Business Partner and Customer Due Diligence Policy

1. Summary

Noventiq, including its subsidiary companies, is committed to conducting its business transparently and in accordance with the highest ethical standards. This means that Noventiq’s business must be carried out in strict compliance with all applicable laws and regulations at all times, including in the field of Bribery, Corruption, Money Laundering, Fair Competition, Terrorist Financing, and Sanctions and Trade Controls-related laws. Noventiq has a zero-tolerance approach to any form of unethical and illegal behaviour. This extends to Noventiq’s Business Partners, as the conduct of Noventiq’s Business Partners can have serious impacts for Noventiq, from both a reputational and legal standpoint. Conducting appropriate, risk-based Due Diligence on Business Partners is therefore a critical part of ensuring that Noventiq is compliant with those laws and maintains its good business reputation.

This extends to Noventiq’s Business Partners, as the conduct of Noventiq’s Business Partners can have serious impacts for Noventiq, from both a reputational and legal standpoint. Conducting appropriate, risk-based Due Diligence on Business Partners is therefore a critical part of ensuring that Noventiq is compliant with those laws and maintains its good business reputation. 

Noventiq expects anyone engaged in any business and professional relationship that involves Noventiq, to conduct themselves with the highest ethical standards and integrity, in compliance with applicable laws, including in all business-related transactions and interactions with governmental entities, state-owned and/or private companies, partnerships or other entities (including associates and customers) and their respective directors, officers, employees and other representatives.

This Policy sets out certain requirements and guidance to ensure appropriate Due Diligence is carried out in respect of Noventiq’s Business Partners and Customers. 

2. Scope

This Policy applies to all Employees in relation to any business relationships or contracts with Business Partners and Customers.

3. Terms and definitions

Any defined terms in this Policy are in bold. The defined terms used in this Policy shall have the following meanings.

Books and Records means accounts, books, records, invoices, correspondence, papers, and other documents that record and reflect Noventiq’s business, transactions, and other activities whether in written or in any other form (including electronic).

Bribery or Bribe means any direct or indirect offer, promise, giving, request, agreement to receive, acceptance or receipt of any payment, gift or any other advantage of value (financial or otherwise), to or from any person (including any individuals or corporate entities), in order to induce that person (or any other person) to perform their role improperly or to secure any improper benefit or advantage for Noventiq or any other person.

Business Partner means any person who provides services to Noventiq or who otherwise acts for and/or on behalf of Noventiq including service providers, consultants, advisers, contractors, distributors, agents, commercial intermediaries, and other intermediaries. The distributors nominated for key partners such as Microsoft, Google, AWS, etc. are not considered business partners and are not covered by this policy.

Chief Compliance Officer means Noventiq’s Global Chief Compliance Officer.

Corruption means any act done to give some improper advantage inconsistent with an official duty; the misuse of a station or office to procure some benefit either personally or for someone else contrary to an official duty.

Customer(s) means individual persons or companies who purchase goods or receive services from Noventiq.

Director means any member of the governing Board of a corporation, association, or other incorporated body.

Due Diligence means the process undertaken to assess risk by gathering, analyzing, managing, and monitoring information about an actual or potential Business Partner.

Employee means each manager, Director, employee, worker or officer hired on a permanent basis or under a fixed-term or casual employment contract by Noventiq, including any of Noventiq’s agency workers, temporary workers, casual workers, part- time workers, trainees or interns.

Fair Competition refers to a market environment where businesses compete vigorously but fairly and seek to obtain competitive advantage only through fair and lawful means, focusing on factors like quality, price, and customer service. It involves honest and ethical practices, avoiding deceitful or monopolistic behaviors. Essentially, fair competition ensures that no company has an unfair advantage over others, promoting a healthy and thriving economy. 

Money Laundering means the process criminals use to “clean” proceeds obtained from illegal activity. Money is “laundered” by passing it through lawful businesses or activities, including routing money through various countries, whilst the nature of the illegal activity or financial transaction and the source, origin, and/or owner of the funds is hidden.

Public Official means any:

• government official or any person who is authorised by law to perform any public
  function;
• elected or appointed official;
• employee or officer of government and/or local authority, including, but not limited to, educational, health care and military institutions, law enforcement and customs authorities, taxation and migration services, organizations that issue state licenses, sanctions and permits;
• employee or officer of a company, enterprise, agency, business organization or entity that is wholly or partly owned or controlled by the state;
• employee or officer of international organizations, including, but not limited to, the United Nations Organization, International Olympic Committee, International Committee of Red Cross and Red Crescent;
• leader and activist of a political party;
• candidate for a political office;
• members of royal families;
• honorary government officials; and
• other persons who hold a legislative, administrative, military or judicial position of any kind.

