Whistle-blowing Policy - Octosoft Technologies

Whistle-blowing Policy

1. Introduction
This whistleblowing policy establishes Octosoft Technologies Limited’s (the ‘Company’) minimum standards to be implemented as prescribed by its holding company, AfyA Care Nigeria Limited. It also includes additional requirements as warranted by our business or where required by applicable law. This policy has been established to ensure that all cases of suspected breaches of controls, policy and the company’s values are reported and managed in a timely and appropriate manner. This document supports our core values and norms, the code of professional conduct as well as good governance. Our principle of “Integrity” implies that we remain consistent and honest in our dealings with others and strive to treat people with trust and mutual respect while maintaining transparency and accountability.

In line with its code of conduct, Octosoft’s Whistleblowing Policy and Procedures outlines the Company’s commitment to ensure that all stakeholders can raise their concerns regarding any illegal conduct or practice without being subjected to victimisation, harassment or discriminatory treatment, and to have such concerns properly investigated. Also, this Policy sets out the mechanism and framework by which staff, contractors, consultants, vendors, etc. can confidently, and anonymously, voice their concerns/complaints without fear of discrimination and be assured that their concerns are duly investigated to the latter.

2. Purpose
Octosoft is committed to maintaining the highest possible standards of ethical and legal conduct within all entities in the group. In line with this commitment and to enhance good governance and transparency, the main drive of this policy and procedures is as follows; To provide clear reporting channels for whistleblowing for employees and other stakeholders, who feel the need to raise matters of concern relating to Octosoft To ensure that employees and other stakeholders can raise concerns regarding any illegal conduct or malpractice and to have such concerns properly investigated To encourage employees and other stakeholders to disclose any wrongdoing or unethical behaviour that may adversely impact the Company or the Group To provide guidance on clear procedures for reporting matters of such concerns To manage all disclosures in a timely, consistent, and professional manner; and To provide assurance that all disclosures will be taken seriously, treated as confidential and managed without fear of retaliation to the whistleblower.

3. Anchors of the Whistle-Blowing Mechanism
Good governance in all Octosoft entities is enhanced by the institution of a whistleblowing mechanism that cuts across the Group. Consistent with its policy on good governance, Octosoft has put in place several processes and initiatives that discourage red flag activities within the organization. The implementation of controls that foster an environment in which management sets the tone at the top by sensitizing members of staff on matters of integrity and ethical values, assignment of authority and responsibility, and reinforcement of internal controls measures. Octosoft’s core values and norms, the delivery of the best quality service to customers with utmost diligence, efficiency, and transparency are the anchor of all Octosoft’s activities and it demands the highest standards of ethics, honesty and accountability at all times. These anchors would be further strengthened by a credible whistleblowing and complaints handling mechanism as presented.

4. Who is a Whistle-Blower or Complainant?
A Whistle-Blower or a Complainant is any person or party who conveys or is about to convey a concern, allegation or any information indicating that fraud, corruption or any other misconduct is occurring or has occurred in the Company; with knowledge or good faith that the concern, allegation or information is true. Such persons or parties, without limitation, include staff members of Octosoft’s entities, contractors, consultants, former staff members, or any other entity or person. The success of this Policy depends in part on the conscience and professional ethics of the Whistle-Blower or Complainant and the attendant assurance of confidentiality. To avoid the psychological pressures such conflicts can cause Whistle-Blowers and Complainants, Octosoft shall take all reasonable steps to keep the identity of Whistle-Blowers or Complainants confidential. It should be noted that Whistleblowers and Complainants are reporting parties. They are neither investigators nor finders of fact; they do not determine if corrective measures are necessary; and they do not determine the appropriate corrective or remedial action that may be warranted.

