Skip to content

Transparency and Business Ethics Policy (PTEE)

1. Introduction

In the Colombian and global environment, there have been risks of corruption, bribery and transnational bribery which can expose companies to illicit relationships that cannot be controlled, therefore, companies have chosen to generate a program that allows to maintain the identification, measurement, control and monitoring by companies, through anti-corruption and auditing tools with the priority that these risks do not materialize, since these risks can generate reputational, financial, legal, among others, damages.

The Superintendence of Companies has been working hard to control and monitor companies so that they are not used as a means to carry out corruption, bribery and transnational bribery illicit activities that may affect the Colombian economy.

Due to the above and in order to establish guidelines to prevent the materialization of C/ST risks, the Superintendency issued External Circular No. 100 - 000011 of August 9, 2021 and Law 2195 of January 18, 2022.

This program seeks to implement an organizational culture, ensuring compliance with the policies, procedures and guidelines established for the control of C/ST risks.

The counterparties defined by the company are committed to complying with the transparency and business ethics program.

2. Context

In accordance with the provisions of Circular 100-000011 of August 9, 2021 and Law 2195 of January 18, 2022, the Business Ethical Transparency Program is defined, which describes the activities with which the company implements controls for the prevention of the risk of transnational bribery, corruption and corrupt practices based on the guidelines established in the code of ethics and policies defined by ARANDA SOFTWARE ANDINA S.A.S.hereinafter ARANDA SOFTWARE.

3. Objective

To establish the policies and procedures through which ARANDA SOFTWARE determines its ethical and transparent behavior in the exercise of its activity and business, determining the conditions under which it will be able to identify, detect, prevent and mitigate risks related to bribery, transnational bribery and corruption.

4. Scope

The Transparency and Business Ethics Program is aimed at all the activities carried out by ARANDA SOFTWARE and its counterparts. With special emphasis, the program will be observed and complied with by those who have direct and indirect contact with national and/or foreign public servants.

5. Definitions and abbreviations

Associates: those natural or legal persons who have made a contribution in money, work or other goods that can be appreciated in money to ARANDA SOFTWARE in exchange for quotas, parts of interest, shares or any other form of participation contemplated by Colombian law.

Compliance audit: It is the systematic, critical and periodic review regarding the due execution of the Transparency and Business Ethics Program.

Beneficial owner: final beneficiary means the natural person(s) who ultimately owns or controls directly or indirectly a customer and/or the natural person on whose behalf a transaction is conducted, also includes persons exercising effective and/or final control directly or indirectly, over a legal entity or other unincorporated structure.

Conflict of interest: Situation in virtue of which a person, by virtue of his activity, is faced with different alternatives of conduct in relation to incompatible interests, none of which can be privileged in attention to legal or contractual obligations.

Contractor: Refers, in the context of an international business or transaction, to any third party providing services to. ARANDA SOFTWARE or that has with this one a contractual legal relation of any nature.

Corruption: Refers to the misuse of powers derived from a relationship of authority or trust for the purpose of obtaining an undue advantage, both in the public and private sectors.

Due diligence: Periodic review to be made on the legal, accounting and financial aspects related to an international business or transaction, whose purpose is to identify and evaluate the risks of transnational bribery, national bribery and corruption that may affect or involve ARANDA SOFTWARE and contractors.

Employee: It is the individual who is obliged through an employment contract to provide a personal service under subordination to ARANDA SOFTWAREin exchange for remuneration.

Transnational bribery and corruption risk management: Refers to the process of identification, analysis, evaluation and treatment of bribery and corruption risks or any other corrupt practices, defined in the Risk Management and Control Procedure HRC-CP-01.

Ethics Compliance Officer: Is the natural person appointed by the General Assembly to lead and manage the Business Ethics and Transparency Program of ARANDA SOFTWARE.

Corrupt practice: Consists of offering, giving, receiving or soliciting, directly or indirectly, anything of value to improperly influence the actions of another party or for personal gain.

Bribery: The act of giving, offering, promising, promising, requesting or receiving any gift or thing of value in exchange for a benefit or any other consideration, or in exchange for performing or omitting to perform an act inherent to a public or private function, regardless of whether the offer, promise, or request is for oneself or for a third party, or on behalf of that person or on behalf of a third party.

Transnational bribery: It is the act by virtue of which, the company, through its employees, administrators, associates or contractors, gives, offers or promises a foreign public servant, directly or indirectly:

(i) Sums of money

(ii) Objects of pecuniary value

(iii) Any benefit or advantage in exchange for that public servant performing, omitting or delaying any act related to his or her functions and in connection with an international business or transaction.