Sanctions means any trade, economic or financial sanctions laws, regulations, embargoes, and restrictive measures administered, enacted or enforced by the United Nations, the European Union, any Member States of the European Union, the United Kingdom and the United States.

Sanctioned Countries or Sanctioned Country means countries and/or territories which are subject to comprehensive country- and/or territory-wide Sanctions.

Sanctioned Persons means any persons, entities or any other parties (a) located, domiciled, resident or incorporated in a Sanctioned Country, (b) targeted by any Sanctions administrated by the United Nations, the European Union, any Member States of the European Union, the United Kingdom, the United States and/or any other applicable country, and/or (c) owned or controlled by or affiliated with persons, entities or any other parties as referred to in (a) and (b).

Noventiq means Noventiq Holdings PLC (or any successor) and any entity, operation or investment more than 50% owned by Noventiq Holding PLC directly or indirectly.

Terrorist Financing means the financing of, or provision of financial assistance related to, terrorist acts, terrorists, and terrorist organizations.

Trade Controls means any prohibitions or restrictions on the trade or movement of goods, products or services from, to or through a particular country, imposed by the government or relevant authority of a country. Restrictions may be imposed over direct and indirect imports, exports, re-exports, transfers, and re-transfers in respect of (a) particular kinds of goods, products or services; (b) the exporting or destination country or geographic territory; and/or (c) the identity of the exporter or recipient.

4. Obligations

4.1 Employee obligations

Employees are obliged to:

• read, understand and follow this Policy and any other documents aimed at its implementation;
• demonstrate ethics, integrity and accountability at all times and expect the same from other;
• direct any questions, concerns, or any known or suspected violations of this Policy to the Chief Compliance Officer or through the channels described in the Speak Up Policy; and
• receive training as and when required by Noventiq.

4.2 Manager obligations

In addition to the above, managers are obliged to ensure that Employees follow the requirements and instructions set out in this Policy and receive training (where required).

4.3 Chief Compliance Officer obligations

The Compliance Function / Chief Compliance Officer is:

• obliged to review and, if necessary, update this Policy and any other documents aimed at its implementation on an annual basis;
• obliged to organise training and education for relevant Employees on induction and as and when decided by Noventiq and make sure relevant Employees complete such training and education successfully;
• responsible for the implementation of this Policy;
• obliged to raise any actual or suspected breaches of this Policy to the Board of Directors of Noventiq as soon as is practicable; and
• obliged to provide Employees with advice and support in matters of compliance with this Policy and relevant legislation.

5. Provisions

Step 1: Understanding our Business Partners and Customers

Understanding who Noventiq’s Business Partners are is key to helping Noventiq address legal and commercial risks. Noventiq cannot conduct business with an anonymous or fictitious company or with any Business Partner with an unclear identity or business activities.

Business Partners are categorized based on the following operational risk levels:

High Risk: any Business Partner acting on behalf of Noventiq, including commercial agents, resellers, distributors, joint venture partners, consortium partners, and other intermediaries authorized to represent Noventiq. Please refer to Appendix 1 for further details.

Medium Risk: Customers and any Business Partner rendering services or consultancy to Noventiq excluding law firms, insurance companies, banks, and governmental entities.

Low Risk: vendors/suppliers not covered in High and Medium risk categories.

In accordance with the risk level defined above the following steps must be followed: 

1.1 High Risk Business Partners – Due diligence 

Employees are expected to undertake the following checks:

• Obtain key company information from the potential Business Partner. This may include:

• company name, parent company details (if applicable), company registration number, tax number, and website URL; 
• registered office address and head office address (if applicable);
• a copy of the certificate of incorporation (if applicable);
• an official extract of the register of companies (or equivalent) (if applicable, and where not possible for the Employee him/her-self to obtain such extract from a reliable company register public data base); 
• the articles of association of the company (if applicable);
• names of Directors (if applicable);
•  contact details of the person who is your single point of contact;
• the list of people authorized to sign on behalf of the company and corporate documents/powers of attorney confirming those rights (if applicable);
• payment address/purchase ordering address if different to head office address; 
• payment details, including the full name and address of the Business Partner's bank, as well as their account details; and 
• a confirmation on behalf of the Business Partner that all the information required above is correct and accurate.

Know and verify the true identity of the Business Partner using reliable and independent sources, documents, data or information.