5. Coverage and Scope
This Policy applies to the Company and its subsidiaries and covers all employees (including temporary and contract employees), officers, consultant and agents acting in Octosoft. All (as mentioned) are required to disclose acts relating to fraud, corruption, or any other misconduct, including actions that undermine our operations and mission that come to their attention. Misconduct can take many forms but for clear understanding, Octosoft points out 8 generic types of misconduct:

Issues relating to HR (including harassment, discrimination, inadequate behaviour at work and/ or any potential breach of local Labour Law). Misappropriation of assets (including theft; misuse or abuse of company assets such as phone, computer, funds, data etc.). Financial statement fraud (misrepresentation, falsification, concealment, misstatement, or omission of financial records). Other fraudulent statement (i.e. related to non-financial management information such as HR, strategic, commercial, asset management, etc.). Corruption, bribery, extortion (including gift, commission, political contribution, conflict of interest etc. that are not compliant with Octosoft Code of Conduct, Octosoft Compliance and Ethics Guide and/or any local legislation). Other breach of applicable laws or regulation (including unfair competition/anti-trust, insider trading, Money laundering and financing terrorism). Endangering health, life and/or Customer mistreatment including improper use of customer

Other types of misconduct are as follows:
Failures to comply with statutory obligations and Misconduct, e. failure to observe the Company’s code of conduct or standards of behaviour. Coercive practices, e. impairing or harming, or threatening to impair or harm, directly or indirectly, any party or the property of the party to influence improperly the actions of a party Collusive practices, which mean an arrangement between two or more parties designed to achieve an improper purpose, including influencing improperly the actions of another party; and Any other activity which undermines the Company’s operations and It is not intended that this list be considered as a comprehensive list of subjects upon which whistle-blowing events can be made. If it is not clear which category a report should fall into then guidance should be sought from the Chief Risk Officer/Company Secretary, Head legal & HR.

Whistleblowing and complaints should be made in the certainty that what is being reported is true. Allegations and concerns expressed anonymously shall be considered at the discretion of the Chairman, Board Audit & Risk Management Committee. In the exercise of such discretion, the factors to be considered shall include, without limitation, the seriousness of the allegation, its credibility, and the extent to which the allegation can be confirmed or corroborated by reliable sources.

6. Protection of Whistle-Blower Under the Policy
The Company shall protect the Whistle-Blower’s or Complainant’s identity. For whistleblowing and complaint handling mechanism to be effective, the concerned parties must be adequately assured that the information given will be treated as confidential and above all that they will be protected from discrimination and against retaliation from within or outside the Company. The Company will maintain as confidential the Whistle-Blower or Complainant’s identity unless: Such person agrees to be identified: Identification is necessary to allow the Company or the appropriate law enforcement officials to investigate or respond effectively to the disclosure Identification is required by law or where a false accusation has been maliciously made, or The person accused is entitled to the information as a matter of legal right. In such an eventuality, the Company shall inform the Whistle-Blower or Complainant prior to revealing his or her identity, with the promise of protection from discrimination.

7. Channels and Procedures
Each Octosoft operating entity is required to nominate a Designated Complaint Recipient (DCR) to receive and handle any report of misconduct. Where more than one DCR exists in a territory these responsibilities should be clearly allocated to ensure that there is no omission or unnecessary duplication. For Octosoft, the Designated Complaint Recipient (DCR) is the Compliance Officer who reports to the Chief Risk Officer/Company Secretary/Head, Legal & HR. The channels and procedures for whistleblowing or raising complaints shall depend on whether the allegation, complaint or information is being made or disclosed by a staff member of Octosoft or by a party external to the Group. Staff members are expected to whistle-blow on transactions, operations or/and any other activities of the Group that involve fraud, corruption and misconduct, whether internal or external. Parties external to Octosoft, however, are required to bring allegations and complaints of corruption, fraud and any other misconduct in the execution of any business of the Company or project(s) that involve the Company.

8. Internal Whistle-Blowing Procedure
Internal whistleblowing involves staff members across the Group raising concern about unethical conduct. The following procedure shall be adopted for internal whistleblowing:

S/N

Steps

Action

1

Step One

Raising concern(s) by whistle Blower: - medium and format.

