ÌÇÐÄ̽»¨

Employees are required to report any instances of non-compliance and managers are required to take appropriate disciplinary action in cases of non-compliance. Retaliation against employees for reporting information or raising questions about possible violations is itself a breach of the SoBC.

Any allegations are investigated internally and strong action is taken where necessary.

All business units worldwide complete an annual self-assessment against our key audit controls, in which they confirm they have adequate procedures in place to support SoBC compliance.

All staff working across the Group are required to complete an annual sign-off, confirming their commitment and adherence to the SoBC and disclosing or updating any personal conflicts of interest.

Continuous information on compliance with the Standards through the year is gathered at a global level and reported to the Regional Audit and CSR committees, and quarterly to the Board Audit Committee.

All Group companies have adopted the SoBC or local equivalent.

2024 compliance

In 2024, 100% of Group company employees completed our annual SoBC sign-off , comprising Code of Conduct training, policy attestation, and conflicts of interest disclosures.

Not all contacts made via our SoBC Portal involve SoBC allegations; some relate to questions regarding the SoBC or other matters.

In 2024, 512 of all the 869 SoBC contacts were assessed as alleged SoBC breaches and reported to the Audit Committee. In 50% of these alleged breaches, the person raising the case chose to remain anonymous.

For the detailed investigations conducted into all of the reported cases in 2024:

• No wrongdoing was found in 163 cases (2023:135).
• 164 cases were established as breaches, and appropriate action taken (2023:123).
• We take strong action for all cases established as breaches, which will vary from case to case depending on the circumstances. In 2024, established SoBC breaches resulted in 81 people leaving the Group, and 48 written warnings.

Taking action

The appropriate action will vary from case to case but may include, depending on the circumstances, formal written warnings, pay and performance rating sanctions, dismissal or other disciplinary action. Where criminal activity is believed to be involved, the matter will generally be reported to the relevant authorities.

Where any weakness in internal controls is identified, appropriate measures are taken to strengthen them.