Fraud and Corruption are actions that can considerably affect the image and reputation of the company, as well as in general the scenario of the provision of its services mainly in relation to providing companies with a technology platform that automates the execution of security studies, identity validation and monitoring as well as the development of products and services that allow companies to perform security studies of third parties, development of software by intelligence collected by different sources enhanced with artificial intelligence, development of applications or information systems with open, free, closed and paid sources. Data analysis and intelligence through open and closed sources of information. Development of software, mobile applications and digital content. Likewise, it may carry out any other lawful economic activity both in Colombia and abroad.
As part of the company's commitment to promote the development of coordinated actions to prevent Fraud and Corruption, deter misconduct and encourage the commitment of its stakeholders, this Manual is established.
The purpose of this Manual is to guide and transmit to the counterparties that are directly or indirectly related to the Company, that, regarding the activities in the Company, they are done with the best market practices, within a framework of ethics and legal transparency. The Company "DOES NOT TOLERATE"any form of business, transaction, agreement, considered as corruption, bribery or fraud.
This Policy is complemented with the provisions of other internal regulations, such as: Internal Work Regulations, Internal Information Security Policy and Personal Data Processing Policy.
Promote in ARANDA SOFTWARE ANDINA S.A.S. a culture of prevention against Fraud and Corruption; by strengthening the principles, values and corporate policies; through the implementation and strengthening of internal control mechanisms that allow detection and treatment of events that occur or potentially risky.
- Promote an ethical culture within the Organization aimed at mitigating the risks of Fraud and Corruption.
- Facilitate Process Leaders to identify the main Fraud and/or Corruption risks to which their Area is exposed, with the purpose of defining and implementing effective, sufficient and timely controls through which to manage and mitigate such risks.
- Apply the methodology for the identification, assessment and control of Fraud and/or Corruption risks.
- Establish the positions responsible for detecting and preventing Fraud and/or Corruption risks.
- Define the methodology for measuring, evaluating and controlling the risk of fraud and/or corruption.
- Establish the channel through which complaints of fraud and/or corruption will be made.
This Manual is applicable to all processes involving fraud and corruption risk factors and is addressed to all the Company's counterparties. For the purposes of this Manual, those who involve a fraud and corruption risk factor and on whom these guidelines are determined are:
A. Suppliers and Contractors
B. Customers and prospects Customers
C. Shareholders
D. Subsidiaries.
E. Employees
F. Any other person related to the economic activity of the company.
These guidelines are designed to assist not only employees but all persons who have a relationship with the company. ARANDA SOFTWARE ANDINA S.A.S. to comply with our anti-corruption standards, it should be noted that any investigation activity required will be carried out regardless of the size of the alleged offender's service, position, title, nationality or relationship with the company.
The international legal framework for combating corruption includes the United Nations Convention against Corruption (UNCAC), which entered into force in 2005, as well as the Convention on Combating Bribery of Foreign Public Officials in International Business Transactions, which entered into force in 1999.
- Inter-American Convention against Corruption, 1977.
- African Union Convention on Preventing and Combating Corruption - 2003.
- Criminal Law Convention on Corruption -1998.
- Civil Law Convention on Corruption - Council of Europe 1999.
- Anti-corruption policy of the European Union, art. 29 of the Treaty on European Union.
- 1997 OAS Inter-American Convention against Corruption.
- 2005 UN Convention against Corruption.
- OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions of 2012.
- Guidelines on compliance programs related to the U.S. Foreign Corrupt Practices Act ("FCPA"). ⎫ UK bribery act ("UK bribery act").
- As one of the anti-corruption measures, the Colombian Government has entered into several international agreements, approved by the Congress of the Republic, the last one in 2012, with the Convention of the Organization for Economic Cooperation and Development (OECD), to combat bribery of foreign public servants in international transactions. As a result, the Government sanctioned Law 1778 of February 02, 2016 (Law 1778 or Anti-Bribery Law), establishing a special regime to impose administrative sanctions to legal persons involved in transnational bribery conducts.
- As a mandate, Article 2 of Law 1778 establishes that the Superintendence of Companies shall investigate and sanction acts of transnational bribery involving a legal person domiciled in Colombia, whether or not subject to State supervision or control.