An internal Whistle-Blower may raise concern through any of the following media (this can be done either by declaration or in confidence/ anonymously:

• Through their Line Manager, Head of Legal, Compliance, and/or HR.

• Through the “quick links” section on the Company’s web portal.

• Formal letter, email or fax to the Designated Complaint Recipient (DCR) or Chairman of the Board Audit & Risk Management Committee

• Dedicated hotline facility: operated by the Chief Risk Officer/Company Secretary, Head Legal & HR and is available 24 hours a day and 365 days a year.

• Dedicated email address Via Octosoft website: Where the concern is received by staff other than the DCR, the recipient of such concern(s) shall be required to;

• Immediately pass the concern(s) to the DCR with copy to the Chairman of the Board Audit & Risk Management Committee

• If the Chief Risk Officer/Company Secretary, Head, legal + HR is a party to the action to be reported, the Managing Director of Octosoft Nigeria is notified, and where a Director is involved, such concern shall be directed at the Chairman of the Board Audit & Risk Management Committee.

The concern(s) shall be presented in the following format;

• Background of the concerns (with relevant dates)

• Reason(s) why the Whistle-Blower is particularly concerned about the situation

• The report should include sufficient information to enable investigation Disciplinary measures in line with the staff handbook shall be taken against any staff that receives concerns and fails to escalate.

Also, disciplinary measure shall be taken against an internal Whistle-Blower who acted out of malice. Confidentiality must always be assured, and effort must be taken to keep the Whistle-Blower’s identity confidential.

2

Step two

Investigation of Concerns and update on progress of investigation.

Upon receipt of a suspected misconduct notification, the DCR shall carry out the following:

• Record it, including the time and date when it was received, and allocate it a unique sequential reference number.

• The DCR should first consider whether it is admissible, credible, and serious. Under certain circumstances, the Whistle-Blower may be contacted if additional information is required for clarification purpose.

• This preliminary analysis of the case (or triage) should be thoroughly documented including rationale leading to conclusion.

It should be shared with the Chief Risk Officer/Company Secretary, Head Legal & HR along with the recommendation of the DCR indicating whether to investigate the matter or not and, if to be investigated, to whom the matter should be assigned for investigation.

• The decision then taken with the Chief Risk Officer/Company Secretary, Head Legal & HR and, to whom the matter has been assigned for investigation, should be noted in the notification log.

• The DCR and Chief Risk Officer/Company Secretary, Head Legal & HR should determine who within the company the investigation notification information could be shared with before the investigative commences.

A record of the person who has been informed with the date should be maintained.

• The results of the investigation should be properly documented and reported to the Chief Risk Officer/Company Secretary, Head Legal & HR as soon as practicable; allowing them to question the findings before the case is concluded upon.

When the investigation is concluded to the satisfaction of the Chief Risk Officer/Company Secretary, Head legal + HR, the outcome should be recorded in the whistleblowing log.

The person who is whistle-blown against must not be notified of the allegation against them until such time that this has been approved by the Chief Risk Officer/Company Secretary, head legal & HR.

Finally, if the concern raised by the Whistle-Blower is frivolous or unwarranted and is perceived as malicious, the Chief Risk Officer/Company Secretary, Head Legal & HR shall ignore such concern, and if necessary, disciplinary measure in line with Human Resources policy shall apply to such person that raised concern out of malice.

3

Step three

Report of Investigation and action on report.

Upon conclusion of investigation, the Chief Risk Officer/Company Secretary, Head Legal & HR shall submit his/her report to the Human Resources or the appropriate authority for further action(s).

However, Chief Risk Officer/Company Secretary, Head Legal & HR shall present quarterly reports to the Board Audit & Risk Management Committee (BACC) to keep them informed of happenings.

If an allegation of misconduct is substantiated, appropriate disciplinary action(s) will be taken against the responsible individual(s).

Up to and including termination of employment, dismissal from service and criminal prosecution by relevant authorities.

