1. Introduction 

1.1. Background 

At Ciklum we are committed to doing business in accordance with our core principles – transparency and integrity, which in particular means avoiding bribery and corruption of all kinds and in wider sense this relates to not facilitating or engaging in any Financial Crime. This includes bribery and corruption, money laundering and sanctions. 

Ciklum defines these areas of financial crime as: 

• Bribery and Corruption: The act of offering, promising or giving a financial or other advantage to another person with the intent to induce improper performance of a business or public function. Corruption is the abuse of entrusted power for private gain. It can be classified as grand, petty and political, depending on the amounts of money lost and the sector where it occurs. 
• Money Laundering: Money Laundering involves taking criminal proceeds and disguising their illegal source in anticipation of ultimately using the criminal proceeds to perform legal and illegal activities. 
• Sanctions: Sanctions are restrictive measures applied by a country, or group of countries, to enforce change. Sanctions can be split into two distinct areas, financial and trade sanctions. Financial sanctions are restrictions on providing economic resource to certain entities or individuals. Trade sanctions limit the ability to trade in particular items to certain territories, entities or individuals. Trade sanctions can also apply to any ancillary services related to the goods/services which are restricted. 

Detailed definitions can be found in Sections 4, 5 and 6 of this Policy. 

1.2. Purpose of this Policy 

The purpose of this Policy is to guide Ciklumers and to ensure that Ciklum’s core values of transparency and integrity are maintained at all levels of Ciklum. This policy is also designed to manage Ciklum’s compliance risk, and to protect Ciklum, our shareholders, and customers. 

Managing compliance risk in the context of this policy refers to the risks presented by national and international financial crime laws and regulations. It is essential that Ciklum has in place processes, systems and controls to manage this compliance risk as without it Ciklum’s integrity, profitability and future growth ambitions could be comprised. To manage this compliance risk Ciklum will: 

• Ensure there is regular identification and assessment of compliance risk across Ciklum; 
• Monitor any legal and regulatory changes to assess their impact on Ciklum; 
• Put in place processes, systems and controls to support the identification and mitigation of compliance risk; and 
• Provide Ciklumers with support and guidance. 

This Policy applies to all Ciklumers, including officers and directors. In addition, Ciklum will require third parties who represent it (such as agents, consultants, and contractors) to conduct themselves where applicable in a manner consistent with this Policy. 

Ciklum will seek to comply with all applicable laws, rules and regulations in the jurisdictions in which it operates including those relating to anti-bribery and corruption (ABC), anti-money laundering (AML) and sanctions. For the purpose of combatting financial crime the decision has been taken to use the regulations imposed by the European Union (EU), United Nations (UN) and United States (US) as a benchmark. 

This decision has been made as these regulations are directly applicable to certain Ciklumers and they are also seen as being the highest global standards to combat financial crime. In each jurisdiction Ciklum operates in there are laws and regulations relating to bribery and corruption, money laundering and sanctions. Where these conflict with the requirements outlined by the EU, UN and US Ciklum will take a decision on the appropriate course of action on a case by case basis. 

Core Anti- Bribery and Corruption regulations – U.S. Foreign Corrupt Practices Act (“FCPA”) and the U.K. Bribery Act prohibit bribery of foreign government officials (broadly defined later in this policy), and with regard to the FCPA in particular, mandate that companies establish and maintain accurate books and records and sufficient internal controls. The UKBA also prohibits private sector (commercial) bribery. 

A violation of financial crime regulations can lead to severe civil and criminal penalties and is cause for disciplinary action (up to and including termination of employment or contract with Ciklum1); it is vital that every Ciklumer2 not only understands and appreciates the importance of these policies and procedures, but also complies with them in daily assignments. 

1.3. Compliance risk 

Compliance risk (also referred as Financial Crime risk) is an indispensable part of Ciklum’s overall risk. It is a risk Ciklum may suffer in failure to comply with applicable laws, rules and standards including FCPA, UKBA, Anti-Money Laundering regulations, sanctions and embargo programs, and the Code of Conduct applicable to Ciklum’s activities. 

Compliance risk is also an integrity risk, because Ciklum’s reputation is closely connected with its adherence to principles of transparency, integrity and fair dealing. 

Compliance risk must be identified, assessed, advised on, monitored and reported timely to protect Ciklum from any damage or losses such as legal or regulatory enforcement or sanctions, material financial losses, reputational losses, financial crime and corruption (destroying shareholders’ value). 

1.4. Compliance principles 

Ciklumers, at all levels, are required to strictly abide with the principles outlined below while performing their duties in the Ciklum. Abiding by these principles will help to manage the risk that Ciklum, and/or Ciklumers, are found to breach local laws, international laws and Ciklum’s own compliance controls. 

1.4.1. Compliance with Laws, Rules & Regulations 

Ciklumers have to act according to Ciklum’s written policies and procedures in order to ensure full compliance with laws, rules and standards helping to maintain Ciklum’s reputation, and meet the expectations of its customers, the relevant regulatory bodies, the markets and society as a whole; treating customers fairly, and ensuring suitability of customer advice. 

1.4.2. Promote and Engage in Ethical Conduct 

Ciklumers, at all levels, are required to carry out their duties acting professionally and honestly, in good faith and with integrity respecting Ciklum’s Code of Conduct; perform duties as described by their contracts or job descriptions; avoid misuse of authorities; properly use accessible information; not engage in any unethical/ illegal activities that may damage Ciklum’s reputation; act with full transparency and in a bona fide; and report any illegal activities/ unethical behaviour/ suspicion of any illegal act, as per applicable policies and procedures. 

1.4.3. Avoid any Conflict of Interest

Ciklumers should act in the best interests of Ciklum without giving any preference to any third party on the basis of personal considerations ensuring their private matters do not interfere with the interests of Ciklum. 

1.4.4. Protect Confidentiality 

Ciklumers have to maintain the confidentiality of information which may be related to Ciklum and its clients (and entrusted to them) except when disclosure is authorised or required by law; even when they leave Ciklum. 

1.4.5. Protect Ciklum’s Assets 

Ciklumers should protect and use Ciklum’s property and assets for legitimate business purposes.

1.4.6. Act in the Customer’s Best Interest 

Ciklumers should provide services to Ciklum’s customers with care, honesty and fairness; they should strictly avoid manipulation, or any unfair dealings. Accordingly, Ciklum will ensure careful review of customers’ complaints, process them in a timely manner and document replies. 

