Committed to the SDGs PEACE, JUSTICE AND STRONG INSTITUTIONS BUSINESS ETHICS

Transcription

1 Committed to the SDGs PEACE, JUSTICE AND STRONG INSTITUTIONS BUSINESS ETHICS

2 STRUCTURE Business Ethics System Evaluations Challenges Gloria María Úsuga Yepes Corporate Auditor "Our commitment and work on ethical issues is not a response to specific situations, but rather the result of continued reflection on how we should respond to dilemmas arising in performance of our business activities. In this regard, we acknowledge the power of ethics as a transforming element of society and, therefore, we perceive it as our core value without which anything we do concerning corporate responsibility would lack legitimacy".

3 We continue strengthening our Business Ethics System (BES), updating and improving its policies, guidelines and instruments. 100% of our employees have completed a virtual course and attended specific workshops on the new Anti-fraud, Anti-Corruption and Anti-bribery Policy (PAAA) MILESTONES 94.3/100 was the score we obtained in the Business Transparency Measurement, which for the ninth time has acknowledged our high standards in business transparency policies and mechanisms. A recognized international auditor firm performed an external evaluation of our practices for management of bribery, corruption and fraud practices. No significant weaknesses were identified in the respective controls and opportunities were found for alignment with international legal requirements.

4 We understand ethics as the way to do things correctly and in good faith; also, as being coherent about what we think, say and do; and let common good prevail over private interests. We are also convinced that the right and socially responsible behavior in a company determines its continuity in the long run, as that is the base for business legitimacy and trust thereon, as well as favorable conditions for its development and contribution to the well-being of society. We are committed to fight corruption in any form, in accordance with national and international principles such as of Global Compact, Sustainable Development Goals (SDG) and the UN convention against corruption. In this regard we identified and managed the corporate risk of fraud, bribery and corruption, associated with possible acts committed by Company employees or stakeholders. In this chapter, we will share the main results and challenges of 2016: BUSINESS ETHICS SYSTEM (BES) Our Business Ethics System is structured in such manner that it not only presents our conception of ethics, but it also provides the tools required to translate it into concrete conducts expected among our business processes and stakeholders. We defined three action fronts that are closely interrelated: In-house action: policies, guidelines, practices, provisions, statements, definition of responsibilities, mechanisms and measures set out to manage and protect the Company's ethics. External action: actions undertaken to disclose and promote our ethic practices among stakeholders for transcending beyond transactional relations. Collective action: actions involving our stakeholders to strengthen the system, thus generating collective actions that help protect the business environment against corrupt practices. The BES also includes elements with a preventive, detective and corrective approach, framed by continuous improvement and permanent promotion and dissemination. Every year we share with our stakeholders the fulfillment of our commitments with them relative to ethics and transparency, with this Management Report being the key accountability mechanism. An additional element in this exercise is the Annual Report on Good Governance Practices, which validates practices related to ethics and transparency. Find out more: Business Ethics System

5 Oxley Act, also referred to as Public Company Accounting Reform and Investor Protection Act applicable to ISAGEN as it is a relevant acquisition for Brookfield Renewable Partners (BEP), our majority shareholder. On the other hand, the Promotion Group continued its reflection activity on business ethics among all employees and conducted conversations on "ISAGEN, Unreal Life Cases" focused on day to day events to be approached from a participative ethics perspective. 186 workers and contractor employees shared this activity with us. We also organized ethic conversations that were attended by 62 executives, that is, 63% of our directors. Lastly, we carried out virtual forums on ethical dilemmas, where 33 people participated. Through our induction processes, we informed 100% of new personnel regarding their responsibility relative to the Business Ethics System, and provided them with a copy of the DEB. Declaration of Ethical Behavior (DEB) The DEB is a preventive instrument that was built together with the employees, which has become a moral orientation tool to facilitate actions relative to work, personal and institutional relations. It also seeks to reaffirm trust, transparency, responsibility and justice. In 2015 it was adopted again by the Board of Directors as the Code of Ethics for ISAGEN. To hold dialogues relative to participative ethics and promotion of the DEB among employees and other stakeholders, we have created the Statement of Ethical Behavior Promotion Group, which conveyed the new version of this statement, with voluntary participation of 130 employees, that is, 19% of the work force. Furthermore, with the help and participation of the employees, we made adjustments to the DEB statements to comply with the guidelines from the Sarbanes Find out more: Declaration of Ethical Behaviors

