In Colombia and around the world, risks of corruption, bribery, and transnational bribery have emerged, which can expose companies to illicit relationships that are beyond their control; therefore, companies have chosen to develop a program that enables them to identify, measure, control, and monitor these risks through anti-corruption and audit tools, with the priority of preventing these risks from materializing, given that such risks can result in reputational, financial, and legal damage, among others.
Corruption and one of its most common forms today—bribery—undermine a country’s economy, affecting not only its performance but also, to a significant extent, its reputation, through the loss of public trust in the conduct of one of its most prominent actors: legal entities operating with a legitimate profit motive.
These situations have led multilateral organizations such as the OECD (Organization for Economic Cooperation and Development) and national governments, through their regulatory bodies, to take steps toward creating legal frameworks that guide, encourage, and ultimately regulate both individuals and legal entities in the ethical conduct of their cross-border transactions and their dealings with public entities.
The Superintendency of Companies has worked tirelessly to monitor and oversee companies to ensure they are not used as a means to commit acts of corruption, bribery, and transnational bribery that could harm the Colombian economy.
In light of the foregoing and in order to establish guidelines to prevent the materialization of C/ST risks, the Superintendency issued External Circular No. 100–000011 on August 9, 2021, and Law No. 2195 on January 18, 2022.
This program aims to foster an organizational culture that ensures compliance with the policies, procedures, and guidelines established for the management of C/ST risks.
The business partners designated by the company are committed to complying with the corporate transparency and ethics program.
In accordance with Circular 100-000011 of August 9, 2021, and Law 2195 of January 18, 2022, the Transparency and Business Ethics Program is hereby established, which describes the activities through which the company implements controls to prevent the risk of transnational bribery, corruption, and corrupt practices based on the guidelines set forth in the code of ethics and the policies defined by ARANDA SOFTWARE ANDINA S.A.S., hereinafter ARANDA SOFTWARE.
Establish the policies and procedures through which ARANDA SOFTWARE determines its ethical and transparent conduct in the exercise of its activities and business, establishing the conditions under which risks related to bribery, transnational bribery, and corruption can be identified, detected, prevented, and mitigated.
This Manual is a resource for all employees of ARANDA SOFTWARE to use in the proper performance of their duties, facilitating self-monitoring and the execution of processes, and enabling the proactive identification of various situations involving the risk of corruption and transnational bribery to which the company may be exposed.
Similarly, this manual aims to define the methodologies, procedures, and responsibilities that must be taken into account during operations with regard to exposure to the risk of corruption and transnational bribery, as well as the various stages of such operations and the limits of exposure.
To facilitate a better understanding of this manual, the following are the key definitions, which are based on those established by law and various regulations related to the risks of corruption and transnational bribery, such as:
- Law No. 222 of 1995
- Law No. 1778 of 2016
- External Circular 100-000011 of 2021 (Chapter XIII of the Superintendency of Companies’ Basic Legal Circular)
- Law No. 2195 of 2022
Unlawful Activity: This is a systematic, critical, and periodic review of the proper implementation of the Transparency and Business Ethics Program.
Advance payment: an agreed-upon percentage of the total contract value paid to the contractor once the contract has been finalized and the requirements previously established therein have been met, which shall be paid prior to commencement or during the course of the project.
Members: those individuals or legal entities that have made a contribution in cash, labor, or other assets of monetary value to ARANDA SOFTWARE in exchange for shares, equity interests, stock, or any other form of ownership provided for under Colombian law.
Compliance audit: is the systematic, critical, and periodic review of the proper implementation of the Transparency and Business Ethics Program.
Beneficial owner: “beneficial owner” means the natural person(s) who ultimately owns or controls, directly or indirectly, a customer and/or the natural person in whose name a transaction is conducted; it also includes persons who exercise effective and/or ultimate control, directly or indirectly, over a legal entity or other unincorporated structure.
Chapter XIII: refers to Chapter XIII of the Basic Legal Circular of the Superintendency of Corporations, which includes administrative instructions and recommendations for the adoption of the PTEE.
Conflict of interest: a situation in which a person, by virtue of their activities, faces different courses of action regarding conflicting interests, none of which may be prioritized due to legal or contractual obligations.
Contractor: refers, in the context of an international business or transaction, to any third party that provides services to ARANDA SOFTWARE or has a contractual relationship of any kind with ARANDA SOFTWARE.
Corruption: refers to the misuse of powers derived from a position of authority or trust to obtain an undue advantage, in both the public and private sectors.
Due diligence: a periodic review of the legal, accounting, and financial aspects related to an international business or transaction, the purpose of which is to identify and assess the risks of transnational bribery, domestic bribery, and corruption that may affect or involve ARANDA SOFTWARE and its contractors.
Disloyal: disloyalty, betrayal, or breach of trust.
Employee: is the individual who, through an employment contract, undertakes to provide personal services under the direction of ARANDA SOFTWARE in exchange for compensation.
Company: is a commercial corporation, sole proprietorship, or branch of a foreign corporation supervised by the Superintendency of Companies, in accordance with Articles 83, 84, and 85 of Law 222 of 1995.
Extortion: the act of coercing another person to do, tolerate, or refrain from doing something, with the intent of obtaining illicit gain or any illicit advantage or benefit, for oneself or for a third party.
Management of Transnational Bribery and Corruption Risks: refers to the process of identifying, analyzing, assessing, and addressing the risks of bribery and corruption or any other corrupt practice, as defined in HRC-PR-01 – Risk Management and Control Procedure.
Law 1474: This is Law 1474 of July 12, 2011, which establishes regulations aimed at strengthening mechanisms for the prevention, investigation, and punishment of acts of corruption and the effectiveness of oversight of public administration, and defines private corruption and breach of trust as criminal offenses.
Law 1778: is Law 1778 of February 2, 2016, which establishes rules regarding the liability of legal entities for acts of transnational corruption and sets forth other provisions related to the fight against corruption. Furthermore, its provisions establish the duty of the Superintendency of Corporations to promote, within companies subject to its oversight, the adoption of transparency and corporate ethics programs, internal anti-corruption mechanisms, internal audit mechanisms and standards, the promotion of transparency, and mechanisms to prevent acts of transnational bribery.
Law 2195: Law 2195 of January 18, 2022, “Anti-Corruption Law,” which adopts measures regarding transparency, prevention, and the fight against corruption, and establishes other provisions.
Risk matrix: is the tool that allows the Entity to identify Corruption Risks or Transnational Bribery Risks.
OECD: is the Organization for Economic Cooperation and Development.
Ethics Compliance Officer: is the individual appointed by the General Assembly to lead and administer ARANDA SOFTWARE’s Transparency and Business Ethics Program.
Politically Exposed Person (PEP): corresponds to the definition established in Article 2.1.4.2.3 of Decree 1081 of 2015, as amended by Article 2 of Decree 830 of July 26, 2021.
Compliance Policies: These are the general policies adopted by the entity to conduct its business and operations in an ethical, transparent, and honest manner; and to be able to identify, detect, prevent, and mitigate corruption risks or transnational bribery risks.
Corrupt practice: consists of offering, giving, receiving, or soliciting, directly or indirectly, anything of value to improperly influence the actions of another party or for one’s own benefit.
Transparency and Business Ethics Program (PTEE): is the document that sets forth the Compliance Policy and the specific procedures under the responsibility of the Ethics Compliance Officer, aimed at implementing the Compliance Policy, in order to identify, detect, prevent, manage, and mitigate Corruption Risks or Transnational Bribery Risks that may affect the entity, in accordance with the Risk Matrix and other instructions and recommendations established by the Superintendency of Companies.