6. Description of activities and general information

6.1. Responsibilities

6.1.1. Shareholders' Meeting

  • Ensure the provision of the economic, human and technological resources required by the Ethics Compliance Officer for the development of the Business Ethics and Transparency Program and the related procedures that apply.

  • To order the appropriate disciplinary, administrative and legal actions against employees who have management and administrative functions or against partners, when they violate the provisions of the Business Ethics and Transparency Program.

  • Evaluate, follow up and, if necessary, require adjustments or modifications to the Transparency and Business Ethics Program.

  • Lead an appropriate communication strategy to ensure effective dissemination of the Anti-Bribery and Anti-Corruption Policy and the Business Ethics and Transparency Program to employees, partners, suppliers, contractors and the general public.

6.1.2. Ethics Compliance Officer

  • Articulate compliance policies with the Transparency and Business Ethics Program.

  • Submit to the Assembly reports on its management as Ethics Compliance Officer, on an annual basis, as defined in section Reports.

  • Lead the structuring of the Transparency and Business Ethics Program, contained in this Manual.

  • Lead periodic bribery and corruption risk assessment activities.

  • Inform the Assembly of any violations committed by any employee with respect to the Business Ethics and Transparency Program, so that the corresponding sanctioning procedures may be carried out in accordance with the Code of Ethics and the Internal Work Regulations.

  • Select and facilitate ongoing training of employees in the prevention of transnational bribery, during induction and re-induction processes, as defined in section Disclosure and Training.

  • Manage the system put in place by the company to receive complaints from any person regarding a case of bribery or any other corrupt practice.

  • Order the initiation of internal investigation processes, through the use of its own human and technological resources or through third parties specialized in these matters, when it has suspicions that a violation of Law 1778 of 2016, Law 2195 of 2022 or the Transparency and Business Ethics Program has been committed.

6.1.3. Employees

  • Apply and comply with the provisions defined in the Transparency and Business Ethics Manual and in the regulatory provisions on which it is based.

  • Report any act of bribery and/or corruption within ARANDA SOFTWARE, through the channels provided by the company, as well as cooperate in the investigations that are carried out.

  • Participate in the training (induction and re-induction) on the Transparency and Business Ethics Program, to which he/she is summoned.

  • For employees involved in the supplier contracting process and in the linking of direct or indirect employees, verify that the documentation provided is complete and matches the information recorded in the supplier knowledge form, ensure that consultation is carried out in binding and restrictive lists and that anti-bribery and anti-corruption clauses are incorporated in the contractual agreements. This is in accordance with internal procedures.

6.1.4. Statutory Auditor

With the issuance of Law 1778 of 2016, the Statutory Auditor was granted oversight powers that exceed those of representing the interests of the partners against the operations entered into or executed in the Company. In fact, according to the mandates of Article 32 of the aforementioned law, the Statutory Auditors acquire the obligation to report before the criminal, disciplinary and administrative authorities, the possible acts of bribery and corruption that they may have detected in the exercise of their office.

6.1.5. Anti-Bribery - Anti-Corruption Policy

ARANDA SOFTWARE has established conditions to mitigate and control bribery and corruption by defining the Policy for Risk Management and Compliance HRC-PL-01, where it is committed to established guidelines to mitigate bribery, transnational bribery and corruption.

6.1.6. Risk management

ARANDA SOFTWARE defines the Risk Management and Control Procedure HRC-CP-01 and the Risk Management Matrix HRC-FT-01 whose scope includes the identification, analysis, evaluation and treatment of the company's risks, addressing bribery, corruption, transnational bribery and any other corrupt practice, likewise, the company defines the Policy for Risk Management and Compliance HRC-PL-01 where it is committed to risk management through standardized and controlled tools.

6.1.7. Due Diligence

Counterparts: ARANDA SOFTWARE integrates and standardizes control measures for the identification and knowledge of natural or legal persons prior to establishing a contractual legal relationship of any nature, for this reason in the Due Diligence Procedure HRC-CP-02 describes the step by step to know and update the data of their counterparties, in the same way to validate their background and reputation in general.

Changes in shareholder composition: The knowledge of legal entities is an integral part of the identification and control of the members of the company, for this reason the due diligence process must be applied to those who intend to advance any type of business reorganization process such as mergers or acquisitions, see HRC-CP-02 Due Diligence Procedure.