1.4.7. Raise any issues or concerns 

Ciklumers are encouraged to report any violation of Ciklum’s policies, Code of Conduct, potential violations of applicable laws and regulations, as well as other types of misconduct. Ciklum pledges to protect all Ciklumers against any kind of harassment from any other employee for reporting a potential violation in good faith. 

2. Governance

The approach of Ciklum’s compliance governance is based on clear roles and responsibilities for both Operational management (the first line of defence) and Compliance (the second line of defence). This is supported by oversight and challenge from senior management in the form of the Risk Management Committee (RMC). The roles and responsibilities of these functions is detailed below. 

2.1. Involvement of the Senior Management 

Ciklum’s Senior Management are integral in developing and ensuring the continued effectiveness of Ciklum’s compliance framework. Ciklum’s Senior Management (Leadership team & Invited Members) support the compliance process by: 

1. Actively communicating the importance of compliance down through the ranks across the Ciklum network; 
2. Regularly monitoring the implementation of the financial crime compliance program; and 
3. Providing oversight to the compliance framework including involvement in any breaches of requirements. 

2.2. Operational Management as the first line of defence 

Ciklum’s operational management includes branch, line and function managers. The principal role of Operational Management in the compliance framework is to support the identification, assessment and management of compliance risks by supporting risk mitigation activities and implementing including internal controls. 

Operational line managers are the owners of business processes in Ciklum. It is for this reason that they are responsible for ensuring compliance with laws, rules and regulations within the areas they oversee. The specific responsibilities of operational management include: 

• Managing overall compliance culture and performance within their business areas; 
• Ensuring open communication channels with the Compliance Function (2nd line of defence); 
• Implementing the Group compliance initiatives (such as the Code of Conduct); and 
• Participating in incident response/investigation. 

Operational management will have easy access to the Compliance Function which deals with any concerns quickly and effectively, escalating whenever necessary. Operational Management is encouraged to highlight good practice, share examples of near misses and help Ciklumers to learn from them. 

2.3. Compliance Function as the second line of defence 

Ciklum’s Compliance Function includes both the Compliance Director and the Compliance Department. Compliance operates as the second line of defence in Ciklum’s compliance risk framework. 

The principle role of the Compliance Function is to facilitate and monitor the implementation of compliance risk management practices by Operational Management (first line of defence), analyse and report on compliance performance, provide valuable insight and advice. The mission of the Compliance Function is to provide expert advice in relation to compliance risk management, understand Ciklum’s financial crime risks and lead risk mitigation activities to help support the businesses. 

Compliance Function responsibilities include: 

• Defining and updating compliance strategy and initiatives; 
• Establishing the overall Ciklum Compliance Reinforcement Programme5 ; 
• Overseeing Compliance Risk Assessments; 
• Leading and coordinating Compliance Champions Programme6; 
• Establishing and maintaining policies, procedures and governance; 
• Creating the Ciklum Group compliance communication and training plan; 
• Maintaining and coordinating incident reporting and incident management procedures; and 
• Reporting to the Risk Management Committee and senior management identified compliance risks, weaknesses and deficiencies, and breaches from the applicable policies and procedures. 

2.4. Risk Management Committee 

Ciklum’s RMC is a formal sub-Committee of the Board of Directors. The Committee has been established to assist the Board in the discharge of its duties and responsibilities relating to financial crime Compliance. The RMC will facilitate the establishment and oversight of Ciklum’s financial crime controls by setting the top level rules that dictate the formation and approval of key financial crime Policies. The roles and responsibilities of the RMC are set out in its Terms of Reference but will include: 

• Providing oversight of financial crime compliance risk management across the Ciklum Group; 
• Review and challenge reports and MI regarding financial crime compliance across the Ciklum Group; and 
• Oversee the development and delivery of compliance strategy and initiatives. 

The RMC should be seen to be, and acts as, independent from both the first and second line functions in its role as providing oversight and assurance on the robustness and application of Ciklum’s compliance risk framework. The members of the RMC and Terms of Reference dictating the operation of the function will seek to ensure that this occurs. 

2.5. Responsibilities of Ciklumers 

Ciklumers are key to ensuring that Ciklum does not breach any laws or regulations. Compliance with all applicable laws, rules and regulations as well as with Ciklum’s policies and principles is therefore the responsibility of every Ciklumer. 

As a Ciklumer, you must: 

• Read, understand, abide and confirm acknowledgement of our Code of Conduct, comply with this Policy (in particular with the principles listed in Section 1.3) and all related Procedures; 
• Report concerns to your local management, where possible, or through the Compliance Function or through the SpeakUp email; 
• Be vigilant to any “red flags” (set out below in the Section 2.6) or issues of potential risk which indicate where further examination of a particular transaction or relationship is necessary; and 
• Complete prescribed training in accordance with Section 10 of this Policy. 

As a Ciklumer, you must not: 

• Offer, promise or give a bribe or utilise a third party to do so, as the Company can be prosecuted for breaches of anti-bribery laws by third parties acting on its behalf; and 
• Request, agree to receive or actually receive a bribe intended for your benefit or the benefit of your family, friends or acquaintances. 

2.6. Compliance “Red Flags” 

There are a number of signals that warrant Ciklumers’ special attention, and/or call for the examination of a particular transaction or relationship for a potential bribery issue. Those signals or “red flags” that call for further attention include, but may not be limited to: 

• Payments of unusually high fees or commissions; 
• Requests for cash payments; 
• Requests for payments to different companies or through different countries; 
• Requests for payments to offshore centres / tax havens without sufficient justification; 
• Undefined or unreported payments to third parties made on the Company’s behalf; 
• No written agreements; 
• Unusually close relationships with government officials; and 
• A refusal to certify compliance with this policy. 

2.7. Code of Conduct 

The foundation of Ciklum’s compliance framework is the Code of Conduct. The primary function of the Code of Conduct is to provide a unified set of principles and behaviours, which are designed to act as a guide for Ciklumers to help them make the right business and behavioural decisions. It is the responsibility of all Ciklumers to ensure they read, understand and act in accordance with the Code of Conduct and that all policies, procedures and processes do not conflict with requirements outlined in the Code. We should also require our suppliers and vendors to adhere to our Code or adopt similar ethical standards. 

