conflict of interest, see Section 4.4, affecting a material transaction in connection with a charitable contribution made or commercial sponsorship entered into. Charitable contributions and commercial sponsorships must not be made where there is a risk that a commercial transaction may be influenced or where the contribution/sponsorship could be regarded as a subsequent ‘reward’ for the awarding of a contract.
4.6. Conflict of Interest
A ‘Conflict of interest’ arises where a person’s position or responsibilities within their business unit presents an opportunity for personal gain above the normal rewards of cooperation. In other words, a conflict of interest exists when your personal interests interfere with the best interests of Ciklum. Ciklumers should attempt to avoid actual or apparent conflicts of interest.
Any personal interests (or the interests of a member of immediate family) in relation to Ciklum’s business must be disclosed to your manager and the Compliance Function immediately. Disclosure is mandatory, failing to disclose a conflict or a perceived conflict is a violation of this policy and of our Code of Conduct.
In situation that appears to present a conflict of interest we expect you to “refrain and report”. If it is not possible to avoid participating in the event or activity creating the conflict, promptly disclose the potential conflict to your supervisor and the Compliance Function, and avoid participating in decisions that might raise the appearance of a conflict until you receive appropriate guidance.
4.7. Facilitation payments
Facilitation payments are unofficial payments to public officials to ensure or speed up performance of routine and non-discretionary governmental actions such as processing a visa application, securing a mail service, or connecting utilities. These will be seen as bribes under UKBA, regardless of whether they may be a part of the “way of doing business” in a particular country. As a Ciklum’s representative, Ciklumer have not make any facilitation payment.
The prohibition on facilitation payments may not apply to situations in which a Ciklumer is faced with a serious medical or safety emergency. A Ciklumer faced with such an emergency must either seek prior approval from the Group Compliance Director or, in circumstances where seeking prior approval is deemed impossible, record the details of any such payment or submit that information in writing to the Compliance Function within 48 hours of the payment being made. Any such payments should be accurately recorded as facilitation payments in Ciklum’s books and records.
4.7. Procedural Guidance: Gifts, Entertainment and Hospitality
Exchanging gifts and entertainment as well as provision of hospitality can create goodwill and establish trust in relationships with counterparties and business partners. It is important, however, that the guidelines set out below are followed in all cases.
In line with the policy statements contained within section 4.2 of this document detailed below is an overview of the procedural requirements to guide staff in relation to Gifts, Entertainment and Hospitality. This section should be read and considered in-line with the earlier policy statements and requirements.
4.7.1. Gift, Entertainment and Hospitality Limits
Permissible gifts, entertainment and hospitality
4.7.2. Non-permissible gifts, entertainment and hospitality
It is prohibited to offer or give anything of value to a government official in order to win or keep business or gain an improper advantage
4.7.3. Declaration of gifts, hospitality or entertainment
Ciklumers must report, and where required, seek approval for each case when gifts, hospitality or entertainment provided by or to Ciklumers are in accordance with rules described below.
The exception is that small and modest entertainment or hospitality such as a coffee, fruit, light alcohol or working lunches. These do not need to be declared.
4.7.4. When dealing with clients
The paragraph below is applicable for client-facing Ciklumers: developers, sales, SDMs, Branch Managers, People Partners and PPMC as they have access to the Salesforce application. Rules for Ciklumers who have no access to Salesforce are disclosed in paragraph 4.7.5.
If you wish to make a gift to a customer or partner of any value, you are required to obtain approval for the gift in advance by submitting a gift approval request using the Gift Register on Salesforce.
When planning, and providing, entertainment or hospitality and it is anticipate that the value of the entertainment and hospitality will exceed USD 200 approval should be sought from line managers and the Compliance Department notified.
To do this you have to log into Salesforce, select the relevant account and click on the Gift Register field. If the gift is referred as an opportunity, you should select the relevant opportunity name as well.
When dealing with third parties (other than clients)
The paragraph below is applicable for administrative personnel and all other Ciklumers who have no access to the Salesforce application. Rules for Ciklumers who have access to Salesforce are disclosed in the paragraph 4.7.4.
