Sophos Group plc Anti-corruption and Bribery Policy

1. About this Policy

1.1 It is our policy to conduct all of our business in an honest and ethical manner. We take a zero-tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with integrity in all our business dealings and relationships.

1.2 Sophos Group plc (Sophos) upholds all laws relevant to countering bribery and corruption in the jurisdictions we operate in. In particular, we are specifically bound by the laws of the UK, including the Bribery Act 2010, which is binding on all our overseas subsidiaries as well as our UK-incorporated companies, and the laws of the United States, including the Foreign Corrupt Practices Act 1977.

1.3 Bribery and corruption are serious offences which are punishable for individuals by up to ten years imprisonment. If Sophos is liable for an offence, it could face an unlimited fine, be excluded from tendering for public contracts and suffer serious damage to its reputation. We therefore take our legal responsibilities very seriously and any employee who breaches this policy will face disciplinary action which may result in dismissal for gross misconduct. Any non-employee who breaches this policy may have their contract terminated with immediate effect.

1.4 The prevention, detection and reporting of bribery and other forms of corruption is the responsibility of all those working for Sophos and entities under its control. All employees – and all those persons performing services on our behalf – are required to avoid any activity which may lead to or suggest a breach of this policy.

1.5 Sophos encourages its employees to raise concerns about any issue or suspicion of malpractice at the earliest possible stage to their manager or compliance@sophos.com. Sophos is committed to ensuring that no employee suffers detrimental treatment as a result of refusal to engage in bribery, or because of reporting in good faith their suspicion that an actual or potential bribery offence has taken place, or may take place in the future.

1.6 This policy does not form part of any employee's contract of employment. We will conduct regular reviews of the policy and may amend it at any time. We may also publish guidelines that explain and support this policy. This policy is endorsed by Sophos Chief Executive on behalf of the company’s board of directors.  It has the full support of Sophos, and Ed Gillis is the main board director with primary responsibility for implementation.  Each department of Sophos is responsible for establishing any appropriate responsibilities and operating procedures within their operations in order to give effect to this policy, as well as the related policies on whistleblowing due diligence on third parties, and investigation guidelines.

2. Who Must Comply with this Policy?

This policy applies to all persons working for us or who perform services on our behalf in any capacity, including employees at all levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners.

3. What is Bribery?

3.1 Bribe means a financial or other (including non-financial) inducement or reward offered, promised or provided, whether directly or indirectly, in order to gain any commercial or other advantage. Bribes can take the form of money, gifts, loans, fees, hospitality, services, discounts, the award of a contract or any other advantage or benefit, or agreeing to do (or not to do) particular things.

3.2 Bribery includes offering, promising, giving, accepting or seeking a bribe.

3.3 All forms of bribery are strictly prohibited. We will not tolerate any form of bribery, either within our business activities, or within the business activities of those who perform services on our behalf.  If you are unsure about whether a particular act constitutes bribery, raise it with your manager or compliance@sophos.com.

3.4 Specifically, you must not:

(a) give or offer any payment, gift, hospitality or other benefit in the expectation that a business advantage will be received in return, or to reward any business advantage already received;

(b) accept any offer from a third party that you know or suspect is made with the expectation that we will provide a business advantage to them or anyone else;

(c) give or offer any payment (sometimes called a facilitation payment) to a government official in any country to facilitate or speed up a routine or necessary procedure; or

(d) threaten or retaliate against another person who has refused to commit a bribery offence or who has raised concerns about possible bribery or corruption under this policy.

4. Gifts and Hospitality

4.1 This policy does not prohibit the giving or accepting of reasonable and appropriate gifts and hospitality for legitimate purposes such as building relationships, maintaining our image or reputation, or marketing our products and services.

4.2 A gift or hospitality will not be appropriate if it is not reasonable or proportionate, for instance if it is unduly lavish or extravagant, or if it could be seen as an inducement or reward for any preferential treatment (for example, during contractual negotiations or a tender process). In no circumstances should you make a gift with the intention of causing (or be reasonably capable of causing) the recipient to perform their functions improperly, or to influence a public official in the performance of their functions, or with the intention of obtaining or retaining business or a business advantage, or as a reward for the obtaining or retention of business or a business advantage, even where the value of the gift is below the threshold described below.