2.8. Compliance Function and Compliance Programme 

This section provides further information on the role and purpose of Ciklum’s Compliance Function. This section should be read in conjunction with Section 2.3 of this Policy. 

Compliance with all applicable laws, rules and regulations as well as with Ciklum’s policies and principles is the responsibility of every Ciklumer. Nevertheless, a Compliance Function has been implemented and operates to ensure effective management of the compliance risk and maintain Ciklum’s reputation with its shareholders, customers, contractors and employees, the relevant regulatory bodies, and the markets. 

Ciklum’s Compliance Function is represented by the Group Compliance Director and by the Compliance Department that in its turn, comprises the Compliance Manager and Compliance Experts. 

The Compliance Function performs its responsibilities which consist primarily of monitoring the business and providing advice when needed on a proactive basis or upon request. 

The Function has an independent status, sufficient resources and authority to perform its duties and responsibilities and access all information which may be necessary for the proper exercise of its duties. 

2.8.1. Objectives and Purpose of the Compliance Function 

Ciklum’s Compliance Function as been established to: 

• Implement and manage compliance risk. This includes measures to mitigate risk to Ciklum of internal and external fraud, engaging in bribery or corruption, facilitating money laundering, facilitating a breach of sanctions legislation and engaging in activities which may lead to reputational damage; 
• Provide support and guidance to ensure that Ciklum acts with high ethical standards including transparency and integrity to meet the expectations of customers, shareholders’ and third parties; and 
• Ensure that the Ciklum continues working ethically. 

2.8.2. Responsibilities and Duties of the Compliance Function 

The responsibilities of the Compliance Function include, but are not limited to: 

• Advising and keeping Senior Management appraised of compliance requirements with relevant laws, rules and standards;. 
• Providing analysis and early warning of regulatory change that may affect the business to ensure that such change is communicated to the Leadership Team and Board of Directors; 
• Identifying and assessing the compliance risks associated with Ciklum’s business activities. This will be reviewed periodically or when Ciklum engages in new business activities, including the development of new products and business practices, and expansion of business; 
• Establishing written guidance to Ciklumers on the principles outlined in this policy and other relevant compliance documents or other publications; 
• Providing advice and assistance to the Board of Directors, Senior Management, committees and Ciklumers to help them meet their compliance responsibilities; 
• Educating Ciklumers on compliance risk and the controls that Ciklum has in place to mitigate these risks; 
• Monitoring and, on regular basis, assessing the adequacy and effectiveness of Ciklum’s compliance controls; 
• Ensuring proper handling of both internal and customer complaints; 
• Regularly reporting to the Board of Directors, and relevant committees, on compliance risks, weaknesses, deficiencies, and any legal or policy breaches identified; 
• Reporting, where necessary, to external agencies; 
• Keeping records of good and bad practice to provide feedback on failures in controls and compliance with recommendations provided for improvements and remedial action; and 
• Building an open relationship with relevant regulators, and where relevant, respond and coordinate responses to proposed legislation or regulations. 

2.8.3. Preconditions of the Compliance Function 

To ensure that Ciklum’s Compliance function can operate effectively the Ciklum Board of Directors are committed to ensure the Compliance function are able to operate in accordance with the key principles of authority and independence. 

• Authority: The Compliance Function will have access to all of the Ciklum’s offices, departments as well as static data records and property in the custody or under the control of Ciklum for the purpose of discharging its responsibilities. 
• Independence: To avoid conflict of interest, the Compliance Function has been established as a function that is independent of line and operational departments which will have full and free access to the Board of Directors, as needed. 

2.8.4. Compliance Programme 

The responsibilities of the Compliance Function are carried under the Compliance Programme (also referred as Ciklum Compliance Reinforcement Programme or “CCRP”). 

The Compliance Programme is Ciklum’s compliance roadmap which details the Function’s planned activities (for example the implementation and review of specific policies and procedures). 

The Compliance program is risk based and will be subject to the oversight by the Group Compliance Director to ensure appropriate coverage across businesses and coordination among risk management functions. On at least an annual basis the CCRP will be shared with Senior Management/ the RMC for independent review and challenge. 

3. Risk-Based Approach

3.1. Risk appetite statement 

Ciklum has zero tolerance for financial crime, wherever and in whatever form that may be encountered. Ciklum performs assessment of financial crime risks that will inform the development of controls. 

3.2. Firm-Wide risk assessment 

On an annual basis Ciklum will conduct a firm-wide financial crime and ethics risk assessment. As part of this risk assessment Ciklum will consider, among other criteria, the inherent risk of Ciklum’s services, operations and Third Parties as well as the risks present in jurisdictions where Ciklum has operations. 

In addition to the firm-wide risk assessment performed at least an annual basis, other events which might drive the need to revisit the risk assessment more frequently include: 

• New financial crime legislation; 
• Regulatory censure involving the IT sector; and 
• A change in Ciklum’s operational structure. 

3.3. Third party risk assessment 

Ciklum may suffer reputational damage or face legal liability if associated with business partners and intermediaries that engage in unethical or illegal conduct. We therefore need to ensure that our business relationships are transparent and ethical. Ciklum applies a risk based approach to inform decision making before engaging with third parties (customers, agents, contracts, vendors etc.). The depth of subsequent due diligence procedures is based on an assessment of the risk profile of the engagement, including the following risk factors: 

• Geographic location; 
• Industry; 
• Background and identity of the third party; 
• Connection with government officials or entities; 
• Amount and Compensation structure of the proposed arrangement; 
• Additional factors related to the scope of the services to be rendered; and 
• Selection of the third party 

Throughout the risk assessment and further due-diligence procedures, a comprehensive record of relevant documents and decisions is maintained to ensure we can demonstrate proper application of the Policy and prove that decisions to engage with partners or third parties were made in good faith. 

4. Anti-Bribery and Corruption 

4.1. Applicable laws and regulations 

As a multi-national corporation Ciklum has numerous legal requirements relating to anti-bribery and corruption. For the purpose of this Policy, Ciklum will use the standards set forth in the UK Bribery Act 2010 (“the Bribery Act”) and in the US Foreign Corrupt Practices Act (“FCPA”) as a basis for its compliance efforts. The reason for using these regulations as a base is that not only will these regulations be directly applicable to certain Ciklumers but they are also seen as being the highest global ABC standard. In each jurisdiction in which Ciklum operates there are laws and regulations outlawing bribery and corruption. Where these conflict Ciklum will take a decision on the appropriate course of action on a case by case basis. 

