OBJECTIVE	To establish the guidelines governing the organization regarding the prevention of corruption, bribery, and fraud, as well as the principles of conduct and controls that must be implemented in order to maintain integrity and ethics in the actions of BPM Consulting SAS.
SCOPE	This policy applies across all areas, processes, employees, suppliers, and business partners of BPM Consulting SAS.
ASSOCIATED DOCUMENTS	Colombian Anti-Corruption Statute Transnational Bribery Law Internal Work Regulations Colombian Criminal Code

TERMS AND DEFINITIONS

• Corruption: Abuse of positions of power or trust for personal benefit to the detriment of the collective interest, carried out through offering or requesting, giving or receiving goods or money in kind, services, or benefits, in exchange for actions, decisions, or omissions […] (Transparency for Colombia)
• Conflict of Interest: A situation where business, financial, family, political, or personal interests could interfere with the judgment of personnel in the performance of their obligations toward the organization. (ISO 37001)
• Due Diligence: Process to evaluate in greater detail the nature and extent of bribery risk. An action that enables decision-making regarding specific transactions, projects, activities, business partners, and personnel. (ISO 37001)
• Fraud: Any illegal act characterized by deceit, concealment, or breach of trust. These acts do not require the application of threats, violence, or physical force. Fraud is perpetrated by individuals and organizations to obtain money, property, or services, to avoid payments or loss of services, or to secure personal or business advantages. (Association of Certified Fraud Examiners)
• Supplier: Natural or legal person who provides products and/or services to the organization.
• Bribery: Offering, promising, giving, accepting, or requesting an undue advantage of any value (which may be financial or non-financial), directly or indirectly and regardless of location, in violation of applicable law, as an incentive or reward for a person to act or refrain from acting in relation to the performance of that person’s obligations. (ISO 37001)
• Business Partner: External party with whom the organization plans, establishes, and/or carries out a business alliance such as Joint Ventures, representation, intermediation, and investment.

 

GUIDELINES

BPM Consulting’s policy is based on the principle of honesty, which is part of its corporate values: “Our conduct is based on truth and justice. Our actions are framed within openness and transparency.”

In this regard, all employees, suppliers, business partners, and any person who interacts with or has a commercial, employment, or service relationship with the organization must act consistently with truth, transparency, and honesty.

As general guidelines regarding organizational processes, the following directives are established, emphasizing zero tolerance for corruption, bribery, and/or fraud:

1. Prohibitions

 

As an Organization

• Demanding or accepting money, favors, or gifts from an applicant as compensation for admitting them as an employee of BPM Consulting.

• Carrying out or authorizing political propaganda at premises owned or rented by BPM Consulting.
  During the negotiation processes of goods or services, accepting gifts or invitations that compromise objective decision-making.

• During service operations, accepting gifts or monetary or in-kind benefits that allow the manipulation of the results of indicators/measurements presented to the final client.

• Manipulating documents, financial figures, or any actions that approve data inconsistent with the organizational reality.

• Offering or receiving gratuities, sponsorships, or donations in money, kind, or gifts to seek personal or corporate benefit.

• Receiving or requesting donations and sponsorships from a company or individual seeking to obtain a particular benefit.

For Employees

All employees, regardless of the work they perform, their assigned role, or their geographical location, must comply with the provisions of the Internal Work Regulations regarding the following prohibitions:

• Receiving and/or requesting money and/or gifts from clients.
  Accepting gifts, favors, or money to act for the benefit of a third party or personal benefit, to the detriment of the client’s guidelines and BPM Consulting’s policies.
• Accepting or requesting money to delay or carry out an action that falls within their job responsibilities.
• Receiving or requesting payments to facilitate or expedite services and procedures, consisting of “small payments” delivered for the purpose of speeding up or facilitating a procedure, obtaining a license, permit, or service.
• Reproducing, revealing, disclosing, copying, and/or providing third parties with information regarding procedures, processes, software, and/or using company information improperly for personal benefit and/or the benefit of third parties.
• Engaging in fraudulent actions or acting against the company’s interests by submitting false receipts, certificates, medical leave documents, and/or other false documents.
• Receiving or requesting donations and sponsorships from a company or individual seeking to obtain a particular benefit.
• Submitting documentation and/or communicating false information at any stage of the personnel selection process, as well as during their permanence within the organization.