Furthermore, any act of retaliation or victimization against a Whistle-Blower will result in disciplinary action against the perpetrator, up to and including termination of employment.

The malicious use of the whistleblowing policy i.e. allegations in bad faith will result in disciplinary action against a Whistle‐Blower up to and including termination of employment.

At the end of each calendar quarter the DCR shall report to the Chief Risk Officer/Company Secretary, Head Legal & HR the number of reports received in each of the 8 generic categories mentioned earlier.

The total number should be cumulative for the year to date and subdivided into five categories:
1- closed – not investigated
2- under investigation
3- closed – allegation not founded
4- closed – allegation found
5- closed – inconclusive.

The DCR should bring to the attention of the Chief Risk Officer/Company Secretary, Head Legal & HR any notifications that they consider significant to any of the whistle blown case.

4

Step four

Non-Satisfaction with result of investi-
gation/
action

If the Whistle-Blower is not satisfied with the extent of investigation and or the action taken based on the outcome of the investigation, the Whistle-Blower is at liberty to report to the Chairman of the Board Audit & Risk Management Committee.

Whistle-Blowers must not suffer or be held accountable for a complaint made in good faith for which the investigation proves that allegations are non-substantiated. However, if complaints are found to have been made from malicious intent, then the Whistle-Blower may be subject to disciplinary action as deemed appropriate.

Any internal Whistle-Blower that feels victimized can report his/her grievance(s) to the Chairman, Board Audit and Risk Committee. This is without prejudice to the fundamental right of the internal Whistle-Blower to seek redress in the court of law.

9. External Whistle-Blowing Procedure
External Whistle-Blowers are non-staff of the group or company; they can fall into any of these categories: contractors, service providers, shareholders, depositors, analysts, consultant, job applicants, and the general public.
External whistleblowing shall follow the procedure below;

S/N

Steps

Required Action

1

Step one

Raising concern(s) by Whistle-Blower: - medium and format.

An external Whistle-Blower may raise concern through any of the following media (this can be done either by declaration or in confidence/ anonymously):

• By a formal letter to the Chairman of the Board Audit & Risk Management Committee

• Dedicated hotline facility: operated by the Chief Risk Officer/Company Secretary, Head Legal & HR and is available 24 hours a day and 365 days a year.

• Dedicated email address Electronically log into;

• Directly to the Managing Director (MD), Octosoft Health Limited

• Directly to the Chief Risk Officer/Company Secretary, Head, legal & HR, Octosoft Health Limited Where the concern is received by staff other than the CCO and the Chief Risk Officer/Company Secretary, head legal & HR, the recipient of such concerns shall;

• Immediately pass the concern(s) to the Chief Risk Officer/Company Secretary, Head Legal & HR with copy to the CCO but ensuring the confidentiality of the concern. • If the Chief Risk Officer/Company Secretary, Head legal and HR is a party to the action to be reported, the CCO is notified, and where an Executive director is involved, such concern shall be directed at the Chairman of the Board Audit & Risk Management Committee.

Where the concern is received by staff other than the DCR, the recipient of such concern(s) shall;

• Immediately pass the concern(s) to the DCR with copy to the Chairman of the Board Audit & Risk Management Committee

• If the Chief Risk Officer/Company Secretary, Head Legal & HR is a party to the action to be reported, the CCO of Octosoft Nigeria is notified, and where a Director is involved, such concern shall be directed at the Chairman of the Board Audit & Risk Management Committee.

The concern(s) shall be presented in the following format;

• Background of the issue (with relevant dates)

• Reason(s) why the Whistle-Blower is particularly concerned about the situation. Disciplinary measures shall be taken against any staff that receives concern(s) from an external Whistle-Blower and fails to pass same to the appropriate authority.

2

Step two

Investigation of Concerns and update on progress of investigation.