If you wish to make a gift to a third-party (vendor, partner or customer) of any value, you are required to obtain approval for the gift in advance by submitting a gift approval request using the Jira system.
To do this you have to log into Jira, select project type “FD Request”, Issue type “Task”, FD Request type “Gift Register”. Gift details and approval
You will be required to fill in several details about the gift, hospitality or entertainment you plan to make. This will include a brief rationale, recipient name and value of the gift, hospitality or entertainment. Then you have to submit your request. The request will then be subject to approval. If approved you will receive a gift approval reference code which you can use to reimburse your expenses.
Expenses submitted for gifts made to customers or partners that have no gift approval reference code would be treated as unapproved and may not be reimbursed.
4.7.4. Receiving of a gift, hospitality or entertainment
If you are offered or receive a gift from a third party you should declare it before the gift is accepted (wherever possible) using the same means and approaches as described above in chapters 4.7.4 and 4.7.5 – Gift Register in Jira/Salesforce.
There is no approval requirement for gifts, hospitality or entertainment received, but the declaration is subject for review. You will only be informed if it is not allowed to accept the gift.
If acceptance is not permissible, you will be required to return what was received with the comment that Ciklum policy does not allow the acceptance of such a gift, hospitality or entertainment.
If you receive a gift, hospitality or entertainment that is not permissible according to Ciklum policy and it is impossible to return it, you have to make sure you declare this using the Gift Register.
5. Anti-Money Laundering
5.1. Money Laundering and Terrorist Financing Regulations
People and organisations that are involved in criminal activity such as bribery, fraud or trafficking narcotics may attempt to launder money through apparently legitimate businesses in order to use the funds from their criminal activity and reduce suspicion. Ciklum will not accept or process money gained through criminal activity; we will only deal with reputable clients who are involved in legitimate business activities and whose funds are derived from legitimate sources.
The details of Ciklum’s anti-money laundering, countering terrorist Financing (“AML/CTF”) measures including documentation rules and application of online tools and reports of risk intelligence screening provider are disclosed in the TPDD Procedure.
5.2. Suspicious Activity Reporting
Ciklum will establish and maintain a process for suspicious activity reporting. All Ciklumers have a personal responsibility to raise any suspicion of any potential illegality whether internal or external that may impact Ciklum to the Compliance Director as soon as possible. Ciklum must not take any action or encourage any actions by Company Staff that could constitute tipping off. Tipping off is a criminal offence.
In certain jurisdictions (i.e. the UK) there is a requirement to report any suspicious activity to relevant authorities. Any external reporting requirements will be handled on a case by cases basis through collaboration between Ciklum Legal, Compliance and the Risk Management Committee.
5.3. Potentially Suspicious Circumstances
Situations which may cause a suspicion of illegality include, but are not limited to:
Payments made from (or a request for a refund to) a foreign bank account or branch (particularly if the client does not have an obvious reason for conducting business within that country);
5.3. Risk Assessment
In line with the third party due diligence requirements there will be a consideration of a range of risk factors prior to engaging with any third parties. This will include a consideration of a number of factors that may increase the potential of money laundering exposure to Ciklum. Ciklum’s AML/CTF checks are structured to address the controls needed based on the risks posed by the products and services offered, customers served, and their geographic locations.
6. Sanctions
Sanctions are restrictive measures applied by a country, or group of countries, to enforce change. Sanctions can be split into two distinct areas; financial and trade sanctions. Financial sanctions are restrictions on providing economic resource to certain entities or individuals. Trade sanctions limit the ability to trade in particular items to certain territories, entities or individuals. They can also apply to any ancillary services related to the goods/services which are restricted.
The details of sanctions check including documentation rules and application of online tools and reports of risk intelligence screening provider are disclosed in the TPDD Procedure.
