CRIMINAL COMPLIANCE AND RISK MANAGEMENT POLICY

BERRIA has implemented a regulatory compliance and crime prevention program (Corporate Compliance), hereinafter the “Program,” whose Criminal Compliance and Risk Management Policy (approved on January 19, 2023) is specified below:

COMMITMENTS

  • Comply with all obligations arising from this Policy and the Program.
  • Comply with all applicable criminal legislation relevant to BERRIA.
  • Continuously improve the Program, as well as related business processes.

SCOPE OF APPLICATION

This Policy and the Program apply to BERRIA, its Governing Body, Senior Management, employees, and any other related parties. For the purpose of establishing any type of commercial relationship, acceptance of this Policy and the obligations derived from it will be proposed.

OBJECTIVES

  • Strengthen the zero-tolerance policy regarding the commission of criminal offenses.
  • Establish a model capable of identifying major criminal risks and implementing measures for their prevention, detection, and management.
  • Engage all organization personnel in this system.
  • Ensure to society that BERRIA complies with its supervision and control duties in the exercise of its activity and establishes appropriate measures to prevent the commission of crimes.
  • Periodically review these objectives.

GENERAL PRINCIPLES

  • Compliance with criminal legislation, the ethical code, and other internal protocols is required from all BERRIA members, and the commission of criminal acts is expressly prohibited.
  • BERRIA assumes the commitment to comply with all obligations arising from this Policy, as well as the set of protocols, procedures, and policies that form part of the Corporate Compliance Program.
  • Interested parties are obliged to report any suspicious acts or behaviors related to criminal risks, ensuring confidentiality and protection from retaliation for the informant, through the dedicated channel (whistleblowing channel).
  • The existence of the Regulatory Compliance and Crime Prevention Committee is communicated as the body responsible for Compliance functions. The Regulatory Compliance and Crime Prevention Committee is independent of the Governing Body and acts as the responsible authority for managing, implementing, and verifying compliance with the Corporate Compliance Program.
  • Failure by BERRIA members to comply with the obligations arising from this Policy and the Corporate Compliance Program as a whole will result in the application of the disciplinary system provided for in the Workers' Statute and the applicable Collective Agreement. In the case of any business partner, the provisions of the specific procedure applicable to them will apply.

MAIN PILLARS

  • A Criminal Risk Assessment within the framework of our business activity, reflected in a Risk Management Policy (Standard 12) with four objectives:
    • Integrate risk management across all areas and levels of operation.
    • Ensure risk management leadership by the Governing Body and Senior Management.
    • Clearly define the authorities, responsibilities, and duties of the bodies responsible for implementing this risk management.
    • Engage all stakeholders in BERRIA’s commitment by allocating the necessary resources for risk management.
  • An ethical code that provides a behavioral guide for BERRIA members.
  • A whistleblowing channel available to all BERRIA members and business partners, through which any breach or suspected breach of the defined obligations can be reported. Confidentiality and protection from retaliation are guaranteed for any informant using this channel.
  • A general policy for BERRIA’s internal information system [General Policy for Berria Bike’s Internal Information System]
  • This Criminal Compliance Policy as the core document of the Corporate Compliance Program.

RESOLVING CONFLICTS BETWEEN OBJECTIVES

When a conflict arises between different objectives, the Governing Body and Senior Management will analyze the issue and propose corrective actions to resolve it.