- The Superintendence of Companies, based on the legal powers, especially provided in art. 23 and 36 of Law 1778 of 2016, issues Regulatory Circular 100-00003 of July 26, 2016, establishing a Guide for Legal Entities, for the implementation of the Business Transparency and Ethics program. The main regulations in Colombia are described in the Colombian Criminal Code, Law 599 of 2000, Law 1474 of 2011.
- Altos Directivos: Son las personas naturales o jurídicas, designadas, de acuerdo con los estatutos sociales o cualquier otra disposición interna de la persona jurídica y la ley colombiana, según sea el caso, para administrar y dirigir la persona jurídica, trátese de miembros de cuerpos colegiados o de personas individualmente consideradas.
- Asociados: Son aquellas personas naturales o jurídicas que han realizado un aporte en dinero, en trabajo o en otros bienes apreciables en dinero, a una sociedad a cambio de cuotas, partes de interés, acciones o cualquier otra forma de participación que contemplen las leyes colombianas.
- Auditoría de Cumplimiento: Es la revisión sistemática, crítica y periódica respecto de la debida ejecución de programa de ética empresarial.
- Canales receptores de denuncias: Medios habilitados por ARANDA SOFTWARE ANDINA S.A.S. para recibir denuncias. Se han habilitado los siguientes canales: oficialdecumplimientoptee@arandasoft.com, y la página web www.arandasoft.com
- Concusión Privada: La exigencia realizada a un tercero para que otorgue, prometa u ofrezca dinero o cualquier otro beneficio a cambio de realizar un acto propio de sus funciones o contrario a las mismas.
- Conflicto de interés: Se presenta cuando en las decisiones o acciones de un colaborador directo o contratista de ARANDA SOFTWARE ANDINA S.A.S. prevalece el interés privado y no el de ARANDA SOFTWARE ANDINA S.A.S. De esta manera esta persona o tercero implicado, obtendría una ventaja ilegítima en detrimento de los intereses de la Empresa.
- Contratista: Se refiere, en el contexto de un negocio, a cualquier tercero que preste servicios a una persona jurídica o que tenga con esta una relación jurídica contractual de cualquier naturaleza. Los contratistas pueden incluir, entre otros, a proveedores, intermediarios, agentes, distribuidores, asesores, consultores y a personas que sean parte en contratos de colaboración o de riesgo compartido con la persona jurídica.
- Corrupción: Es la voluntad de actuar deshonestamente abusando del poder encomendado por ARANDA SOFTWARE ANDINA S.A.S. a cambio de sobornos o beneficios personales, ya sea de manera directa o indirecta y favoreciendo injustamente a terceros en contra de los intereses de la Empresa.
- Debida Diligencia: Alude, en el contexto de esta Política, a la revisión periódica que ha de hacerse sobre los aspectos legales, contables y financieros relacionados con un negocio o transacción internacional, cuyo propósito es identificar y evaluar los riesgos de soborno transnacional que pueden afectar a una persona jurídica, sus sociedades subordinadas y a los clientes y proveedores.
- Empleado: Es el individuo que se obliga a prestar un servicio personal bajo subordinación a una persona jurídica o a cualquiera de sus sociedades subordinadas, a cambio de una remuneración.
- Entidad gubernamental: Para efectos de esta guía se entenderá, como tal, a todos los organismos que comprenden el Gobierno Nacional, local o municipal, las empresas comerciales de propiedad del Estado o controladas por el mismo, organismos y agencias internacionales como el Banco Mundial, Cruz Roja Internacional, partidos políticos, entre otros.
- Fraude: Cualquier acto ilegal caracterizado por engaño, ocultación o violación de confianza, los cuales no requieren la aplicación de amenaza de violencia o de fuerza física.
- Política: Documento en el cual se incluyen recomendaciones para la adopción de los principios, cuya efectividad le permitirá a cualquier persona jurídica identificar, detectar, prevenir y atenuar los riesgos de Soborno Transnacional.
- Ley FCPA: Ley de Prevención de Prácticas Corruptas en el Extranjero (Foreign Corrupt Practices Act –FCPA por sus siglas en inglés). La FCPA establece que es un delito pagar u ofrecer cualquier cosa de valor, directa o indirectamente a un funcionario gubernamental, para obtener o retener negocios o conseguir una ventaja de negocios impropia.
