MANUAL OF TRANSPARENCY AND BUSINESS


1. INTRODUCTION:

The SUPERINTENDENCIA DE SOCIEDADES DE COLOMBIA (onwards “Superintendency of Companies”), through Circular 100-00003 of July 26, 2016, modified by Circular 100-000011 of 2021, issued administrative instructions and recommendations aimed at implementing transparency and business ethics programs through self-control activities and management of corruption risks and transnational bribery risks. 

USA VIRTUAL MARKET S.A.S is obliged to adopt these instructions, since: (i) as of December 31 of the immediately preceding year, it has carried out International Business or Transactions of any nature, directly or through an intermediary, Contractor or through a Company Subordinate or branch, with foreign natural or legal persons under public or private law, equal to or greater (individually or jointly) than one hundred (100) SMMLV; and (ii) as of December 31 of the immediately preceding year, it obtained Total Income equal to or greater than thirty thousand (30,000) SMMLV.

2. OBJECTIVE:

Implement the administrative instructions and recommendations issued by the Superintendency of Companies regarding the promotion of Transparency and Business Ethics Programs, as well as the internal audit, anti-corruption and prevention of transnational bribery and corruption mechanisms, in the context of the Law. 1778 of 2016 and Decree 1736 of 2020. 

3. SCOPE:

This manual is applicable to all processes in which risk factors for Transnational Bribery and corruption are present and its scope will be extended to the following categories: 

1. Employees 

2. Associates 

3. Administrators 

4. Contractors 

5. Other interested parties of USA VIRTUAL MARKET S.A.S.

4. DEFINITIONS:

4.1.      Associates: are those natural or legal persons who have made a contribution in money, work or other assets valued in money to USA VIRTUAL MARKET S.A.S. in exchange for quotas, interest shares, shares or any other form of participation contemplated by Colombian laws.

4.2.      Compliance audit: it is the systematic, critical and periodic review regarding the proper implementation and execution of the PTEE.

4.3.      Complaints channel: it is the online reporting system for complaints about acts of Transnational Bribery, provided by the Superintendence of Companies on its website.

4.4.      Contractor: refers, in the context of a business or transaction, to any third party that provides services to USA VIRTUAL MARKET S.A.S. or that has a contractual legal relationship of any nature with it. Contractors may include, among others, suppliers, intermediaries, agents, distributors, advisors, consultants and persons who are part of collaboration contracts, temporary unions or consortia, or shared risk with the company.

4.5.      State contract: Any contract that has a state entity as its counterpart.

4.6.      Corruption: All conduct aimed at a company benefiting, or seeking a benefit or interest, or being used as a means in the commission of crimes against public administration or public assets or in the commission of transnational bribery conduct.

4.7.      Due diligence: Constant and periodic review and evaluation process that must be carried out by USA VIRTUAL MARKET S.A.S. according to the risks of corruption or risks of transnational bribery to which they are exposed. In no case will the term due diligence refer to the due diligence procedures used in other risk management systems for money laundering and terrorist financing and financing the proliferation of weapons of mass destruction, the implementation of which is governed by different standards.

4.8.      Employee: is the individual who undertakes to provide a personal service under employment relationship or provision of services to a company or any of its subordinate companies.

4.9.      State entity: a) The Nation, the regions, the departments, the provinces, the Capital District and the special districts, the metropolitan areas, the associations of municipalities, the indigenous territories and the municipalities; public establishments, industrial and commercial companies of the State, mixed economy companies in which the State has a participation of more than fifty percent (50%), as well as indirect decentralized entities and other legal entities in which said entity exists. majority public participation, whatever name they adopt, at all orders and levels. B) The Senate of the Republic, the House of Representatives, the Superior Council of the Judiciary, the Attorney General’s Office, the Comptroller General’s Office, the departmental, district and municipal comptrollers’ offices, the Attorney General’s Office, the National Registry of Civil Status, the ministries, the administrative departments, the superintendencies, the special administrative units and, in general, the agencies or agencies of the State to which the law grants the capacity to enter into contracts.

4.10.     Risk factors: they are the possible elements or causes that generate the C/ST risk.

4.11.     Risk matrix: it is the tool that allows USA VIRTUAL MARKET S.A.S. identify corruption risks or transnational bribery risks.

4.12.     International business or transactions: international business or transaction means business or transactions of any nature with foreign natural or legal persons under public or private law.

4.13.     Compliance officer: is the natural person who must comply with the functions and obligations established in this chapter. The same individual may, if so decided by the competent bodies of the supervised entity and if legally possible, assume functions in relation to other risk management systems, such as those related to the prevention of money laundering, terrorist financing and financing the proliferation of weapons of mass destruction.

4.14.     Politically exposed person or PEP: Public servants of any nomenclature and job classification system of the national and territorial public administration will be considered Politically Exposed Persons (PEP), when they have been assigned or delegated functions of: issuance of rules or regulations, direction general, formulation of institutional policies and adoption of plans, programs and projects, direct management of assets, money or securities of the State, administration of justice or administrative sanctioning powers, and individuals who are in charge of the direction or management of resources in the political movements or parties. These functions may be exercised through expenditure management, public procurement, investment project management, payments, settlements, administration of real estate and personal property. The status of Politically Exposed Persons (PEP) will be maintained over time during the exercise of the position and for two (2) more years from the leave, resignation, dismissal or declaration of non-subsistence of the appointment, or any other form of dismissal, or termination of the contract. Compliance policies: these are the general policies adopted by USA VIRTUAL MARKET S.A.S. to conduct its business and operations in an ethical, transparent and honest manner; and is in a position to identify, detect, prevent and mitigate risks of corruption or risks of transnational bribery.

4.15.     C/ST Risks: is the Risk of corruption and/or the risk of transnational bribery.

4.16.     Corruption risks: it is the possibility that, by action or omission, the purposes of public administration are diverted or public assets are affected for a private benefit.