If the Business Partner is a company, identify and verify the beneficial owners of Business Partners who have more than a 25% ownership interest in the Business Partner.

Run a credit record check, as needed, on the Business Partner. 

Be familiar with the nature and history of the Business Partner's activities.

The information can be obtained from the potential Business Partner, internet searches (to be noted - all screenshots made and saved must include date and time on the screen when the screenshot is made), third party screening databases, credit checks and general market knowledge. In carrying out these checks, Employees must record the steps that they have taken, the information that they have gathered and the sources of that information. Any information that has not been obtained should be clearly identified, along with efforts to obtain such information. 

The form at Appendix 2 of this Policy should be sent to potential Business Partners to assist in gathering the required information as well as the letter of acknowledgement included at Appendix 3.

All records must be kept in the relevant Books and Records in a form as required by the Chief Compliance Officer from time to time or, absent a prescribed form, in a way that is accurate and complete.

Where an Employee is notified or becomes aware of a significant change in the information relating to the relevant Business Partner or Customer, its controlling parent or its subsidiaries (or the information previously obtained is found to have been inaccurate or incomplete), this should be reviewed and, if necessary, updated in the relevant Books and Records.

1.2. Medium Risk-Business Partners and Customer 

Employees are expected to undertake the following checks:

• Obtain key company information from the potential Business Partner or Customer. This may include:
  • company name, parent company details (if applicable), company registration number, tax number, and website URL;
  • registered office address and head office address (if applicable);
  • a copy of the certificate of incorporation (if applicable);
  • an official extract of the register of companies (or equivalent) (if
    applicable);
  • the articles of association of the company (if applicable);
  • names of Directors (if applicable);
  • contact details of the person who is your single point of contact;
  • the list of people authorized to sign on behalf of the company and
    corporate documents/powers of attorney confirming those rights (if
    applicable);
• Run a credit record check, as needed, on the Business Partner and Customer
• Be familiar with the nature and history of the Business Partner's and Customer's activities.

1.3. Low Risk-Business Partners and Customer 

Noventiq Supplier Code of Conduct Commitment Letter signed in the form set out in Exhibit 1 of the Noventiq Supplier Code (https://noventiq.com/about/business-conduct-guidelines/supplier-code-of-conduct) and/or

At the end of every fiscal year, send an email about the Noventiq Supplier Code and the importance of adhering to its principles to all suppliers who have received at least one payment during that period. 

Step 2: Sanctions screening

Employees must undertake Sanctions screening on all potential Business Partners and Customers to ensure that Noventiq is not breaching Sanctions. This means that the following people and entities are screened to find out if any of them is a Sanctioned Person prior to entering into a business relationship with the Business Partner or Customer:

• the potential Business Partner or Customer; and
• if the potential Business Partner or Customer is a company, any of the Business Partner’s or Customer’s Directors, officers, owners and beneficial owners who you have identified; and 
• Business Partner or Customer operations if those considered to be subject to Sanctions or trade and export restrictions.

A person will be a Sanctioned Person where they are located or incorporated in a Sanctioned Country or targeted by Sanctions. Therefore, Sanctions screening involves checking whether the potential Business Partner or Customer has any links to a Sanctioned Country and/or whether they are listed in the following lists:

• the U.S. Specially Designated Nationals (SDN) List and on its Consolidated Sanctions List using this search function: https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-list-search-tool;
• the Consolidated List of Financial Sanctions Targets in the UK: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets/consolidated-list-of-targets;
• the consolidated list of persons, groups and entities subject to EU financial sanctions: https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations/restrictive-measures-sanctions_en#list; and
• the United Nations Security Council Consolidated List: https://www.un.org/securitycouncil/content/un-sc-consolidated-list.

Sanctions screening should be conducted through an internet search and analysis of the information received as part of the Business Partner or Customer checks. In addition, Employees should use any third-party screening tools available to Noventiq.

Employees must retain a written record in the Books and Records of the outcome of the Sanctions screening. In the event that a potential Business Partner or Customer is, or is linked to, a Sanctioned Person or a Sanctioned Country, the written approval of the Chief Compliance Officer must be obtained prior to starting or continuing the relationship.

In addition, Employees must comply with the Sanctions and Trade Controls Policy which sets out additional requirements and guidance to prevent any breaches of Sanctions and Trade Controls.

Step 3: Red Flags

After the completion of Steps 1 and 2 above for High and Medium Risk Business Partners and Customers, Employees must assess the general level of risk posed by each proposed Business Partner and Customer to determine whether enhanced Due Diligence is required. 