Foreign public servant: as defined in paragraph 1 of Article 2 of Law 1778.
Bribery: is the act of giving, offering, promising, soliciting, or receiving any gift or thing of value in exchange for a benefit or any other consideration, or in exchange for performing or omitting an act inherent to a public or private function, regardless of whether the offer, promise, or solicitation is for oneself or for a third party, or on behalf of that person or on behalf of a third party.
Transnational bribery: is the act by which a company, through its employees, officers, partners, or contractors, gives, offers, or promises to a foreign public official, directly or indirectly:
(i) Monetary amounts.
(ii) Items of monetary value.
(iii) Any benefit or advantage given in exchange for that public official performing, omitting, or delaying any act related to his or her duties and in connection with an international business or transaction.
Typologies: This is a study that analyzes phenomena, sectors, trends, or methods through which acts of corruption, money laundering, and terrorist financing are carried out. The typologies do not have a direct relationship with the conduct of criminal, disciplinary, and prosecutorial investigations, as they aim to understand the modus operandi used by the actors involved rather than their subsequent resolution before the competent authorities.
ARANDA SOFTWARE bases its corporate management on compliance with six (6) fundamental principles of the PTEE, seeking to generate added value for stakeholders, provided that all activities carried out comply with the regulatory framework and best practices related to corporate governance and risk management established by Colombian authorities and qualified foreign entities.
Senior management acknowledges that ARANDA SOFTWARE is susceptible to the risk of corruption and transnational bribery; therefore, it is committed to implementing activities aimed at fostering a culture of risk management, supporting the organization at all stages of the PTEE, and providing the necessary tools in accordance with the size and nature of the company.
Within this framework, the following principles of the PTEE are defined:
6.1. Zero Tolerance for Corrupt Practices
ARANDA SOFTWARE does not tolerate bribery and corruption, nor any other conduct that undermines business ethics and transparency. Therefore, neither the company nor its business partners shall engage, directly or indirectly, in fraudulent practices involving bribery and corruption, and will severely punish anyone who engages in such practices.
6.2. Honesty
To the extent that all employees are aware of their responsibilities and their professional, ethical, and legal obligations, the company, the business, the community, and the country will be able to fulfill their respective duties. This will require that the company’s commercial and business activities be guided by standards of honesty and integrity.
6.3. Transparency
This principle requires that all actions be carried out in good faith, with diligence and professional care, consistently ensuring respect for others and compliance with the law, and prioritizing the company’s principles and values over personal interests in decision-making, thereby avoiding any conflict of interest.
All actions must always be guided by the public interest, and management at every level must be free from any financial interest or personal gain. Transparent conduct does not involve payments or favors intended to secure or retain business.
6.4. Loyalty
Without prejudice to the procedures set forth in ARANDA SOFTWARE, all members of the highest corporate body or equivalent bodies, partners, directors, employees, suppliers, contractors, and third parties in general, as well as any person who becomes aware of conduct constituting transnational bribery or any corrupt practice related to the company, must immediately report such violations to the Ethics Compliance Officer through the established communication channels. To this end, the identity of the person who reported such conduct will be kept confidential, and the channels established in this PTEE Compliance Manual will be followed.
6.5. Legality
Everyone associated with the company is committed to ensuring compliance with the Constitution and the laws of Colombia, as well as with the provisions and regulations issued by the authorities and the standards and policies established by the Company.
6.6. Proportionality
All actions, activities, and transactions carried out by any of the company’s counterparties must be conducted in a proportionate manner, avoiding excessive conduct in any situation they encounter at any level (including relationships, transactions, discounts, expenses, courtesies, donations, and gifts, among others) that involve financial benefits or generate value for the counterparty, the company, or third parties.
7.1. Responsibilities
Without prejudice to the functions assigned in the other Compliance Policies, for the purposes of this Program, the Shareholders’ Meeting shall have the following functions:
- Ensure the provision of the financial, human, and technological resources required by the Ethics Compliance Officer to implement the Transparency and Business Ethics Program and any related procedures that apply.
- To impose the appropriate disciplinary, administrative, and legal actions against employees in management or administrative roles, or against partners, when they violate the provisions of the Transparency and Business Ethics Program.
- Evaluate, monitor, and, if necessary, request adjustments or modifications to the Transparency and Business Ethics Program.
- Lead an effective communication strategy to ensure the effective dissemination of the Anti-Bribery and Anti-Corruption Policy and the Transparency and Business Ethics Program to employees, partners, suppliers, contractors, and the general public.
- Approve the document setting forth the PTEE.
- To commit to preventing the risks of corruption and transnational bribery, so that ARANDA SOFTWARE can conduct its business in an ethical, transparent, and honest manner.
7.1.2. Legal Representative
For the PTEE to operate, the Legal Representative or his or her designee must, at a minimum, perform the following duties:
- Submit the PTEE proposal to the Ethics Compliance Officer for approval by the Shareholders’ Meeting.
- Ensure that the PTEE is aligned with the compliance policies adopted by the Shareholders’ Meeting.
- Provide effective, efficient, and timely support to the Ethics Compliance Officer in the design, management, oversight, and monitoring of the PTEE.
- Ensure that the activities resulting from the implementation of the PTEE are properly documented, so that the information meets criteria for integrity, reliability, availability, compliance, effectiveness, efficiency, and confidentiality.
- The legal representative will propose a candidate for the position of Ethics Compliance Officer, to be appointed by the Shareholders' Meeting.
7.1.3 Ethics Compliance Officer
The Ethics Compliance Officer is responsible for implementing and monitoring the Management System for the Risk of Corruption and Transnational Bribery. To this end, the officer shall perform the following duties:
- Align compliance policies with the Transparency and Business Ethics Program.
- Submit annual reports to the Assembly on his or her performance as Ethics Compliance Officer, in accordance with the provisions of Section 6.1.8.13. Reports.
- Lead the development of the Transparency and Business Ethics Program, as outlined in this Manual.
- Oversee regular assessments of bribery and corruption risks.
- Report to the Assembly any violations committed by any employee of the Transparency and Business Ethics Program, so that the appropriate disciplinary procedures may be initiated in accordance with the Code of Ethics and the Internal Work Regulations.
- Select and facilitate ongoing training for employees on the prevention of cross-border bribery during onboarding and refresher training, in accordance with the provisions of Section 6.1.8.14, “Disclosure and Training.”
- Oversee the system the company implements to receive reports from anyone regarding cases of bribery or any other corrupt practices.
- Initiate internal investigations, either using the Company’s own human and technological resources or through third parties specializing in these matters, whenever there is reason to suspect a violation of Law 1778 of 2016, Law 2195 of 2022, or the Transparency and Business Ethics Program.
7.1.4 Employees
The primary duty of the Employee of ARANDA SOFTWARE is to maintain a strict commitment to the company’s policy on risk control and prevention in general, and in particular regarding conduct associated with corruption and transnational bribery, which will be reflected in the fulfillment of the following duties:
- Apply and comply with the provisions set forth in the Transparency and Business Ethics Manual and in the regulatory provisions on which it is based.
- Report any act of bribery and/or corruption within ARANDA SOFTWARE through the channels provided by the company, and cooperate with any investigations that may be conducted.
- Participate in training sessions (orientation and refresher courses) on the Transparency and Business Ethics Program, as scheduled.