6 New Anti-bribery, Anti-Corruption and Anti-Fraud Policy (PAAA) The Board of Directors approved the change of the Fraud and Corruption Risk Management Policy for the new Anti-bribery, Anti-corruption and Anti-fraud Policy, adjusting internal guidelines to secure compliance with domestic and international anti-corruption laws applicable to the Company. The main aspects considered by the PAAA are: Application: it includes employees, Board members and third parties defined as any juridical or natural person, entities, contractors and subcontractors, whose services are provided on our behalf or who share our facilities. Anti-bribery, Anti-corruption and Anti-fraud commitment: it ratifies our intention of performing with honesty and integrity, in strict compliance with domestic and international Anti-bribery, Anticorruption and Anti-fraud laws. Prohibitions: it prohibits fraud in any form, including corruption, bribery and facilitation payments in addition to any activity that may influence or appear to influence business decisions, such as contributions to political parties, their candidates or representatives, asking for or giving donations to suppliers, vendors or public officials, etc. It should be noted that the PAAA strictly prohibits ISAGEN and its employees to offer Company installations, goods, services or resources, or to propose activities with a political purpose. In 2016, no contributions were made to political parties at all. Donations: provide guidelines to prevent the occurrence of undercovered bribery. Third Parties: it sets out the prohibition of paying, offering, accepting or asking for bribery on behalf of ISAGEN. Relations with public officials: provide guidelines that must be considered as regards relations with public officials. Gifts and entertainment: it defines the prohibitions and restrictions on such matters. Causes: ISAGEN strictly prohibits manipulation of information on financial statements and their disclosure. Asset embezzlement: it prohibits the use or the appropriate disposal of assets (physical and information) and resources. Money laundering and terrorist financing: it prohibits any activity, action or omission intended to facilitate such practices. Extortion: it prohibits payment by employees, contractors, subcontractors and suppliers facing any extortion event. Conflicts of interest: it defines situations that are considered potential conflicts of interest and the procedure for reporting and management thereof. Management of fraud, corruption and bribery risk: difference practices for identification, prevention, protection and management of fraud or corruption risk. Reporting: it establishes mechanisms for reporting and investigation of concerns relative to conduct of employees or third parties that could represent breach of this Policy. Disciplinary measures: it expresses the company's decision of implementing pertinent disciplinary measures for those who breach the Policy, and the obligation of reporting the issue to the competent authorities. Contact information: it provides contact information of the Ethics Committee members for consultation in case of concerns relative to the Policy or its application. Commercial practices or agreements against free market regulations: it prohibits any practice or activity that attempts against the Country's competition laws.

