4. Corporate Culture, Business Objectives and Strategy
C 24/2022 STA
1.
The Board is responsible for the implementation of an effective risk management culture and internal control framework across the Company and the Group. In order to promote a sound corporate culture, the Board must establish the “tone from the top” by:
a.
Setting and adhering to corporate values that create the expectation that all business must be conducted in a legal and ethical manner, and overseeing the adherence to such values by Staff;
b.
Promoting risk awareness within a strong risk culture, and setting the expectation that all Staff are responsible for ensuring that the Company operates within the established Risk Governance Framework, Risk Appetite and Risk Limits;
c.
Ensuring that appropriate steps have been taken to communicate throughout the Company the corporate values, professional standards and codes of conduct approved by the Board, together with supporting policies; and ensuring that Staff are aware that appropriate disciplinary or other actions will follow unacceptable behaviours and breaches.
2.
The Company’s corporate culture must recognise the critical importance of timely and frank discussion and escalation of problems to higher levels. Staff must be encouraged and must be able to communicate legitimate concerns about illegal, unethical and/or questionable practices confidentially and without the risk of reprisal.
3.
The Board must approve and oversee a whistleblowing policy mechanism and ensure that Senior Management appropriately addresses legitimate issues flagged through the whistleblowing mechanism. The Board is responsible for ensuring that Staff who raise concerns are protected from detrimental treatment or reprisals. The Board must oversee and approve how and by whom legitimate matters are investigated and that they are addressed by an objective internal or external body, Senior Management, and/or by the Board itself.
4.
A Company must have a written code of conduct for Staff that defines acceptable and unacceptable behaviours. It must explicitly prohibit illegal activity including fraud, breach of sanctions, money-laundering, anti-competitive practices, bribery and corruption, and the violation of consumer rights. It must make clear that Staff are expected to conduct themselves ethically and perform their jobs with skill, due care and diligence. The code of conduct covers, at a minimum:
a.
The obligation to comply with all Regulations and the Company policies.
b.
Prevention and management of Conflicts of Interest.
c.
Guidance on decision-making.
d.
Reporting mechanisms on any breach of applicable laws and Regulations, and protection for whistle blowers from retaliation.