New business lines or projects: in each negotiation process and investment analysis, a due diligence on compliance with anti-bribery and anti-corruption rules will be carried out before making a final decision on the investment or merger. Likewise, in the event that the acquisition or merger is completed, ARANDA SOFTWARE will ensure that the acquired company implements, within a reasonable period of time, the present Business Ethics and Transparency Program.

6.1.8. Transparency and Corruption Prevention Management Transparency of information

Financial information and records are the fundamental inputs for the development of processes and the making of the right decisions; they also allow us to demonstrate compliance with our obligations to employees, shareholders, customers, suppliers and regulatory authorities. For this reason ARANDA SOFTWARE guarantees that all records are truthful, valid, complete, accurate and must be in accordance with the legal requirements, so that ARANDA SOFTWARE can confirm and retrieve the information in a transparent manner.

In accordance with the above, the statutory auditors verify the financial statements and balance sheets, as well as the accounting movements that may be executed, confirming the veracity of the information recorded and its coherence with the economic, transactional and patrimonial situation of ARANDA SOFTWARE.

All accounting information (records, books, documents) will be available for inspection to ensure that there are no parallel accounts or duplicate accounting.

It is forbidden to issue and/or keep records of non-existent expenses, or of liabilities without correct identification of their purpose, or of transactions that do not contain a genuine and legitimate purpose, in addition to which accounting books or other relevant documents shall not be intentionally destroyed earlier than established by law. Resolution of conflicts of interest

For ARANDA SOFTWARE we consider the behaviors and situations generating conflict of interest that require special attention and management under this policy:

  • Employees may not have a family relationship with people who have a direct work relationship within the organizational structure of the area and/or in any of the structures of the internal clients with whom they work directly. The above will only be authorized if it is exposed from the selection and hiring process and is authorized by the company's management, the authorization must be recorded by e-mail.

The conflict of interest derived from the aforementioned relationships shall be considered a serious misconduct for all legal purposes, as it compromises the personal decision-making judgment of the person who occupies the highest organizational level. It is also considered a serious misconduct for all legal purposes when it is not declared in time or if, as a result of the relationship, the interests, policies or benefits of the organization are contravened.

Notification of conflict of interest situations: It shall be an essential obligation for all collaborators to notify human management that they have a sentimental, family, commercial or shareholder relationship that may represent a conflict of interest with the company or with third parties linked to it.

Failure to comply with the aforementioned obligation shall constitute a serious violation of the obligations arising from the contract, and the employer may take the corresponding measures in accordance with the legal regulations in force.

Notification procedure. Situations that could constitute a conflict of interest must be notified to your immediate superior and to the Human Resources area as soon as they are perceived and prior to the execution of any action that could be affected by them.

Notification of conflict of interest with suppliers: For those persons who notify having a sentimental or family relationship with third parties (suppliers, personnel of government entities with which they have a relationship in the performance of their duties, etc.), the company reserves the right to seek the services of another supplier that offers the same quality, benefits and/or costs of the current one.

In the event that the supplier is a key supplier for the organization or that the termination of the service with the supplier implies a risk or disadvantage or the service contracted is essential for the continuity of the business, the Compliance Officer and the hierarchical superior must be notified, who together with the Human Resources area must seek the transfer of the employee in order to maintain the business relationship with the supplier, or limit his functions to eliminate the conflict of interest.

EXCEPTIONS: Any exception to these guidelines must be validated by the Compliance Officer and authorized by the Legal Representative, through a written document describing the exception. Protection of Contractuals

In order to prevent the occurrence of bribery, transnational bribery, corruption and other corrupt practices, commitments must be included in labor contracts, security agreements, contracts and records of knowledge signed by employees, customers and suppliers, respectively.

These contracts must stipulate the origin of the funds, their legality and/or penalties related to misconduct, as well as a plan of action to withdraw from the business when this could be detrimental to ARANDA SOFTWARE. The right of termination of labor or commercial relations must be clearly stipulated in the contracts, knowledge forms and/or service level agreements, in case it is identified that the counterparty incurred or is executing acts of bribery and/or corruption or is being subject to formal investigation - preliminary or final - for the acts mentioned above, by any local or foreign authority. Declaration of employees exposed to increased risk

Exposed employees are those who, according to the nature of their position, perform functions associated with suppliers and customers are exposed to greater risk, which is why they must sign another Yes to the employment contract where the specific clause of knowledge and acceptance of the code of ethics and the Transparency and Business Ethics Program is provided. With this, the employee agrees to comply with the provisions of this Program, being informed about the sanctions and consequences that apply at the time of non-compliance. Policy for Delivery and receipt of gifts and entertainment to third parties.