7 50 As a result of the new PAAA, we changed the procedure for reporting potential conflicts of interest situations that can be resolved by Senior Management (Management Team). Furthermore, we changed the Conflict of Interest Mailbox for the Ethical Dilemma Mailbox to thus expand its action spectrum: 1. Managing potential conflicts of interest situations. 2. Registering and managing situations, activities or potential risks related to other issues addressed by the PAAA. In 2016, we received in the Ethical Dilemma Mailbox 315 reports related to the implementation of the guidelines included in the PAAA, which were managed in accordance with the process defined in 83.5% of the cases, while 16.5% cases are still being processed. Five reports (1.6%) represented a potential conflict of interest and were managed by moving the employees out of the activity generating the conflict, or instructing them to abstain from participating in the activity. turn, the SIC is implementing monitoring tools in the electricity market. In this regard, in 2016 there were no sanctions related to breach of the overall regulations or related to fair competition and anti-monopoly. Ethics Channel and Ethics Committee The employees and stakeholders had access to our Ethics Channel, comprised by telephone line, and fax, through which they were able to report their concerns on situations presumably concerning our employees or third parties that affected or could have affected the interests of the Company or the stakeholders. In 2016 we reviewed and addressed 30 concerns through our Ethics Channel, related to the following situations: Find out more: Anti-bribery, Anti-corruption and Anti-fraud Policy Fair competition and anti-monopoly practices With regard to commercial practices or agreements that attempt against fair competition and transparent market development, added to conducts that attempt against the Country's competition laws, the Colombian legislation has set the basis for a fair competition policy. The Superintendency of Industry and Commerce (SIC) overseas and promotes market competition and the Commission for Regulation of Energy and Gas (CREG) regulates monopolies in the provision of public utility services when this is not achieved by the competitive market. Similarly, Law 142 of 1994 establishes that the CREG must indicate when there is sufficient competition allowing for freedom in pricing and preventing public utility companies to enter into unfair agreements; in

8 51 Involved n situations 2016 Associated issues Results n cases in process Employees 10 Presumed breach of ethical standards Two of these concerns corresponded to employee actions against our ethical standards and the pertinent administrative measures were taken. Eight cases corresponded to situations that, after being reviewed, it was determined that there were no grounds for breaching our ethical standards. None Third Parties Employees and third parties 7 Presumed breach of ethical standards 5 Presumed breach of contractual or civil obligations 4 Presumed harassment at work 4 Three of these cases corresponded to actions against our ethical standards and the pertinent measures were taken. One of these cases was still open at the end of Four cases corresponded to situations that, after being reviewed, it was determined that there were no grounds for breaching our ethical standards. In five cases we took actions with third parties and these were closed. Cases were reviewed by the Ethics Committee and remitted to third parties for their management, with two of them still open at the end of the year. Furthermore, Management implemented administrative and legal actions intended to improve controls leading to reduce the occurrence of such situations. Situations that are beyond the scope of the Channel, that is, there are no ethical implications but still they were effectively managed None 2 None 27 of these concerns have been closed, and the rest are undergoing review. The seven pending concerns from 2015 were managed and closed by the Ethics Committee and the Management in One of them dealt with the situation of presumed harassment at work, which was transferred to the Coexistence at Work Committee, which managed it with the workers involved, thus enabling management to close the case after implementing the pertinent measures. It should be noted that no concerns were received through the Ethics Channel concerning breaching by the Company of human rights among its stakeholders. Furthermore, we constantly promote our Ethics Channel in each of the media available for each audience.

