Noventiq is committed to conducting its business transparently and in accordance with the highest ethical standards. This means that Noventiq’s business must be carried out in strict compliance with all applicable laws and regulations at all times, including in the field of Bribery, Corruption, Money Laundering, Terrorist Financing and Sanctions and Trade Controls-related laws. Noventiq has a zero-tolerance approach to any form of unethical and illegal behaviour.
This extends to Noventiq’s Business Partners, as the conduct of Noventiq’s Business Partners can have serious impacts for Noventiq, from both a reputational and legal standpoint. Conducting appropriate, risk-based Due Diligence on Business Partners is therefore a critical part of ensuring that Noventiq is compliant with those laws and maintains its good business reputation.
This Policy sets out certain requirements and guidance to ensure appropriate Due Diligence is carried out in respect of Noventiq’s Business Partners.
This Policy applies to all Employees in relation to any business relationships or contracts with Business Partners.
3. Terms and definitions
Any defined terms in this Policy are in bold. The defined terms used in this Policy shall have the following meanings.
Books and Records means accounts, books, records, invoices, correspondence, papers, and other documents that record and reflect Noventiq’s business, transactions, and other activities whether in written or in any other form (including electronic).
Bribery or Bribe means any direct or indirect offer, promise, giving, request, agreement to receive, acceptance or receipt of any payment, gift or any other advantage of value (financial or otherwise), to or from any person (including any individuals or corporate entities), in order to induce that person (or any other person) to perform their role improperly or to secure any improper benefit or advantage for Noventiq or any other person.
Business Partner means any person who provides services to Noventiq or who otherwise acts for and/or on behalf of Noventiq including service providers, consultants, advisers, contractors, distributors, agents, commercial intermediaries and other intermediaries.
Chief Compliance Officer means Noventiq’s Global Chief Compliance Officer.
Corruption means any act done to give some improper advantage inconsistent with an official duty; the misuse of a station or office to procure some benefit either personally or for someone else contrary to an official duty.
Customer(s) means individual persons or companies who purchase goods or receive services from Noventiq.
Director means any member of the governing Board of a corporation, association, or other incorporated body.
Due Diligence means the process undertaken to assess risk by gathering, analyzing, managing, and monitoring information about an actual or potential Business Partner.
Employee means each manager, Director, employee, worker or officer hired on a permanent basis or under a fixed-term or casual employment contract by Noventiq, including any of Noventiq’s agency workers, temporary workers, casual workers, part- time workers, trainees or interns.
Money Laundering means the process criminals use to “clean” proceeds obtained from illegal activity. Money is “laundered” by passing it through lawful businesses or activities, including routing money through various countries, whilst the nature of the illegal activity or financial transaction and the source, origin, and/or owner of the funds is hidden.
Public Official means any:
- government official or any person who is authorised by law to perform any public
- elected or appointed official;
- employee or officer of government and/or local authority, including, but not limited to, educational, health care and military institutions, law enforcement and customs authorities, taxation and migration services, organizations that issue state licenses, sanctions and permits;
- employee or officer of a company, enterprise, agency, business organization or entity that is wholly or partly owned or controlled by the state;
- employee or officer of international organizations, including, but not limited to, the United Nations Organization, International Olympic Committee, International Committee of Red Cross and Red Crescent;
- leader and activist of a political party;
- candidate for a political office;
- members of royal families;
- honorary government officials; and
- other persons who hold a legislative, administrative, military or judicial position of any kind.
Sanctions means any trade, economic or financial sanctions laws, regulations, embargoes, and restrictive measures administered, enacted or enforced by the United Nations, the European Union, any Member States of the European Union, the United Kingdom and the United States.
Sanctioned Countries or Sanctioned Country means countries and/or territories which are subject to comprehensive country- and/or territory-wide Sanctions.
Sanctioned Persons means any persons, entities or any other parties (a) located, domiciled, resident or incorporated in a Sanctioned Country, (b) targeted by any Sanctions administrated by the United Nations, the European Union, any Member States of the European Union, the United Kingdom, the United States and/or any other applicable country, and/or (c) owned or controlled by or affiliated with persons, entities or any other parties as referred to in (a) and (b).
Noventiq means Noventiq Holdings PLC (or any successor) and any entity, operation or investment more than 50% owned by Noventiq Holding PLC directly or indirectly.
Terrorist Financing means the financing of, or provision of financial assistance related to, terrorist acts, terrorists, and terrorist organizations.