4.17.     Transnational bribery risks or ST risk: is the possibility that a legal entity, directly or indirectly, gives, offers or promises to a foreign public servant sums of money, objects of pecuniary value or any benefit or utility in exchange for said servant public performs, omits or delays any act related to its functions and in relation to an international business or transaction.

4.18.     Foreign public servant: any person who holds a legislative, administrative or judicial position in a State, its political subdivisions or local authorities, or a foreign jurisdiction, regardless of whether the individual has been appointed or elected. A foreign public servant is also considered any person who exercises a public function for a State, its political subdivisions or local authorities, or in a foreign jurisdiction, whether within a public body, or a State company or an entity whose decision-making power is subject to the will of the State, its political subdivisions or local authorities, or a foreign jurisdiction. It will also be understood that any official or agent of an international public organization holds the aforementioned quality.

4.19.     Transnational bribery or ST: giving, promising or offering to a foreign public servant, for the benefit of the latter or a third party, directly or indirectly, sums of money, any object of pecuniary value or other benefit or utility in exchange for him or her performing, omit or delay any act related to the exercise of its functions and in relation to an international business or transaction.

5. REGULATORY REFERENCES:

5.1. INTERNATIONAL REGULATIONS 

In international instruments, the fight against corruption arises from the need to combat organized crime and money laundering that affected State institutions and officials, as well as order and administrative morality,  so in order to combat corruption, various international treaties have been adopted by Colombia, including those referenced below:

5.1.1.    Inter-American Convention against Corruption Incorporated into the Colombian legal system, through Law 412 of 1997, it included the definition of acts of corruption classified in the chapter corresponding to Crimes against the Public Administration of the Penal Code (Decree Law 100 of 1980), better known as concussion, own and improper bribery, giving or offering, and illicit enrichment. 

5.1.2.    United Nations Convention against Transnational Organized Crime – Law 800 of 2003 Through the United Nations Convention against Organized Crime, acts of corruption were included as those serious crimes that may involve the participation of an organized criminal group, including transnational bribery within its typology.  He also urged states to regulate the liability of legal entities for conduct related to corruption.

5.1.3.    United Nations Convention against Corruption – Law 970 of 2005 It included as a crime bribery in the private sector and embezzlement or embezzlement of assets in the private sector.

5.1.4.    Convention to combat bribery of foreign public servants in international commercial transactions – Law 1573 of 2012. In 2012, Colombia expressed its interest in belonging to the Organization for Economic Cooperation and Development (OECD), so it signed the convention to combat bribery of foreign public servants, through which it urges States to criminalize the conduct of transnational bribery and highlights the need to take measures related to the establishment of the responsibility of legal entities for acts of bribery of public servants foreign. 

5.2.      NATIONAL REGULATIONS

5.2.1.    Law 1778 of 2016. By which rules are dictated and the Superintendence of Companies is given the competence to establish sanctions in those events of liability of legal entities for (i) Crimes against the public administration and (ii) Transnational bribery.

5.2.2.    Decree 1736 of 2020. Assigns to the Compliance Directorate of the Superintendency of Companies the power to carry out investigations to determine the administrative responsibility of legal entities for bribery of foreign public servants in international commercial transactions in accordance with the Law.

5.2.3.    Circular 100-000011 of 2021. Comprehensive modification to External Circular No. 100-000003 of July 26, 2016 and addition of Chapter XIII of the Basic Legal Circular of 2017 deepens the administrative instructions and recommendations related to the promotion of the Programs Transparency and Business Ethics, as well as internal audit, anti-corruption and prevention of transnational bribery and corruption mechanisms, in the context of Law 1778 of 2016 and Decree 1736 of 2020. 

5.2.4.    Circular 100-000012 of 2021. Through which the supervision policy of the Transparency and Business Ethics Programs is defined.

5.2.5.    Law 599 of 2000. By which the Penal Code is issued, whose title XV contemplates crimes against the public administration, on which this PTEE falls and whose risks are managed through it, among which the following stand out:

• Concussion. The public servant who, by abusing his position or functions, constrains or induces someone to give or promise the same servant or a third party, money or any other undue benefit.

• Own bribery. The public servant who receives for himself or for another, money or other utility, or accepts a promise of remuneration, directly or indirectly, to delay or omit an act proper to his position, or to execute one contrary to his official duties.

• Improper bribery.  The public servant who accepts for himself or for another, money or other remunerative utility or promise, direct or indirect, for an act that he must execute in the performance of his duties. 

• Bribery for giving or offering. Giving or offering money or other utility to a public servant, in cases of own or improper bribery

• Undue interest in the execution of contracts.  The public servant who is interested in his own benefit or that of a third party, in any type of contract or operation in which he must intervene due to his position or his functions.

• Transnational bribery. Whoever gives, promises or offers to a foreign public servant, for the benefit of the latter or a third party, directly or indirectly, sums of money, any object of pecuniary value or other benefit or utility in exchange for the latter performing, omitting or delaying any act related to the exercise of its functions and in relation to an international business or transaction

• A foreign public servant is considered to be any person who holds a legislative, administrative or judicial position in a State, its political subdivisions or local authorities, or a foreign jurisdiction, regardless of whether the individual has been appointed or elected. A foreign public servant is also considered any person who exercises a public function for a State, its political subdivisions or local authorities, or in a foreign jurisdiction, whether within a public body, or a State company or an entity whose decision-making power is subject to the will of the State, its political subdivisions or local authorities, or a foreign jurisdiction. It will also be understood that any official or agent of an international public organization holds the aforementioned quality.

5.2.6.    Law 1474 of 2001. Establishes that when there is a duly executed criminal conviction against the legal representative or administrators of a company domiciled in Colombia or a branch of a foreign company, for the crime of bribery for giving or offering, the Superintendence of Companies may impose fines of up to two hundred thousand (200,000) current monthly legal minimum wages, if with the consent of the convicted person or with the tolerance thereof, said company domiciled in Colombia or branch of a foreign company benefited from the commission of that crime.