- Ley 1778 o Ley Anti-Soborno: Es la Ley 1778 de febrero 2 de 2016.
- Negocio o Transacción Internacional que se realice a través de terceros: Hace referencia a los negocios o transacciones internacionales que realice una sociedad colombiana a través de un intermediario o contratista o por medio de una sociedad subordinada o de una sucursal que hubiere sido constituida en otro estado por esa sociedad.
- OCDE: Organización para la Cooperación y el Desarrollo Económicos.
- Pagos de facilitación: Pagos realizados a funcionarios gubernamentales con el fin de asegurar o acelerar trámites de carácter legal y rutinario en beneficio personal o de la empresa.
- Parte interesada: Persona u organización que pueden o se encuentran afectadas por decisiones o actividades conjuntas.
- Persona Jurídica: Es una persona ficticia, capaz de ejercer derechos y contraer obligaciones, y en el contexto de este manual, se refiere a las entidades que deberían poner en marcha un programa de ética empresarial. El término persona jurídica se refiere, entre otras, a cualquier tipo de sociedad de acuerdo con las leyes colombianas, las entidades que sean consideradas como controlantes en los términos del artículo segundo de la Ley Anti-Soborno, las entidades sin ánimo de lucro domiciliadas en Colombia y cualquier otra entidad que sea calificada como persona jurídica conforme a las normas colombianas.
- Políticas de Cumplimiento: Son las políticas generales que adoptan los Altos Directivos de una persona jurídica para que esta última pueda llevar a cabo sus negocios de manera ética, transparente y honesta y esté en condiciones de identificar, detectar, prevenir y atenuar los riesgos relacionados con el soborno transnacional y otras prácticas corruptas.
- Principios: Tienen como finalidad la puesta en marcha de los Sistemas de Gestión de Riesgos de Soborno Transnacional. Programa de Ética Empresarial: Son los procedimientos específicos a cargo de la Junta Directiva, encaminados a poner en funcionamiento las Políticas de Cumplimiento.
- Bribery: Anything that has value and is offered, promised or given in order to influence a decision to deal or to give it an improper or undue advantage.
It has the following responsibilities with respect to the strategy to combat corruption:
- Establish policies and implement this manual which includes instructions to be given regarding the structuring, execution and supervision of actions aimed at the effective prevention of bribery and corruption.
- Demonstrate commitment to the Manual and set an example with their actions and expressions to promote a culture of ethics and non-tolerance of acts of corruption.
- Review and recommend improvements to internal procedures that strengthen actions to combat corruption in the processes under its responsibility.
- Provide support and direction regarding the implementation of the Anti-Corruption and Anti-Fraud Policy Manual in all areas of the company. ARANDA SOFTWARE ANDINA S.A.S.
- Ensure the adequate implementation of controls that mitigate corruption risks.
- Communicate corruption events to the management or administrative area or through the reporting channels provided for this purpose.
The Administrative and Financial Management shall ensure compliance with this Manual, and shall have the following functions:
- To promote the definition and dissemination of the Anti-Corruption and Anti-Fraud Policy Manual and other relevant guidelines to combat corruption throughout the Company.
- Serve as a reliable advisor to Senior Management on events that may represent acts of corruption.
- Recommend to Senior Management preventive measures and/or actions before competent bodies (judicial and/or disciplinary) to strengthen the anti-corruption strategy.
- It is responsible for the proper articulation of compliance program policies.
- Submit to the Senior Management, at least every three months, reports on its performance in the supervision of the provisions of this Manual.
- Conduct periodic activities to assess the risks of bribery, fraud and corruption with employees selected by him, or even through third parties hired for such purposes ARANDA SOFTWARE ANDINA S.A.S.
- Informing managers of ARANDA SOFTWARE ANDINA S.A.S. about the infractions committed by any employee with respect to the Compliance Program, so that the corresponding sanctioning procedures are carried out, as established in the Internal Work Regulations.
- Selecting and facilitating ongoing training of employees of ARANDA SOFTWARE ANDINA S.A.S. concerning the Anti-Corruption and Anti-Fraud Policy Manual.
