GLOBAL ANTI-CORRUPTION COMPLIANCE POLICY

1. Information about this document

This Global Anti-Corruption Compliance Policy (the “Policy”) represents a part of commitment of group of companies Kaspersky Lab to conducting our business ethically and in compliance with all applicable laws wherever we operate.

This Policy focuses on anti-corruption laws, including the U.K. Bribery Act 2010 as amended (the “UKBA”), the anti-corruption laws of the Russian Federation, the U.S. Foreign Corrupt Practices Act of 1977 as amended (the “FCPA”), and other laws to which the Company (as defined in clause 1.4 below) is subject.

1.1. Purpose

This Policy establishes the basic principles and requirements for compliance with the provisions of Applicable Anti-Corruption Laws by the Company, the Employees of the Company, and any Agents of the Company.

This Policy pursues the following goals:

  • Describing the Company’s prohibitions against bribery and corruption in all of its business operations.
  • Preventing any manifestations of corruption, both on behalf of and in regard to the Company and/or its Employees; compliance with the requirements of applicable Anti-Corruption Laws when the Company engages in its business activities.
  • Reinforcing the Company’s commitment to conduct business globally with the highest standards of honesty and integrity.
  • Perfecting and developing the Company’s corporate culture, implementing the best practices and standards of responsible business conduct, including in the area of Anti-Corruption Compliance.

1.2. Scope and Application

1.2.1. Organizational Scope

In case of any questions regarding application of this Policy please contact the Chief Compliance Manager (as defined in section 3.5 of this Policy) responsible for enforcement of this Policy. Contact details of the Chief Compliance Manager can be found at web-site of Kaspersky Lab. You can also contact your local chief compliance manager.

1.2.2. Area of application in the context of organizational structure

This Policy is used on the Company level, and applies to all of its structural subdivisions. In addition, the Policy operates in relation to the following entities:

  • Kaspersky Labs Limited
  • Kaspersky Lab UK Limited
  • Subsidiary legal entities, including as appropriate affiliated entities and joint ventures controlled by the Company, irrespective of their location;
  • All Employees of the Company, as defined in clause 1.4 of this Policy;
  • All Agents of the Company, as defined in clause 1.4 of this Policy, as necessary and appropriate in light of the respective Agent’s duties and responsibilities and as manifested in the respective agency or other service agreements in place with such Agent.
  • 1.2.3. Applicability to Objects and Activities

    This Policy applies to all types of activities undertaken by the Company.

    1.2.4. Derivation and Tailoring

    This Policy constitutes the primary document of the Company on matters related to Anti-Corruption Compliance. Documents created on the basis of this Policy and for purposes of implementing it should not contravene it, so long as they are not approved by the sponsor of the present Policy.

    1.3. Target Audience

    The Policy applies to all of the Company’s Employees (as defined in clause 1.4 below), including the Company’s directors, officers and contractors hired through third-party staffing arrangements.

    Every Employee is required to become familiar with, and abide by, this Policy.

    All Employees have a personal responsibility and obligation to conduct the Company’s business activities ethically and in compliance with the law. Failure to do so may result in disciplinary action, up to and including dismissal. Employees may also be subject to regulatory and criminal action, which may lead to fines, debarment from certain positions, reputational harm and other sanctions up to and including imprisonment.

    This Policy applies to Agents and their personnel by extension, to the extent the requirements herein are manifested in agreements with such third-parties.

    1.4. Definitions and abbreviations

    Term

    Definition

      • Term

        Agents (Company Agents)

      • Definition

        Agents, distributors, consultants, representatives, independent contractors, joint venture partners, intermediaries, and other third parties engaged by the Company that have the authority to represent the Company before other parties, including but not limited to government entities.

      • Term

        Anti-Corruption Compliance

      • Definition

        A system of measures, procedures and controls operating in the Company for purposes of compliance with Applicable Anti-Corruption Laws.

