ESR SR 2019 EN

CORE POLICIES ESR GROUP CODE OF CONDUCT AND ETHICS ANTI-BRIBERY & ANTI- CORRUPTION (ABAC) AND THE HANDLING OF GIFTS, TRAVEL & ENTERTAINMENT POLICY ANTI-MONEY LAUNDERING (AML) & COUNTER- TERRORIST FINANCING (CTF) POLICY WHISTLEBLOWING POLICY Objectives • Establish fundamental principles covering a wide range of business practices • Promote discipline, good conduct, professionalism, loyalty, integrity and cohesiveness • Compliance with ABAC law, including United States (Foreign Corrupt Practices Act) • Procedural defence against prosecution in some jurisdictions, as applicable • Compliance with AML and CTF regulations in all jurisdictions • Implementation of Recommendations from the Financial Action Task Force • Prevention and deterrence of fraud, bribery and corruption, abuse of authority, discrimination and harassment, breach of legal requirements and violations of our Code Mechanisms • Annual requirement for all employees to sign the Code of Conduct and Business Ethics Attestation Form • Clear identification of prohibited acts for employees and third parties • Overview of requirements per jurisdiction • Establishing the true and full identity of each client • Transaction monitoring • Enhanced measures for higher-risk clients • Mechanism for making reports • Protection of whistleblowers • Procedures for investigation and disciplinary action Training We provide training on all core policies for new employees via an e-learning course to ensure that they are aware of their personal obligations. ADDITIONAL POLICIES ESR GROUP INFORMATION SECURITY POLICY (under development) ESR GROUP COMMUNICATIONS GUIDELINE Privacy Policy (adopted by ESR Australia in 2019) Modern Slavery Policy (adopted by ESR Australia in 2019) Objectives • Preserve the confidentiality, integrity, and availability of information • Comply with disclosure requirements in accordance with prevailing best practices • Comply with the Privacy Act (including the Australian Privacy Principles) • Comply with applicable legislation, including the Modern Slavery Act 2018 (Commonwealth Act) • Eliminate modern slavery, including forced labour and child labour, among others Mechanisms • Information security framework and management system • General requirements on human resources, information asset management, security, supplier relationships and business continuity • Review and approval of all external communications • Procedures for critical communications, media enquiries, internal communications and use of social media • Standardisation of writing style • Physical, electronic and managerial procedures to protect information from misuse, interference, loss and unauthorised access, modification and disclosure • Implementation of security measures • ASO ISO 31000:2018 risk management system (risk identification, analysis, evaluation, treatment and assessment of controls) • Annual reporting with first statement due no later than 30 June 2021 22 ESR Annual Report 2019 ENVIRONMENTAL, SOCIAL AND GOVERNANCE REPORT