6.1. Applicable Laws and Regulations
As a multi-national corporation Ciklum has numerous legal requirements relating to sanctions. For the purpose of this Policy Ciklum will use the sanctions imposed by the EU, UN and USA as a benchmark. The reason for using these regulations as a base is that not only will these regulations be directly applicable to certain Ciklumers but they are also seen as presenting the highest risk of enforcement action. In each jurisdiction Ciklum operates, there are laws and regulations restriction trading with certain individuals and entities. Where these conflict arises, Ciklum will take a decision on the appropriate course of action.
6.1. Risk Assessment
Prior to entering into a contractual relationship with any third party, the identity of the third party, its beneficial owners (if applicable), and the nature of the transaction itself should be screened against any applicable U.S. and E.U. sanctions, as well as any applicable export/import control regulations. Services to new customer will not be provided until such a customer and the transaction have been screened against U.S. and E.U. sanctions and applicable export/import control laws.
Third Parties that are registered in countries having high levels of trade and commercial sanctions, such as but not limited to, Iran, Sudan and North Korea, are subject to particularly high levels of scrutiny and decisions on whether to engage with a third party registered or located in (or whose beneficial owners are citizens or residents of) such a jurisdiction. These decisions should be taken on a case-by-case basis, with consultation and approval of Group Compliance Director where necessary.
The Country Manager should take all due care to protect the reputation of the Ciklum Group in connection with any such transaction and shall obtain beneficial ownership information for such third parties in order to perform a sanctions check, even before entering into preliminary agreements.
6.2. US Persons
Ciklum conducts business in the US and as such must be aware that US Sanctions apply to US persons (including individuals and entities) irrespective of their location. Consequently, US persons must not be asked to opine or be involved in any business relationship that would be prohibited, under US sanctions, if performed, by a US person, even in circumstances where the activity would be permitted by the Sanctions Policy and legal in other jurisdictions. These restrictions also apply to any transaction conducted in US Dollars.
6.2. Escalating and Reporting
Where any existing or potential customer, employee, third party or payment is identified as having a sanctions related restriction, or a potential restriction, this must be escalated to the Compliance Function for review and approval before any transaction can proceed.
Compliance Function will review the screening results and if they agree with the screening results will liaise with the Compliance Director and other parties, as required, to decide on the appropriate course of action.
If after screening, and subsequent investigation, the decision is made that there is a confirmed ‘positive’ hit against a relevant sanctions list then appropriate action must be taken by the Compliance Director. Appropriate action may include, but is not limited to, notifications to relevant legislation, licence applications and/or ceasing relationships with the relevant third party.
7. Working with Third Parties
7.1. Definition of a Third Party
A third party is an entity, regardless of form and ownership, or an individual (e.g. private entrepreneur) with whom Ciklum has a business relationship. This includes, but is not limited to:
7.2. Prohibited Relationships
Ciklum will only establish business relationships with reputable third parties who derive their income, wealth, funds, and assets from legitimate sources. Ciklum must not knowingly establish business relationships with individuals or entities who are subject to legal restrictions (including sanctions).
7.3. Due Diligence Requirements
7.3.1. Minimum Standards
To ensure that Ciklum does not enter into any prohibited relationships and to ensure compliance with all legal and regulatory requirements, Ciklum will implement a risk-based Third Party Due Diligence Procedure (“TPDD Procedure”). Third Party Due Diligence (“TPDD”) will be completed before the initiation of any business relationship and will seek to verify the true identity of potential third parties, the expected nature of their relationships and transactions with Ciklum, and their reputation.
The requirements of this Policy are mandatory and have to be followed for all third parties. They support the Ciklum Compliance Programme and apply to all Ciklumers in all Ciklum locations.
In all instances the following steps must be followed as a minimum:
Where an increased risk of financial crime is identified with a third party, additional requirements may be required in line with the TPDD. Ciklum will not establish any business relationship, or initiate or commit to any transaction with a third party for which TPDD has not been completed and approved as required by this Policy or related procedures.
7.3.2. Responsibility for conducting Third Party Due Diligence
For each third party there should be an individual (the “Proposer”) who is assigned with overall responsibility for ensuring that the requirements of this Policy are followed. This should be a Ciklumer involved with the management of the relationship with the third party (for example, the Service Delivery Manager). Branch and Operational Managers are responsible for allocation of sufficient resources that are necessary to ensure that this Policy is fully implemented within their areas of responsibility.
