SAGRILAFT and Crime Prevention Model Policy
OBJECTIVE
To establish a comprehensive framework for the prevention, detection, control, and reporting of Money Laundering, Financing of Terrorism, and Financing of the Proliferation of Weapons of Mass Destruction (ML/FT/FPWMD), as well as for the implementation and compliance of the Crime Prevention Model (CPM), ensuring the integrity of all the company's operations.
SCOPE
This policy applies to all operations, activities, and commercial relationships of the Company, including:
- Clients: Individuals or legal entities acquiring goods or services from the Company.
- Suppliers: Individuals or legal entities providing goods or services to the Company.
- Intermediaries: Individuals or legal entities acting on behalf of or representing the Company.
- Employees: All individuals working for the Company, regardless of position or level.
- Third Parties: Any individual or legal entity having a business relationship with the Company.
Additionally, it is clarified that this policy transversally unifies the requirements of the System for Self-Control and Comprehensive Risk Management of Money Laundering, Financing of Terrorism, and Financing of the Proliferation of Weapons of Mass Destruction (SAGRILAFT), governed by the Superintendency of Companies in Colombia, and the Crime Prevention Model (CPM), based on the Economic Crimes Law of Chile, both aligned with current legal regulations.
GUIDELINES
Netdata formally declares a Zero Tolerance stance against the commission of any economic or computer crime, or any act aimed at money laundering and the financing of illicit activities. Integrity, legality, and self-control are non-negotiable pillars of our corporate governance. The shareholders, the board of directors, and senior management proactively assume the supervision of these guidelines in all jurisdictions where we operate.
In the development of this policy, the Company declares the following:
-
To comply with current regulations regarding the prevention of ML/FT/FPWMD and reduce the risk of corruption and financial infractions, not only to contribute to the fulfillment of State purposes and compliance with the Law but also to protect the Company's image and reputation.
- To implement the Compliance Officer function and allocate the necessary human, technical, financial, and operational resources for the proper development of their duties.
- The Company uses reasonable self-disclosure and verification mechanisms to avoid establishing commercial or contractual relationships with legal or natural persons and their ultimate beneficial owners if, after an objective assessment of the evidence and other available information, it is reasonably deduced that there are doubts or a high-risk rating regarding the origin of funds, the legality of operations, or potential links of the counterparty or their ultimate beneficial owners to illegal groups or foreign/national terrorists, and effective detection and monitoring measures are not feasible for that specific case. Notwithstanding the above, in the event of already formalized contractual relationships, the Company will carry out the progressive actions that are appropriate in accordance with applicable regulations to promote the prompt termination of the contractual bond with the counterparty suspected of activity, ensuring the adoption of measures that prevent the interruption of its operation and promote its continuity.
- To promote a culture of prevention and "know your customer, supplier, collaborator, and associate" within the Company through training and any other available means.
- The Company will carry out reasonable measures to obtain adequate knowledge of its counterparties. When a natural or legal person does not provide sufficient information, the risk level represented by engaging with this counterparty will be analyzed on a case-by-case basis, considering:
- The possibility of obtaining information through available public sources or media.
- The specific level of risk represented by the counterparty and the operation.
- Receipt of mitigation measures provided by the counterparty, such as: Compliance declarations and internal due diligence regarding their ultimate beneficial owners and other counterparties of interest.
- The Company will carry out reasonable measures to obtain adequate knowledge of its counterparties. When a natural or legal person does not provide sufficient information, the risk level represented by engaging with this counterparty will be analyzed on a case-by-case basis, considering:
- The Company must collaborate with authorities in providing information requested during investigations into money laundering, financing of terrorism, financing of the proliferation of weapons of mass destruction, and/or computer crimes, bribery, and corruption.
- To mitigate the materialization of risks, it must guide its collaborators, at all levels and positions, to act in full compliance with the Company's policies.
- Information managed by the Company associated with commercial transactions and the documentation for each stage of the SARLAFT and the Crime Prevention Model is confidential.
- Therefore, collaborators must handle it confidentially, with honesty and integrity. Consequently, this information may not be used for personal gain or for the benefit of third parties, inside or outside the Company.
- No collaborator may disclose aspects of operations reported as suspicious or attempted to the Financial Information and Analysis Unit (UIAF) in Colombia or the Public Prosecutor's Office or the Investigative Police (PDI) in Chile. Only the Compliance Officer shall report information to the relevant authorities, without prejudice to the reports that must be submitted to the Company's Management.