For the company it is very important to establish the guidelines that determine a lawful conduct regarding the Delivery and Receipt of gifts and entertainment to third parties, therefore, ARANDA SOFTWARE approved the Policy of Delivery and receipt of gifts and entertainment to third parties HGF-PL-02 which was socialized to all staff. Remuneration and commission payments to the sales team

Remunerations and commissions to the sales team have been established since the signing of their labor contracts and their increases will correspond to what is required by law or as authorized by the President's Office. The variable income for commissions must correspond to that authorized by the presidency, as well as the changes that the same scheme undergoes in the course of time. The information on the commissions scheme may be consulted by the Compliance Officer in the Financial area, which are established from the definition of the Sales Policy HGF-PL-04 and the Authorization Matrix HGF-FT-05. Food, lodging and travel expenses

Payments for travel expenses are made in accordance with the Travel and Other Expenses Policy HGF-PL-03 and the Authorization Matrix HGF-FT-05. All supporting documents must be retained to determine compliance with the aforementioned procedure. Prohibition of bribery and facilitation payments

Employees of ARANDA SOFTWARE acts of offering, promising or paying; or arranging for a third party to offer, promise or pay, bribes, kickbacks, kickbacks, hidden commissions, lavish gifts, illegal services, excessive entertainment or anything else of value to

any person for the purpose of exerting undue influence over the recipient; inducing the recipient to violate his or her obligations; securing an undue advantage for the Company; or rewarding the recipient for any past behavior. Such offers, promises and payments are prohibited even if payments are made personally with your own money without seeking reimbursement from the Company. You also may not receive any improper payment, gift or service.

Likewise, it is forbidden to make facilitation payments that seek to secure or expedite administrative or routine procedures of any authority. In addition, under no circumstances will bribes be given through third parties outside of ARANDA SOFTWAREsuch as external agents, consultants, shareholders, representatives, suppliers or other intermediaries acting on behalf of the company. Antitrust/Competition Laws

To guarantee a competitive behavior that does not generate monopoly or admit certain practices considered harmful to companies, consumers or both, or to those who violate the standards of ethical conduct in general. For ARANDA SOFTWARE it is very important to be aligned with the applicable legal requirements in force.

No employee may share commercially sensitive information with competitors without the prior approval of the President's Office by signing a confidentiality agreement. Employees and Senior Management of ARANDA SOFTWAREemployees and senior management, and anyone acting on behalf of the company, who believe they have been involved in and have knowledge of an activity that may present a problem with applicable antitrust and competition law must report it immediately.

The following are behaviors that the company considers inappropriate and prohibited:

- Agreeing with a competitor to divide or otherwise share the market or customers

- Agreeing on pricing with a competitor

- Collaborating or coordinating a competitive bid with a competitor

- Agreeing with a competitor to boycott another business

- Discussing commercially sensitive information with a competitor Political contributions

ARANDA SOFTWARE will not make donations of political character, in the same way it is established that the individual participations of the employees in politics will never involve the use of funds, time, equipment, resources, facilities, the brand or the name of the company. Donations

The company is committed to the development and support of the community, therefore it has established the Donations Policy HGF-PL-01, which provides guidelines for the execution of donations in a controlled manner that allows to maintain due diligence to the final beneficiary, managing to keep controlled the risks of corruption, bribery and transnational bribery. Reporting of Transnational Bribery Activities and Other Corrupt Practices

ARANDA SOFTWARE promotes integrity and reputation through ethical and lawful conduct, is one of the main priorities to protect the values and avoid possible damage to the company, so it is important that the parties are aware of the violations of Compliance.

Therefore, for ARANDA SOFTWAREit is essential that the corporate culture remains open and oriented to its values. Leading to process leaders, employees, suppliers, customers and other sectors that observe or have knowledge of the materialization of risks such as bribery, transnational bribery and corruption communicate and report them within the organization or otherwise to the competent authorities.

Use whistle-blowing channels in a responsible manner, without abusing their use to direct insults, defamations, or other criticisms that harm another person, without incriminating evidence.

Complainants should only provide information of which they are convinced of its veracity.

Service channels

To report any compliance incident, you may contact the Compliance Officer through in-person reports, anonymous calls (601) 756 3000 - 321 4699008, suggestion box or mail with the following information:

a. Type of incident

b. Names of the persons involved

c. date, time, and place of incident

d. Incident Frequency

Reports are confidential and you will not have to disclose your identity if you do not wish to do so.