- For employees involved in the supplier procurement process and in the hiring of direct or indirect employees, verify that the documentation provided is complete and consistent with the information recorded in the supplier registration form; ensure that checks are performed against mandatory and restrictive lists; and ensure that anti-bribery and anti-corruption clauses are included in contractual agreements. This must be done in accordance with internal procedures.
7.1.5 Counterparties in General
All of the Company’s counterparties shall be required to perform the duties set forth in this Manual, including the following, without prejudice to the fact that some of these duties may also fall to other bodies or employees of the Company itself:
- Maintain a transparent attitude toward all counterparties at all times.
- Not to offer to other counterparties, nor to accept from them, any benefits intended to alter internal procedures in favor of any of the counterparties.
- Act in accordance with the law in the performance of their duties.
- Reject and do not encourage any acts of corruption or bribery in dealings with any business partners.
- To act in an ethical and transparent manner when managing the Company’s human, financial, and technological resources.
- Comply with the internal policies established for hiring and for the procurement of goods and services.
- Do not conceal any activity related to acts of corruption or bribery.
7.1.6 Statutory Auditor
With the enactment of Law 1778 of 2016, the Statutory Auditor was granted oversight powers that go beyond those of representing the interests of the shareholders in relation to transactions entered into or executed by the Company. Indeed, in accordance with the provisions of Article 32 of the aforementioned Law, Statutory Auditors are required to report to criminal, disciplinary, and administrative authorities any acts of bribery and corruption they may have detected in the course of their duties.
7.1.7 Anti-Bribery and Anti-Corruption Policy
ARANDA SOFTWARE has established policies to mitigate and control bribery and corruption through HRC-PL-01 – Anti-Bribery Policy for Risk Management and Compliance, in which it commits to established guidelines for mitigating bribery, transnational bribery, and corruption.
7.1.8 Risk Management
ARANDA SOFTWARE defines HRC-PR-01 – Risk Management and Control Procedure and HRC-FT-01 – Risk Management Matrix, the scope of which includes the identification, analysis, assessment, and treatment of the company’s risks, addressing bribery, corruption, transnational bribery, and any other corrupt practices; Likewise, the company defines HRC-PL-01 – Anti-Bribery Policy for Risk Management and Compliance, in which it commits to managing risk through standardized and controlled tools.
7.1.9 Due Diligence
Counterparties: ARANDA SOFTWARE integrates and standardizes control measures for the identification and verification of individuals or legal entities prior to establishing a contractual legal relationship of any kind; for this reason, HRC-PR-02 – Due Diligence Procedure describes the step-by-step process for verifying and updating the information of its counterparties, as well as for validating their background and overall reputation.
Changes in Shareholder Composition: Knowledge of legal entities is an integral part of identifying and monitoring company members; therefore, the due diligence process must be applied to any corporate reorganization process, such as mergers or acquisitions; see HRC-PR-02 – Due Diligence Procedure.
New business lines or projects: In every negotiation and investment analysis process, due diligence will be conducted regarding compliance with anti-bribery and anti-corruption rules before a final decision is made regarding the investment or merger. Likewise, should the acquisition go through
or the merger, ARANDA SOFTWARE will ensure that the acquired company implements this Transparency and Business Ethics Program within a reasonable timeframe.
The due diligence conducted by ARANDA SOFTWARE is primarily aimed at providing you with the necessary information to identify and assess the risks of corruption and transnational bribery that may affect international operations, transactions, and contracts, or domestic contracts classified as high-risk, involving (i) private entities at the international and domestic levels, (ii) national and international intermediaries (subcontractors, commission agents, service agents, commercial agents, brokers, etc.) who, by virtue of the execution of a contract, a procedure, a license, or a payment (including tax payments, duties, fines, etc.) made to any national (at the national, departmental, or municipal level) or international public entity, participate in such operations; (iii) third-party beneficiaries of donations, sponsorships, and political contributions.
Due diligence activities must be documented in writing in a manner that is easily accessible and understandable to the Ethics Compliance Officer.
If the due diligence process reveals that a third party has been convicted of bribery and/or corruption, the company may not enter into any relationship with that third party. If there are any questions regarding the findings, the relevant department should contact the Ethics Compliance Officer for clarification.
7.1.10 Policy on Contracts with National or International Public Entities
In cases involving contracts where third parties are national and/or international public entities, the party responsible for the business must pay special attention to the provisions of the Transparency and Business Ethics Program to guide the conduct expected of employees or third parties (partners, suppliers, subcontractors, commission agents, service agents, commercial agents, brokers, etc.) in any potential dealings with public officials of state entities, strictly complying with the policies and principles established in this Manual. An assessment must be conducted of the operations and transactions related to contracts entered into with national and international public entities.
The Ethics Compliance Officer will have the authority to conduct random audits of such relationships within the company in order to perform a specific assessment aimed at identifying issues that will enable the company to take measures to prevent the risks of bribery and corruption.
7.1.11 Policy on Procedures and Payments to National and International Public Entities
Domestic and international intermediaries (subcontractors, commission agents, service agents, commercial agents, brokers, etc.) who, in connection with the performance of a contract, a procedure, a license, or a payment (including payments of taxes, duties, fines, etc.) made to any domestic public entity (at the national, departmental, or municipal level) or international entity, participate in such transactions.
In cases where administrative procedures, the issuance of licenses, or payments (including tax payments, fees, fines, etc.) must be made to public entities (at the national, departmental, and municipal levels) or international entities, the party responsible for the business or operation must pay special attention to the provisions of the Transparency and Business Ethics Program to guide the conduct expected of employees, partners, suppliers, contractors, subcontractors, and third parties in general in any interactions with public officials of state entities, strictly complying with the policies and principles established in this Manual.
The Ethics Compliance Officer will have the authority to conduct random audits of such relationships within the company in order to perform a specific assessment aimed at identifying issues that will enable the company to take measures to prevent the risks of bribery and corruption.
7.1.12 In engaging domestic and foreign private-sector partners
In cases where due diligence is required for third parties such as partners, customers, suppliers, contractors, beneficiaries, and third parties in general, in addition to carrying out the onboarding processes established by the entity in the Transparency and Business Ethics Program (PTEE), ARANDA SOFTWARE will review legal matters (administrative, criminal, and disciplinary sanctions), commercial and reputational history, accounting and financial matters, and potential misconduct by such counterparties.
When entering into domestic or international transactions with any third party in the private sector, the department involved in the business must conduct due diligence on the counterparty and any other individuals involved in the relationship in an intermediary capacity (subcontractors, commission agents, service agents, commercial agents, brokers, etc.).
If the due diligence process reveals that a third party has been convicted of bribery and/or corruption, the company may not have any relationship with that third party. If there are any questions regarding the findings, the relevant department should contact the Ethics Compliance Officer for clarification.
To comply with the policies set forth in this section, the procedures outlined in document HRC-PR-02—Due Diligence Procedure—must be followed.
The Ethics Compliance Officer will have the authority to conduct random audits of such relationships within the company in order to perform a specific assessment aimed at identifying issues that will enable the company to take measures to prevent the risks of bribery and corruption.
7.1.13 Counterparties that will not be subject to due diligence
ARANDA SOFTWARE, states that it will not perform due diligence on counterparties such as: Municipalities, Provincial Governments, Public Utility Providers, Municipal Ombudsman’s Offices, Fuel Retailers, Shipping Lines, Restaurants, Chain Stores, Charities and Registries, Notary Offices, Chambers of Commerce, Health Insurance Providers (EPS), Pension Funds, Severance Funds, Compensation Funds, Condominium Management Associations, Financial Institutions, Government Oversight and Control Agencies, Insurance Companies, and Companies Listed on the Stock Exchange; since, based on the nature and purpose of the transactions or business relationships established with them, we consider these to be legal entities that pose a lower risk of corruption and/or transnational bribery to the company, given that most are supervised by a regulatory authority and, furthermore, the services they provide are necessary for the conduct of our business, particularly those entities in the public sector mentioned above.