- It is the obligation of all Company collaborators to strictly know and apply the criteria and standards incorporated in this policy and in the GA-MAN-01 SAGRILAFT Manual and Crime Prevention Model; to know and heed the alert signals contained therein.
- Upon becoming aware of a crime during the performance of their duties, persons linked to the Company must fulfill the duty to report it to the Compliance Officer, without prejudice to complying with the duty of criminal denunciation in applicable cases.
- Employees are obligated to inform the Compliance Officer, who in turn must immediately and sufficiently report to the competent authority any relevant information regarding the management of funds whose amount or characteristics do not relate to the economic activity of their clients and suppliers, or which, due to their number, the amounts traded, or their particular characteristics, may reasonably lead to the suspicion that they are using the Company to manage, take advantage of, or invest money or resources derived from illicit activities or intended for their financing.
- For prevention and control, it is essential that the mechanisms and instruments established internally are followed by employees involved in the authorization, execution, and review of operations, businesses, or contracts. It is each employee's obligation to attend training provided on the subject.
- It is imperative to prioritize the observance of ethical principles over the achievement of commercial goals, considering it is paramount to generate a culture oriented toward applying established standards for the prevention and detection of crimes associated with corrupt practices and economic crimes (including computer crimes, bribery, corruption), money laundering, financing of terrorism, and financing of the proliferation of weapons of mass destruction.
- The Board of Directors, the Legal Representative, the Compliance Officer, and other Company collaborators must respond for the obligations and responsibilities applicable to them regarding the application of the LA/FT/FPWMD risk self-control and management system and the Crime Prevention Model.
- All collaborators are obligated to comply with the guidelines defined in this policy. Any violation thereof will be considered a very serious offense, in accordance with the provisions of the Internal Work Regulations (Colombia) and the Internal Order, Hygiene, and Safety Regulations (Chile).
- Privileged access by our engineers to clients' technical infrastructure is subject to the controls of the ISMS (ISO/IEC 27001:2022). Any illicit access or interception of data that does not correspond to their work and is not expressly authorized by the client is prohibited.
- For independent counterparties (suppliers/contractors), the violation of these standards will entitle Netdata to the immediate unilateral termination of the contract for just cause and without right to claims.
- It is absolutely forbidden to offer or provide economic advantages or gifts to public officials (in portals such as Mercado Público in Chile) or to purchasing managers of private clients to obtain commercial advantages.
- Any interaction or meeting of the sales force with Chilean State authorities must be strictly registered under the framework of Law N° 20.730.
- The operation of the Reporting Channel (Form GA-F-20 and email info@netdatanetworks.com) is ratified, guaranteeing the confidentiality and absolute protection and indemnity of any collaborator or counterparty that submits a report or disclosure in good faith.
- Netdata extends criminal compliance liability to contractors, technological subcontractors, and allies. Maintaining commercial ties with third parties that do not explicitly adhere to this policy is prohibited.
- Commercial, contractual, or conventional engagement with a counterparty classified as a PEP must be approved by the Company's legal representative, who must take into consideration the following criteria based on information obtained in the framework of due diligence activities:
- (i) Absence of conflicts of interest between their functions or responsibilities as a PEP and the activity motivating the contractual bond with the Company.
- (ii) Reasonability and coherence between the purposes, amounts, frequencies, and other characteristics of the operation or contractual bond regarding the conditions of the position or functions held by the PEP.
- (i) Absence of conflicts of interest between their functions or responsibilities as a PEP and the activity motivating the contractual bond with the Company.
RISK COMMITTEE (APPLICABLE TO SAGRILAFT)
As this policy is an internal instruction, it is established that it will have an advisory team to the SAGRILAFT Compliance Officer, which monitors and promotes its compliance.
The advisory team to the Compliance Officer shall be the SAGRILAFT RISK COMMITTEE, and it will be composed of:
-
Chief Financial Officer
-
IT Coordinator
-
Chief People Officer
-
Junior Data Developer
-
Inside Sales Manager
-
Quality Leader
-
Security Director
-
Administrative and Financial Manager
All cases managed by the SAGRILAFT Risk Committee will be treated with strict confidentiality, regardless of the impact on the company or the complexity involved in the investigation process.
The SAGRILAFT Risk Committee will have a quorum with half plus one of its members.
It is important that the members of the SAGRILAFT Risk Committee adhere to both the Code of Ethics and a confidentiality policy, given the nature of the information to which they will have access.
APPROVAL
The Shareholders' Assembly approves this policy, which is recorded in the Minutes of the Shareholders' Assembly.