4.1.1. What is a bribe? 

Ciklum defines a bribe as an inducement, payment or reward, offered or received to gain an improper business advantage. Improper business advantage includes: 

• Winning business, contracts, tenders; 
• Preventing or diminishing some governmental action, such as the imposition of a large tax or fine, or the cancellation of an existing government contract or contractual obligation; 
• Obtaining a licence or other authorisation from a government where the issuance involves the foreign official’s or his/her government’s discretion; 
• Obtaining confidential information about business opportunities, bids or the activities of competitors; and 
• Obtaining the right to open an office, or to influence the award of a government contract etc. 

In addition, the bribe is any payment to: 

• Influence the rate of taxes that would be levied on the company’s business; 
• Obtain relief from government controls, foreign regulations, or the application of regulatory provisions; 
• Resolve governmental disputes, for example the resolution of tax deficiencies or a dispute over duties payable; and 
• Resolve commercial litigation in foreign courts. 
• Bribery of public officials (directly or indirectly, and in order to obtain or retain business or an advantage in doing business) as well as companies and private individuals are all equally prohibited under the laws of many countries and under this policy and our Code of Conduct. 

4.1.2. What is the Risk? 

Potential penalties for the Company include unlimited fines, costly litigation and adverse publicity. For individuals, penalties can include very large fines. Additionally, in the UK, US and some other countries, long terms of imprisonment are also possible: 

4.2. Gifts, Entertainment and Hospitality 

Ciklumers must not provide or accept gifts, hospitality or entertainment that seeks to influence or reward any business activity, including the anticipation of further business. It is important to remember that excessive or otherwise inappropriate gifts and/or hospitality can lead to the appearance of improper influence (including bribery) or conflicts of interest. 

This is not to say the provision of hospitality and reasonable gifts is prohibited, however there must be a legitimate business reason for the provision of entertainment or receipt of a gift. All gifts and entertainment given or received must be recorded in accordance with the requirements detailed below as well as Ciklum’s Gifts, Entertainment and Hospitality Procedure. 

4.2.1. What is gift? 

A gift can be an item, but it can also include event tickets or the provision of services when the gift provider is not otherwise involved in the event or service (e.g. the giver provided the tickets but does not accompany the recipient to the event). 

4.2.2. What is entertainment and hospitality? 

Entertainment or hospitality is distinguished from a gift as it typically involves meals, events or other forms of entertainment (e.g. sporting events, concerts, shows) where the provider participates in the meal, event or other form of entertainment or hospitality. 

4.2.3. Ciklum’s approach to giving and receiving Gifts, Entertainment and Hospitality 

Gifts, entertainment and hospitality in Ciklum should always be clearly separate from the business decision-making process. Any business decisions must not be influenced (or seen to be influenced) by the giving or receiving of gifts, entertainment or hospitality. As a Ciklumer you have to avoid putting yourself and Ciklum into a position where gifts, entertainment or hospitality affect your business judgment or could be perceived to affect the outcome of any business transaction. 

The following key principles apply to all Ciklumers relating to gifts, entertainment and hospitality: 

• Certain gifts and hospitality will need to be approved and recorded in the gifts and hospitality register, which is maintained by Finance; 
• Ciklumers must not accept gifts or hospitality which could be perceived as seeking to support or reward any business act or which are provided in consideration of any potential further business; 
• Ciklumers must ensure that the offer or acceptance of a gift or instance of hospitality does not create or appear to create a conflict of interest for those involved; 
• Gifts or hospitality given or received must not be repetitive in nature, lavish in cumulative value or associated with pending business or regulatory decisions; 
• Any gift or hospitality given or received must be in compliance with local law and not of a nature that would be likely to damage the reputation of Ciklum if publicly disclosed; 
• Hospitality given or received must be in the presence of a host; 
• Travel expenses must only be incurred for legitimate business purposes; and 
• Cash or cash equivalent gifts (of any amount) may not be given or received. 

4.2.4. Recording of Gifts, Entertainment and Hospitality 

Ciklum will maintain a register of gifts, entertainment and hospitality provided by or to company staff in accordance with the principles outlined above. This register will be subject to regular quality assurance and will be maintained by Compliance. For further detail regarding permissible gifts, entertainment and hospitality please refer to the Gifts, Entertainment and Hospitality Procedure listed in section 4.7.  

4.3. Critical Contributions and Appointments 

Political contributions or donations in cash or kind on behalf of Ciklum are not permitted without Board approval. 

In considering whether or not a donation should be approved, the Board will need to be assured that there is no potential conflict of interest affecting a material transaction in connection with the contribution and to protect the Company’s reputation. Furthermore, any Ciklumers who obtain or are looking to obtain appointment to a public office must obtain approval of the Board before doing so. 

4.4. Charitable Donations and Sponsorship 

Charitable donations and sponsorship may only be provided to recognized non-profit charitable organisations with the prior approval of Compliance Function. Any charitable donations will not be made in recognition or anticipation of a business relationship with Ciklum. 

All charitable donations have to be: 

• Approved in accordance with applicable procedures; 
• Transparent and properly recorded in our books and records; and 
• Receipted or have a letter of acknowledgement from the charity to ensure that the donations receive the proper tax treatment 

Charitable donations should not: 

• Be made to individuals or in cash; and 
• Be made at the request of a public official as an inducement to or reward for acting improperly. 

It should be ensured that there is no potential conflict of interest, see Section 4.4, affecting a material transaction in connection with a charitable contribution made or commercial sponsorship entered into. Charitable contributions and commercial sponsorships must not be made where there is a risk that a commercial transaction may be influenced or where the contribution/sponsorship could be regarded as a subsequent ‘reward’ for the awarding of a contract. 

4.6. Conflict of Interest 

A ‘Conflict of interest’ arises where a person’s position or responsibilities within their business unit presents an opportunity for personal gain above the normal rewards of cooperation. In other words, a conflict of interest exists when your personal interests interfere with the best interests of Ciklum. Ciklumers should attempt to avoid actual or apparent conflicts of interest. 