7.1.14 Policies regarding contracts or agreements with third parties.
All contracts or agreements entered into by the Company must contain clauses, representations, or warranties regarding anti-bribery and anti-corruption conduct in matters of compliance, performance, auditing, and unilateral termination for engaging in acts of corruption or transnational bribery. The Legal Department must be responsible for including such clauses in all contracts.
In cases where these commitments are not set forth in writing in the contract, a document may be prepared that contains the provisions established for compliance with the PTEE Manual, through a document known as a “Disclosure Letter” in which the supplier or contractor declares compliance with the PTEE manual and the absence of any investigations into possible violations of anti-bribery and anti-corruption provisions that could affect the performance of the contract to be entered into, as well as the status of such investigations.
Third parties acting on behalf of the company in dealings with public or private officials must be familiar with and comply with this Program; they shall contractually agree not to engage in any act of corruption and shall allow ARANDA SOFTWARE to monitor or audit their activities in Colombia and abroad.
Contractors acting on behalf of the company in dealings with public or private officials must be familiar with this Program and agree to comply with it, and they shall include this commitment in their contracts
not to engage in any act of corruption and to allow the Company to monitor or audit its activities in Colombia and abroad.
7.1.15 Policy on Operations in Countries with High Corruption Rates
When counterparties are located in countries with high corruption rates, they may be classified as high-risk counterparties based on reports published by Transparency International. The Ethics Compliance Officer will conduct random verifications of the due diligence performed on such third parties located in those countries to assess whether the counterparty is classified according to its appropriate risk level; otherwise, the Ethics Compliance Officer may change its classification based on professional judgment, in accordance with the principles of prudence and professional care. If necessary, the Ethics Compliance Officer will propose new specific controls for such counterparties.
7.1.16 Policy on Payments to Third Parties (Remuneration and Commissions)
Any payment or disbursement of funds from ARANDA SOFTWARE to its suppliers, contractors, and intermediaries, whether domestic or foreign, must be made through banking channels that allow for the tracking of all transactions and payments; therefore, it is prohibited to make such payments in cash.
All payments made to suppliers, contractors, and intermediaries must be supported and documented in accordance with the amounts specified in the various contractual documents (contracts, purchase orders, service orders, among others), and may be audited by internal and external oversight bodies. These audits must be aimed at confirming the legality of payments, the absence of misappropriation of funds, and the absence of concealment of payments to third parties without supporting documentation.
Facilitation payments (payments made to a public official, businessperson, or third party in general to expedite a procedure or obtain any benefit) are prohibited for any member of the shareholders’ meeting, partner, director, employee, supplier, contractor, and third parties in general. Such payments must not be made to public officials, even if they are common practice in a particular country.
No employee is authorized to authorize payments on behalf of the Company that are not directly related to the Company’s legal or contractual obligations or operational needs, that are not properly documented, or that fall outside the scope of their authority; in such cases, the employee is exceeding their authority. These disbursements include transactions made through the cash register
minor. Nor may he receive payments on behalf of the Company when, in the course of his duties, he has not been authorized to accept such payments.
7.1.17 Policy on Mergers and Acquisitions
ARANDA SOFTWARE will not merge with or acquire an interest in companies that have been convicted of acts of corruption or transnational bribery. To this end, the Ethics Compliance Officer must be involved in any transaction of this nature to conduct due diligence to ensure that such a transaction does not pose any risk of corruption or transnational bribery.
7.1.18 Accounting Records Policy
The Company must maintain records and accounts that accurately and precisely reflect all transactions carried out. Company employees may not alter, omit, or misrepresent records in order to conceal improper activities or to misrepresent the reality or nature of a recorded transaction.
The Company has internal controls in place to prevent bribes or other improper payments from being concealed or disguised in transactions such as commissions, fee payments, sponsorships, donations, entertainment expenses, or any other category used to conceal or disguise the improper nature of a payment resulting from acts of bribery or corruption.
The Finance Department will verify that all accounts payable are supported by an invoice or equivalent document and its attachments. Payment for goods or services received that are not supported by valid documentation will not be authorized until the relevant documentation is received.
7.1.19 Policy on Employee Conduct Regarding the Transparency and Business Ethics Program (PTEE)
Employees of ARANDA SOFTWARE shall conduct their activities in compliance with the ethical principles described in this document, which shall take precedence over operational, administrative, and commercial goals in all business activities, seeking to best fulfill the company’s corporate purpose within a framework of transparency and strict compliance with internal rules and procedures, as well as the prevention and monitoring of risks related to corruption and transnational bribery.
It is the duty of ARANDA SOFTWARE, its shareholders, its directors, its Ethics Compliance Officer, and other related employees, to ensure compliance with the rules designed to prevent
and manage the risk of transnational corruption and bribery, particularly as set forth in legal regulations, with the aim not only of contributing to the achievement of the State’s objectives and complying with the law, but also of protecting the company’s national and international image and reputation.
With regard to the risk of transnational corruption and bribery, all employees:
- You must be familiar with and comply with the instructions provided here.
- In addition to the provisions of this document, it is the responsibility of each employee to report to the Ethics Compliance Officer any unusual or suspicious incident or situation that leads them to believe there may be an attempt at corruption or bribery, using the various channels the company has established for this purpose.
- They must prioritize compliance with anti-corruption and anti-bribery regulations over the achievement of commercial, financial, operational, or administrative goals.
- The Ethics Compliance Officer must provide all necessary support to employees who find themselves in a conflict of interest or at risk of engaging in corrupt or bribery-related conduct arising from these commercial, financial, operational, or administrative activities.
- In all cases, employees, contractors, and partners responsible for managing the organization’s risk of corruption and transnational bribery must maintain strict confidentiality regarding any investigative actions and/or activities or instances of non-compliance detected by the organization. Under no circumstances may clients, employees, directors, or other stakeholders be informed of reports regarding bribery and corruption in which they have been implicated.
- They may not notify, alert, or disclose to the parties under investigation any information regarding possible acts of corruption or bribery. Similarly, the Company must maintain confidentiality regarding this information and/or documentation.
January 7, 2020 Policy on Extortion
Shareholders, directors, employees, suppliers, contractors, and other third parties must reject any direct or indirect request for bribes from a public or private official, particularly in cases where such an official uses threats to withhold, perform, expedite, or delay an action within their purview in connection with an international act, business, or transaction in which ARANDA SOFTWARE has a legitimate interest.
It is the company’s policy that partners, shareholders, directors, employees, suppliers, contractors, and third parties in general—in light of their specific legal relationship with the company—shall not yield to extortion by public or private officials, nor make payments associated with such criminal conduct.
In the event that such extortionate conduct jeopardizes the safety and well-being of partners, shareholders, directors, employees, suppliers, contractors, and third parties in general, they must take reasonable and lawful measures to safeguard their well-being and safety.
In any case, any situation of this nature must be immediately reported to the Ethics Compliance Officer so that he or she may initiate the appropriate actions, particularly to inform the Company’s legal representative.