6. C/ST RISK IDENTIFICATION AND EVALUATION.

To identify and evaluate the risks of corruption and/or transnational bribery, a diagnosis was carried out with an independent firm to evaluate the company’s process map with the aim of identifying:

• Corruption Risks: Possibility that, by action or omission, the purposes of public administration may be diverted or public assets may be affected for a private benefit. 

• Risks of Transnational Bribery or ST Risk: It is the possibility that a legal entity, directly or indirectly, gives, offers or promises to a Foreign Public Official sums of money, objects of pecuniary value or any benefit or utility in exchange for said public servant performs, omits or delays any act related to his or her functions and in relation to a Business or International Transaction. 

For this purpose, meetings were held with the leaders of all the company’s processes, to identify in which processes the counterparty is (i) National public servant or entity (since these carry a risk of corruption due to crimes against the public administration or public assets) or (ii) Foreign public servant (since these carry the risk of Transnational bribery)

USA VIRTUAL MARKET S.A.S has a risk matrix where the following risks have been identified:

• Diversion of funds to pay bribes or ML/FT/FPADM activities.

• Alteration of the value of transactions in billing

• Bribes to accounting process personnel to hide money movements for payment of bribes or ML/FT/FPADM activities.

• Bribes to the tax audit office so that it does not report deviations or inconsistencies that it detects

• Bribes within the Customs process.

After evaluation of the following aspects:

6.1.      Economic sector risk: The economic activity of USA VIRTUAL MARKET S.A.S. It is not classified as high risk, in fact Circular 100-000011 of 2021 establishes that the sectors with the highest level of risk are the mining-energy sector, public services, infrastructure works, and the pharmaceutical and human health sectors. In this sense, an eventual risk has been identified in the processes directly related to the customs sector, specifically imports, a situation that was duly included in the Risk Matrix.

6.2.      Third party risk: As mentioned, there is a risk of corruption when the counterparties are local public officials and of transnational bribery in the case of foreign public servants. In relation to the risk of corruption, in the local market USA VIRTUAL MARKET S.A.S. It does not allocate its production to the public sector (it does not participate in tenders) so the possibility that the buyer is a public entity or that there is intermediation with local public officials is very remote.

(corruption). Circular 100-000011 of 2021 regarding this risk refers to the participation of contractors of high economic value, in which it is not easy to identify a legitimate object and its realization at market values ​​and the participation of a company is not appreciated. in collaboration or joint risk contracts with contractors, or that the latter are closely related to senior government officials of a particular country, in the context of an international or local business or transaction. USA VIRTUAL MARKET S.A.S. does not participate in shared risk contracts or business collaboration. Regarding the risk of transnational bribery, the economic activity of USA VIRTUAL MARKET S.A.S. It is not executed under any circumstances with public sector counterparts in the international market, and therefore, the possibility that the buyer is a public entity or that there is intermediation with public officials is very remote.

6.3.      Country risk: Circular 100-000011 of 2021 establishes that there is a risk when the obligated entity carries out operations through Subordinated Companies in countries that are considered tax havens in accordance with the classification formulated by the National Tax and Customs Directorate, DIAN. In this regard, it is indicated that USA VIRTUAL MARKET S.A.S. It does not have Subordinate Companies in countries that are considered tax havens. The risks of transnational bribery refer to nations with high rates of perception of corruption, which are characterized, among other circumstances, by the absence of an independent and efficient administration of justice, a high number of public officials questioned for corrupt practices, the nonexistence of effective regulations to combat corruption and the lack of transparent policies regarding public procurement and international investments.

7. GENERAL POLICIES AND PROCEDURES FOR RISK MANAGEMENT C/ST.

By virtue of this document USA VIRTUAL MARKET S.A.S. assumes the clear and determined commitment of its Directors, Employees and Associates to manage, prevent and mitigate the Risk of Corruption and Transnational Bribery and in accordance with the foregoing undertakes to periodically:

7.1.      Establish adequate and sufficient Due Diligence procedures for linking suppliers, administrators, employees and associates in accordance with the warning signs identified regarding Corruption and Transnational Bribery.

7.2.      Have communication channels that guarantee confidentiality and encourage the making of complaints and also the non-generation of retaliation against employees or third parties who make them.

7.3.      Disclose and carry out training to its Employees, Associates, Administrators, Contractors and other interested parties, on the prevention, self-control and management of the Risk of corruption and Transnational Bribery.

7.4.      Evaluate C/ST Risks with a Risk Matrix, which identifies and evaluates the Risks in detail depending on the own Risk Factors such as, for example, the economic sector, third parties, Contractors, intermediaries, advisors, consultants and type of contract

7.5.      Promote the development of activities that support the Transparency and Business Ethics Program

7.6. File criminal charges and order actions against employees, contractors, managers and partners in cases of C/ST and non-compliance with the Business Transparency and Ethics Program.

8. RESPONSIBILITIES REGARDING THE CORRECT IMPLEMENTATION OF THE PTEE:

8.1.      Legal representative: 

The Legal Representative will have the following functions regarding the correct implementation of the PTEE.

8.1.1.    Present with the compliance officer, for approval of the highest social body, the PTEE proposal.

8.1.2.    Ensure that the PTEE is articulated with the compliance policies adopted by the highest corporate body.

8.1.3.    Provide effective, efficient and timely support to the compliance officer in the design, direction, supervision and monitoring of the PTEE.

8.1.4.    Certify before the Superintendency of Companies compliance with the provisions of Circular 100-000011 of 2021.

8.1.5.    Ensure that the activities resulting from the development of the PTEE are duly documented, so that the information meets criteria of integrity, reliability, availability, compliance, effectiveness, efficiency and confidentiality. The documentary supports must be kept in accordance with the provisions of article 28 of Law 962 of 2005, or the rule that modifies or replaces it.