      • Term

        Anything of Value

      • Definition

        The term “Anything of Value” is broad and can include any item of monetary value, including, but not limited to, the following:

        • Cash or the equivalent (including gift cards);
        • Benefits and favors (such as special access to a government agency);
        • Performing services that would otherwise have to be paid for or purchased;
        • Gifts;
        • Contracts or other business opportunities awarded to a company in which a Government Official has an ownership or other beneficial interest;
        • Favorable or steered contracts;
        • Employment opportunities, including those given to a family member or friend of a Government Official or representative of a commercial organization, such as positions in joint ventures or consultancy opportunities;
        • Charitable donations;
        • Political contributions;
        • Medical, educational, or living expenses;
        • Travel, meals, lodging, shopping, or entertainment expenses; or
        • Investment opportunities or stock options.
      • Term

        Applicable Anti-Corruption Laws

      • Definition

        Any laws and regulations applicable to the Company dealing with combatting against bribery (whether public or private), including the UKBA and other UK anti-corruption laws, the FCPA and other US anti-corruption laws, anti-corruption laws of the Russian Federation, the laws of the corresponding countries where the Company conducts its activities.

      • Term

        Company

      • Definition

        The group of companies Kaspersky Lab as a whole, as well as all legal entities belonging to this group individually (depending on the context).

      • Term

        Employees (Company Employees)

      • Definition

        Individuals engaged in long-term or temporary labor relationships with the Company who have concluded a contract of a civil law character with the Company and contractors hired by the Company with the engagement of outside organizations dealing with the supply of personnel.

      • Term

        Improper Advantage

      • Definition

        The term “Improper Advantage” covers any improper payment made in a business context, such as (but not limited to) paying or giving Anything of Value to a Government Official or private individual or entity, directly or indirectly, in order to:

        • Influence or prevent a governmental action, or any other action, such as the awarding of a contract, imposition of a tax or fine, or the cancellation of an existing contract or contractual obligation;
        • Obtain a license, permit, or other authorization from a government entity or Government Official that the Company is not otherwise entitled to;
        • Obtain confidential information about business opportunities, bids, or the activities of competitors;
        • Influence the award of a contract;
        • Influence the termination of a contract that is disadvantageous to the Company; or
        • Secure any other Improper Advantage.
      • Term

        Governmental Entity

      • Definition

        Any bodies of any national, regional, local or other government, including but not limited to state ministries and offices, services, agencies and their structural subdivisions, as well as all legal entities directly or indirectly controlled by the state as well as the judiciary. For purposes of this Policy, the term comprises also political parties and international organizations.

      • Term

        Government Official

      • Definition

        Any employee or officer of a Governmental Entity, as well as any other individual or legal entity acting at the proposal, request, or instruction, or in the interests of a Governmental Entity.

    2. General provisions

    The Company is committed to maintaining the highest level of ethical standards in the conduct of its business.

    The Company does not accept any forms of corruption on the part of private individuals or Government Officials. The Company does not participate in any forms of unethical incentivizing or payments.

    The Company does not engage in, nor does it accept any activity which does not comply with this Policy or with Applicable Anti-Corruption Laws.

    The Company, Company Employees, and Company Agents are forbidden to offer, promise, approve, engage or authorize, directly or through an intermediary, in the transfer of Anything of Value to any Government Official or an agent or employee of a commercial organization with the purpose of influencing his or her actions (or ensuring inaction) and/or obtaining improper commercial advantage.

    The Company, Company Employees, and Company Agents are forbidden to give consent to the obtainment or to obtain, solicit or otherwise receive, directly or through an intermediary, any payments in the form of money, securities, other property, render services of a property-related nature, grant other property-related rights or any other valuables, as well as any financial or other benefit or advantage or Anything of Value, if a condition for the obtainment of such payments, benefits or advantages is the commission of actions, the fulfillment of official duties in the interests of the giving party, as well as if these payments, benefits or advantages constitute remuneration, direct or indirect, for the fulfillment of such duties.

    The Company, Company Employees, and Company Agents are forbidden to act as intermediaries in public or private bribery, i.e., to directly hand over bribes at the instruction of a bribe giver or bribe taker, or in some other way to assist in the achievement or realization of agreement between them to receive and give a bribe.