9 52 Fraud Risk Management Program We continue improving our fraud risk management practices, based on ethics as our core value. In 2016, an external firm conducted an assessment of our Fraud Risk Management Program, concluding that there were no evidences of corruption, bribery or significant weaknesses of fraud risk controls in place. This assessment also enabled us to identify opportunities for improvement in outlining the program with the requirements of international laws on corruption and bribery in foreign countries, which are applicable to our company: Law 1778 of 2016, Foreign Corrupt Practices (FCPA), Corruption of Foreign Public Officials (CFPOA) and UK Bribery Act. Actions for improvement are being approached with a gap closing plan that began in the second half of 2016 and which is expected to conclude in The following activities were performed as part of the Fraud Risk Program over the year: Upon approval of the new Anti-fraud, Anti-corruption and Antibribery Policy (PAAA), we commenced implementation, training and awareness activities required as part of the Fraud Risk Management Program aimed at employees and third parties, as follows: We trained thirteen (92.86%) members of the Audit and Risk Committee and the Board of Directors on the most relevant aspects of the FCPA and general framework that our Company is to uphold to ensure its compliance. The Policy is fundamental to show our Senior Management commitment to prevent and detect potential fraud situations and to prohibit bribery and corruption in any form. We prepared and published for all employees a guide for implementation of the Policy, which describes the various aspects contained therein for better understanding and deployment in our Company. We carried out a training workshop for executives on the Policy, where 66 of them participated, which corresponds to 67% of the whole executive staff. At this time, 100% signed the form of adherence to the Policy. We carried out 33 workshops intended for employees, aimed at presenting and training them on the Policy and its key elements. We achieved 100% attendance of employees to the workshops and, also, 100% of them signed the form confirming their knowledge, understanding and scope of the Policy. We designed a virtual course that was successfully completed by 100% of the employees, including those who joined the Company this year. We shared publications aimed at stakeholders, both physical and virtual, regarding the Business Ethics System and Policy, which are available in our web site. We sent personal communications to our active suppliers and industry end users, sharing our System and Policy. We carried out seven dissemination workshops and training for the coordinators of contracts and legal representatives of the 66 companies (100%) identified in 2016 as third parties who represent us and/or coexist with us. Other activities performed within the framework of the Fraud Risk Program: We defined a methodology to determine the level of Fraud risk among third parties. We established Anti-bribery, Anti-corruption and Anti-fraud clauses in our contracting regulations. We developed and began implementing a procedure that includes our due diligence activities with third parties and defines additional activities according to their risk levels.

10 53 We structured a protocol for classifying and reporting critical cases received through the Ethics Channel. We adjusted guidelines for our in-house actions in performance of investigations related to breaches of ethical standards or cases of fraud and corruption. We updated the risk matrix of 100% of work related issues, including the identification of fraud in typologies defined by ISAGEN: corruption (bribery), embezzlement of physical assets or information, money laundering and terrorist financing, financial statements fraud (manipulation of figures or disclosures), extortion, commercial practices or agreements against fair market laws and undeclared conflicts of interest. This risk evaluation covered five Company processes and three General Management teams. As the fraud risk is classified as a corporate risk, should there be situations associated therewith, we have mechanisms in place for timely follow up with the Management and Audit and Risk Committees. Ethics System. This committee reviewed the Fraud risk management program and monitored it; it also confirmed compliance with the practices set forth in the Good Governance Code. In relation with the prevention of Money Laundering and Terrorist Financing Risk (LA/FT), we performed the following activities in 2016: Adjusted the procedure for monitoring relationship risks, extending it to shareholders or associates who hold 5% or more of the equity in companies with which ISAGEN would interrelate. Monitored compliance with applicable regulations and procedures in the Manual for self-control and management of money laundering and terrorist financing risk. Reported all alerts received to the Financial Information and Analysis Unit (UIAF). We implemented the methodology that was structured in 2015 for identifying critical positions that are more sensitive to the fraud risk, obtaining information for adjusting fraud risk controls. We assessed fraud risk within the 2016 Audit Plan, not evidencing fraud or corruption materialized cases; however, we identified opportunities for improvement to reduce probabilities related to contracting management under the delegate administration scheme and follow-up of supports and invoicing in the administration, operation and maintenance of the TIC infrastructure. We defined and executed the anti-corruption program in compliance with Law 1474 of 2012, which was available to the stakeholders in the web site. This Plan is integrated with the Fraud Risk Program and both are fundamental part of the preventive elements or guidelines of our BES Audit Congress, in Medellín. We submit a quarterly report to the Audit and Risk Committee regarding management of the key elements of the Business