- Support the system that puts in place ARANDA SOFTWARE ANDINA S.A.S. to receive complaints from any person regarding a case of bribery, fraud, corruption or any other improper practice.
- To order the initiation of internal investigation procedures in the legal entity, through the use of its own human and technological resources or through third parties specialized in these matters, when it has suspicions that a violation of Law 1778, the Compliance Program and other national and internal regulations that sanction this type of conduct has been committed.
- Supervise the proper implementation/advancement of the anti-corruption strategy and report significant facts to the General Management and/or Audit Management.
- Ensure adequate communication/dissemination of corruption or relevant events.
In addition to those set forth in other bylaws such as the Internal Work Regulations, Data Processing and Information Security Policies, employees have the following obligations:
- Know, understand and apply the Anti-Fraud and Anti-Corruption Policy Manual.
- Execute the anti-corruption controls in charge and leave evidence of their compliance.
- Obligation to report suspicious actions or incidents related to corruption in their work environment and in third parties contracted by the company. ARANDA SOFTWARE ANDINA S.A.S.
- Cooperate in the investigation of allegations related to corruption carried out by the competent authorities.
- Know, understand and apply the Anti-Fraud and Anti-Corruption Policy Manual.
They shall have the obligation to report to the criminal, disciplinary and administrative authorities, acts of corruption, as well as the alleged commission of a crime against public administration, a crime against the economic and social order, or a crime against economic assets that they have detected in the performance of their duties, in accordance with Law 599 of 2000, Law 1778 of 2016 and other concordant regulations.
They shall also bring these facts to the attention of the corporate bodies and the Company's management. The corresponding complaints must be presented within the month following the moment in which the statutory auditor had knowledge of the facts. For the purposes of this, the professional secrecy regime that protects the statutory auditors shall not be applicable.
Establish control and auditing systems, in accordance with Article 207 of the Code of Commerce and the applicable accounting standards, that allow it to verify the accuracy of the accounting and ensure that transfers of money or other assets that occur between the Legal Entity and its Subordinate Companies are not concealed.
- Principle of Legality: All persons linked to the Company are committed to ensure compliance not only with the letter but also with the spirit of the Constitution and Colombian laws, likewise, with the provisions and regulations issued by the authorities and the rules and policies set by ARANDA SOFTWARE ANDINA S.A.S.
- Principle of Honesty: To the extent that all workers are aware of their responsibilities and their moral, legal and labor obligations and practice them, it can be affirmed that they will be fulfilling their duties to the community, the Company and the Country and the only way to do so will be guided by the path of legitimate, honest and transparent activities, services, business, and operations.
Those with higher hierarchical levels and responsibility for Company assets and processes should be more committed to exemplary conduct towards their subordinates.
- Principle of Good FaithAct in good faith, with diligence and care, permanently ensuring respect for people and compliance with the law and giving priority in their decisions to the principles and values of the Company over the particular interest.
- Principle of Loyalty: For loyalty with the Company, every person must communicate in a timely manner to their immediate superiors any fact or irregularity committed by another employee or a third party, which affects or may harm the interests of ARANDA SOFTWARE ANDINA S.A.S., of its customers, contractors, suppliers, shareholders, among others. If the employee prefers to keep in reserve their identification to communicate this fact, you can do so through the person delegated by the Board of Directors of Shareholders or the Internal Control Office.
- General and Corporate Interest PrincipleOur actions must always be governed by the general interest and management at all levels must be devoid of any personal financial interest. Transparent conduct is exempt from payments or acknowledgments to obtain or retain business or gain a business advantage.
- Principle of Truthfulness: We tell and accept the truth above any consideration. The information we issue to the general public is truthful.
In accordance with the foregoing, any person associated with ARANDA SOFTWARE ANDINA S.A.S. by any means is co-responsible for the proper and correct application of the Internal Working Regulations R.I.T, Internal Information Security Policy, Policy for the Treatment of Personal Data and this Anti-Fraud and Anti-Corruption Policy Manual and especially have the full support of the Management of the Company, to act in accordance with the principles stated in this document.
For this reason, the Company's Management values and recognizes the effort and commitment of those people who act with rectitude and watch over the probity of our business management.