Trade Controls means any prohibitions or restrictions on the trade or movement of goods, products or services from, to or through a particular country, imposed by the government or relevant authority of a country. Restrictions may be imposed over direct and indirect imports, exports, re-exports, transfers, and re-transfers in respect of (a) particular kinds of goods, products or services; (b) the exporting or destination country or geographic territory; and/or (c) the identity of the exporter or recipient.
4.1 Employee obligations
Employees are obliged to:
- read, understand and follow this Policy and any other documents aimed at its implementation;
- demonstrate ethics, integrity and accountability at all times and expect the same from other;
- direct any questions, concerns, or any known or suspected violations of this Policy to the Chief Compliance Officer or through the channels described in the Speak Up Policy; and
- receive training as and when required by Noventiq.
4.2 Manager obligations
In addition to the above, managers are obliged to ensure that Employees follow the requirements and instructions set out in this Policy and receive training (where required).
4.3 Chief Compliance Officer obligations
The Compliance Function / Chief Compliance Officer is:
- obliged to review and, if necessary, update this Policy and any other documents aimed at its implementation on an annual basis;
- obliged to organise training and education for relevant Employees on induction and as and when decided by Noventiq and make sure relevant Employees complete such training and education successfully;
- responsible for the implementation of this Policy;
- obliged to raise any actual or suspected breaches of this Policy to the Board of Directors of Noventiq as soon as is practicable; and
- obliged to provide Employees with advice and support in the matters of compliance with this Policy and relevant legislation.
Step 1: Understanding our Business Partners and Customers
Understanding who Noventiq’s Business Partners are is key to helping Noventiq address legal and commercial risks. Noventiq cannot conduct business with an anonymous or fictitious company or with any Business Partner with an unclear identity or business activities.
In order to understand who our Business Partners are, and the degree of risk they present, we must conduct an appropriate level of Due Diligence before entering into any business with them. Where possible and appropriate, Employees are expected to undertake the following checks:
- Obtain key company information from the potential Business Partner or Customer. This may include:
- company name, parent company details (if applicable), company registration number, tax number, and website URL;
- registered office address and head office address (if applicable);
- a copy of the certificate of incorporation (if applicable);
- an official extract of the register of companies (or equivalent) (if
- the articles of association of the company (if applicable);
- names of Directors (if applicable);
- contact details of the person who is your single point of contact;
- the list of people authorized to sign on behalf of the company and
corporate documents/powers of attorney confirming those rights (if
- the last two years’ worth of financial statements and audit reports (cash
flow, balance sheet, and profit & loss account);
- payment address/purchase ordering address if different to head office
- payment details, including the full name and address of the Business
Partner's bank, as well as their account details; and
- a confirmation on behalf of the Business Partner that all the information
required above is correct and accurate.
- Know and verify the true identity of the Business Partner using reliable and independent sources, documents, data or information.
- If the Business Partner is a company, identify and verify the beneficial owners of Business Partners who have more than a 10% ownership interest in the Business Partner.
- Run a credit record check, as needed, on the Business Partner.
- Be familiar with the nature and history of the Business Partner's activities.
- Identify your Business Partner's source of, or use of, funds.
The information can be obtained from the potential Business Partner, internet searches, third party screening databases, credit checks and general market knowledge. In carrying out these checks, Employees must record the steps that they have taken, the information that they have gathered and the sources of that information. Any information that has not been obtained should be clearly identified, along with efforts to obtain such information.
The form at Appendix 1 of this Policy should be sent to potential Business Partners to assist in gathering the required information
All records must be kept in the relevant Books and Records in a form as required by the Chief Compliance Officer from time to time or, absent a prescribed form, in a way that is accurate and complete.
Where an Employee is notified or becomes aware of a significant change in the information relating to the relevant Business Partner or Customer, its controlling parent or its subsidiaries (or the information previously obtained is found to have been inaccurate or incomplete), this should be reviewed and, if necessary, updated in the relevant Books and Records.
Step 2: Sanctions screening
Employees must undertake Sanctions screening on all potential Business Partners and Customers to ensure that Noventiq is not breaching Sanctions. This means that the following people and entities are screened to find out if any of them is a Sanctioned Person prior to entering into a business relationship with the Business Partner or Customer:
- the potential Business Partner or Customer; and
- if the potential Business Partner or Customer is a company, any of the Business Partner’s or Customer’s Directors, officers and owners who you have identified.