Any personal interests (or the interests of a member of immediate family) in relation to Ciklum’s business must be disclosed to your manager and the Compliance Function immediately. Disclosure is mandatory, failing to disclose a conflict or a perceived conflict is a violation of this policy and of our Code of Conduct. 

In situation that appears to present a conflict of interest we expect you to “refrain and report”. If it is not possible to avoid participating in the event or activity creating the conflict, promptly disclose the potential conflict to your supervisor and the Compliance Function, and avoid participating in decisions that might raise the appearance of a conflict until you receive appropriate guidance. 

4.7. Facilitation payments 

Facilitation payments are unofficial payments to public officials to ensure or speed up performance of routine and non-discretionary governmental actions such as processing a visa application, securing a mail service, or connecting utilities. These will be seen as bribes under UKBA, regardless of whether they may be a part of the “way of doing business” in a particular country. As a Ciklum’s representative, Ciklumer have not make any facilitation payment. 

The prohibition on facilitation payments may not apply to situations in which a Ciklumer is faced with a serious medical or safety emergency. A Ciklumer faced with such an emergency must either seek prior approval from the Group Compliance Director or, in circumstances where seeking prior approval is deemed impossible, record the details of any such payment or submit that information in writing to the Compliance Function within 48 hours of the payment being made. Any such payments should be accurately recorded as facilitation payments in Ciklum’s books and records. 

4.7. Procedural Guidance: Gifts, Entertainment and Hospitality 

Exchanging gifts and entertainment as well as provision of hospitality can create goodwill and establish trust in relationships with counterparties and business partners. It is important, however, that the guidelines set out below are followed in all cases. 

In line with the policy statements contained within section 4.2 of this document detailed below is an overview of the procedural requirements to guide staff in relation to Gifts, Entertainment and Hospitality. This section should be read and considered in-line with the earlier policy statements and requirements. 

4.7.1. Gift, Entertainment and Hospitality Limits 

Permissible gifts, entertainment and hospitality 

• It is acceptable to extend or receive occasional gifts, entertainment and hospitality having a maximum retail value of USD 200 per meeting as a gesture of goodwill or in furthering a legitimate business relationship. 
• The provision or receiving of gifts, entertainment or hospitality (including in the form of tickets to sporting event) that exceed a value of USD 200 may be acceptable under certain circumstances but require pre-approval of your manager with the notification of the Compliance Department 
• The total value of gifts, entertainment or hospitality given to or from the same organization over the course of any one calendar year must not exceed USD 1000 unless pre-approved by your manager with the notification of Compliance Department. 

4.7.2. Non-permissible gifts, entertainment and hospitality 

• Gifts in the form of cash payments are not allowed. It is prohibited to provide or receive cash as well as any cash equivalents (e.g. gift cards or loans) in any circumstances, regardless of amount. 
• You should not solicit gifts or entertainment from a current or potential client or business partner to gain an unfair advantage. 

It is prohibited to offer or give anything of value to a government official in order to win or keep business or gain an improper advantage 

4.7.3. Declaration of gifts, hospitality or entertainment 

Ciklumers must report, and where required, seek approval for each case when gifts, hospitality or entertainment provided by or to Ciklumers are in accordance with rules described below. 

The exception is that small and modest entertainment or hospitality such as a coffee, fruit, light alcohol or working lunches. These do not need to be declared. 

4.7.4. When dealing with clients 

The paragraph below is applicable for client-facing Ciklumers: developers, sales, SDMs, Branch Managers, People Partners and PPMC as they have access to the Salesforce application. Rules for Ciklumers who have no access to Salesforce are disclosed in paragraph 4.7.5. 

If you wish to make a gift to a customer or partner of any value, you are required to obtain approval for the gift in advance by submitting a gift approval request using the Gift Register on Salesforce. 

When planning, and providing, entertainment or hospitality and it is anticipate that the value of the entertainment and hospitality will exceed USD 200 approval should be sought from line managers and the Compliance Department notified. 

To do this you have to log into Salesforce, select the relevant account and click on the Gift Register field. If the gift is referred as an opportunity, you should select the relevant opportunity name as well. 

When dealing with third parties (other than clients) 

The paragraph below is applicable for administrative personnel and all other Ciklumers who have no access to the Salesforce application. Rules for Ciklumers who have access to Salesforce are disclosed in the paragraph 4.7.4. 

If you wish to make a gift to a third-party (vendor, partner or customer) of any value, you are required to obtain approval for the gift in advance by submitting a gift approval request using the Jira system. 

To do this you have to log into Jira, select project type “FD Request”, Issue type “Task”, FD Request type “Gift Register”. Gift details and approval 

You will be required to fill in several details about the gift, hospitality or entertainment you plan to make. This will include a brief rationale, recipient name and value of the gift, hospitality or entertainment. Then you have to submit your request. The request will then be subject to approval. If approved you will receive a gift approval reference code which you can use to reimburse your expenses. 

Expenses submitted for gifts made to customers or partners that have no gift approval reference code would be treated as unapproved and may not be reimbursed. 

4.7.4. Receiving of a gift, hospitality or entertainment 

If you are offered or receive a gift from a third party you should declare it before the gift is accepted (wherever possible) using the same means and approaches as described above in chapters 4.7.4 and 4.7.5 – Gift Register in Jira/Salesforce. 

There is no approval requirement for gifts, hospitality or entertainment received, but the declaration is subject for review. You will only be informed if it is not allowed to accept the gift. 

If acceptance is not permissible, you will be required to return what was received with the comment that Ciklum policy does not allow the acceptance of such a gift, hospitality or entertainment. 

If you receive a gift, hospitality or entertainment that is not permissible according to Ciklum policy and it is impossible to return it, you have to make sure you declare this using the Gift Register. 

 

 

5. Anti-Money Laundering

5.1. Money Laundering and Terrorist Financing Regulations 

People and organisations that are involved in criminal activity such as bribery, fraud or trafficking narcotics may attempt to launder money through apparently legitimate businesses in order to use the funds from their criminal activity and reduce suspicion. Ciklum will not accept or process money gained through criminal activity; we will only deal with reputable clients who are involved in legitimate business activities and whose funds are derived from legitimate sources. 