    This Policy constitutes the Company’s basic document in the area of Anti-Corruption Compliance; however, it is not invoked to implement exhaustive rules of conduct for Employees and Agents of the Company. Other internal documents are currently in force in the Company, and will be introduced in the future, on matters relating to Anti-Corruption Compliance to the extent that the Company shall deem to be necessary and sufficient for compliance with Applicable Anti-Corruption Laws. In the event of a conflict between this Policy and other Company policies, Employees must apply the more restrictive policy or procedure. In such case, please notify the Chief Compliance Manager or your local compliance manager so that he or she can promptly address the conflict, advise you about any appropriate steps to take and, if necessary, update the relevant policy or procedure.

    The Company's management must through its conduct set a standard of ethical behavior and, by their personal example, form an uncompromising attitude among the Employees and Agents of the Company to any forms and manifestations of corruption, which must become an inalienable part of the corporate culture and everyday business practices of the Company.

    3. Basic principles of the Company’s Anti-Corruption Compliance

    3.1. Consistency in application of the Policy

    The Company consistently implements the rules and principles specified by this Policy and other policies of the Company in the area of Anti-Corruption Compliance. The Company propagates the principles of ethical business conduct and motivates the Company Employees and Agents to comply with this Policy. In the event of a breach of the rules of Anti-Corruption Compliance by Company Employees and Agents, the Company shall apply the relevant liability measures to them.

    3.2. Monitoring of legislation and best practices in the area of compliance

    The Company persistently follows all amendments to the normative requirements of Applicable Anti-Corruption Laws and to the practice of applying it. Taking into consideration the results of that monitoring, and based on the best practices of Anti-Corruption Compliance, the Company takes measures to introduce the amendments into its current policies.

    3.3. Periodic risk assessment

    On a regular basis, the Company undertakes measures to bring to light and reduce corruption-related risks, and also measures to assess the efficiency of the current system of Anti-Corruption Compliance.

    Taking into account the results of carrying out these measures, and in case of appropriate necessity, the Company will amend existing policies or develop and introduce additional policies. The measures undertaken must match the character of the risks discovered in a reasonable and proportional way.

    3.4. Informing and training

    A copy of this Policy will be given to every director, officer, and employee of the Company and to contract workers engaged directly or through third-party staffing arrangements. All updates to the Policy will be circulated internally. The Policy will also be made available via the Company web-site and will be made available to all Company Agents.

    Independently or with the engagement of outside specialists in the area of Anti-Corruption Compliance, the Company implements and supports a training program for Company Employees and Agents in the principles and standards of Anti-Corruption Compliance, works out a system of training sessions, and maintains training materials in an up-to-date condition.

    3.5. Appointment of a responsible employee

    The Company shall appoint an employee whose official duties consist of implementing this Policy and the other policies of the Company on matters related to Anti-Corruption Compliance (the " Chief Compliance Manager"). The Company shall also ensure that compliance managers are appointed at its country subsidiaries in order to introduce and maintain Anti-Corruption Compliance systems at the local level.

    The Chief Compliance Manager is directly subordinate to the Company's General Director and is endowed with the powers and resources necessary for effective implementation, maintenance and improvement of the system of Anti-Corruption Compliance in the Company.

    In the event that any Employee of the Company has questions concerning the content of this Policy, including questions of interpretation of any of its provisions, as well as doubts as to the legality or ethical character of his or her actions, the application and realization of the principles of compliance indicated in this Policy, including questions related to the applicability of such principles in this or that situation or business process of the Company, the Employee shall be obligated to contact the Chief Compliance Manager or local compliance manager for advice.

    In the event that an Agent of the Company has these questions, it is recommended to ask the Chief Compliance Manager of the Company or local compliance manager for clarifications.

    3.6. Reporting of the Chief Compliance Manager

    On a regular basis, and also as needed, the Chief Compliance Manager shall report to the General Director of the Company about the process of implementing and/or improving the system of Anti-Corruption Compliance, about any violations uncovered during the reporting period, internal investigations undertaken, deficiencies of the internal compliance controls and the measures taken in connection with this, as well as about the general status of functioning and efficiency of the Anti-Corruption Compliance system in the Company.

    Local compliance managers shall be subordinated through the functional line directly to the Chief Compliance Manager to whom they shall report.

    3.7. Forming and upholding the Company's reputation

    The Company shall apply reasonable efforts to ensure that persons about whom it is known that they are involved or have been involved in illegal activities will not be admitted to managerial positions or allowed to join the Company's management bodies.