A person will be a Sanctioned Person where they are located or incorporated in a Sanctioned Country or targeted by Sanctions. Therefore, Sanctions screening involves checking whether the potential Business Partner or Customer has any links to a Sanctioned Country and/or whether they are listed in the following lists:
- the U.S. Specially Designated Nationals (SDN) List and on its Consolidated Sanctions List using this search function: https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-list-search-tool;
- the Consolidated List of Financial Sanctions Targets in the UK: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets/consolidated-list-of-targets;
- the consolidated list of persons, groups and entities subject to EU financial sanctions: https://ec.europa.eu/info/business-economy-euro/banking-and-finance/international-relations/restrictive-measures-sanctions_en#list; and
- the United Nations Security Council Consolidated List: https://www.un.org/securitycouncil/content/un-sc-consolidated-list.
Sanctions screening should be conducted through an internet search and analysis of the information received as part of the Business Partner or Customer checks. In addition, Employees should use any third-party screening tools available to Noventiq.
Employees must retain a written record in the Books and Records of the outcome of the Sanctions screening.
In the event that a potential Business Partner or Customer is, or is linked to, a Sanctioned Person or a Sanctioned Country, the written approval of the Chief Compliance Officer must be obtained prior to starting or continuing the relationship.
In addition, Employees must comply with the Sanctions and Trade Controls Policy which sets out additional requirements and guidance to prevent any breaches of Sanctions and Trade Controls.
Step 3: Determining whether enhanced Due Diligence is required
After the completion of Steps 1 and 2 above, Employees must assess the general level of risk posed by each proposed Business Partner in order to determine whether enhanced Due Diligence is required.
The information needed to carry out this risk assessment should be based on the information obtained from the proposed Business Partner, internet searches, third party screening databases and general market knowledge. Employees must retain a written record in the Books and Records of the steps that are taken in assessing the risks associated with the potential Business Partner.
The risk associated with the proposed Business Partner should be assessed according to the following:
- Red flags: is there anything unusual, suspicious or otherwise different about the potential Business Partner that could give rise to Money Laundering, Terrorist Financing, Bribery and/or Corruption-related concerns?
- Geography: is the potential Business Partner based in, or is the underlying transaction otherwise connected to, a country that is perceived as being of higher risk from a Bribery and Corruption perspective?
- Services: are the services the Business Partner would be providing perceived as being a higher risk?
- Contract value: is the expected value of the contract opportunity over USD100,000 (or equivalent)?
These are each addressed further below.
Bribery and Corruption comes in many different forms and further background
information can be found in the Anti-Bribery and Corruption Policy.
Where an Employee is or becomes aware of anything unusual, suspicious or otherwise
different about the Business Partner which could give rise to Bribery and/or Corruption-related concerns, this should be regarded as a red flag. Red flags include but are not limited to:
- any behaviour that would be prohibited by the Anti-Bribery and Corruption Policy;
- unusually high proposed fees for the services to be provided;
- fee arrangements, or requests for payment, that are unusual or not transparent (e.g. asking for payments to be sent to an unconnected third party, requesting payments into a foreign bank account);
- a history of Bribery or Corruption-related issues in the proposed Business Partner’s organization;
- rumours that the proposed Business Partner is or has been involved in Bribery or Corruption;
- an unclear ownership structure or lack of office or work address;
- the involvement of Public Officials in proposed Business Partner or the
underlying transaction or services;
- proposals from the proposed Business Partner to make payments (not provided
for by law), give gifts or provide entertainment or hospitality to Public Officials;
- where the contract will be performed by additional third parties – i.e., where the
contract with the proposed Business Partner is likely to be sub-contracted;
- where the proposed Business Partner suggests that no written agreement be put in place, or where there is otherwise a lack of visibility or clarity around the Business Partner’s actual services or how it operates;
- where the proposed Business Partner makes any of the following demands: payments of commission to other third parties; payments of commission in cash or other untraceable funds; and/or payments of commission into foreign bank accounts or to unidentifiable companies;
- where the Business Partner relies heavily on contacts rather than expertise in order to win business, or otherwise has an apparent lack of qualifications or resources needed to perform the services they are offering;
- where payments are or proposed to be made from any tax havens or offshore jurisdictions that are considered high risk from a Money Laundering or Terrorist Financing perspective; and
- where the proposed Business Partner is refusing to provide requested screening information or to include any Bribery and Corruption-related legal provisions in the contract.
When one or more red flags are identified in respect of a Business Partner, enhanced Due Diligence will be required.
Bribery and Corruption are perceived as being more likely to occur in certain locations
For the purposes of assessing jurisdictional risks, Employees should refer to the latest “Corruption Perceptions Index” prepared by Transparency International. The latest index here: https://www.transparency.org/en/cpi/2020/index/nzl
Where the Business Partner is located in, or the underlying transaction or services are otherwise significantly connected to, a country with a score of less than 30 on the latest published Corruption Perceptions Index, enhanced Due Diligence is required.