8.2.      INVESTORS ASSEMBLY: 

It corresponds to the Shareholders’ Assembly:

8.2.1.    Establish and define Compliance Policies, which include the instructions that must be given regarding the design, structuring, implementation, execution and verification of actions aimed at the prevention and effective mitigation of any corrupt practice. 

8.2.2.    Issue and define the Compliance Policy and its updates, which must be done at least every two years or sooner whenever changes occur that alter or may alter the degree of C/ST Risk.

8.2.3.    Define the profile of the Compliance Officer in accordance with the Compliance Policy.

8.2.4.    Appoint the Compliance Officer. 

8.2.5.    Approve the document that contemplates the PTEE and its updates, which must be done at least every two years or sooner whenever changes occur that alter or may alter the degree of C/ST Risk.

8.2.6.    Assume a commitment aimed at preventing C/ST Risks, so that the company can carry out its business in an ethical, transparent and honest manner. 

8.2.7.    Ensure the supply of the economic, human and technological resources required by the Compliance Officer to carry out his or her work. 

8.2.8.    Order the pertinent actions against the Associates, who have management and administration functions in the company, the Employees, and administrators, when any of the above violates the provisions of the PTEE. 

8.2.9.    Lead an appropriate communication and pedagogy strategy to guarantee effective dissemination and knowledge of the Compliance Policies and the PTEE to Employees, Associates, Contractors (in accordance with the Risk Factors and Risk Matrix) and other identified interested parties. 

8.2.10.  The Shareholders’ Assembly will guarantee that the compliance officer has resources, independence and the decision-making capacity, as indicated in the PTEE Circular.

8.3.      COMPLIANCE OFFICER: 

The company must have a Compliance Officer whose profile, functions, and incompatibilities are described below.

8.3.1.    Compliance Officer Profile: 

The Compliance Officer must meet at least the following requirements: 

8.3.1.1. Enjoy the ability to make decisions to manage C/ST Risk and have direct communication with, and report directly to, the board of directors. 

8.3.1.2. Have sufficient knowledge of C/ST Risk management and understand the ordinary course of activities of USA VIRTUAL MARKET S.A.S.

8.3.1.3. Have the support of a human and technical work team, in accordance with C/ST Risk.

8.3.1.4. Not belong to the administration, to the corporate bodies or to belong to the tax audit body or be linked to the tax audit company that exercises this function, or whoever performs similar functions or acts in their place at USA VIRTUAL MARKET S.A.S. 

8.3.1.5. Not serve as Compliance Officer, principal or alternate, in more than ten (10) Companies. 

8.3.1.6. Be domiciled in Colombia.

8.3.2.    Duties of the Compliance Officer

8.3.2.1. Present with the legal representative, for approval of the highest corporate body, the PTEE proposal and its updates, which must be done at least every two years or sooner whenever changes are presented that alter or may alter the degree of C/ST Risk.

8.3.2.2. Present, at least once a year, reports to the highest corporate body. At a minimum, the reports must contain an evaluation and analysis of the efficiency and effectiveness of the PTEE and, if applicable, propose the respective improvements. Likewise, demonstrate the results of the management of the compliance officer and the administration in general, in compliance with the PTEE.

8.3.2.3. Ensure that the PTEE is articulated with the Compliance Policies adopted by the board of directors or the highest corporate body.

8.3.2.4. Ensure effective, efficient and timely compliance with the PTEE.

8.3.2.5. Implement a risk matrix and update it according to the company’s own needs, its risk factors, the materiality of the C/ST risk and in accordance with the compliance policy;

8.3.2.6. Define, adopt and monitor actions and tools for the detection of C/ST risk, in accordance with the compliance policy to prevent C/ST risk and the risk matrix;

8.3.2.7. Ensure the implementation of appropriate channels to allow anyone to confidentially and securely report non-compliance with the PTEE and possible suspicious activities related to Corruption;

8.3.2.8. Verify the proper application of the whistleblower protection policy that the company has established and, with respect to employees, the workplace harassment prevention policy in accordance with the law;

8.3.2.9. Establish internal investigation procedures to detect breaches of the PTEE and acts of Corruption;

8.3.2.10.           Coordinate the development of internal training programs;

8.3.2.11.           Verify compliance with the due diligence procedures applicable to the company;

8.3.2.12.           Ensure the proper filing of documentary supports and other information related to C/ST risk management and prevention;

8.3.2.13.           Design the C/ST risk classification, identification, measurement and control methodologies that will be part of the PTEE; and carry out the evaluation of compliance with the PTEE and the C/ST risk to which the obligated entity is exposed.

8.3.2.14.           Manage the translation of the PTEE and the compliance policy into the official languages ​​of the countries where USA VIRTUAL MARKET S.A.S. carries out international business or transactions or carries out activities through subordinate companies, branches or other establishments, or even contractors in other jurisdictions, when the language is not Spanish.

8.3.2.15.           Lead the annual update of C/ST risk factors and also warning signs, for which you must review various sources, such as studies carried out by the OECD, the United Kingdom Ministry of Justice and the Transparency International Organization.

8.3.2.16.           Annually evaluate the legislative and regulatory changes that occur in the different jurisdictions where it operates, as well as any other change that may have consequences regarding its compliance policies and its PTEE.

8.3.2.17.           Propose updating compliance policies when necessary.

8.3.2.18.           An annual control and monitoring of compliance policies and the PTEE must be carried out in accordance with any of the alternatives provided for in Circular 100-000011 of 2021.

8.3.2.19.           Lead annually the timely presentation of reports required by the Superintendency of Companies, or diagnosis of the state of compliance of the obligated entity in matters of prevention, self-control and management of C/ST Risk.