The Chief Risk Officer/Company Secretary, Head Legal & HR shall on receipt of the concern(s) acknowledge receipt from the Whistle-Blower within 5 working days, and immediately commence investigation. The purpose of investigation is to:

• Establish if a wrongdoing has occurred based on the concern(s) raised, and if so, to what extent;

• To minimize the risk of further wrongdoing, prevent any further loss of assets or damage to the group`s reputation and if possible, protect all sources of evidence.

If preliminary investigation shows that the concern(s) falls within the whistleblowing reportable concerns, then further investigation shall be carried out.

If otherwise, the Chief Risk Officer/Company Secretary, Head Legal & HR shall refer the matter to the appropriate quarters for further action.

However, if the concern raised by the whistle- blower is frivolous or unwarranted, the Chief Risk Officer/Company Secretary, Head Legal & HR shall ignore such concern and send a response to the Whistle-Blower stating why the issue of concern is not being further addressed after investigation.

Where it is established that a criminal activity has taken place, the matter may be referred to the police and relevant agencies e.g. EFCC, and where necessary, appropriate legal action taken.

Where necessary, the Chief Risk Officer/Company Secretary, head legal & HR, shall give updates of the progress of investigation to the Whistle-Blower.

3

Step three

Report of Investigation and action on report

Upon conclusion of investigation, the Chief Risk Officer/Company Secretary, Head Legal & HR shall submit his/her report to the Human Resources or the appropriate authority for further action(s).

Where necessary the Chief Risk Officer/Company Secretary, Head Legal & HR shall escalate to the CCO. However, quarterly report to keep the CCO informed shall be submitted by Chief Risk Officer/Company Secretary, head legal & HR.

If the concern(s) relates to an Executive Director, it shall be referred to the Chairman Board Audit & Risk Management Committee for further action.

If the issue of concern(s) originates from a third party (service provider), and the third party is found to be guilty at the conclusion of the investigation, the group shall immediately review the Service Level Agreement with such service provider, and if deemed necessary, terminate the agreement.

4

Step four

Non-Satisfaction with result of investi
gation/
action

In any event that the Whistle-Blower is not satisfied with the extent of investigation and or the action taken based on the outcome of the investigation, the Whistle-Blower is at liberty to write to the Company Secretary.

In addition, an external Whistle-Blower is at liberty to report to appropriate regulatory authority or even seek further redress in the court of laws If he/she is not satisfied with the action taken to address the concern(s).

Glossary of Terms

Definitions of terms are as follows:
1. Complaint: an allegation or concern known to the Office of the Chairman of the Board Audit & Risk Management Committee that is subject to investigation.

2. Complainant/Whistle-Blower: any party who conveys a concern, allegation or information indicating fraud, corruption or misconduct.

3. Investigation: a process designed to gather and analyze information in order to determine whether an act of fraud, corruption, or other misconduct has occurred and if so, and uncover the party or parties responsible for the misconduct.

4. Fraudulent and Corrupt Practices include:
a. Corrupt Practice: the offering, giving, receiving, or soliciting, directly or indirectly, anything of value to influence improperly the actions of another party;
b. Fraudulent Practice: any act or omission, including a misrepresentation, that knowingly or recklessly misleads, or attempts to mislead, a party to obtain a financial or other benefit or to avoid an obligation;
c. Coercive Practice: an intimidating, harming, or threatening action that is aimed at impairing, damaging or harming, directly or indirectly, any party or the property of the party to influence improperly the actions of a party;
d. Collusive Practice: a secretive arrangement between two or more parties designed to achieve an inappropriate purpose, including influencing the actions of another party.

5. Misconduct is a failure by a staff member to observe the rules, code of conduct or standards of behaviour as prescribed by the Company.

6. Standard of proof: the purposes of an investigation, an information that, shows that something is more plausible than not.
It shall be used to determine whether a complaint is validated.

Octosoft is an innovation health-tech start-up leveraging Artificial Intelligence (AI) to transform health care experiences.

Solutions

Products

Legal

Get In Touch