    The Company's management bears liability for the maintenance and efficiency of the corporate system of Anti-Corruption Compliance as a whole, and also for ensuring the implementation and execution of controls and procedures of the Anti-Corruption Compliance system in the areas of its functional competence.

    Company Employees, irrespective of the position they hold, are personally liable for observance of the principles and requirements of this Policy and the Applicable Anti-Corruption Laws, as well as for the actions (inactions) of the persons subordinate to them who violate these principles and requirements.

    4. Specific issues related to Anti-Corruption Compliance

    4.1. Contractual compliance controls

    In the cases designated by the Company's policies, contracts entered into by the Company with third parties must envisage the obligations of those parties to observe the Applicable Anti-Corruption Laws (the anti-corruption clause), according to the wordings approved by the Company. Furthermore, the contracts must specify the right of the Company to effect immediate unilateral termination in the event of a breach of the obligations specified by the anti-corruption clause.

    In the cases designated by the Company's policies, contracts which the Company enters into with third parties likewise must envisage the right of the Company to carry out an audit of financial and other documentation pertaining to the implementation of the relevant contract.

    4.2. Due diligence of business partners and Employees

    The Company shall apply reasonable efforts to minimize risks associated with interaction with any third parties, including business, labor and any other relationships with individuals or legal entities.

    For this purpose, the Company has developed and maintains procedures for inspection in relation to Employees and business partners (legal entities and individuals), and with whom the Company plans to enter into a contract. In addition, the Company carries out periodical due diligence of business partners with which it has entered into long-term contracts (lasting longer than one year).

    The due diligence procedure in respect of the business partners and Employees has the following goals:

    • assessment of the necessity of hiring a business partner, Employee, the purposes of this hiring in comparison to similar transactions of the Company;
    • assessment of the overall reputation of the Employee or a business partner, its owners and key persons for compliance with the Applicable Anti-Corruption Laws;
    • finding out whether any violations of Applicable Anti-Corruption Laws have been committed in the past;
    • establishing whether the potential Employee or a business partner has any connections to Government Officials and Government Entities, which might influence obtainment by the business partner or the Company of improper commercial advantages;
    • assessment of the impact of these connections on the legality of entering into the contract with the business partner from the point of view of Applicable Anti-Corruption Laws;
    • assessment of commercial reasonableness and arm’s-length basis for a proposed transaction.

    Any Anti-Corruption Compliance red flags raised during the course of the due diligence review must be addressed to the satisfaction of the local compliance manager before formally entering into, or continuing, the relationship.

    The statements in this clause 4.2 of the Policy extend also to contractors under transactions for merger, acquisition, or creation of joint ventures, and so forth. Moreover, also subject to due diligence are legal entities, ownership stakes or rights of control (direct or indirect) of which the Company acquires as a result of the transaction.

    4.3. Gifts and hospitality expenses

    The Company’s business decisions and those of its partners must be made objectively, without influence by gifts or favors. A small, reasonably priced gift or gesture of gratitude may sometimes be an appropriate way for business people to display respect for each other. Nevertheless, regardless of value, the giving or receipt of a gift, meal, entertainment, or other hospitality benefit must not be done with the intent to improperly influence a Government Official or any other party doing business with the Company.

    Any gifts and hospitality expenses of the Company (gifts which Employees and Agents of the Company may give on behalf of and/or at the expense of the Company to other individuals or legal entities, or which Employees, in connection with their work at the Company, may receive from other parties, as well as the corresponding hospitality expenses) must be in conformity with the following criteria:

    1. is not made with the intent to influence the recipient in order to obtain or retain any improper business advantage for the Company or any other individual or entity, or as an explicit or implicit exchange for favors or benefits, or for any other corrupt purpose;
    2. must not be prohibited by Anti-Corruption Laws applicable to the Company and recipient;
    3. must not affect the capability of the recipient to make impartial and fair decisions in connection with the official powers he or she has been entrusted with, nor must it impose any moral obligation on the recipient;
    4. must not constitute hidden remuneration for the obtainment of improper commercial advantage, including any service, action, omission or decision, and likewise must not represent an attempt to exert influence on the recipient with another illegal or unethical goal;
    5. must be reasonably justified and not be a luxury item separately or jointly, if gifts or payments are made to a person more than once;
    6. must not create for the Company risks to its reputation in the event of disclosure of information on such gifts or hospitality expenses;
    7. must not contravene the principles and requirements of this Policy and other policies of the Company in the area of Anti-Corruption Compliance;
    8. must be offered and accepted in a transparent manner and not be solicited;
    9. must undergo the approval procedures established within the Company.