7.1.21 Transparency and Anti-Corruption Management
7.1.21.1 Transparency of Information
Financial information and records are essential inputs for process development and sound decision-making; they also demonstrate compliance with obligations to employees, shareholders, customers, suppliers, and regulatory authorities. For this reason ARANDA SOFTWARE ensures that all records are truthful, valid, complete, and accurate, and must comply with legal requirements, so that ARANDA SOFTWARE can verify and retrieve the information transparently.
Accordingly, the statutory auditor reviews the financial statements and balance sheets, as well as any accounting entries that may be made, to verify the accuracy of the recorded information and its consistency with ARANDA SOFTWARE’s financial, transactional, and equity position.
All accounting records (ledgers, books, documents) will be available for inspection to ensure that there are no parallel accounts or duplicate accounting records.
It is prohibited to issue and/or maintain records of non-existent expenses, liabilities without a clear description of their nature, or transactions that lack a genuine and legitimate purpose. Furthermore, accounting books or other relevant documents shall not be intentionally destroyed before the time prescribed by law.
7.1.21.2 Resolution of Conflicts of Interest
Shareholders, directors, employees, suppliers, contractors, and third parties in general must remain loyal to the company and adhere to the following guidelines, which are intended to minimize, manage, or eliminate the potential for conflicts of interest:
- Employees may not have family ties to individuals who have a direct employment relationship within the organizational structure of the department and/or within any of the internal client structures with which they work directly. This will only be permitted if disclosed during the selection and hiring process and authorized by company management; such authorization must be documented via email.
- They must avoid any situation in which their own personal or financial interests conflict with those of the Company.
- They must refrain from engaging in activities for their own benefit in the course of their duties, to the extent that such activities conflict with the Company’s interests.
- They must refrain from exploiting, directly or indirectly, any business opportunity available to the Company for their own benefit or that of third parties involved in acts of bribery or corruption.
- You must not handle a service request on behalf of a family member or a third party with a personal interest without prior approval from the company’s highest governing body or a senior company official.
- No discounts, exemptions, or special compensation of any kind may be granted on the basis of friendship or family ties without prior approval from the highest governing body or an authorized executive.
- Employees must refrain from accepting bribes, gifts, offerings, presents, courtesies, hospitality, favors, preferential treatment, or anything else that could compromise their professional independence or the company’s responsibilities. Managers and employees must refrain from granting, in violation of legal or statutory provisions, credit or discounts to shareholders or persons related to them under conditions that could jeopardize the company’s solvency or liquidity.
A conflict of interest arising from the relationships described above shall be classified as a serious offense for all legal purposes, as it compromises the personal judgment of those in the highest organizational positions when making decisions. It is also considered a serious offense for all legal purposes if it is not disclosed in a timely manner or if, as a result of the relationship, the organization’s interests, policies, or benefits are compromised.
Notification of Conflicts of Interest: It is an essential requirement that all employees notify Human Resources if they have a romantic, family, business, or shareholder relationship that could represent a conflict of interest with the company or with third parties associated with it.
Failure to comply with the aforementioned obligation shall constitute a serious breach of the obligations arising from the contract, and the employer may take appropriate action in accordance with applicable law.
Notification Procedure: Any situations that could constitute a conflict of interest must be reported to your immediate supervisor and the Human Resources department as soon as they are identified and before taking any action that could be affected by them.
Notification of Conflicts of Interest with Suppliers: In the case of individuals who disclose a romantic or family relationship with third parties (suppliers, personnel of government entities with which they have a relationship in the performance of their duties, etc.), the company reserves the right to seek the services of another supplier that offers the same quality, benefits, and/or costs as the current one.
If the supplier is a key supplier to the organization, or if terminating the service agreement with them would pose a risk or disadvantage, or if the contracted service is essential for business continuity, the Ethics Compliance Officer and the immediate supervisor must be notified. Together with the Human Resources department, they must seek to transfer the employee to maintain the business relationship with the supplier, or limit the employee’s duties to eliminate the conflict of interest.
Exceptions: Any exception to these guidelines must be validated by the Ethics Compliance Officer and authorized by the Legal Representative in a written document describing the exception.
7.1.21.3 Protection of Contractual Parties
To prevent bribery, cross-border bribery, corruption, and other corrupt practices, commitments must be included in employment contracts, security agreements, contracts, and knowledge-sharing agreements signed by employees, customers, and suppliers, respectively.
These contracts must specify the source of the funds, their legality, and/or the penalties for misconduct, as well as an action plan for withdrawing from the business when doing so could harm ARANDA SOFTWARE. The right to terminate employment or business relationships must be clearly stipulated in contracts, acknowledgment forms, and/or service level agreements, in the event that it is determined that the counterparty has engaged in or is engaging in acts of bribery and/or corruption, or is the subject of a formal investigation—whether preliminary or final—by any local or foreign authority regarding the aforementioned acts.
7.1.21.4 Declaration for Employees at Increased Risk
The employees in question are those who, due to the nature of their position, perform duties related to suppliers and customers who are at higher risk; therefore, they must sign an addendum to their employment contract that includes a specific clause acknowledging and accepting the Code of Ethics and the Transparency and Business Ethics Program. By doing so, the employee agrees to comply with the provisions of this Program and is hereby informed of the penalties and consequences that apply in the event of non-compliance.
7.1.21.5 Policy on the Giving and Acceptance of Gifts and Entertainment from Third Parties
It is very important for the company to establish guidelines that define appropriate conduct regarding the giving and receiving of gifts and entertainment from third parties; therefore, ARANDA SOFTWARE approved HGF-PL-02—Policy on the Giving and Receiving of Gifts and Entertainment to Third Parties—which was communicated to all staff.
7.1.21.6 Compensation and commission payments to the sales team.
Compensation and commissions for the sales team have been established since the signing of their employment contracts, and any increases will be in accordance with legal requirements or as authorized by the President. Variable income from commissions must be in accordance with the President’s authorization, as must any changes to the commission structure over time. Information regarding the commission structure may be consulted with the Ethics Compliance Officer in the Finance Department; these are established in accordance with HGF-PL-04 – Sales Policy and HGF-FT-05 – Authorization Matrix.
7.1.21.7 Expenses for food, lodging, and travel
Travel expense reimbursements are processed in accordance with the provisions of HGF-PL-03 – Expense Reimbursement Policy and HGF-FT-05 – Authorization Matrix. All supporting documentation must be retained to verify compliance with the aforementioned procedure.
7.1.21.8 Prohibition of Bribery and Facilitation Payments
Employees of ARANDA SOFTWARE from offering, promising, or making payments; or arranging for a third party to offer, promise, or make payments, bribes, kickbacks, hidden commissions, lavish gifts, illegal services, excessive entertainment, or anything else of value to any person for the purpose of exerting undue influence over the recipient; inducing the recipient to violate their obligations; securing an undue advantage for the Company; or rewarding the recipient for past conduct. Such offers, promises, and payments are prohibited even if the payments are made personally with one’s own money without requesting reimbursement from the Company. Nor may you receive any improper payment, gift, or service
Similarly, it is prohibited to make facilitation payments intended to secure or expedite administrative or routine procedures with any government agency. Furthermore, under no circumstances will bribes be offered through third parties unrelated to ARANDA SOFTWARE, such as external agents, consultants, shareholders, representatives, suppliers, or other intermediaries acting on behalf of the company.
7.1.21.9 Antitrust/Competition Laws
To ensure that competition does not lead to a monopoly or allow certain practices that are considered harmful to businesses, consumers, or both, or to those who
violate general standards of ethical conduct. For ARANDA SOFTWARE it is very important to comply with applicable legal requirements.