The information needed to carry out this risk assessment should be based on the information obtained from the proposed Business Partner or Customer, internet searches, third party screening databases and general market knowledge. Employees must retain a written record in the Books and Records of the steps that are taken in assessing the risks associated with the potential Business Partner or Customer. 

The request of further information should be based on the following:

• Red flags: is there anything unusual, suspicious or otherwise different about the potential Business Partner or Customer that could give rise to Money Laundering, Terrorist Financing, Bribery and/or Corruption-related concerns? 
• Geography: is the potential Business Partner or Customer based in, or is the underlying transaction otherwise connected to, a country that is perceived as being of higher risk from a Bribery and Corruption perspective?
• Contract value: is the expected value of the contract opportunity over USD500,000 (or equivalent). 

These are each addressed further below. 

Red Flags

Bribery and Corruption comes in many different forms and further background information can be found in the Anti-Bribery and Corruption Policy. 

Where an Employee is or becomes aware of anything unusual, suspicious or otherwise different about the Business Partner or Customer which could give rise to Bribery and/or Corruption-related concerns, this should be regarded as a red flag. Red flags include but are not limited to:

• any behaviour that would be prohibited by the Anti-Bribery and Corruption Policy;
• unusually high proposed fees for the services to be provided;
• fee arrangements, or requests for payment, that are unusual or not transparent (e.g. asking for payments to be sent to an unconnected third party, requesting payments into a foreign bank account); 
• a history of Bribery or Corruption-related issues in the proposed Business Partner’s or Customer’s organization;
• rumors or media information that the proposed Business Partner or Customer is or has been involved in Bribery or Corruption or suspicious transactions;
• an unclear ownership structure, problems for identifications or lack of office or work address; 
•  the involvement of Public Officials in proposed Business Partner or the underlying transaction or services; 
• proposals from the proposed Business Partner or Customer to make payments (not provided for by law), give gifts or provide entertainment or hospitality to Public Officials;
• where the contract will be performed by additional third parties – i.e., where the contract with the proposed Business Partner or Customer is likely to be sub-contracted or seems to be acting as a shield for another person;
• where the proposed Business Partner or Customer suggests that no written agreement be put in place, or where there is otherwise a lack of visibility or clarity around the Business Partner’s actual services or how it operates or Customer transaction is a typical or complex where the beneficiary is not clear;
• where the proposed Business Partner or Customer makes any of the following demands: payments of commission to other third parties; payments of commission in cash or other untraceable funds; and/or payments of commission into foreign bank accounts or to unidentifiable companies; 
• where the Business Partner or Customer relies heavily on contacts rather than expertise in order to win business, or otherwise has an apparent lack of qualifications or resources needed to perform the services they are offering; 
• where payments by or to Business Partner or Customer are or proposed to be made from or to any tax havens or offshore jurisdictions that are considered high risk from a Money Laundering or Terrorist Financing perspective; and 
• where the proposed Business Partner or Customer is refusing to provide requested screening information or to include any Bribery and Corruption-related legal provisions in the contract. 
• where the proposed Business Partner or Customer has significant tax debts.

When one or more red flags are identified in respect of a Business Partner or Customer, enhanced Due Diligence will be required. 

Geography

Bribery and Corruption are perceived as being more likely to occur in certain locations and countries.

For the purposes of assessing jurisdictional risks, Employees should refer to the latest “Corruption Perceptions Index” prepared by Transparency International. The latest index here: https://www.transparency.org/en/cpi/2023/index/nzl

Where the Business Partner is located in, or the underlying transaction or services are otherwise significantly connected to, a country with a score of less than 30 on the latest published Corruption Perceptions Index, enhanced Due Diligence is required. 

Contract value 

Higher value contracts can be considered more exposed to Bribery and Corruption- related risks. Similarly, if Bribery- and Corruption-related issues are identified in higher value contracts, regulators and enforcement agencies are more likely to actively investigate, and take action in respect of, the same. For these reasons, we require that higher standards are applied to high value contracts being, for the purposes of this Policy, contracts which have a total associated or annual value more than USD500,000 (or equivalent). Enhanced Due Diligence will be needed if you are entering into such a contract with a Business Partner or Customer.

Step 4: Conducting enhanced Due Diligence (where required)

Where enhanced Due Diligence is required, it will typically involve the following steps, as applicable and depending on the nature and extent of the risks identified:

• For Medium Risk Business Partner or Customer, the Form available at Appendix 2 must be completed. 
• request that the potential Business Partner or Customer provides additional information to address the specific issues of concern; 
• in the case of a company, obtain its full corporate profile and history;
• in the case of a person, obtain their full employment history/CV and request character and professional references; 
• where publicly available undertake litigation and criminal records searches; 
• conduct search in online searchers engines; 
• where appropriate, contact trusted third party Business Partners or Customer and other sources in the same sector or geography to seek their views; and
• consider holding in-person site visits and/or interviews with the potential Business Partner.