8.3.3.    incompatibilities and inabilities 

The Compliance Officer may not be the legal representative of the company nor, in general, belong to its administration, the corporate bodies or the tax audit body (serve as a tax auditor or be linked to the tax audit company that exercises this function, if applicable) or whoever performs similar functions or acts in their place at USA VIRTUAL MARKET S.A.S. 

8.3.4.    Conflict of interest management 

The Compliance Officer must complete the declaration of not having a family relationship up to the fourth degree of consanguinity, third degree of affinity, first civil relationship, being a spouse, permanent partner or having a personal romantic relationship with a company employee; In the event that this situation arises, the nature of it must be revealed to the Human Resources Management.

If any additional situation arises, whether your own or someone else’s, that could constitute or come to constitute a case of Conflict of Interest, you will immediately inform the shareholders’ meeting, if these are situations related to your functions as Compliance Officer.

8.3.5.    Legal obligations in relation to the appointment of the Compliance Officer: 

Once the main compliance officer is appointed USA VIRTUAL MARKET S.A.S. you must:

8.3.5.1. Certify to the Superintendency of Companies that the designated compliance officer has the suitability, experience and leadership required to manage C/ST risk.

8.3.5.2. Complete the corresponding report, addressed to the economic and corporate affairs delegation, within fifteen (15) business days following the designation, the name, identification number, email and telephone number of the compliance officer or in accordance with the specific instructions determined by the Superintendency of Companies.

8.3.5.3. With the above information, a copy of the extract from the minutes of the shareholders’ meeting must be sent, which includes the designation of the compliance officer and/or any other document required by the Superintendency of Companies.

8.4.      TAX AUDIT:

In compliance with his duty, the tax auditor must:

8.4.1.    In your exercise, pay special attention to alerts that may give rise to suspicion of an act related to a possible act of Corruption.

8.4.2.    Report to the competent criminal, disciplinary and administrative authorities within six (6) months following the moment in which they became aware of any act of Corruption or alleged crime that they become aware of in the course of their duties. In these cases, article 32 of Law 1778 of 2016, which adds paragraph 5 of article 26 of Law 43 of 1990, establishes that the professional secrecy regime that protects tax auditors will not be applicable.

8.4.3.    Verify the fidelity of the accounting and ensure that the transfers of money or other goods that occur do not hide direct or indirect payments related to bribes, gifts, kickbacks or other corrupt conduct, for which control and control systems must be implemented. audit, as determined by article 207 of the Commercial Code and the applicable accounting standards.

8.4.4.    Observe the guide on the role of the tax auditor in the fight against transnational bribery and ML/FT, which can be consulted at the following link: https://www.youtube.com/watch?v=p4FISuZWHn0 https:// www.supersociedades.gov.co/Noticias/Publicaciones/Revistas/2019/GUIA-REVISORIA-FISCAL-ST-Y-LAFT.pdf

8.5.      FUNCTIONS OF THE COMPLIANCE ASSISTANT, WHEN DESIGNATED OR COMPLIANCE OFFICER OR OTHERWISE,

8.5.1.    Carry out the due diligence process.

8.5.2.    Establish tools and applications, preferably technological, that allow automating due diligence

8.5.3.    Document the due diligence procedure carried out and deliver its results to the Compliance Officer when findings arise. 

8.5.4.    Carry out the appropriate filing of documentary supports and other information related to the management and prevention of C/ST risk in accordance with the company’s document filing and conservation procedures.

8.6.      SPECIFIC ROLES AND RESPONSIBILITIES OF ADMINISTRATORS:

Without prejudice to the previously indicated obligations of the legal representative, the administrators must:

8.6.1.    Know the PTEE properly 

8.6.2.    In accordance with Circular 100-000011 of 2021, implement mechanisms that allow the Compliance Officer to verify the effectiveness of the procedures aimed at preventing any act of Corruption. 

8.6.3.    Assess C/ST risk when entering new markets or offering new products or services.

8.7.      SPECIFIC ROLES AND RESPONSIBILITIES OF ASSOCIATES:

Associates must.

8.7.1.    To rule on the opinion of the statutory auditor presented to the General Assembly of Shareholders.

8.7.2.    Know the PTEE properly 

8.7.3.    The assembly and the members individually considered are obliged to report acts of Corruption that USA VIRTUAL MARKET S.A.S. may incur. and to order the pertinent actions of denunciation and social responsibility action.

8.7.4.    Assess C/ST risk when entering new markets or offering new products or services

9. POLICIES REGARDING THE DELIVERY AND OFFERING OF GIFTS OR BENEFITS TO THIRD PARTIES.

To deliver corporate gifts, the following rules must be followed:

9.1.      They must be in kind and may consist of notebooks, calendars, pens, etc., or gifts that do not have significant commercial value.

9.2.      The Legal Representative may approve the delivery of gifts whose amount is up to half the current monthly minimum wage. 

9.3.      Any gift whose value exceeds 1/2 SMLMV must be approved by the Compliance Officer, after justification and due diligence by the counterparty.

9.4.      gifts should never be offered secretly; 

9.5.      Under no circumstances should money be offered as a gift; 

9.6.      Gifts should never be offered when bidding for a contract or at any stage of a concession bid; 

9.7.      Business trips should always have a legitimate business purpose and should never be offered in secret.  work being carried out, in these cases they must be authorized by their immediate boss.

10. POLICY OF THE OBLIGATED ENTITY REGARDING REMUNERATIONS AND PAYMENT OF COMMISSIONS TO EMPLOYEES, ASSOCIATES AND CONTRACTORS.

10.1.     Employees 

The concepts of payment to employees are described in the administrative policy.

The conditions for settlement of commissions are informed by the Administrative Management in a uniform manner for all points of sale and take into account the variables of (i) Creation of clients (ii) Calls (iii) minimum sales (iv) damaged clients. Those employees who receive commissions greater than 200% annual average last year must sign an anti-corruption form and undergo the due diligence process. The Compliance Officer must review these payments in a timely manner. If you find payments that were not initially established in the contract(s) or if they have a disproportionate amount compared to the service provided, you must inform the Fiscal Audit and Internal Audit, as well as the Shareholders’ Assembly. 

