I. General provisions
1.1. Compliance program of KAMAZ Publicly Traded Company (hereinafter – the Program) defines the tools of the compliance system to prevent compliance risks of KAMAZ Publicly Traded Company (hereinafter – the company or KAMAZ PTC), namely: the risk of corruption, fraud, legalization of income obtained by criminal means, violations of the antitrust laws.
1.2. This Program is aimed at ensuring operation and development of the Company's compliance system.
1.3. This Program is developed in accordance with the legislation of the Russian Federation, the Company's Charter, the Company's Compliance Policy and the Corporate Governance Code, and is approved by the Company's Board of Directors.
1.4. The Company undertakes to:
- keep records of assets and operations in accordance with the legislation of the Russian Federation;
- maintain the functioning of the Company's internal control system and compliance system;
- ensure that transactions are approved by the Company's Executive Bodies, the Company's Board of Directors, and the General Meeting of Shareholders in accordance with the legislation of the Russian Federation, the Company's Charter, and internal documents of the Company.
II. Principles of the Compliance System
2.1. Intolerance to corruption in any form.
The Company considers any manifestations of corruption in the course of its production, investment or any other activities unacceptable. Zero tolerance for corruption means that it is strictly forbidden for any person acting on behalf of the Company or in its interests, directly or indirectly, personally or through any intermediary, to participate in corrupt activities, regardless of business practices in a particular country.
2.2. The absoluteness of compliance.
The requirements of the applicable legislation and internal regulatory and administrative documents should be unconditionally and strictly observed by all employees of the Company, regardless of their position, term of employment, status and other relationships with the Company.
2.3. Inevitability of punishment.
The Company makes all possible reasonable and legal efforts to quickly and inevitably bring to justice for corruption and other violations of international, Russian, and in the case of activities outside the Russian Federation – applicable foreign legislation and internal regulatory and administrative documents in the field of compliance, regardless of size and form of such violations.
The company reserves the right to make public information about persons held liable for corruption in accordance with the established procedure.
III. Compliance system tools
The principles of the compliance system are implemented by fulfillment and application of the following tools in the Company's current activities:
3.1. Assessment of the Company's compliance risks
3.1.1. The Company implements and provides a continuous and documented assessment of the Company's compliance risks. The assessment of compliance risks includes a probability of occurrence of compliance risk and significance of consequences of its occurrence.
3.1.2. Based on the assessed compliance risks of the Company, a compliance risk map has been formed, which is an Appendix to this Program, which reflects a degree of exposure of the Company's divisions and processes to compliance risks, as well as the procedures in place in the Company aimed at reducing those risks.
3.1.3. Risks are assessed based on the probability of occurrence:
- low - an event has not occurred before, a probability of its occurrence in the future is small;
- middle - an event occurred earlier, a probability of its occurrence in the future is small;
- high – an event occurred earlier, a probability of its occurrence in the future is relatively high.
3.2. Local regulations of the Company in the field of compliance
Taking into account the results of the assessment and in order to reduce compliance risks the Company's local regulations in the field of compliance should:
- reflect the Company's compliance values and provide standards of conduct for all employees of the Company;
- link the objectives of the Company with the rules and standards in the field of compliance adopted in the international community;
- consistently resolve compliance issues and any other relevant risks related to professional integrity in all relevant compliance documents;
- be clear to every employee of the Company;
- apply to all employees of the Company;
- prioritize the value of "professional integrity" and explain in detail this and other values of the Company;
- contain sufficient information about a "hot line" on issues in the areas of compliance;
- contain regulations on known compliance risks;
- be updated if necessary.
3.3. Staff training and evaluation
3.3.1. The Company implements assessment procedures based on the standards of suitability and qualifications in the process of employment and career advancement in accordance with the requirements of applicable legislation and internal documents of the Company.
3.3.2. The Company develops and implements a compliance training program for all employees, depending on their exposure to compliance risks.
In accordance with the Company's internal documents the categories of employees who are most exposed to compliance risks are determined.
Compliance training is:
- conducted by qualified trainers to ensure understanding and acceptance of compliance policies and procedures;
- repeated periodically to report changes in compliance policies and procedures;
- carried out with keeping records of used and distributed materials, as well as lists of participants;
- conducted with involvement of executive-level managers to demonstrate to all employees their commitment to the above values.