    The indicated criteria shall also be applied to expenses on organization on behalf and/or at the expense of the Company of events aimed at attraction, retention or development of clients, as well as events related to communicating with the public, the mass media, and professional society.

    Before the completion of any payment or donation of any gift in an amount exceeding (jointly during one-year period or separately) 100 USD to any third party, including to a Government Official, on behalf and/or at the expense of the Company, the Employee must contact the local compliance manager and provide detailed information about the proposed gift or other paid expenses in order to receive confirmation about the legality and admissibility of such payment or gift. Symbolic gifts, such as pens or calendars bearing the Company's logo, do not require the prior approval of the compliance manager.

    The compliance managers shall be entitled to block transfer of the gift or payment of expenses if he or she establishes that such actions do not comply with the criteria set forth above, or create risks of violation of Applicable Anti-Corruption Laws for the Company.

    It is not permitted to give gifts on behalf of the Company, Employees and Agents of the Company to any third parties in the form of monetary funds, whether cash or not, as well as any of their equivalents (for example, checks, gift cards, securities and so forth). Also, as a general rule, it is never permissible to pay for air fare and travel for spouses, other family members or other guests of Government Officials or any other third party.

    Employees are entitled to accept small gifts and payment of hospitality expenses of modest value from third parties with which the Employees interact in the course of work for the Company, subject to the following conditions:

    • the acceptance of the gift or payment of hospitality expenses will not create for the Employee a conflict of interests in regard to his or her official duties in the Company and will not affect the performance thereof;
    • the Employee believes in good faith that the giver has no intention of affecting in some way the performance by the Employee of his or her official duties.

    Employees must not solicit or request gifts. Employees are obligated to inform the compliance manager if they receive any gifts or payment of expenses by third parties for an amount greater than 100 USD (or the quality of that sum in local currency).

    4.4. Retaining Government Officials

    It may be justified to retain a current or former Government Official as an Employee or a business partner of the Company. However, doing so must be handled with caution. Such relationships must be structured so that they meet the requirements of the Applicable Anti-Corruption Laws and other applicable laws of relevant jurisdictions, and must not create a conflict of interest for the Government Official. No such relationship may be negotiated or agreed to without the prior approval of the compliance manager.

    4.5. Sponsorship and corporate social responsibility

    In accordance with this Policy and other implemented procedures, the Company does not finance and does not participate in any other form in charitable and/or sponsorship activities for the purpose of receiving any illegal privileges or preferences in connection with business activity.

    All of the Company's financial operations associated with sponsorship or charitable activity are recorded in detail and in a trustworthy manner in the accounting records; the project being realized undergo coordination in advance; the monitoring procedures for charitable contributions allow one to be convinced with a reasonable degree of certainty that the contributions made do not constitute a concealed form of bribery.

    Before the Company or an Employee of the Company makes on behalf and/or at the expense of the Company any donation for an amount greater than 100 USD, it is necessary to consult with the compliance manager, who is entitled to block payment after performing the appropriate due diligence for compliance with Applicable Anti-Corruption Laws.

    4.6. Financing of political activity

    The Company does not finance and does not support or encourage in any other way political parties or members thereof, including candidates for political positions, their election campaigns or political events, nor any political organizations or movements.

    4.7. Payments through intermediaries in favor of third parties

    The Company, its Employees and Agents are forbidden to engage any third parties for the commission of any actions that contravene the principles and requirements of this Policy or the standards of Applicable Anti-Corruption Laws. Such actions by third parties may expose the Company even if they have no actual knowledge or awareness.

    The Company, its Employees and Agents are forbidden to make payments in favor of third parties, if there exists suspicion that all or part of this payment will be used to bribe a Government Official or an agent or employee of a commercial organization.