 

2. Principles of Conduct

 

As an Organization

• Conduct business activities in a fair, honest, objective, and transparent manner.
• Do not pay bribes, nor allow bribes to be offered on behalf of BPM Consulting in order to obtain a commercial advantage.
• Do not accept bribes, nor allow them to be accepted on behalf of BPM Consulting with the purpose of influencing the company.
• Avoid doing business with companies and/or individuals who do not accept the organizational values, policies, and corporate guidelines regarding ethics, anti-corruption, anti-bribery, or fraud.
• Act with transparency, honesty, and truth, even in difficult or complex situations that the organization may face.
• The books, records, and accounts related to BPM Consulting’s operations must accurately, impartially, and with reasonable detail reflect transactions and asset dispositions under its control.
• Gifts and presents are valid as merchandising elements within commercial events for brand positioning, as well as in academic events that contribute to the BPro sector. In all other spaces of interaction with third parties, the giving/receiving of special gifts is not permitted (workspaces, negotiations, presentation of offers, strategic alliances).
• BPM Consulting may lead participation programs in volunteer activities and foundations, motivated by the development of corporate social responsibility strategies.
• However, under no circumstances does it support political causes and/or processes that go against good conduct, ethics, or its corporate values.
• Likewise, it does not provide monetary donations and, if it does so, prior authorization from General Management is required. The resources must be transferred directly to legally established companies for which due diligence has been successfully completed.
• BPM Consulting prohibits sponsorships or donations related to funds, political campaigns, and political parties. This confirms that the organization remains neutral regarding political positions and parties and does not provide or facilitate spaces or scenarios for political processes or political messages.
• Travel undertaken by employees holding high-level positions (Managers) must be aligned with organizational objectives and strategies and be approved by their immediate supervisor and, when applicable, by the Board of Directors.

 

Personnel in positions other than those mentioned above may travel whenever there is a client requirement and it is approved by Operations Management and the

Deputy General Management.
In all cases, the validation and approval of incurred expenses require original physical or electronic invoices issued by legally established entities, with legible information and without erasures or amendments.

 

For Employees

• Perform the work entrusted by the organization with honesty, quality, efficiency, effectiveness, goodwill, and in the best possible manner.
  Comply with the philosophy, values, and principles established by the organization.
• Act with transparency and honesty in all actions involving interaction with BPM Consulting, including: recruitment and hiring processes and requested documentation; interaction with colleagues, employees, managers, and supervisors; compliance with operational guidelines; interactions with clients and end users of services; submission of PQRS to the organization; participation in operational, service, and occupational health and safety committees; as well as disciplinary proceedings for conduct or non-compliance with the Internal Work Regulations, and contract termination processes.
• Refrain from communicating reserved information to third parties, unless expressly authorized, when its disclosure may cause harm to the organization. This does not prevent reporting common crimes or violations of the contract or labor laws to the competent authorities.
• Timely communicate to the organization any observations deemed relevant in order to prevent damages or losses.
  Identify and report situations of bribery or corruption that may arise at any level within the company’s processes.
• Strictly comply with the provisions established in circulars, communications, information, and all types of policies and procedures issued by the organization, with the purpose of preventing possible damages that may affect its economic interests and good reputation.
• Sign the confidentiality agreements and clauses required by the organization according to the employee’s position, regarding sensitive, reserved, or confidential information that, due to their duties and based on trust and responsibility, is provided by the organization for the performance of their work and belongs to the organization, client company, supplier, and/or business partner.
• Employees, on their own behalf, are free to make contributions/donations as responsible citizens, for altruistic purposes and in support of causes they consider relevant. These actions are valid as long as they are carried out with the employee’s own resources and without directly or indirectly involving BPM Consulting.