The details of Ciklum’s anti-money laundering, countering terrorist Financing (“AML/CTF”) measures including documentation rules and application of online tools and reports of risk intelligence screening provider are disclosed in the TPDD Procedure. 

5.2. Suspicious Activity Reporting 

Ciklum will establish and maintain a process for suspicious activity reporting. All Ciklumers have a personal responsibility to raise any suspicion of any potential illegality whether internal or external that may impact Ciklum to the Compliance Director as soon as possible. Ciklum must not take any action or encourage any actions by Company Staff that could constitute tipping off. Tipping off is a criminal offence. 

In certain jurisdictions (i.e. the UK) there is a requirement to report any suspicious activity to relevant authorities. Any external reporting requirements will be handled on a case by cases basis through collaboration between Ciklum Legal, Compliance and the Risk Management Committee. 

5.3. Potentially Suspicious Circumstances 

Situations which may cause a suspicion of illegality include, but are not limited to: 

• A client whose identity or ultimate beneficial ownership cannot be verified easily; 
• The source of a payment which is difficult to identify, or a payment which is received from a third party with no obvious connection to a customer client; 
• A customer wanting to pay for services in cash; 

Payments made from (or a request for a refund to) a foreign bank account or branch (particularly if the client does not have an obvious reason for conducting business within that country); 

• Any transaction involving an undisclosed third party; 
• Early cancellation of services in circumstances which seem unusual or for no apparent reason; and 
• Extensive use of corporate structures and trusts in circumstances where the customer’s needs are inconsistent with the use of these structures and trusts. 

5.3. Risk Assessment 

In line with the third party due diligence requirements there will be a consideration of a range of risk factors prior to engaging with any third parties. This will include a consideration of a number of factors that may increase the potential of money laundering exposure to Ciklum. Ciklum’s AML/CTF checks are structured to address the controls needed based on the risks posed by the products and services offered, customers served, and their geographic locations.  

6. Sanctions 

Sanctions are restrictive measures applied by a country, or group of countries, to enforce change. Sanctions can be split into two distinct areas; financial and trade sanctions. Financial sanctions are restrictions on providing economic resource to certain entities or individuals. Trade sanctions limit the ability to trade in particular items to certain territories, entities or individuals. They can also apply to any ancillary services related to the goods/services which are restricted. 

The details of sanctions check including documentation rules and application of online tools and reports of risk intelligence screening provider are disclosed in the TPDD Procedure. 

6.1. Applicable Laws and Regulations 

As a multi-national corporation Ciklum has numerous legal requirements relating to sanctions. For the purpose of this Policy Ciklum will use the sanctions imposed by the EU, UN and USA as a benchmark. The reason for using these regulations as a base is that not only will these regulations be directly applicable to certain Ciklumers but they are also seen as presenting the highest risk of enforcement action. In each jurisdiction Ciklum operates, there are laws and regulations restriction trading with certain individuals and entities. Where these conflict arises, Ciklum will take a decision on the appropriate course of action. 

6.1. Risk Assessment 

Prior to entering into a contractual relationship with any third party, the identity of the third party, its beneficial owners (if applicable), and the nature of the transaction itself should be screened against any applicable U.S. and E.U. sanctions, as well as any applicable export/import control regulations. Services to new customer will not be provided until such a customer and the transaction have been screened against U.S. and E.U. sanctions and applicable export/import control laws. 

Third Parties that are registered in countries having high levels of trade and commercial sanctions, such as but not limited to, Iran, Sudan and North Korea, are subject to particularly high levels of scrutiny and decisions on whether to engage with a third party registered or located in (or whose beneficial owners are citizens or residents of) such a jurisdiction. These decisions should be taken on a case-by-case basis, with consultation and approval of Group Compliance Director where necessary. 

The Country Manager should take all due care to protect the reputation of the Ciklum Group in connection with any such transaction and shall obtain beneficial ownership information for such third parties in order to perform a sanctions check, even before entering into preliminary agreements. 

6.2. US Persons 

Ciklum conducts business in the US and as such must be aware that US Sanctions apply to US persons (including individuals and entities) irrespective of their location. Consequently, US persons must not be asked to opine or be involved in any business relationship that would be prohibited, under US sanctions, if performed, by a US person, even in circumstances where the activity would be permitted by the Sanctions Policy and legal in other jurisdictions. These restrictions also apply to any transaction conducted in US Dollars. 

6.2. Escalating and Reporting 

Where any existing or potential customer, employee, third party or payment is identified as having a sanctions related restriction, or a potential restriction, this must be escalated to the Compliance Function for review and approval before any transaction can proceed. 

Compliance Function will review the screening results and if they agree with the screening results will liaise with the Compliance Director and other parties, as required, to decide on the appropriate course of action. 

If after screening, and subsequent investigation, the decision is made that there is a confirmed ‘positive’ hit against a relevant sanctions list then appropriate action must be taken by the Compliance Director. Appropriate action may include, but is not limited to, notifications to relevant legislation, licence applications and/or ceasing relationships with the relevant third party. 

7. Working with Third Parties 

7.1. Definition of a Third Party 

A third party is an entity, regardless of form and ownership, or an individual (e.g. private entrepreneur) with whom Ciklum has a business relationship. This includes, but is not limited to: 

• Suppliers; 
• Agents / Intermediaries; and 
• Customers. 

7.2. Prohibited Relationships 

Ciklum will only establish business relationships with reputable third parties who derive their income, wealth, funds, and assets from legitimate sources. Ciklum must not knowingly establish business relationships with individuals or entities who are subject to legal restrictions (including sanctions). 

7.3. Due Diligence Requirements 

7.3.1. Minimum Standards 

To ensure that Ciklum does not enter into any prohibited relationships and to ensure compliance with all legal and regulatory requirements, Ciklum will implement a risk-based Third Party Due Diligence Procedure (“TPDD Procedure”). Third Party Due Diligence (“TPDD”) will be completed before the initiation of any business relationship and will seek to verify the true identity of potential third parties, the expected nature of their relationships and transactions with Ciklum, and their reputation. 

The requirements of this Policy are mandatory and have to be followed for all third parties. They support the Ciklum Compliance Programme and apply to all Ciklumers in all Ciklum locations. 