No employee may share commercially sensitive information with competitors without prior approval from the President, as evidenced by the signing of a confidentiality agreement. Employees and senior management of ARANDA SOFTWARE, as well as anyone acting on behalf of the company, who believe they have been involved in or have knowledge of an activity that may pose a problem under current antitrust and competition laws must report it immediately.
The following are behaviors that the company considers inappropriate and prohibited:
- To agree with a competitor on the division or allocation of the market or customers in some other way.
- To agree with a competitor on pricing.
- Collaborate or coordinate with a competitor on a competitive bid.
- To agree with a competitor to boycott another business.
- Discussing commercially sensitive information with a competitor.
Offering, giving, promising, or authorizing money or any material benefit (cash, gifts, loans, meals, travel, lodging) to any international or national public official, or to any natural or legal person, for the purpose of obtaining, retaining, or directing business to any person, in order to obtain an undue advantage or benefit.
7.1.21.10 Political contributions
ARANDA SOFTWARE will not make political donations; likewise, it is established that employees’ individual involvement in politics shall never involve the use of company funds, time, equipment, resources, facilities, brand, or name.
7.1.21.11 Donations
The company is committed to community development and support; therefore, it has established the HGF-PL-01 Donation Policy, which sets forth guidelines for making donations in a controlled manner that ensures due diligence regarding the ultimate beneficiary, thereby mitigating the risks of corruption, bribery, and transnational bribery.
7.1.21.12 Reporting of Transnational Bribery and Other Corrupt Practices
ARANDA SOFTWARE promotes integrity and reputation through ethical and lawful conduct; this is one of the top priorities for protecting our values and preventing potential harm to the company, which is why it is important for all parties to be aware of compliance violations.
Therefore, for ARANDA SOFTWARE, it is essential that the corporate culture remain open and values-driven. This ensures that process leaders, employees, suppliers, customers, and other stakeholders who observe or become aware of the occurrence of risks such as bribery, transnational bribery, and corruption report them within the organization or, failing that, to the competent authorities.
Use whistleblowing channels responsibly, without abusing them to direct insults, defamatory statements, or other criticism that harms another person, without supporting evidence.
Whistleblowers should only provide information that they are certain is true.
Customer service channels
To report any compliance incident, please contact the Ethics Compliance Officer in person, by anonymous phone call at (601) 756-3000 or 321-4699008, via the suggestion box, or by email at oficialdecumplimientoptee@arandasoft.com, providing the following information:
a. Type of incident.
b. Names of the individuals involved.
c. Date, time, and location of the incident.
d. Frequency of the incident.
Reports are confidential, and you do not have to reveal your identity if you do not wish to.
Some examples of issues that could be reported include concerns about:
a) Financial reports.
b) Internal controls (such as fraud).
(c) Public disclosure or retention of records.
d) Price fixing or competition law / antitrust matters.
e) Corruption.
f) Improper payments or gifts (bribery).
The Ethics Compliance Officer monitors and tracks complaints submitted using the HRC-FT-02 Complaint Tracking Form.
7.1.21.13 Reports
Each year, the Ethics Compliance Officer will submit a report to the Shareholders’ Meeting. This report is prepared in accordance with EMC-FT-07 – Official Ethics Compliance Report Format, which outlines the evaluation and analysis of the efficiency and effectiveness of the Transparency and Corporate Ethics Program, as well as the corresponding improvements.
7.1.21.14 Outreach and Training
The Human Resources department will be responsible for developing the semi-annual schedule and carrying out outreach and training activities for the Business Ethics Program, under the guidance and support of the Ethics Compliance Officer. This schedule is documented in form HAR-FT-03 – Training Schedule.
The onboarding process for new employees includes all aspects of the corporate transparency and ethics program, and this serves as evidence that the program has been communicated. For existing employees, this must be conducted as part of the annual refresher training process in order to promote a culture of ethics. Evidence of training will be documented by generating the form downloaded from the online tool; all training activities are evaluated, and these results are submitted to the Ethics Compliance Officer to take action in cases deemed necessary.
7.1.21.15 Internal audit mechanisms and policies
In the performance of their duties, the Ethics Compliance Officer may schedule and conduct audits annually or whenever deemed necessary to verify compliance with the provisions of this program and the company’s procedures, with the aim of identifying potential deviations or non-compliance. As evidence of this audit, Form HRC-FT-03 – Audit Checklist is generated; this activity includes a comprehensive verification of the implementation of and compliance with the policies and procedures established for the PTEE. In the supervision by the Ethics Compliance Officer regarding the management of the Risk of Corruption and Transnational Bribery in relations with State Entities or in domestic or international business or transactions in which ARANDA SOFTWARE. To this end, the activities described in document HRC-PR-03—Procedure for Corruption and Transnational Bribery Incidents—will be carried out, enabling the Ethics Compliance Officer to verify the effectiveness of procedures aimed at preventing any act of corruption or bribery.
7.1.21.16 Consequences and Penalties
Failure to comply with this program constitutes a breach of the employment contract (for employees) or commercial contract (for suppliers and contractors); therefore, the respective penalties will be applied, which may include termination of the employment or commercial relationship. Fines, administrative sanctions, or criminal penalties may also be imposed in accordance with the provisions of Law 2195 of January 18, 2022, and any amendments thereto.
In the case of employees, and depending on the severity of the specific case, the appropriate measures will be applied in accordance with the provisions of the Substantive Labor Code, the Internal Labor Regulations, and the Code of Ethics. Labor sanctions shall be applied without prejudice to other civil, administrative, and criminal sanctions provided for in current regulations that may apply to the aforementioned employees, administrators, and executives, including, in particular, those related to transnational corruption and bribery and those contained in the Colombian Penal Code and the regulations that supplement or amend it.
It is the responsibility of ARANDA SOFTWAREto verify that employees, administrators, and executives fully comply with the instructions provided and that any irregularities related to corruption and transnational bribery are immediately reported to the Ethics Compliance Officer.
7.1.21.17 Records Management and Preservation
Section 5.1.5.2 of Chapter XIII of the Basic Legal Circular states that “supporting documents must be retained in accordance with the provisions of Article 28 of Law 962 of 2005, or any regulation that amends or replaces it.” Therefore, ARANDA SOFTWARE stipulates that the records of PTEE reviews, evaluations, and audits, as well as information regarding transaction records, due diligence, and, in general, all documentation related to the implementation and execution of the PTEE, must be organized and retained for a minimum of ten (10) years, ensuring the integrity, timeliness, reliability, confidentiality, and availability of the information, given that such records may be requested by the competent authorities.
The documentation for the Transparency and Ethics Program includes the Anti-Bribery and Anti-Corruption Policy, procedures, documents related to international business or transactions, reports from the Ethics Compliance Officer, a risk matrix, documentation regarding disclosure and training, and the handling of complaints along with supporting materials, among other items.
The individuals responsible for documenting the Transparency and Business Ethics Program within ARANDA SOFTWARE shall ensure its integrity, reliability, availability, compliance, and confidentiality, in accordance with the provisions of document EMC-CP-01 – Preparation of Documents and Records.
7.1.21.18 Policy Translation
The documentation for the Business Transparency and Ethics Program does not need to be translated into other languages, as the operations it covers are conducted at the national level.
Risk management is defined as the process of planning, organizing, directing, and controlling activities related to the identification and analysis of the risks to which the company is exposed, with the aim of determining an appropriate response to mitigate, minimize, retain, transfer, share, assume, or, in the worst-case scenario, eliminate those risks. Effective risk management is reflected in assertive decision-making and in minimizing the potential materialization of risk, reducing its likelihood of occurrence and/or impact, thereby contributing to the achievement of the Company’s objectives.
