ÌÇÐÄ̽»¨

Through our ‘Delivery with Integrity’ programme, we aim to increase awareness on business ethics and drive a consistent
approach to the application of our SoBC across the Group.

Supplier Code of Conduct

Our Supplier Code of Conduct (SCoC) defines the minimum standards expected of our suppliers in key areas, including compliance, human rights and business integrity and cyber-risk.

The Anti-Illicit Trade (AIT) chapter is integral to our SoBC and sets out the controls all Group companies must have in place to prevent and deter illicit trade. Our Supply Chain Compliance Procedures (SCCP) support our customers in complying with our AIT chapter. These requirements are incorporated into our contractual arrangements with suppliers and customers.

We review the SoBC and SCoC annually. Our Sanctions Compliance Procedure was reviewed in 2024 (effective 20 May) to keep pace with the evolving regulatory environment.

We also implemented a new Counter-Terrorist Financing Procedure to support the management and mitigation of Group anti-financial crime risks in this area. The updates to these three policies and procedures were communicated to Group employees by our senior Legal leadership team.

Find out more: Read .

Enabling everyone to Speak Up

Our SoBC and SCoC make it clear that our employees, business partners and suppliers should Speak Up if they have a concern about actual or suspected wrongdoing. We do not tolerate harassment, victimisation or reprisals of any kind against anyone raising a concern and such conduct is itself a breach of our SoBC.

Anyone can use Speak Up, including employees; contractors; contingent workers; business partners; customers; suppliers; and their workers. They can raise concerns (anonymously if preferred) through our confidential, independently managed online and telephone 'Speak Up' channels, available 24 hours a day in local languages. They can also speak to Human Resources, their line manager or a Designated Officer.

Not all contacts involve breaches. Some relate to questions regarding the SoBC. For substantiated breaches, we take appropriate disciplinary actions, ranging from formal written warnings to the termination of employment. Where appropriate, we will report matters to the relevant authorities.

Addressing non-compliance with our SoBC

In 2024, 512 of all the 869 SoBC contacts were assessed as alleged SoBC breaches and reported to the Audit Committee in accordance with Group reporting procedures. In 50% of these alleged breaches, the person raising the case chose to remain anonymous.

Our SoBC Assurance Procedure, which was reviewed and revised in 2024, defines how all reports of alleged SoBC breaches should be triaged, investigated and remediated fairly and objectively. Our Business Integrity Panel's role is to see that the procedure is applied consistently.

In 2024, figures for detailed investigations conducted into all reported cases were:

• No wrongdoing was found in 163 cases;
• Investigation ongoing at year-end for 185Ìýcases; and
• 164¹Ìýcases were established as breaches and appropriate action taken.

In 2024, the established SoBC breaches resulted in 81^1Ìýpeople leaving ÌÇÐÄ̽»¨and 48 written warnings. If any weakness in internal controls is identified, appropriate measures are taken to strengthen them.

Promoting compliance

Our Sanctions Compliance Framework and Third-Party Anti-Financial Crime Procedure take a comprehensive approach to promoting compliance with a range of legal and regulatory requirements applicable to the Group.

In 2024, our sanctions training programme focused on specific employees working in functions or markets with elevated sanctions-sensitive risks. It is designed to support them to build confidence in identifying key sanctions compliance risks. In 2024, we also delivered training across our Group companies to enhance colleagues’ understanding of sanctions, anti-financial crime, and supply chain controls, among other topics.

The training was delivered to both Group-wide and specific audiences, depending on the need, to bolster internal competencies in essential compliance areas, further promoting a culture of integrity.

We are developing additional risk-based training programmes for our employees to enhance third-party risk management of suppliers, with practical tools to reinforce the tone from the top and the middle, and to improve access to relevant training.

We also introduced a compliance-related business performance objective for all relevant employees, including the Management Board and all Legal department employees. By attaching measurable business deliverables for these employees to ‘Do the Right Thing’, we seek to further promote a culture of integrity across the organisation.

As set out in our M&A Transactions Compliance Procedure, our due diligence procedures for mergers, acquisitions and corporate ventures include human rights and modern slavery checks. If risks are identified, mitigation steps are taken, as appropriate.

Regulation and engagement

As key chapters of our SoBC, our 'Lobbying and Engagement' and 'Political Contributions' policies have been implemented by all Group companies and apply to all our employees.

These policies require all our engagement activities with external stakeholders to be conducted with transparency, openness and integrity.

For global regulatory priorities, the views we advocate are published on our website, and we have long supported the OECD’s Principles for Transparency and Integrity in Lobbying.

We also respect the call for transparent and accountable interaction between governments and relevant stakeholders, including the tobacco industry, established in Article 5.3 of the World Health Organization’s Framework Convention on Tobacco Control.

We are open about what we think, and seek to offer to offer constructive solutions that will best meet the objectives of regulation, while managing any negative unintended consequences. Regulatory engagement by our businesses is monitored throughout the year by our Regional Audit Committees.