7.4. Politically Exposed Persons
Any dealings with government agencies and government officials present an increased risk of bribery and corruption. As part of Third Party Due Diligence the identification and appropriate risk mitigation of relationships involving Politically Exposed Persons (PEPs) is essential. Ciklum will ensure that any risk assessment and associated due diligence considers the risks presented by PEPs.
7.5. Communication with Third Parties
When dealing with third parties, employees must make it clear that Ciklum has a zero tolerance approach to financial crime. Where contracts exist, these must contain relevant ABC clauses. Where appropriate, this Policy should also be communicated to third parties. Where any suspicion exists that a third party may be behaving unethically this should be reported to Compliance.
7.6. Monitoring
Ciklum will monitor third party relationships on an ongoing basis. The frequency and extent of ongoing monitoring will be determined by the third party’s risk rating. The results of Ciklum’s monitoring will be used to determine whether the Third Party Due Diligence conducted remains adequate. Where monitoring indicates a material change to a third party’s risk profile, Ciklum must update the Due Diligence information and reassess the financial crime risk associated with the business relationship.
8. Record Keeping and Reporting Requirements
Ciklum must comply with applicable record keeping requirements and maintain records for the required length of time in accordance with established Procedures and legal and regulatory requirements. Records must be maintained in such a manner so that they will be accessible and retrievable in case of a law enforcement or regulatory request.
Ciklum’s records should cover:
8.1. Existing Record Keeping Arrangements
The following financial and accounting directives have been implemented to help ensure Ciklum’s compliance with international ABC regulations, including the FCPA:
9. Reporting, Whistleblowing and Investigations
9.1. Reporting and Whistleblowing
Any Ciklumer who suspects a violation of this policy must immediately report such suspected violation to respective Line Manager / Project Manager, HR Business Partner / People Partner or Compliance Function. If you are uncomfortable doing so, you may report by anonymously using Ciklum SpeakUp mailbox: SpeakUp@ciklum.com
Never hesitate to ask questions, raise concerns, or seek the guidance you need. Ciklum will not tolerate any discrimination against anyone who has reported a concern in good faith.
9.2. Investigation of incidents
Ciklum will investigate any report of a violation with the principles of the Code of Conduct and this Policy. You must cooperate fully with any investigation, but should not investigate independently as alleged violations may involve complex legal issues, and you may risk compromising the integrity of a formal investigation.
10. Training and Awareness
The Compliance Director is responsible for ensuring the designing and maintaining of financial crime training plan for all Ciklumers (including Senior Management) to ensure they have sufficient awareness of relevant regulations to manage risk and carry out their duties on behalf of Ciklum.
As a minimum, all Company Staff will be provided with financial crime training on an annual basis, and no longer than thirteen months after the last training session took place. This training will be followed by a mandatory test that all Company Staff must pass based on their understanding of the material communicated. All training activity must be documented and maintained as required by the Company’s record keeping Policy.
11. Policy
11.1. Ownership and Review
The Compliance Director is responsible for owning and maintaining this Policy. The Policy must be reviewed and updated on as-needed basis by the Compliance Director. New operational, legal and regulatory developments and emerging risks may trigger review and update of the Policy.
All changes must be notified to and approved by the Risk Management Committee before the revised Policy is released and communicated to Ciklumers. A version control log – outlining the date of change, a description of change made and who has made the change – must be maintained up-to-date in order to ensure formal control over adjustments made to the Policy. As a result, management will take appropriate corrective action in the scope of laws, policies and procedures when breaches of laws, rules and standards are identified that might include disciplinary actions up to termination of a contract or employment, and if necessary taking legal action against the Ciklumer.
11.2. Breaches
All breaches of this Policy or related standards and procedures must be immediately reported to the Compliance Director. The Compliance Director is responsible for determining whether the breach is material and requires further escalation.