Therefore, ARANDA SOFTWARE defined the following C/ST risk management framework:
8.1 Risk Identification Phase for C/ST and Its Risk Factors
The main objective of this stage is to identify the risks associated with each risk factor (country, economic sector, and third parties).
8.1.3 Policies for Identifying C/ST Risk and Its Risk Factors
Risk identification will be carried out by the leader of each company process, under the guidance of the Ethics Compliance Officer. This process must take into account sources of risk, processes, and subprocesses.
- The identification of risks is based on the assessment of risk factors.
- Risk identification must be conducted prior to the launch of any product, any modification of its features, entry into a new market, the commencement of operations in new jurisdictions, and the launch or modification of distribution channels.
- The leader of each process is responsible for managing the risks identified in consultation with the Ethics Compliance Officer.
- The “Typologies”—defined as the processes or methods used by corrupt individuals to obtain a specific benefit for a third party or for themselves—should be used as a reference for identifying corruption and money laundering risks.
8.1.4 Methodology for Identifying C/ST Risk and Its Risk Factors
The identification process must cover all aspects of risks, whether or not they are within the entity’s control, bearing in mind that failure to identify an actual or potential risk reduces the effectiveness of subsequent analyses and limits the organization’s ability to manage C/ST risk.
To carry out the risk identification process, the policies defined by the Company in this Manual and the procedures set forth in document HRC-PR-01 – Risk Management and Control Procedure must be followed.
8.2 C/ST Risk Assessment Phase
Once each of the C/ST risks has been identified, it is necessary to determine the frequency of occurrence of the inherent risk for each risk factor by analyzing both the frequency of occurrence and actual events, as well as the impact in the event of occurrence, across the various aspects analyzed (financial, operational, legal, reputational, and contagion).
8.2.3 Policies for Measuring C/ST Risk
The policies are:
- Risk assessments will be conducted by the leader of each business process, under the guidance of the Ethics Compliance Officer. These assessments must take into account the sources of risk and the areas of impact.
- The identification of risks is based on the assessment of risk factors.
- The leader of each process is responsible for managing the risks that, in consultation with the Ethics Compliance Officer, are identified.
8.2.4 Methodology for Measuring C/ST Risk
In order to assess C/ST risks, methodologies were established to enable the appropriate actions to be taken in response to exposure to such risks.
In order to carry out the risk measurement process, assess risks, and determine the inherent risk profile, the policies defined by the Company in this Manual and the procedures set forth in document HRC-PR-01 – Risk Management and Control Procedure must be followed.
8.3 C/ST Risk Control Phase
For the proper and effective management of credit and market risks, it is essential to determine, based on a cost-benefit analysis, which control is most appropriate for each exposure window.
8.3.3 Policies for the C/ST Risk Control Phase
The policies are:
- Exposure to C/ST risks must be addressed by at least one control measure for each risk identified in the previous stage. If any risks are identified that are not mitigated by a control measure, such cases must be reported to the Shareholders’ Meeting immediately.
- To ensure that the controls function effectively, ARANDA SOFTWARE will conduct periodic evaluations of these controls (at least once a year), taking into account coverage and control effectiveness. This validation is the responsibility of the process leaders, who are directly accountable for their implementation and maintenance, with support from the Ethics Compliance Officer.
- Depending on the control rating scale, risks may be reduced—in terms of probability of occurrence and/or impact—by up to two levels, in accordance with the methodology.
- Once controls have been applied to the inherent risk, the result yields a residual risk profile, which must not exceed the “Moderate” category. Otherwise, additional control(s) must be implemented to mitigate the residual risk and bring it within the permitted category.
8.3.4 Methodology for Evaluating C/ST Risk Control
To ensure that controls adequately mitigate C/ST risks, it is necessary to establish methodologies that allow for the validation of control effectiveness and the implementation of appropriate actions in response to exposure to such risks.
To carry out the risk measurement process, rate risks, and determine the residual risk profile, the policies defined by the Company in this Manual and the procedures set forth in document HRC-PR-01 – Risk Management and Control Procedure must be followed.
8.4 C/ST Risk Monitoring Phase
The General Counsel, in conjunction with the Ethics Compliance Officer, must oversee and monitor the Transparency and Corporate Ethics Program to ensure its effective, efficient, and timely implementation. If, during these reviews, they identify any deviations or a need to strengthen the Program, corrective measures and updates must be implemented as circumstances require.
This will be done by reviewing:
- Risk matrix.
- Implementation of due diligence procedures for suppliers and contractors, employees, partners, shareholders, and recipients of donations.
- Presentation of reports by the Ethics Compliance Officer to the assembly.
- Development of training programs.
- Availability of reporting channels.
- Complaint tracking.
- Document archiving and preservation, among other things.
To this end, the Statutory Auditor must conduct the necessary analyses and assessments to report to the Shareholders’ Meeting any acts of bribery and corruption that may have been detected in the course of his or her duties.
The United Nations Office on Drugs and Crime (UNODC) and the U.S. Department of Justice have identified the following types (forms) of bribery and corruption, among which the following stand out:
9.1 General Types of International Bribery
ABUSE OF INFLUENCE
The public official abuses his or her position to exert pressure on the conduct of a pre-contractual process and to influence the award of a contract in favor of a particular bidder. This seriously undermines the principles of objective selection, transparency, accountability, equality, and cost-effectiveness, as set forth in the public procurement statute.
The public official receives commissions and other benefits from the bidder who was awarded the contract.
SOLICITATION BY PUBLIC OFFICIALS AND PAYMENT OF BRIBES
This practice refers to public officials demanding bribes and extorting money from contractors in exchange for turning a blind eye to breaches of contract.
In some cases, the request involves paying the public official periodic commissions or a percentage of the amounts received for additions made to the contract. Such practices are justified on the grounds that they are essential for the proper fulfillment of contractual obligations, or that they result from unforeseen changes in the conditions under which the contract is executed, among other reasons.
The officials involved will be willing to obstruct any audit processes that may arise in order to conceal the improper agreement between the parties. If necessary, they will even share part of their “profits” with auditors who show an interest in participating in the “deal.”
OFFERING BRIBES TO PUBLIC OFFICIALS AND PAYING BRIBES
This type of corruption refers to the payment of “kickbacks” or bribes by a bidder or contractor to public officials who favored a particular party in a bidding process, as well as to public officials who failed to perform their oversight duties.
The individual agrees with public officials to pay a specific amount as a reward for influencing the pre-contractual process (by rigging the bid specifications and the evaluation of bids), resulting in the contract being awarded to a company that does not meet the required criteria, in flagrant violation of the principles of objective selection, transparency, and equality under public procurement law.
Subsequently, in order to avoid penalties for noncompliance, the individual pays a bribe to an official at a regulatory agency so that the official will not perform his or her duties. Corrupt public officials may receive bribe payments in the name of a close associate, in kind with assets that can be legally and permanently exploited or renegotiated. They may also establish a trust for administration and payments in order to make periodic payments using the returns generated by the investment. The main objective is to take advantage of the apparent anonymity afforded by the fact that a company is making the payments.
UNFAIR SUPERVISION AND AUDITING
This type of offense refers to the manipulation of the audit function by private individuals with the intent to benefit a third party.
In this way, the supervising body unduly hinders the performance of a contract. To this end, it makes frequent and unnecessary requests or issues erroneous technical opinions, among other practices, in order to pressure the contractor into defaulting.