3.4. Personnel who ensure functioning of the compliance system
3.4.1. For the purposes of ensuring functioning of the compliance system, the Company has a special division that performs the functions of compliance, subordinate to the General Director of the Company.
3.4.2. Division that performs compliance functions:
- controls execution of this Program;
- controls development and implementation of compliance risk mitigation measures by the Company's divisions/organizations of the KAMAZ PTC Group;
- ensures continuous improvement in the field of compliance;
- controls elimination of deficiencies/violations in the field of compliance;
- provides preparation of a report to the Company's Board of Directors on implementation of this Program.
3.4.3. Employees performing internal control functions provide the compliance division with all requested information and documents for precise and accurate accounting of transactions and follow the instructions of employees of the compliance division regarding improvements to the Company's internal control system.
3.5. Commitment of the Management Board and The General Director to compliance issues
Consideration of compliance issues and approval of compliance documents are carried out with active participation of the Company's Management Board and the Company's General Director.
Members of the Company's Management Board, General Director of the Company and executive-level managers of the Company:
- comply with the principles of fair and honest business conduct in accordance with applicable law;
- demonstrate complete intolerance to corruption (bribery, commercial bribery, etc.);
- do not cooperate with business partners who do not share the Company's values in the field of compliance.
3.6. Compliance in the Group of Companies of KAMAZ PTC
3.6.1. Tools for implementing the compliance system are part of the Company's unified corporate governance standards, which serve as common standards for corporate business rules and contribute to formation of a unified corporate culture of the Group of Companies of KAMAZ PTC.
The Company ensures implementation of compliance system tools by all companies of KAMAZ PTC Group and monitors their implementation and development.
The list of compliance system tools implemented in the companies of KAMAZ PTC Group is determined based on sufficiency of measures necessary to reduce possible compliance risks, taking into account types and scope of activities of each organization.
3.6.2. In newly created companies of KAMAZ PTC Group, the compliance system tools provided for in this Program are implemented within a year from the moment of creation.
Companies that are planning or implementing liquidation, bankruptcy, or reorganization procedures and do not actually conduct business activities are implementing compliance tools that are sufficient to reduce possible compliance risks.
The Company implements exit procedures for companies where it is impossible to implement compliance system tools. The General Director of the Company may make a different decision based on economic feasibility.
3.6.3. In the companies of KAMAZ PTC Group, divisions are created or compliance managers are appointed to perform the functions provided for in clause 3.4.2 of this Program.
3.6.4. Companies of KAMAZ PTC Group that have implemented / are implementing the compliance system tools provided for in this Program annually submit a report on the implementation of this Program to the division that performs the compliance functions, which includes the following information:
- on key areas of compliance risks (critical business operations, possible risks, etc.);
- on current status of implementation of this Program;
- on functioning of "hot line" on compliance issues;
- on detected violations and investigations;
- on necessary corrective measures;
- on implementation of a compliance training plan for employees;
- on necessary changes/adjustments to the compliance system tools.
3.6.5 The Companies of KAMAZ PTC Group that have implemented / are implementing the compliance system tools provided for in this Program regularly provide the compliance division with information about transactions with high compliance risks.
3.7. Informing, checking, and monitoring the Company's business partners
3.7.1. The Company informs its business partners of its commitment to compliance and compliance with the laws of each country in which the Company operates, and expects a business partner to be similarly committed. Such obligations of a business partner are stipulated in contracts and agreements in accordance with the applicable legislation.
The Company regularly holds meetings with business partners on compliance issues within the framework of the relevant Company plan, which defines target groups, content and forms of meetings. A plan of meetings with business partners is developed in accordance with a compliance risk map. Meetings are conducted by qualified and experienced compliance officers. The Company keeps records of meeting participants.
3.7.2. The Company conducts appropriate risk-based audits for each prospective business partner. Verification is performed before entering into a contractual relationship and periodically during a contractual relationship with a business partner. Verification of a business partner includes, but is not limited to, verification of legal capacity to assess whether a partner is a bona fide legal entity/individual performing its actions legally, is solvent and competent to carry out relevant business activities or to enter into relevant transactions.
Verification of a business partner should take into account compliance risks associated with a nature of a business partner's business activities.
Verification of a business partner should, at a minimum, take into account and evaluate:
- business model, a country of an owner, organizational structure, and known business practices;
- business reputation of a business partner based on verified information;
- a business partner’s qualification;
- a business partner’s structure;
- a business partner's business history;
- communication with government agencies, organizations, and officials.