Conduct that violates the law and/or company policies is ground for disciplinary or remedial action. In addition, failure to report a known violation of law or company policy by someone else may result in disciplinary action for Ciklumers and/or termination of employment/your relationship with Ciklum. The disciplinary action taken will be decided on a case by case basis. The action will be conducted in accordance with Ciklum’s HR procedures and corresponding legal requirements.
Where laws have been violated, we will cooperate fully with the appropriate authorities.
12. Definitions and Abbreviations
Bribe and bribery
Broadly, bribery is defined as giving or receiving a financial or other advantage in connection with the “improper performance” of a position of trust, or a function that is expected to be performed impartially or in good faith.
Bribery does not have to involve cash or an actual payment exchanging hands and can take many forms such as a gift, lavish treatment during a business trip or tickets to an event. The types of bribery that take place in the commercial sector are numerous. Some simple examples are:
Ciklum’s definition of bribery also includes making “facilitation payments”. A “facilitation payment” is a payment or gift given (usually to a government official) to speed up a procedure or to encourage one to be performed. It does not include fees required to be made by law such as the payment of a filing fee for a legal document. The acceptance of a facilitation payment by a government official is an example of corrupt activity.
Corruption
Ciklum defines “corrupt conduct” or “corruption” as the abuse of entrusted power for private gain. Ciklum or Ciklum Group
Ciklum or Ciklum Group is a group of companies that directly or indirectly are under common control of Ciklum Group Holdings Limited Holding Company, BVI and operating under Ciklum Trademark.
Ciklumers
The collective reference for employees (permanent or temporary, full or part time) of any Ciklum legal entity, or any of its affiliates or subsidiaries, as well as for others performing work for, or on behalf of, Ciklum.
Compliance Champions Programme
Compliance Champions Programme is the plan for nomination of compliance champions who have to act as compliance ambassadors in various departments and locations of Ciklum and facilitate the liaison between their own internal functions and the Compliance Function on compliance-related topics.
The mission of compliance champions is to provide compliance face-to-face consulting themselves, roll out written standards coming from the Compliance Function within their own business units, implement their own initiatives in order to address their department-specific compliance needs as previously aligned with the Compliance Function, help identify the major areas subject to exposure, and encourage Ciklumers to speak up whenever they encounter potential violations.
Entertainment
Entertainment is distinguished from a gift as it typically involves meals, events or other forms of entertainment (e.g. sporting events, concerts, shows) where the provider participates in the meal, event or other form of entertainment.
Gift
A gift can be an item, but it also can include event tickets or the provision of services when the gift provider is not otherwise involved in the event or service (e.g. the giver provided the tickets but does not accompany the recipient to the event).
Public official
Public or Government official means:
Sanctions
Sanctions are restrictive measures applied by a country, or group of countries, to enforce change. Sanctions can be split into two distinct areas financial and trade Sanctions. Financial sanctions are restrictions on providing economic resource to certain entities or individuals. Trade sanctions limit the ability to trade in particular items to certain territories, entities or individuals. Trade sanctions can also apply to any ancillary services related to the goods/services which are restricted.
Money Laundering
Money laundering involves taking criminal proceeds and disguising their illegal source in anticipation of ultimately using the criminal proceeds to perform legal and illegal activities.
Leadership Team and Invited Members
Leadership Team and Invited Members is the group of Ciklum top managers that contains from C-level officers (CEO, Global CFO, COO, CTO, CDO, CHRO, CRO and VP C&C) and directors – Legal Director, Compliance Director, Finance Director, Delivery Director and Commercial Director.
Third Party
A Third party is an entity regardless of form and ownership or an individual (e.g. private entrepreneur) that is involved in some way in interaction with Ciklum: supplier, agent, customer, and others.
The Proposer
The Proposer is an individual who is assigned with overall responsibility for certain third party (that was proposed by him to interact with Ciklum) for ensuring that the requirements of this policy are followed. This should be a Ciklumer involved with the management of the relationship with the third party (for example, the Service Delivery Manager or Procurement Specialist)