NEGLIGENCE IN THE PERFORMANCE OF PUBLIC DUTY
This situation arises when a public entity fails to exercise due diligence in collecting payments from private companies.
In fact, officials are negligently failing to fulfill their collection obligations, which is leading to an unjustified increase in the entity’s outstanding receivables.
By failing to do so, the obligation to safeguard public resources and the public interest is disregarded.
“Paper” Consortia or Temporary Joint Ventures
The improper use of consortia or temporary joint ventures to enter into contracts with the public sector for the purpose of gaining an advantage during the performance of the contract. This type of corruption involves the payment of “kickbacks” or bribes by a bidder or contractor to public officials who favored a particular party in a bidding process, as well as to public officials who failed to fulfill their oversight duties.
The individual sets up a corporate structure without the financial capacity to enter into contracts, resulting in the award of a contract to a company that does not meet the required criteria, thereby flagrantly violating the principles of objective selection, transparency, and equality enshrined in public procurement law. He resorts to trust arrangements to leverage third parties whose resources have no clear origin and who, through the arrangement, can divert advance payments or funds whose primary destination is not necessarily related to the subject matter of the contract.
The settlor, who is the beneficiary of the advance payment, directs funds to be disbursed to third parties—either as payments to them or as transfers to himself or to members of the corrupt organization—in small and medium amounts, via international transfers or by dispersing payments among many individuals who are not necessarily connected to the purpose of the contract. They may also make transfers or physical shipments abroad to pay, from another jurisdiction, overdue debts owed to a “local export company” (usually one facing financial difficulties) in order to justify the funds.
“GHOST” BENEFICIARIES
Manipulation and tampering with databases to obtain funds for individuals who are not receiving a service. This type of fraud refers to embezzlement from the government in cases where a payment or transfer is made to a person who is supposed to be receiving a public service, whether provided by public or private institutions.
To this end, the number of people served is “inflated” in order to misappropriate public funds. In some cases, individuals who engage in these practices receive additional bonuses for serving a certain minimum number of people, which serves as a strong incentive to continue “inflating” the figure.
Once the government transfers the funds, those involved siphon off the money through other illicit activities, such as billing for services that were never rendered, overbilling, and so on. To keep up appearances, databases are manipulated and the oversight functions of the relevant agency are undermined. In some cases, officials responsible for supervision, monitoring, and control are even involved in the scheme and benefit financially from a portion of the diverted funds.
Generally, several public officials and private individuals are involved, so the funds involved in the corruption must be divided among all those who are part of the corrupt criminal network. Similarly, criminal organizations involved in corruption or money laundering may attempt to justify the repatriation of funds generated by the fictitious export of services, the provision of which is difficult to quantify given their intangible nature.
“LIGHT” ACQUISITIONS
The procurement of goods or services by a public entity without due diligence. This type of offense refers to the failure of a public entity to exercise due diligence in the negotiation and procurement of goods or services, resulting in financial loss to the State for the benefit of public officials.
Senior public officials at an entity responsible for providing an essential public service to the community authorize the purchase of goods or services at a price significantly higher than market value, thereby demonstrating that the procedures designed to safeguard public resources and the public interest were not fully followed. These officials subsequently benefit from commissions paid to them by the favored bidder.
They then make short-term investments through their family or circle of friends in vulnerable sectors where cash is accepted without much scrutiny of its origin, seeking to give the appearance of legality to these illicitly obtained commissions—in other words, they launder the assets. To this end, funds may be transferred to another jurisdiction, particularly those designated as financial centers.
10.1 International Standards
- [1996] The Inter-American Convention against Corruption of the Organization of American States (OAS);
- [2004] The United Nations Convention against Transnational Organized Crime.
- [2004] The United Nations Convention against Corruption (UNCAC);
- [1998/2012] OECD Convention on Combating Bribery of Foreign Public Officials in International Business Transactions.
10.2 Colombian Standards
[1995] Paragraph 3 of Article 86 of Law 222 of 1995 provides that the Superintendency of Companies is authorized to impose sanctions or fines, whether consecutive or not, of up to two hundred (200) SMMLV on those who fail to comply with its orders, the law, or the articles of incorporation.
[2011] Law No. 1474 of July 12, 2011, which establishes regulations aimed at strengthening mechanisms for the prevention, investigation, and punishment of acts of corruption and enhancing the effectiveness of oversight of public administration, and which classifies private corruption and breach of fiduciary duty as criminal offenses.
[2016] Law No. 1778 of February 2, 2016, which establishes rules regarding the liability of legal entities for acts of transnational corruption and sets forth other provisions related to the fight against corruption. Furthermore, the article establishes the duty of the Superintendency of Companies to promote, among the companies subject to its oversight, the adoption of transparency and business ethics programs, internal anti-corruption mechanisms, internal audit mechanisms and standards, the promotion of transparency, and mechanisms to prevent acts of transnational bribery.
[2016] External Circular 100-000003, dated July 26, 2016, establishes guidelines for implementing corporate ethics programs aimed at preventing the conduct described in Article 20 of Law 1778 of 2016.
[2018] On July 26, 2018, the Delegate for Economic and Accounting Affairs and Coordinator of the Transnational Bribery and Special Investigations Group at the Superintendency of Companies published a practical guide to understanding the fight against international bribery in Colombia.
[2020] Paragraph 28 of Article 7 of Decree 1736 of 2020 establishes that it is the responsibility of the Superintendency of Companies “to instruct, in the manner it determines, entities subject to its supervision regarding the measures they must adopt to promote transparency and business ethics in their business practices in order to have internal mechanisms for the prevention of acts of corruption (…)”, so that there are more businesses, more jobs, and competitive, productive, and sustainable companies.
[2021] External Circular No. 100-000011, dated August 9, 2021, fully amends External Circular No. 100-000003 dated July 26, 2016, and adds Chapter XIII to the 2017 Basic Legal Circular, which sets forth administrative instructions and recommendations aimed at implementing corporate transparency and ethics programs through self-monitoring activities and the management of corruption risks and transnational bribery risks.
[2021] External Circular 100-000012 dated August 9, 2021. It sets forth the Superintendency of Companies’ Policy on the Supervision of PTEEs, which is based on three fundamental pillars, namely: (i) education; (ii) regulatory compliance; and (iii) timely and early action.
[2022] Law No. 2195 of January 18, 2022, “Anti-Corruption Law.” This law adopts measures regarding transparency, the prevention of corruption, and the fight against corruption, and establishes other provisions.
HRC-PR-01 – Risk Management and Control Procedure.
HRC-PR-02 – Due Diligence Procedure.
HRC-PR-03 – Procedure for Cases of Corruption and Transnational Bribery. · HRC-PR-04 – Ethics Hotline Procedure.
HRC-FT-01 – Risk Management Matrix.
HRC-FT-02 – Complaint Tracking Form.
HRC-FT-03 – Audit Checklist Template.
HAR-FT-03 – Training Schedule.
HGF-FT-05 – Authorization Matrix.
HRC-PL-01 – Anti-Bribery Policy for Risk Management and Compliance.
HGF-PL-01 – Donation Policy.
HGF-PL-02 – Policy on the Giving and Acceptance of Gifts and Entertainment from Third Parties.
HGF-PL-03 – Expense Reimbursement Policy.
HGF-PL-04 – Sales Policy.
EMC-PR-01 – Procedure for the Preparation of Documents and Records.}
EMC-FT-07 – Official Compliance Report Form.