In all instances the following steps must be followed as a minimum: 

1. Initial Screening: Using a screening solution to ascertain any red flags before continuing with the remaining due diligence. 
2. Risk Assessment: Using a range of factors to assess the level of financial crime and integrity risk associated with individual third parties. 
3. Due Diligence Checks: Conducting risk-based due diligence on higher risk third parties.
4. Approval: Approval for working with new third parties will always be required. However, the approver(s) will be determined by the risk rating and due diligence conducted. 

Where an increased risk of financial crime is identified with a third party, additional requirements may be required in line with the TPDD. Ciklum will not establish any business relationship, or initiate or commit to any transaction with a third party for which TPDD has not been completed and approved as required by this Policy or related procedures. 

7.3.2. Responsibility for conducting Third Party Due Diligence 

For each third party there should be an individual (the “Proposer”) who is assigned with overall responsibility for ensuring that the requirements of this Policy are followed. This should be a Ciklumer involved with the management of the relationship with the third party (for example, the Service Delivery Manager). Branch and Operational Managers are responsible for allocation of sufficient resources that are necessary to ensure that this Policy is fully implemented within their areas of responsibility. 

7.4. Politically Exposed Persons 

Any dealings with government agencies and government officials present an increased risk of bribery and corruption. As part of Third Party Due Diligence the identification and appropriate risk mitigation of relationships involving Politically Exposed Persons (PEPs) is essential. Ciklum will ensure that any risk assessment and associated due diligence considers the risks presented by PEPs. 

7.5. Communication with Third Parties 

When dealing with third parties, employees must make it clear that Ciklum has a zero tolerance approach to financial crime. Where contracts exist, these must contain relevant ABC clauses. Where appropriate, this Policy should also be communicated to third parties. Where any suspicion exists that a third party may be behaving unethically this should be reported to Compliance. 

7.6. Monitoring 

Ciklum will monitor third party relationships on an ongoing basis. The frequency and extent of ongoing monitoring will be determined by the third party’s risk rating. The results of Ciklum’s monitoring will be used to determine whether the Third Party Due Diligence conducted remains adequate. Where monitoring indicates a material change to a third party’s risk profile, Ciklum must update the Due Diligence information and reassess the financial crime risk associated with the business relationship. 

8. Record Keeping and Reporting Requirements

Ciklum must comply with applicable record keeping requirements and maintain records for the required length of time in accordance with established Procedures and legal and regulatory requirements. Records must be maintained in such a manner so that they will be accessible and retrievable in case of a law enforcement or regulatory request. 

Ciklum’s records should cover: 

• Evidence of the business reason for making payments to third parties; 
• Written records of hospitality or gifts accepted or offered, which will be subject to managerial review; 
• Expense claims relating to hospitality, gifts or other expenses incurred to third parties are submitted in accordance with our expenses Policies and specifically record the reason for the expenditure; and 
• All accounts, invoices, memoranda and other documents and records relating to dealings with third parties, such as clients, suppliers and business contacts, should be prepared and maintained with strict accuracy and completeness. No accounts must be kept “off-book” to facilitate or conceal improper payments. 

8.1. Existing Record Keeping Arrangements 

The following financial and accounting directives have been implemented to help ensure Ciklum’s compliance with international ABC regulations, including the FCPA: 

• All cash, bank accounts, investments and other assets of Ciklum must always be recorded accurately on the official books of the Company. 
• The Risk Management Committee will periodically initiate internal review the Company’s books, records, and controls to ensure their compliance with the requirements of the FCPA. 
• No Ciklumer shall falsify any accounting or other business record, and all Ciklumers shall respond truthfully and fully to any questions from the Ciklum’s internal or independent auditors. 
• Bank accounts should be opened or closed only upon the prior written approval of the Group Compliance Director and Finance Director (not country controller). In the absence of either of those, the Group CFO and Finance Controller would approve. Anonymous (“numbered”) accounts will not be maintained. 
• Payments will not be made into anonymous bank accounts or other accounts not in the name of the payee or of any entity known to be controlled by the payee. 
• No cash payments shall be made, except for regular, approved payroll payments or normal disbursements from petty cash supported by signed receipts or other appropriate documentation. Checks will not be drawn to the order of “cash,” “bearer” or similar designations. 
• Fictitious invoices, over-invoices or other misleading documentation will not be used. 
• Fictitious entities, sales, purchases, services, loans or financial arrangements will not be used. 
• Check requests will be in writing and contain a complete explanation of the purpose and authority for the payment. The explanation will accompany all documents submitted in the course of the issuing process and will be kept on file. 
• All expenses relating to foreign business must be supported by reasonable written documentation. 
• Payments to Third Parties will only be made in the country where a substantial portion of the related services are performed or the country from which the Third Party performing such services normally conducts business. 
• Payments for any services rendered to Ciklum by a government official (including an officer of a foreign government-owned or controlled commercial enterprise), including honorarium payments and reimbursement of expenses, will be made solely to the government agency or instrumentality employing the individual. Such payments will be made by check directly to the respective government agency or instrumentality, or by wire to its named bank account within the respective government agency’s or instrumentality’s country, or by wire through its duly authorized correspondent bank. 
• Receipts, whether in cash or checks, will be deposited promptly in a bank account of Ciklum. Any Ciklumer who suspects the possibility that a bribe, kickback or over-invoice is associated with a particular receipt or that an understanding exists that all or a portion of a receipt will be rebated, refunded or otherwise paid in contravention of the laws of any jurisdiction, will immediately report that suspicion in accordance with the reporting procedures addressed below under “Reporting Violations” Section.
• Personal funds must not be used to accomplish what is otherwise prohibited by this policy. 

 

9. Reporting, Whistleblowing and Investigations 

9.1. Reporting and Whistleblowing 

Any Ciklumer who suspects a violation of this policy must immediately report such suspected violation to respective Line Manager / Project Manager, HR Business Partner / People Partner or Compliance Function. If you are uncomfortable doing so, you may report by anonymously using Ciklum SpeakUp mailbox: SpeakUp@ciklum.com 

Never hesitate to ask questions, raise concerns, or seek the guidance you need. Ciklum will not tolerate any discrimination against anyone who has reported a concern in good faith. 

9.2. Investigation of incidents 

Ciklum will investigate any report of a violation with the principles of the Code of Conduct and this Policy. You must cooperate fully with any investigation, but should not investigate independently as alleged violations may involve complex legal issues, and you may risk compromising the integrity of a formal investigation. 