4.3 Gifts must be of an appropriate type and value depending on the circumstances and taking into account the reason for the gift. Gifts must not include cash or be given in secret. Gifts must be made in our name, not your name and must comply with any relevant local laws.

4.4 Corporate branded items of nominal value, items of nominal value designed for free giveaway at trade fairs and equivalent (e.g. pencils, note pads and umbrellas), and working lunches and refreshments provided during meetings at a company site may be given or received at any time and do not need to be recorded.

4.5 Unless approval has been granted by the Legal Department, the value of gifts or hospitality given or received should not exceed the following thresholds (or such lower threshold permitted by local law):

 

Gift

Hospitality (per head)

Maximum value per instance

US$50

US$200 (US$100 for restaurants or catering, including alcohol)

Maximum value per 12 month period

US$200

US$800 ($400 for restaurants or catering, including alcohol)

 

4.6 Any gifts or public hospitality offered to public officials with more than a nominal value must be approved in advance by the Legal Department.

5. Sales Incentives

5.1 Any sales and marketing incentives for channel partners (often known as spiffs) must be transparent, reasonable and in accordance with the guidelines issued by the Legal Department from time to time.

6. Sponsorships and Donations

6.1 Sophos does not make any contributions to political parties, party officials and/or candidates.

6.2 Sophos is pleased to support charitable causes, but not in the expectation of any reward or influence in return. All requests for sponsorsh  ip or donations must be approved by compliance@sophos.com in advance.

7. Record-keeping

7.1 You must declare and keep a written record of all hospitality or gifts given or received in the Sophos Group Gift and Hospitality Register unless an alternative method of recording has been approved by the Legal Department. You must also submit all expenses claims relating to hospitality, gifts or payments to third parties in accordance with our expenses policy and record the reason for expenditure.

7.2 All accounts, invoices, and other records relating to dealings with third parties including suppliers and customers should be prepared with strict accuracy and completeness. Accounts must not be kept "off-book" to facilitate or conceal improper payments.

8. Due Diligence – Dealing with Third Parties

8.1 Appropriate due diligence must be conducted on third parties before entering into agreements with them, in particular where third parties might be seen as acting or providing services on our behalf.  Please contact your manager or the Legal Department, for more detailed guidance on the due diligence that must be carried out, including in relation to bribery and corruption issues. 

8.2 Sophos must have a written contract with all third parties with whom we do business, which includes the contractual protections that should be sought, including termination rights if the third party breaches anti-bribery laws and/or the terms of this policy.

9. How to Raise a Concern

9.1 The prevention, detection and reporting of bribery is the responsibility of all.  If you are offered a bribe, or are asked to make one, or if you suspect that any bribery, corruption or other breach of this policy has occurred or may occur, you must notify your manager or the Legal Department, or report it in accordance with our Whistleblowing Policy as soon as possible.

10. Training and Communication

10.1 The Company provides anti-bribery and anti-corruption training to new employees as part of the induction process and on a regular basis afterward. You should ensure that you receive relevant training on how to implement and adhere to this policy.

10.2 The Company will review this policy regularly and will introduce revisions where necessary.  You should ensure that you keep up to date with all revisions to this Policy, as they are implemented and communicated to you. 

10.3 We will also communicate this policy to third parties who perform services on our behalf, including contractors, consultants and business partners.  We will seek to include contractual obligations in our agreements with third parties, which oblige them to agree to comply with this policy (or an equivalent policy of their own).  In certain circumstances, it may be appropriate for training to be provided to third parties.   

10.4 For further guidance in implementing and adhering to this policy, please contact the Legal Department (compliance@sophos.com).

11. Monitoring and Review

11.1 The Sophos group has conducted a detailed assessment of, and engages in ongoing monitoring of, bribery risks both within the Sophos group and in relation to persons who perform services on its behalf. 

11.2 Sophos will therefore regularly review the implementation of this policy in respect of its suitability, adequacy and effectiveness, and make improvements where appropriate.  It will regularly report the results of this process to Sophos’ Audit and Risk Committee.  The Audit and Risk Committee will also update the Group Board as often as appropriate should any issues arise. 

Version: 11 June 2015