If possible, face-to-face meetings or interviews with a business partner's managers should be conducted to ask them those questions.
When checking a business partner, the Company should:
- duly and transparently document a process of selecting a business partner;
- maintain records and update a database of business partners using data from independent information providers;
- continuously maintain and keep a business partner verification documents for at least 5 years upon completion of contractual relationship with a business partner.
Based on the results of an audit, the Company may withdraw from contractual relationship or terminate contractual relationship with a business partner in accordance with the procedure established by applicable law.
3.7.3. The Company binds business partners on a contractual basis to:
- ensure functioning of the internal control system, measures aimed at preventing compliance risks and ethical risks;
- maintain accurate and detailed accounting of their assets and operations, accounting records, and ensure proper control over transactions with compliance risks;
- ensure that transactions are approved by a business partner's management bodies as required by applicable law, charter and internal documents of a business partner;
- provide the Company with reasonable access to accounting documents, including fully responding to requests for information from the Company;
- provide the Company with an opportunity to perform periodic audits of their accounting (financial) statements in relation to transactions with the Company, taking into account the requirements of applicable legislation.
3.7.4. The Company shall ensure functioning of a proper written procedure based on risk assessment for deviations from the requirements of clause 3.7.3 of this Program in certain circumstances that justify such deviations.
3.8. «"Hot line" for compliance issues and investigation of claims of possible violations in the field of compliance
3.8.1. The Company ensures a compliance "hot line" functioning, reviews proposals received through a "hot line" to improve anti-corruption procedures and internal control procedures, and conducts investigations into allegations of possible violations in the field of compliance and ethics received through a "hot line".
3.8.2. A compliance "hot line" should:
- be available to employees of the Company and organizations of KAMAZ PTC Group and third parties, at least through written requests, e-mail and telephone communication;
- guarantee confidentiality and anonymity.
3.8.3. Information received via a "hot line" should be continuously recorded and transmitted in a timely manner for investigations.
3.8.4. Information about a compliance "hot line" should be provided to the Company's employees and employees of KAMAZ PTC Group of companies as part of compliance training and/or in any other appropriate form. Information about a compliance "hot line" is published on the Company's official website www.kamaz.ru.
3.8.5. The Company immediately and effectively conducts investigations on any claim of a possible violation in the field of compliance received by a "hot line".
3.8.6. The Company provides conditions for persons conducting investigations on claims of possible violations in the field of compliance, which provide an opportunity to:
- fully investigate any issues related to a subject of investigation;
- access to documents (electronic or hard copy) and employees who have information related to investigation;
- use of information provided for investigation, taking into account the requirements of the applicable legislation and internal documents of the Company regarding confidential information.
3.8.7. Persons conducting investigations into allegations of possible compliance violations should keep proper records of investigation process and its results.
3.8.8. The Company, within the framework of applicable legislation, provides for the possibility of bringing to justice employees who have committed a violation in the field of compliance.
3.9. Control by the Board of Directors
3.9.1. The Company annually submits to the Board of Directors a report on the implementation of this Program, including:
-a current status of execution of this Program;
-information about ethics and legality in the Company;
- information about necessary corrective actions;
- key areas of compliance risks based on a compliance risk map;
- information about the need to implement new compliance measures, as well as necessary changes/adjustments to relevant policies and procedures;
- other information required for the Board of Directors of the Company.
3.9.2. A report on implementation of this Program is subject to preliminary review by the Budget and Audit Committee of the Board of Directors of the Company.
3.10. Audit of effectiveness of the compliance system
3.10.1. Checks on effectiveness of the compliance system are carried out by the Company's internal audit division as part of the audit of the Company's internal control system. Based on the results of audits, the internal audit division makes recommendations, including those aimed at reducing compliance risks.
3.10.2. The Company's internal audit division provides the Budget and Audit Committee of the Company's Board of Directors with a quarterly report on audits of the compliance system effectiveness.
IV. Validity of the Program. Procedure for making alterations and amendments to the Program
4.1. Alterations and amendments to this Program may be made by resolution of the Company's Board of Directors.
4.2. The Board of Directors of the Company may terminate this Program and adopt a new Compliance Program of the Company.
4.3. In the event of a conflict between the legislation of the Russian Federation and this Program, the norms of the current legislation of the Russian Federation shall apply.