10.2.     Associates

Associates may receive remuneration as shareholders, employees or vendors of the company and in this sense, they will be required to subscribe to the anti-corruption form and submit to the due diligence process at least every two years.

10.3.     Suppliers and Contractors 

The concepts of payment to Suppliers and Contractors are governed by the negotiation and/or purchasing policy of each contract. Those suppliers that receive commissions greater than 200% average commissions in the last year must sign a counterparty due diligence form as a measure of self-control and management of the risks of corruption and transnational bribery and submission to the due diligence process. If the Compliance Officer finds payments that were not initially established in the contract(s) or if these have a disproportionate amount compared to the service provided, he must inform the Fiscal Audit and Internal Audit, as well as the Shareholders’ Assembly.

11. EXPENSES OF THE OBLIGATED ENTITY RELATED TO ENTERTAINMENT, FOOD, ACCOMMODATION AND TRAVEL ACTIVITIES.

USA VIRTUAL MARKET S.A.S. has an INSTRUCTIONAL TRAVEL AND REPRESENTATION EXPENSES, representation, entertainment and lodging expenses must be authorized by the Commercial Management and General Management and must be managed through FOMPLUS Event – ​​REQUEST FOR REPRESENTATION EXPENSES and justified through FOMPLUS Events: PROGRAMMING OF VISIT AND VISITOR MANAGEMENT.

Food expenses in amounts greater than 1 SMLMV must be authorized by the General Management when it comes to representation expenses in favor of third parties, due diligence must have been previously carried out by the Compliance Officer.

12. POLITICAL CONTRIBUTIONS OF ANY NATURE.

Contributions to private candidates or political parties must be approved by the Manager and the Compliance Officer. In no case should these be motivated by receiving favors or benefits from the candidate or political party if elected. The relationship with political parties and interest groups will be carried out in a transparent manner, clearly presenting their positions on issues and topics of interest.

13. DONATIONS, BENEFITS AND SPONSORSHIPS:

In relation to the above, the following must be verified:

13.1.     All beneficiaries of the Donations and/or Various Aid must be registered in the counterparty Registry, which involves carrying out due diligence and approval from the compliance officer.

13.2.     Any request for a donation, benefit or sponsorship must be made in writing in which at least (i) the project, (ii) activity or specific purpose that supports the request must be stated (iii). Additionally, the recipient of the benefit is obliged to present a communication requiring the submission of a duly supported report on the way in which the resources were invested, declaring the absence of links with PEP and placing at the disposal of the company the banking and accounting records that support the activities carried out with its resources, The recipient of the benefit will not be able to make cash payments, the donation resources must be channeled entirely through the banking sector.

13.3.     The criteria for evaluating applications will be: (i) relevance, (ii) impact, (iii) reliability of the requesting entity, and (iv) availability of resources.

13.4.     The approval of donations will be formalized through a written communication to the requesting entity or person and will be executed taking into account that for its approval it must be signed by the legal representative and the compliance officer.

14. CONTROL AND AUDIT SYSTEMS:

Financial audits are carried out annually and are carried out by the tax auditor who issues a report with the findings and recommendations based on the results. 

As a consequence of this PTEE within the Audit process, the following must be done:

a) Verify the fidelity of the accounting and ensure that in the transfers of money or other assets that occur between the obligated entity and its Subordinated Companies, direct or indirect payments related to bribes, gifts, kickbacks or other corrupt conduct are not hidden.

b) Practice audit processes on red flag indicators, as stated in the counterparty due diligence form as a measure of self-control and management of corruption and transnational bribery risks.

c) It is important to keep in mind that it is the tax auditor’s obligation to report suspicious situations detected during the exercise to the corresponding authority.

Associates, administrators, and the compliance officer analyze the results of the audit reports and issue orders and perform necessary corrections and corrective actions based on the results.

15. SPECIFIC DUTIES OF EMPLOYEES WHO ARE EXPOSED TO C/ST RISK, RELATED TO THE PREVENTION OF CORRUPTION.

For interaction with public servants and national and/or foreign official workers, the following rules must be observed:

a) All entry of public officials and official workers into the facilities must be registered in the entry control system.

b) Administrative visits by public officials and official workers must be attended by at least three (3) USA VIRTUAL MARKET S.A.S officials who must be present at all times. Additionally, it must be ensured that these visits are carried out in places in the complex that have video surveillance system and privacy notice.

c) The employees of USA VIRTUAL MARKET S.A.S. They should not participate in meetings with public officials, in restaurants, clubs, etc., or any other place other than the headquarters of the entity or USA VIRTUAL MARKET S.A.S. and if this happens, this situation must be previously reported to the hierarchical superior and the compliance officer. 

d) Every administrator, associate or employee of USA VIRTUAL MARKET S.A.S. has an obligation to report acts of corruption.

e) The contractors, consultants and advisors of USA VIRTUAL MARKET S.A.S. At the time of registration as a supplier, they must complete the counterparty due diligence form as a measure of self-control and management of the risks of corruption and transnational bribery and declare that the payments they receive will be for their own use and are not intended for third parties, national public officials and /or foreigners, and be obliged to respond jointly and unlimitedly for any damage caused by the omission of such obligation.

16. APPROPRIATE AND EFFECTIVE SANCTIONING PROCEDURES, IN ACCORDANCE WITH LABOR ANDDISCIPLINARY STANDARDS, REGARDING VIOLATIONS TO THE PTEE COMMITTED BY ANY EMPLOYEE OR ADMINISTRATOR.