Examples of issues that could be reported include concerns about:

a) Financial reporting

b) Internal controls (such as fraud)

c) Public disclosure or withholding of records

d) Price fixing or competition law/antitrust issues

e) Corruption

f) Inappropriate payments or gifts (Bribery).

The compliance officer monitors and controls the complaints filed by means of the Complaint Control form HRC-FT-02. Reports

Annually, the Compliance Officer will report to the Shareholders' Meeting. This report is made under the EMC-FT-07 Compliance Officer Report Format which mentions the evaluation and analysis of the efficiency and effectiveness of the Business Ethics and Transparency program and, likewise, the respective improvements. Dissemination and Training

The Human Resources area will be in charge of preparing the six-monthly schedule and execution of the dissemination and training of the Business Ethics Program under the guidance and support of the Compliance Officer. This schedule is recorded in the Training Schedule form HGH-FT-01.

During the induction process for new employees, everything related to the transparency and business ethics program is included, and this is the evidence of the communication of the same. As for former employees, this should be done during the annual re-induction process in order to promote a culture of ethics. The evidence of the training will be done by generating the format that is downloaded from the online tool, all training activities are evaluated these results are presented to the Compliance Officer to take action in cases deemed necessary. Supervision and Monitoring

The Legal Representative, together with the Compliance Officer, must carry out a general supervision and monitoring of the Business Ethics and Transparency Program, validating its effective, efficient and timely compliance. If these reviews reveal deviations or the need to reinforce the Program, corrective measures and updates to the Program must be adapted when circumstances so require.

This will be done through the review of:

- Risk matrix.

- Application of due diligence procedures for suppliers and contractors, employees, partners, shareholders, beneficiaries of donations.

- Presentation of Compliance Officer's reports to the Assembly

- Training development.

- Availability of complaint channels.

- Control of complaints.

- Archiving and preservation of documentation, among others.

For this same purpose, the Statutory Auditor shall perform the corresponding analyses and evaluations in order to report to the Shareholders' Meeting any possible acts of bribery and corruption detected in the performance of his duties. Internal audit mechanisms and standards.

The compliance officer in the exercise of his functions may schedule and execute audits annually or whenever he determines necessary to validate compliance with the provisions of this program and procedures of the company, leading to identify deviations or potential non-compliance. As evidence of this audit, the HRC-FT-02 Audit Checklist form is generated. This activity includes full verification of the implementation and compliance with the policies and procedures established for the PTEE. Consequences and Sanctions

Failure to comply with this program constitutes a violation of the labor (employees) or commercial (suppliers and contractors) contract, therefore, the respective sanctions will be applied, which may even imply the termination of the labor or commercial relationship. Fines, administrative or criminal penalties may also be incurred in accordance with the provisions of Law 2195 of January 18, 2022 and those that modify it.

In the case of employees, and depending on the seriousness of the specific case, the appropriate measures will be applied, in accordance with the provisions of the Substantive Labor Code, Internal Labor Regulations and the Code of Ethics. Archiving and Preservation of Documents

The documentation of the Transparency and Ethics Program includes the Anti-Bribery and Anti-Corruption Policy, procedures, documents related to international business or transactions, reports of the Compliance Officer, risk matrix, documentation of disclosure and training, control of complaints with their respective supports, among others.

The persons responsible for the documentation of the Business Ethics and Transparency Program within ARANDA SOFTWARE shall ensure its integrity, reliability, availability, compliance and confidentiality, in accordance with the provisions of the document EMC-CP-01-Documents and records development. Policy Translation

The Transparency and Business Ethics Program documentation does not need to be translated into other languages since the operations generated are at the national level.

7. Exceptions

Due to the nature and development of this manual, no exceptions are considered, it is mandatory to comply with all the parts established in the development of this manual and does not give rise to deviations.

8. Related documents
  • Risk Management and Control Procedure HRC-CP-01.

  • Risk Management Matrix HRC-FT-01

  • Policy for Risk Management and Compliance HRC-PL-01

  • Due Diligence Procedure HRC-CP-02

  • Policy for Delivery and Receipt of Gifts and Entertainment to Third Parties HGF-PL-02

  • Sales Policy HGF-PL-04

  • Authorization Matrix HGF-FT-05

  • Travel and Other Expenses Policy HGF-PL-03

  • Donations Policy HGF-PL-01

  • Complaints Control HRC-FT-02

  • Compliance Officer Report Format EMC-FT-07

  • Training Schedule HGH-FT-01

  • Audit Checklist HRC-FT-02