    The Company ensures inspection of the reasonability and justification of payments or any other provisions to third parties for the prevention and/or discovery of the violations described above for purposes of minimizing the risks of involving the Company in corrupt activities. All commercial relationships with third-party intermediaries must be approved by the compliance manager, and all relationships must be put in the form of a written agreement.

    4.8. Facilitating Payments

    The Policy prohibits “facilitating payments,” i.e., unofficial payments provided in order to receive or expedite (speed up) a routine government action, i.e., actions which are ordinarily and commonly performed by Government Officials (e.g., processing governmental papers, such as permits, visas, etc.).

    4.9. Books and records

    Employees or Agents are not allowed to conclude on behalf of the Company any transactions with fraudulent intent or with knowledge of the fact that the transaction or payment differs from the description in the documents confirming or justifying the transaction or payment.

    For implementation of this prohibition, all financial operations, accounting postings and entries must be credibly recorded with a sufficient level of detail in the Company's books and records, and be documented and accessible for inspection.

    Any payments to the third-party Agents should be made to bank accounts held by such Agent in the country in which the relevant goods or services were provided or the country where the Agent is registered. Any expenses for which reimbursement is requested by an Employee or Agent of the Company, as well as any expenses of the Company performed using cash resources, must be confirmed in documentary form using proper primary documentation, including original receipts, invoices or other relevant documents. Any requests for expense reimbursements must be approved by the supervisor of the Employee requesting payment.

    4.10. Audit and control

    On a regular basis, the Company carries out internal and external audits of its financial and business activities, and also carries out ongoing control over the completeness and accuracy of the recording of all business operations in the books and records and observance of the requirements of applicable legislation and the Company's internal normative documents, including the principles and requirements established by this Policy.

    As part of the internal control procedures at the Company, inspections are carried out into the discipline of implementing the established procedure for performance of business processes, including inspection into the legality of the operations undertaken involving the Company's assets and their economic justification, the advisability of expenses, including for confirmation by primary accounting documents and conformity with the requirements of this Policy.

    4.11. Informing about violations

    Every Employee and Agent of the Company who has become aware of facts (or of signs pointing to them) regarding a violation or inclination to violate the provisions of this Policy and/or Applicable Anti-Corruption Laws by Employees or Agents of the Company, as well as by third parties, must inform about it in any of the following ways:

    1. by informing the direct supervisor or, if such communication concerns the actions of the direct supervisor, to a higher ranking supervisor,
    2. via the Company's "Hotline" or by sending a message directly to this address: infosec@kaspersky.com, which can be done anonymously as well (from an outside email address),
    3. by informing the Chief Compliance Manager of the Company or a local compliance manager.

    Within the limits of its powers, the Company shall undertake to ensure the protection of Employees who have conscientiously reported a violation or suspicion of a violation of the provisions of this Policy and/or Applicable Anti-Corruption Laws from persecution or any other form of discrimination on the part of the party in relation to whom the report was made.

    In addition, the Company guarantees that none of its Employees will be held responsible (by being dismissed, demoted, deprived of a bonus, and so forth) by the Company if the Employee reported the presumed corruption in good faith, or if the Employee refused to give or take a bribe or render mediation in acts of bribery, including if such refusal results in foregone profit for the Company, or no commercial or competitive advantages were gained. Retaliation may result in disciplinary action up to and including termination.

    The Company's guarantees to refuse to hold Employees accountable do not extend to guilty Employees, nor to cases when an internal investigation proves that the report in question was deliberately false, or constituted perjury or libel.

    5. Liability

    Inasmuch as the Company may be held liable for the participation of Employees and Agents of the Company and other parties associated with it in corrupt activities, for each justified suspicion or established instance of corruption, internal investigations will be undertaken in accordance with the Company's rules establishing the procedure for carrying out such an investigation in a context permitted by applicable legislation.

    Parties guilty of breaching this Policy and of Applicable Anti-Corruption Laws may face disciplinary, administrative, civil law or criminal liability at the initiative of the Company, the law enforcement authorities, or other entities in the procedure and on the grounds specified by the Company's Charter, internal procedures, and also in the appropriate cases and given sufficient grounds, in accordance with Applicable Anti-Corruption Laws and other applicable laws and regulations.

    GLOBAL ANTI-CORRUPTION COMPLIANCE POLICY