USA VIRTUAL MARKET S.A.S. will apply sanctions and activate the procedures provided for in the Law against employees, administrators, associates or third parties, for non-compliance with this Transparency and Business Ethics Program, as indicated below:

16.1.     Special sanctions for employees: In accordance with article 48 of the Internal Work Regulations, it is an obligation of employees to comply with these regulations and maintain order, morality and respect for the laws, for this reason the violation of the PTEE will give rise to the termination of the employment contract with just cause, for which the pronouncement of any judicial authority is not necessary.

16.2.     Sanctions for administrators: Administrators will be criminally and personally liable for acts of corruption and transnational bribery in which they incur, they will have the sanctions of disqualification contemplated in article 31 of Law 1474 of 2011. Additionally, when as a consequence of these acts damages arise for the company, in accordance with articles 23, 25 and 24 of Law 222 of 1995, the General Assembly of Shareholders will order their removal and social action for liability, with the purpose of compensating for the damages caused by such acts. .

16.3.     Common sanctions for employees, administrators, workers, associates and third parties: Without prejudice to what was previously indicated, USA VIRTUAL MARKET S.A.S. will begin the actions planned in accordance with the Colombian Penal Code Law 599 of 2000.

16.4.     Sanctions from the Superintendence of Companies to USA VIRTUAL MARKET S.A.S.. Circular 100-00011 of 2021 establishes that failure to comply with the orders and instructions given therein will give rise to the administrative actions that are appropriate and the imposition of the relevant administrative sanctions. to USA VIRTUAL MARKET S.A.S., its compliance officer, its fiscal auditor or its administrators, in accordance with the provisions of paragraph 3 of article 86 of Law 222 of 1995 and paragraph 23 of article 7 of Decree 1736 of 2020, without prejudice to the actions that correspond to other authorities

17. APPROPRIATE CHANNELS TO ALLOW ANYONE TO CONFIDENTIALLY AND SECURELY REPORT SUSPICIOUS ACTIVITIES RELATED TO C/ST RISK, POSSIBLE PTEE BREACHES AND ANY CORRUPT PRACTICES:

Circular 100-000011 of 2021 establishes that the company must create mechanisms that allow them the possibility of confidentially and anonymously reporting any possible irregularity in compliance with the PTEE, as well as any possible corrupt behavior by employees, administrators, , associates, contractors and individuals linked to the above, as well as any person who has knowledge of corrupt conduct related to the obligated entity. 

In accordance with the above, by virtue of this PTEE, the following actions are carried out: 

17.1.     The “Ethical Line” [email protected] is established, managed directly by the Compliance Officer, through which any person, using the anonymous email services existing on the web, may submit their complaints. 

17.2.     Additionally, the Compliance Officer may establish that it is available on the USA VIRTUAL MARKET S.A.S. website. an anonymous form for reporting acts of corruption and transnational bribery.

17.3.     USA VIRTUAL MARKET S.A.S.  Through human resources management, it will guarantee that none of its whistleblowing employees, administrators and associates are subject to retaliation for having reported possible violations of the Law or the PTEE, and particularly so that employees are not subject to workplace harassment in accordance with the law. 

All of the above, taking into account the obligation contemplated in Circular 100-000011 of 2021 to “Put into operation anonymous reporting lines, customer service or any other mechanism that allows employees, administrators, associates, contractors or other third parties to report any complaint related to possible non-compliance with the PTEE or any possible act of corruption or express any concern related to this matter to the office of the compliance officer.”

18. CREATION OF TOOLS THAT FACILITATE CONTRACTORS, EMPLOYEES AND ASSOCIATES TO ACCESS, KNOW AND BE TRAINED ON THE COMPLIANCE POLICIES AND THE PTEE OF THE OBLIGATED ENTITY.

At least one (1) time a year, the PTEE pedagogy must be carried out for (i) Employees (ii) Associates (iii) Administrators (iv) Contractors and (v) other interested parties on prevention, self-control and Risk management. C/ST.

The Compliance Officer will be responsible for creating tools or notes of interest that make it easier for contractors, employees and associates to access, know and be trained on the compliance policies and the PTEE of the obligated entity. 

To design the communication strategy, the economic activities of USA VIRTUAL MARKET S.A.S., the particular risks and at least the following elements will be taken into account: 

a) Communications addressed to employees and associates of USA VIRTUAL MARKET S.A.S. must expressly and unequivocally reflect the obligations of administrators related to the prevention of corruption. Likewise, such communications will reveal the procedures to disclose, among others, the policy of USA VIRTUAL MARKET S.A.S., regarding financial controls, delivery of gifts and donations, the creation of effective channels to receive confidential reports on corruption activities, and information regarding sanctions for employees and administrators who violate the PTEE.

b) The communication strategy will be defined by USA VIRTUAL MARKET S.A.S., and may be implemented through various mechanisms, such as publications of notes of interest or notices. 

For the risk of transnational bribery, in addition to what is stated in the previous paragraphs a) and b), the communication strategy must be available in different languages ​​in the event that USA VIRTUAL MARKET S.A.S. operates, directly or indirectly, through subordinate companies. or contractors, in countries where the official language is not Spanish. 

Training must be carried out on a regular basis, as provided by the compliance officer, giving (i) Greater attention to individuals or businesses that are exposed to a greater degree to said risks, as may occur with respect to employees or associates who participate in security activities. state contracting or distribution businesses in countries or geographic areas with a high risk of transnational bribery. (ii) Training on the fight against Corruption must be extended to those contractors identified by the compliance officer, as established by the risk matrix and the compliance policy.

All training must at least, in accordance with Circular 100-00011 of 2021: a) Raise awareness regarding the C/ST risks to which the obligated entity is exposed. b) Be subject to updating when circumstances so require, in response to the changing dynamics of the specific corruption risks faced by the Employees, administrators and associates of USA VIRTUAL MARKET S.A.S.