 

3. Prevention and Control Mechanisms

• Senior Management will set an example through its actions, respect for policies and compliance, and will encourage its work teams to act accordingly.
• Develop communication and awareness strategies to ensure that employees understand the content of this policy.
• Keep corporate guidelines available and easily accessible as public documents for third parties (suppliers, consultants, and business partners).
• For each third party initiating a negotiation process with BPM Consulting SAS, due diligence must be carried out, and they must be checked against the restrictive lists determined by the organization.
• All suppliers maintaining a commercial or contractual relationship must know, approve, and comply with the Supplier Code of Ethics.
• BPM Consulting does not apply discounts or reduced prices to the service rates established for its clients. Once a contract or purchase order is enabled, the organization respects the agreed values and maintains those financial agreements.
• All agreements made with suppliers must be documented in writing and supported by the different documents that form part of the contractual relationship (offer, purchase order, technical annexes, SLA, meeting commitments, and any other documentation considered relevant, whether physical or digital).
• Contracts with third parties, and in general all agreements established with them, must be monitored regularly to ensure proper operation and to identify in a timely manner any deviations in transparency within operations.
• All employees participating in a selection process must have undergone due diligence. Those with findings will not be allowed to become part of the organization.
  BPM Consulting employees must report situations of corruption, bribery, or fraud that may arise at any level, process, or operation to their immediate supervisor, the Human Talent and Culture Management, or through the PQRSF channel on the company’s website.

 

REPORTING

BPM Consulting, in its interest to determine the necessary improvement actions, provides its PQRSF channel through its website, https://www.bpmconsulting.com.co/, in the PQRSF module, so that employees, natural/legal persons, and citizens may report irregular practices or transactions carried out by any of our employees or by those acting on behalf of BPM Consulting.

Complaints against employees are handled confidentially and follow the due process established in the Internal Work Regulations as a serious offense. In other cases, complaints will be forwarded by the Control, Improvement, and Innovation Management directly and confidentially to the Deputy Management of BPM Consulting for proper analysis and processing in accordance with Colombian legislation.

When a report is received through a channel other than the website, the Management in charge must notify the Control, Improvement, and Innovation Manager in writing so that the complaint can be included in the information system and its traceability, monitoring, control, and closure can be carried out.

Response times are regulated by Colombian legislation in accordance with Law 1755 of 2015 or any regulation established by the Colombian State for petitions, complaints, claims, and reports.

 

COMPLIANCE

Senior Management of BPM Consulting reaffirms its commitment to counteracting corruption, bribery, and fraud in any organizational actions, with and among its employees, as well as with third parties and business partners.

Strict compliance will be given to the laws established in Colombian territory and in the countries where its services operate, regarding corruption, bribery, and/or fraud.
Likewise, disciplinary sanctions regulated in the Internal Work Regulations for serious offenses will be applied, which explicitly state:

• For the first offense, suspension from work for up to five (5) days, without the right to remuneration.
• For the second offense, suspension from work from six (6) days up to two (2) months, without the right to remuneration.

Notwithstanding the provisions of this chapter on Serious Offenses of the Internal Work Regulations, following disciplinary proceedings and respecting due process for the employee, the employment contract may be terminated for just cause, and notification may be made to the

Control and Oversight Entities of the Colombian State.

 

TRACEABILITY
VERSION	APPROVAL DATE	CHANGE CONTROL
1	12-01-2021	Document creation.
2	19-05-2022	The communication channel is updated, and the policy format is updated (the regulatory framework section is removed).
3	23-01-2024	Full document update. Inclusion of policies associated with bribery and fraud. The scope is expanded to cover the three mentioned components. Unification of the document with the anti-bribery policy. Change in the classification of the documentation, from Private to Public. Change in the process issuing the policy. Initially, it was created under the Administrative and Financial process; however, due to its nature, relevance, and content, it is now controlled under the “Strategic Management” process. This change requires the adjustment of the policy coding (from GAF-PO-4 to DRE-PO-2). Update of the positions responsible for approving the policy.