​Noventiq can also instruct specialist advisors to assist with or conduct enhanced Due Diligence on our behalf. The Chief Compliance Officer can arrange this where it is appropriate.

In all cases, the Chief Compliance Officer should be notified when enhanced Due Diligence is required so that they can advise on what further steps should be taken or any specific controls that should be implemented to mitigate, prevent or correct any risks or issues (where appropriate following consultation with the legal department or external counsel). 

Step 5: Formalizing your relationship

Once the preceding steps have been successfully completed, the relationship with the Business Partner or Customer can be formalized. This involves documenting the relationship through a written contract with Business Partner which: 

• clearly identifies the services to be provided by the Business Partner and how they will be remunerated; 
•  clearly identifies the goods and services to be delivered to the Customer and how they will be payed; 
• provides that payments are only made to the Business Partner or received from the Customer in a bank account held in their home country; and 
• includes appropriate contractual protections to ensure that the Business Partner or Customer will comply with applicable Sanctions and Trade Controls, Money Laundering, Terrorist Financing, Bribery and Corruption-related laws and regulations; and
• includes provisions requiring the Business Partner to comply with, our Anti-Bribery and Corruption Policy.
• undertaking of the Customer to comply with Noventiq Code of Conduct (‘Noventiq Way”);
• In specific cases, as per the Noventiq Compliance team’s request, Customer signs Assurance Letter provided by Noventiq compliance team.

Step 6: Ongoing monitoring

It is not enough to make sure that there are no red flags identified with a Business Partner or Customer at the start of a new relationship. It is important that Employees remain alive to the risks associated with Business Partners and Customers, and, unless in respect to particular Business Partner different frequency of monitoring the risks is established, yearly checks to ensure that the risks have not changed. To do that a communication should be sent to the Business Partners to confirm that the information initially shared does not have substantial changes and the Sanctions screening must be updated. For Customers, monitoring must be carried out at least at each renewal.

However, you must undertake a re-assessment of the relationship in any circumstances where a new red flag is identified, you become aware of any information obtained in respect of the Business Partner or Customer being incorrect or incomplete, and prior to any renewal of, or change in, your relationship with the Business Partner or Customer (for example, where they will provide additional or new services, purchase new products or services from us).

6. Speaking up and reporting 

Any Employee who becomes aware of breach of this Policy or any other event or circumstance that give rise to an actual or suspected breach to any Bribery, Corruption, Money Laundering, Terrorist Financing and Sanctions-related laws by any of Noventiq’s Business Partners and Customers, is obliged to escalate the issue in accordance with the Speak Up Policy. Employees, Business Partners and Customers may report a matter anonymously (although we would encourage them to go on the record).

Noventiq’s top management will provide comprehensive support to any of its Employees who report any issues in accordance with the Speak Up Policy in good faith. Retaliatory behaviour resulting from good faith reporting in accordance with the Speak Up Policy is never acceptable and Employees, Business Partners, and Customers will not be punished for good faith reporting (even if their concern is not substantiated). Those who engage in retaliatory behaviour will be subject to disciplinary action.

7. Violation of this Policy

Where Noventiq is informed of any breaches of this Policy or any event or circumstance that gives rise to an actual or suspected breach of any Bribery, Corruption, Money Laundering, Terrorist Financing, Sanctions or Trade Controls-related laws by any of Noventiq’s Business Partners, it will initiate an internal investigation thereof in accordance with the Speak Up Policy and involve law enforcement and other competent authorities, if necessary.

All Employees bear responsibility for the compliance with this Policy and any other documents aimed at its implementation. Failure to comply with the requirements of this Policy shall be grounds for disciplinary action up to and including dismissal.

Any questions about this Policy can be raised with the Chief Compliance Officer or emailed to compliance@noventiq.com.

8. Revision history

Issue No	Version No	Issue Date	Summary of Changes
1	1.0	June 2021	Initial Document
2	2.0	July 2021	Revision of Initial Document
3	3.0	August 2021	Final Document
4	4.0	March 2023	Change of CEO
5	5.0	December 2024	Update Policy-. Business Partners Risk Categorization

Hervé Tessler
CEO Noventiq

Download the policy in PDF Format