ARANDA SOFTWARE ANDINA S.A.S. adopting good practices, adopts the implementation of systems, procedures, protocols and control and reporting mechanisms, through the Internal Control office for the supervision and compliance of this manual by the company, in order to ensure the prevention, identification and treatment of acts and behaviors that are considered unlawful because they lack legitimacy and transparency.
The collaborators of ARANDA SOFTWARE ANDINA S.A.S. shall refrain from incurring in any of the following behaviors:
These are payments made to secure or accelerate procedures before government officials or a private entity of a legal and routine nature with which the company is involved. ARANDA SOFTWARE ANDINA S.A.S. has a contractual or commercial relationship.
Such acts are prohibited by ARANDA SOFTWARE ANDINA S.A.S.and can be of any amount. These payments can be:
- Influencing a court decision
- Avoiding a tax audit
- Performing acts contrary to their own functions in the service of the workers, which are set forth in the employment contract.
- Refuse to delay or omit to perform an act proper to his functions, or to perform an act proper to his functions.
- To expedite the act proper to its functions
- Offering or granting gifts, money, presents or any other benefit to third parties who know, have known or will know of a matter of interest to the Company or to the employee or manager, on the occasion or in the performance of their duties within the Company.
- Any other that is fraudulent or corrupt in nature
It is the policy of ARANDA SOFTWARE ANDINA S.A.S. not to offer or grant gifts or any other benefit to public officials, government entities or persons under private law.
No employee is authorized to condition or seek to condition a negotiation based on any gift to any user, customer, supplier, consultant or any third party.
Any type of payment to government officials or entities, either directly or through partners, workers, contractors or intermediaries, is a warning sign, and the following provisions must be complied with:
All transactions with public officials, governmental entities or private persons must be reported to Management and the Internal Control Office.
In order to comply with the above, the collaborator or the unit that requires to carry out any type of transaction must:
- Report to Management and the Internal Control Office.
- The transaction must be reported at least 5 business days in advance.
- Transactions are understood as any type of: Payments, sponsorships, grants, donations, corporate products, bonuses, securities, gifts, invitations, transportation (air, land, sea), hotels, entertainment, training, coaching, training and in general any goods or services in cash or in kind.
If a transaction with a government official or entity, officers and employees of private companies that has not been reported is identified, it must be reported immediately to Management and the Internal Control Office.
- All transactions with public officials, governmental entities or private persons must be recorded in separate and exclusive accounting accounts for this purpose.
In order to advance the processes of Due Diligence and Compliance Audits, the following activities, among others, will be carried out within the Company:
- At the time of initiating an international transaction by the Company, activities will be carried out to verify that the third party or potential contractor is not linked to acts of transnational bribery.
- The Internal Control Office, at least once a year, will request information from the Company's departments on the international transactions carried out, in order to establish which of them may have a risk of transnational bribery and to formulate the pertinent recommendations.
- In case of international transactions, the Internal Control Office shall provide, among others, the following information: Name of the third party or contractor with which ARANDA SOFTWARE ANDINA S.A.S . The third party or contractor with whom ARANDA SOFTWARE ANDINA S.A.S. carried out the international transaction, the object of such transaction, its term, amount and a support of the same.
- Once the information requested above has been received, the Internal Control Office will make a verification with the information available from the contractor or third party. Such review may deal with legal, accounting and/or financial aspects related to the international transaction, the purpose of which will be to identify and evaluate the risks of transnational bribery that may affect the Company.
- Following this review process, the Internal Control Office will submit a semi-annual report to the company's management, including the main conclusions and recommendations of the review.
- Proof of due diligence or auditing processes shall be provided.
The prohibition of a payment to a foreign official applies to direct and indirect payments.
Examples of prohibited payments to foreign officials that include payments:
- To influence the award of a contract with the state.
- To avoid due governmental action, such as the imposition of a tax or fine or annulment of an existing government contract.
- To obtain a license or other authorization from a state where the issuance involves the discretion of the officer or his or her government.
- To obtain confidential information about business opportunities or about competitors' activities.
- To draft bid specifications for government projects in a manner that favors certain bidders.
- To obtain the right to open a mine or secure a zoning decision.
- To influence the tax rate to be applied to a company's operations.
- To reduce government controls.
- To resolve governmental disputes, e.g., resolution of tax deficiencies or a dispute over unpaid tariffs.