11 54 Actions with our stakeholders Participated in massive attendance events, presenting our Business Ethics System and Policy: Business Meeting with employees, Suppliers Convention and Electrical Sector Ethics Forum. Participated actively in the Collective Action of the Electrical Sector, which is monitored and accompanied by Transparency for Colombia, the United Nations and the Secretariat for Transparency of the President's Office. We progressed as to the gap closing in our anticorruption program based on the self-diagnosis carried out in 2015 and the building of a risk matrix of competence in the electrical sector, which has been used to strengthen the respective guidelines and internal controls. Continued participating in the Auditing Network, made up of Colombian energy sector companies, which is intended to promote the integrity of its members, the incorporation of best practices, and the contribution to create value related to ethics and transparency. This year we organized the 6th Congress of Effective Auditing in the Energy Sector, whose motto was "We Build Trust" as a fundamental feature for auditors. We are part of the Network for Transparency and Citizen Participation of the Medellin Comptroller Office and participated in the sessions called by this control body. In compliance with article 47 of Law 222 of 1995, amended by Law 603 of 2000, all software available for our management is licensed based on the provisions set out by the Intellectual Property and Copyright Law Supplier Convention, in Medellín. Find out more: 2016 Anti-Corruption Plan Manual for self-control and risk management money laundering

12 55 EVALUATIONS Being aware of the need for permanent improvement, we subject regularly our ethics, transparency and compliance practices to in-house self-evaluation and independent third-party assessment. We highlight the following results in 2016: 673 employees (98.8%) completed the Annual Self-evaluation on Transparency Practices. The analysis of results evidence their knowledge and commitment related to business ethics, Anti-bribery, Anti-Corruption and Anti-Fraud Policy, conflicts of interest management, money laundering prevention, purchase and sale of company securities, etc. The remaining percentage corresponds to employees who on the date of performance of the survey were out on annual or sick leave. Additionally, upon implementation of these tools, the employees ratified their commitment with transparency practices and contributed valuable information to improve our Business Ethics System. In the chapter titled "Action Framework" of the Annual report on Good Governance Practices, we presented the results of the evaluation that was conducted by our Internal Audit on our corporate governance practices related to ethics and transparency among other corporate governance measures. The conclusion is that we have adequate practices in place. Our score was 94.3 out of 100, among 32 public utility companies evaluated by Transparency for Colombia, within the framework of business transparency, being recognized for the ninth time as the public utility company with the highest standards concerning business transparency policies and mechanisms. This evaluation was conducted using a new methodology, which is more demanding than the previous measurements. We participated voluntarily in the measurement of Active Companies in Anti-corruption Compliance (EACA) promoted by the Transparency Secretariat of the President's Office, intended to strengthen compliance practices in our Fraud Risk Program. At the end of the year, the results of this measurement had not been published. We upheld an adequate Internal Control System according to the Statutory Auditor, the External Auditors of Management and Results, and the General Comptrollership Office of Colombia. We evaluated reputation in 2016, that is, the level of Company appreciation among stakeholders. This evaluation included five variables: leadership, social performance, environmental performance, economic performance, and ethics and corporate governance. We obtained a score of 86.2 in the ethics variable, which reflects levels of excellence and all stakeholders, including the community in the influence areas, perceive our actions as those of an ethical, transparent and coherent company. Find out more: Annual Report on Good Governance Practices

13 2016 CHALLENGES Compliance Defining guidelines within the framework of the collective action agreement for companies in the electricity sector, focused on the protection of fair competition and anti-monopoly, and relations with public employees. Continue working on knowledge and appropriation of transparency practices by stakeholders, client and suppliers CHALLENGES Aligning the program for fraud risk management with the requirements of applicable international laws, developing 100% of the gap closing plan that was defined. Continuing with the annual training and dissemination plan that was defined by the stakeholders as regards the Anti-fraud, Anti-corruption and Anti-bribery Policy and its enforcement mechanisms in order to enhance its understanding and appropriation of supporting practices. Implementing actions agreed during the 2017 planning phase for the Electrical Sector Collective Action, to continue supporting institutional strengthening and fight against corruption through active participation in collective actions. Continuing with in-house work regarding participative ethics through reflection scenarios and joined building of the Declaration of Ethical Behavior (DEB), based on the planning that will be developed by the DEB Promotion Group designated for 2017.