10. Training and Awareness

The Compliance Director is responsible for ensuring the designing and maintaining of financial crime training plan for all Ciklumers (including Senior Management) to ensure they have sufficient awareness of relevant regulations to manage risk and carry out their duties on behalf of Ciklum. 

As a minimum, all Company Staff will be provided with financial crime training on an annual basis, and no longer than thirteen months after the last training session took place. This training will be followed by a mandatory test that all Company Staff must pass based on their understanding of the material communicated. All training activity must be documented and maintained as required by the Company’s record keeping Policy. 

11. Policy 

11.1. Ownership and Review 

The Compliance Director is responsible for owning and maintaining this Policy. The Policy must be reviewed and updated on as-needed basis by the Compliance Director. New operational, legal and regulatory developments and emerging risks may trigger review and update of the Policy. 

All changes must be notified to and approved by the Risk Management Committee before the revised Policy is released and communicated to Ciklumers. A version control log – outlining the date of change, a description of change made and who has made the change – must be maintained up-to-date in order to ensure formal control over adjustments made to the Policy. As a result, management will take appropriate corrective action in the scope of laws, policies and procedures when breaches of laws, rules and standards are identified that might include disciplinary actions up to termination of a contract or employment, and if necessary taking legal action against the Ciklumer. 

11.2. Breaches 

All breaches of this Policy or related standards and procedures must be immediately reported to the Compliance Director. The Compliance Director is responsible for determining whether the breach is material and requires further escalation. 

Conduct that violates the law and/or company policies is ground for disciplinary or remedial action. In addition, failure to report a known violation of law or company policy by someone else may result in disciplinary action for Ciklumers and/or termination of employment/your relationship with Ciklum. The disciplinary action taken will be decided on a case by case basis. The action will be conducted in accordance with Ciklum’s HR procedures and corresponding legal requirements. 

Where laws have been violated, we will cooperate fully with the appropriate authorities.  

12. Definitions and Abbreviations 

Bribe and bribery 

Broadly, bribery is defined as giving or receiving a financial or other advantage in connection with the “improper performance” of a position of trust, or a function that is expected to be performed impartially or in good faith. 

Bribery does not have to involve cash or an actual payment exchanging hands and can take many forms such as a gift, lavish treatment during a business trip or tickets to an event. The types of bribery that take place in the commercial sector are numerous. Some simple examples are: 

• bribery in order to secure or keep a contract; 
• bribery to secure an order; 
• bribery to gain any advantage over a competitor; 
• bribery of a local, national or foreign official to secure a contract; 
• bribery to turn a blind eye to a health safety issue or poor performance or substitution of materials or false labour charges; and 
• bribery to falsify an inspection report or obtain a certificate. 

Ciklum’s definition of bribery also includes making “facilitation payments”. A “facilitation payment” is a payment or gift given (usually to a government official) to speed up a procedure or to encourage one to be performed. It does not include fees required to be made by law such as the payment of a filing fee for a legal document. The acceptance of a facilitation payment by a government official is an example of corrupt activity. 

Corruption 

Ciklum defines “corrupt conduct” or “corruption” as the abuse of entrusted power for private gain. Ciklum or Ciklum Group 

Ciklum or Ciklum Group is a group of companies that directly or indirectly are under common control of Ciklum Group Holdings Limited Holding Company, BVI and operating under Ciklum Trademark. 

Ciklumers 

The collective reference for employees (permanent or temporary, full or part time) of any Ciklum legal entity, or any of its affiliates or subsidiaries, as well as for others performing work for, or on behalf of, Ciklum. 

Compliance Champions Programme 

Compliance Champions Programme is the plan for nomination of compliance champions who have to act as compliance ambassadors in various departments and locations of Ciklum and facilitate the liaison between their own internal functions and the Compliance Function on compliance-related topics. 

The mission of compliance champions is to provide compliance face-to-face consulting themselves, roll out written standards coming from the Compliance Function within their own business units, implement their own initiatives in order to address their department-specific compliance needs as previously aligned with the Compliance Function, help identify the major areas subject to exposure, and encourage Ciklumers to speak up whenever they encounter potential violations. 

Entertainment 

Entertainment is distinguished from a gift as it typically involves meals, events or other forms of entertainment (e.g. sporting events, concerts, shows) where the provider participates in the meal, event or other form of entertainment. 

Gift 

A gift can be an item, but it also can include event tickets or the provision of services when the gift provider is not otherwise involved in the event or service (e.g. the giver provided the tickets but does not accompany the recipient to the event). 

Public official 

Public or Government official means: 

• Any officer or employee of a foreign government or any department, agency, or instrumentality thereof;  Employees of state-owned or controlled companies; 
• Any officer or employee of a public international organization; 
• Any person acting in an official capacity for or on behalf of a foreign government or government entity or of a public international organisation such as the United Nations, the World Bank, etc.; 
• Any foreign political party, party official, or any candidate for foreign political office; 
• Immediate family members of any of the above. 

Sanctions 

Sanctions are restrictive measures applied by a country, or group of countries, to enforce change. Sanctions can be split into two distinct areas financial and trade Sanctions. Financial sanctions are restrictions on providing economic resource to certain entities or individuals. Trade sanctions limit the ability to trade in particular items to certain territories, entities or individuals. Trade sanctions can also apply to any ancillary services related to the goods/services which are restricted. 

Money Laundering 

Money laundering involves taking criminal proceeds and disguising their illegal source in anticipation of ultimately using the criminal proceeds to perform legal and illegal activities. 

Leadership Team and Invited Members 

Leadership Team and Invited Members is the group of Ciklum top managers that contains from C-level officers (CEO, Global CFO, COO, CTO, CDO, CHRO, CRO and VP C&C) and directors – Legal Director, Compliance Director, Finance Director, Delivery Director and Commercial Director. 

Third Party 

A Third party is an entity regardless of form and ownership or an individual (e.g. private entrepreneur) that is involved in some way in interaction with Ciklum: supplier, agent, customer, and others. 

The Proposer 

The Proposer is an individual who is assigned with overall responsibility for certain third party (that was proposed by him to interact with Ciklum) for ensuring that the requirements of this policy are followed. This should be a Ciklumer involved with the management of the relationship with the third party (for example, the Service Delivery Manager or Procurement Specialist)