- To affect the nature of foreign regulations or the application of regulatory provisions.
- Demanding, abusing his functions or position, a third party to grant, promise or offer money or any other benefit in exchange for performing an act that is proper or contrary to his functions.
- Explicitly demand money, gifts or any other utility to third parties or induce the third party to give or offer to ARANDA SOFTWARE ANDINA S.A.S. collaborator or manager, money, gifts or any other utility, to perform an act proper to their functions, to expedite it, or to refuse, delay or omit an act proper to their functions. money, gifts or any other utility, to perform an act proper to their functions, to expedite it, or to refuse, delay or omit an act proper to their functions.
- Unduly use influence derived from their position, position, or friendship, with respect to a third party, whether a public servant or private citizen, to benefit them in any way, or to seek a benefit for ARANDA SOFTWARE ANDINA S.A.S.
- It is not necessary for the recipient of the influence to accede to the request of the person who improperly uses the influence derived from his office, position or the relationship of friendship or similar relationship with the third party.
Adulterate the content of a document, either by integral creation, as when a document is totally created, imputing its authorship to someone who has not created it, or altering its content.
- Such as when it is added, modified or deleted, whether or not in essential parts and regardless of whether or not this causes damage to a third party.
- Consign in a document related to the position or functions of an officer or collaborator of ARANDA SOFTWARE ANDINA S.A.S. a statement that is contrary to the truth, or when omitting to give evidence, in whole or in part, of a fact that has occurred, regardless of whether this results in damage to the entity or to a third party.
To accept or receive for oneself or for another any kind of offer, money, gift or any other utility, from a person interested in the matter to be heard.
Demonstrate interest through external acts in a certain act or contract being awarded or agreed with a particular third party.
- Disclose to third parties who do not have the right to know it, information that should remain confidential.
- Store or retain on any personal use device or in any database.
- In addition to violating this manual, the above fragments and breaches the confidentiality agreement entered into with ARANDA SOFTWARE ANDINA S.A.S.
The Administration of ARANDA SOFTWARE ANDINA S.A.S. in accordance with its principle of NO TOLERANCE to acts of fraud, bribery or corruption and its commitment to permanent compliance with policies, procedures and behavioral guidelines included in the Internal Work Regulations and in this Anti-Fraud and Anti-Corruption Policy Manual, expects all its employees, managers, customers and suppliers to comply with and promote their compliance.
Failure to comply with this manual will be subject to disciplinary and labor sanctions, as well as criminal complaints, which may lead to the termination of the employment contract for employees, termination of business relationships with customers and / or suppliers, and the certification of copies for the respective investigation with the competent administrative and judicial authorities.
The Superintendency of Companies shall impose one or more of the following sanctions on legal entities that incur in the conducts set forth in Article 2° of Law 1778 of 2016:
- Fine of up to two hundred thousand (200,000) legal monthly minimum wages in force.
- Inability to contract with the Colombian State for a term of up to twenty (20) years. This inability shall be imposed on legal persons.
- Publication of an extract of the decision in the media of wide circulation and on the website of the sanctioned legal entity.
- Prohibition to receive any type of incentive or subsidy from the Government for a period of 5 years.
It is consecrated as a fundamental mechanism for the prevention of fraud, bribery and corruption to create a culture of attention and awareness to all employees of ARANDA SOFTWARE ANDINA S.A.S., through permanent training programs.
The design, programming and execution of training programs for employees must be the responsibility of the Internal Control Office, and these programs must be approved, in addition, by the Board of Partners, regarding their content, orientation, methodology and budget.
The Internal Control Office will be responsible for keeping THE COMPANY updated in relation to new internal policies approved by the Board of Directors, laws, regulations, self-regulation standards and other recommendations and practices that help to maintain an efficient control of anti-corruption risk.
The disclosure processes will be immediate, using the internal communication mechanism to materialize the principle of PUBLICITY.
The disclosure, training and education program will be a task to be determined by the Board of Directors of the Shareholders, delegated by an accredited collaborator or by an external professional of the company.
The present Anti-Fraud and Anti-Corruption Policies ManualThe present manual, come into force fromSeptember 2022, after disclosure in the media of the company , especially through its website. ARANDA SOFTWARE ANDINA S.A.S. especially through its website.