The type of services that a Business Partner provides for Noventiq influences the level of risk that may be associated with such Business Partner. A Business Partner who is a distributor, agent or partner will require enhanced Due Diligence.
Higher value contracts can be considered more exposed to Bribery and Corruption- related risks. Similarly, if Bribery- and Corruption-related issues are identified in higher value contracts, regulators and enforcement agencies are more likely to actively investigate, and take action in respect of, the same.
For these reasons, we require that higher standards are applied to high value contracts being, for the purposes of this Policy, contracts which have a total associated or annual value in excess of USD500,000 (or equivalent). Enhanced Due Diligence will be needed if you are entering into such a contract with a Business Partner.
Step 4: Conducting enhanced Due Diligence (where required)
Where enhanced Due Diligence is required, it will typically involve the following steps, as applicable and depending on the nature and extent of the risks identified:
- request that the potential Business Partner provides additional information to address the specific issues of concern;
- in the case of a company, obtain its full corporate profile and history;
- in the case of a person, obtain their full employment history/CV and request character and professional references;
- undertake litigation and criminal records searches;
- where appropriate, contact trusted third party Business Partners and other
sources in the same sector or geography to seek their views; and
- consider holding in-person site visits and/or interviews with the potential
Noventiq can also instruct specialist advisors to assist with or conduct enhanced Due Diligence on our behalf. The Chief Compliance Officer can arrange this where it is appropriate.
In all cases, the Chief Compliance Officer should be notified when enhanced Due Diligence is required so that they can advise on what further steps should be taken or any specific controls that should be implemented to mitigate, prevent or correct any risks or issues (where appropriate following consultation with the legal department or external counsel).
Step 5: Formalizing your relationship
Once the preceding steps have been successfully completed, the relationship with the Business Partner can be formalised. This involves documenting the relationship through a written contract which:
- clearly identifies the services to be provided by the Business Partner and how they will be remunerated;
- provides that payments are only made to the Business Partner in a bank account held in their home country; and
- includes appropriate contractual protections to ensure that your Business Partner will comply with applicable Sanctions and Trade Controls, Money Laundering, Terrorist Financing, Bribery and Corruption-related laws and regulations; and
- includes provisions requiring the Business Partner to comply with, our Anti- Bribery and Corruption Policy.
Additionally, the letter at Appendix 2 to this Policy should be sent to the Business Partner prior to any contracts being signed.
Step 6: Ongoing monitoring
It is not enough to make sure that there are no red flags identified with a Business Partner at the start of a new relationship. It is important that Employees remain alive to the risks associated with Business Partners and, where necessary, undertake periodic checks to ensure that the risks have not changed. The frequency and nature of the periodic checks should take into account the general level of risk posed by the relationship with the Business Partner in question.
However, you must undertake a re-assessment of the relationship in any circumstances where a new red flag is identified, you become aware of any information obtained in respect of the Business Partner being incorrect or incomplete, and prior to any renewal of, or change in, your relationship with the Business Partner (for example, where they will provide additional or new services).
6. Speaking up and reporting
Any Employee who becomes aware of breach of this Policy or any other event or circumstance that give rise to an actual or suspected breach to any Bribery, Corruption, Money Laundering, Terrorist Financing and Sanctions-related laws by any of Noventiq’s Business Partners, is obliged to escalate the issue in accordance with the Speak Up Policy. Employees and Business Partners may report a matter anonymously (although we would encourage them to go on the record).
Noventiq’s top management will provide comprehensive support to any of its Employees who report any issues in accordance with the Speak Up Policy in good faith. Retaliatory behaviour resulting from good faith reporting in accordance with the Speak Up Policy is never acceptable and Employees and Business Partners will not be punished for good faith reporting (even if their concern is not substantiated). Those who engage in retaliatory behaviour will be subject to disciplinary action.
7. Violation of this Policy
Where Noventiq is informed of any breaches of this Policy or any event or circumstance that gives rise to an actual or suspected breach of any Bribery, Corruption, Money Laundering, Terrorist Financing, Sanctions or Trade Controls-related laws by any of Noventiq’s Business Partners, it will initiate an internal investigation thereof in accordance with the Speak Up Policy and involve law enforcement and other competent authorities, if necessary.
All Employees bear responsibility for the compliance with this Policy and any other documents aimed at its implementation. Failure to comply with the requirements of this Policy shall be grounds for disciplinary action up to and including dismissal.
Any questions about this Policy can be raised with the Chief Compliance Officer or emailed to firstname.lastname@example.org.
8. Revision history
Summary of Changes
Revision of Initial Document
Change of CEO