19. OBLIGATION TO REPORT:

The company, its administrators, associates or employees are obliged to report internally and externally acts of corruption and transnational bribery in accordance with the following procedure: 

Internal complaint: The “Ethics Line” [email protected] is established, managed directly by the Compliance Officer, through which any person, using the anonymous email services existing on the web, may present their anonymous complaints. , adding the files with the corresponding evidence, in case the complainant has that information. Additionally, the compliance officer may establish that an anonymous form for reporting acts of corruption and transnational bribery is available on the USA VIRTUAL MARKET S.A.S website.

External complaint: VIRTUAL MARKET S.A.S will promote the presentation of complaints for Transnational Bribery through the official link of the Superintendence of Companies: 

https://www.supersociedades.gov.co/delegatura_aec/Paginas/Canal-de-Denuncias-Soborno-Internacional.aspx


When as of December 31 of the immediately preceding year, the company has directly or indirectly (through consortia, temporary unions or any other figure permitted by law) entered into contracts with State Entities with an equal or greater amount (individual or in joint) to five hundred (500) SMMLV, complaints for acts of corruption should be directed to the following link: http://www.secretariatransparencia.gov.co/observatorio-anticorrupcion/portal-anticorrupcion 20. ARCHIVE AND CONSERVATION PROCEDURES: All documentation generated on the occasion of international business or transactions, in which USA VIRTUAL MARKET S.A.S. is involved. It must be treated in accordance with the standards of the document management manual. Particularly in the case of reports of transnational bribery, the following provisions of the aforementioned manual must be observed: a) They must be officially filed and registered in the Document Management Software. b) The files can only be consulted by personnel authorized to do so and due to their functions. c) The information will have the permanence indicated in the documentary retention tables. 21. TRANSLATION OF THE PTEE: USA VIRTUAL MARKET S.A.S. is obliged to translate the PTEE and the compliance policy into the official languages ​​of the countries where the obliged entity carries out international business or transactions or carries out activities through subordinate companies, branches or other establishments, or even contractors in other jurisdictions, when the language other than Spanish

22. PEOPLE WHO ARE RESPONSIBLE TO EXERCISE THE POWERS AND FUNCTIONS NECESSARY WITH REGARD TO THE DESIGN, IMPLEMENTATION AND EXECUTION OF THE PTEE:

ANNEX 3 identifies the list of activities and assignment of responsibilities of the PTEE, by virtue of which the people who are responsible for the exercise of the necessary powers and functions regarding the design, implementation and execution of the PTEE and its periodicity are described.

23. MECHANISMS THAT ALLOW THE EFFECTIVENESS OF THE PTEE TO BE MEASURED, AS ESTABLISHED BY THE PTEE CIRCULAR

The Compliance Officer must carry out the evaluation of compliance with the PTEE, for which the activities contemplated in Annex 3 will be measured, assigning one point for each activity completed, corresponding to 18 points and none, for activity pending execution, when the activities are not annual. They will be deducted from the total score for grading purposes. For the purposes of measuring the effectiveness of the PTEE, 100% of the grade corresponds to obtaining 18 points when the activities are not annual and 26 points when all activities must be carried out in the corresponding year.

24. DUE DILIGENCE

Circular 100-000011 of 2021 establishes the obligation to carry out anti-bribery due diligence processes on contractors, since these can be used to make and hide payments related to bribes to national public servants or foreign public servants.

As a consequence of the PTEE from now on, to register and formally link a counterparty to the company, the following must be verified:

24.1.     The Management responsible for contracting must have the elements of judgment to rule out that the payment of a very high remuneration to a contractor conceals indirect payments of bribes or gifts to national public servants or foreign public servants, which corresponds to the highest value. recognizes a contractor for his intermediation work.

24.2.     The Compliance Officer must collect information about the commercial, (i) reputation and (ii) sanctioning history in administrative, criminal or disciplinary matters that have affected, affect or may affect the persons subject to due diligence.

24.3.     The Contracting and Purchasing Management must request the completion of a form that (i) declares the status of the supplier regarding the warning signs, (ii) the declaration of knowledge of the Anti-Bribery Policy (iii) the obligation to respond jointly and unlimitedly before USA VIRTUAL MARKET S.A.S. due to omission of obligations related to CS/ST and (iv) Knowledge of the complaints channel.

24.4.     Additionally, this due diligence will be carried out again once a year in the case of suppliers classified as critical. In this due diligence, the verification of good credit and reputation of the contractors will be reviewed.

Due diligence activities must be recorded in writing, so that it can be easily accessed and understood by the compliance officer.

In any case, the Compliance Officer may determine that the scope of the Due Diligence is variable due to the purpose and complexity of the contracts, the amount of the Contractors’ remuneration and the countries where they carry out their activities, among other aspects.

25. CONTROL AND MONITORING OF COMPLIANCE AND PTEE POLICIES

At the discretion of the Compliance Officer, an annual control and monitoring of compliance policies and the PTEE must be carried out in accordance with any of the following alternatives:

25.1.     Supervision by the compliance officer regarding C/ST risk management in legal relationships with state entities or in international or national businesses or transactions in which USA VIRTUAL MARKET S.A.S participates. For this purpose, mechanisms must be put in place that allow the compliance officer to verify the effectiveness of the procedures aimed at preventing any act of corruption, in accordance with the provisions of this Manual.

25.2.     The periodic performance of compliance audits and due diligence procedures, as provided by the compliance officer.

25.3.     Conducting surveys of employees and contractors, in order to verify the effectiveness of the PTEE.

26. WARNING SIGNS:

Taking into account that there is no exhaustive list that allows identifying all the warning signs, since each obliged entity must identify its risk factors, which are stated in the form that the counterparties must complete in order to identify the warning signs. alert, which must be updated annually by the compliance officer.  

27. UPDATE

USA VIRTUAL MARKET S.A.S must update the Compliance Policy and the PTEE every time there are changes in its activity that alter or may alter the degree of C/ST Risk, or at least every two (2) years. 

28. ANNEXES

Process matrix with inclusion of C/ST risks

Warning signs.

PTEE activities and those responsible.

C/ST Compliance Policy