Santander Holdings USA, Inc.

Similar documents
Whistleblower Policy

Computer Programs and Systems, Inc. Code of Business Conduct and Ethics

Corporate Governance: Sarbanes-Oxley Code of Ethics

TDC WHISTLEBLOWER POLICY

MiMedx Group, Inc. Code of Business Conduct and Ethics

The Company seeks to comply with both the letter and spirit of the laws and regulations in all countries in which it operates.

Acceleron Pharma Inc. Code of Business Conduct and Ethics

The Company seeks to comply with both the letter and spirit of the laws and regulations in all jurisdictions in which it operates.

Delta Dental of Michigan, Ohio, and Indiana. Compliance Plan

Southwest Airlines Co. Code of Ethics

Global Code of Business Conduct and Ethics

FOUNDATION BUILDING MATERIALS, INC. EMPLOYEE CODE OF CONDUCT

CORPORATE CODE OF BUSINESS CONDUCT &WORK ETHICS POLICY

Compliance with Laws, Rules and Regulations

Developmental Delay Rehabilitation Services Inc.

Corporate Compliance Plan JANUARY 2011

Verisk Analytics, Inc. Code of Business Conduct and Ethics As Amended June 5, 2018

AUDIT COMMITTEE CHARTER

Code of ethics Code of BUsiNess CoNdUCt ANd ethics for employees ANd directors i. PURPose of Code ii. introduction iii. CoNfLiCts of interest

ACCELERATE DIAGNOSTICS, INC. CODE OF ETHICS FOR CHIEF FINANCIAL OFFICER AND SENIOR FINANCIAL OFFICERS

RELM WIRELESS CORPORATION (the Company ) CODE OF BUSINESS CONDUCT AND ETHICS

Code of Business Conduct and Ethics

Corporate Compliance Plan

CODE OF ETHICS FOR SENIOR FINANCIAL AND EXECUTIVE OFFICERS

FARMER BROS. CO. CORPORATE GOVERNANCE GUIDELINES (Adopted February 1, 2017)

EPCOR Utilities Inc. Ethics Policy

Code of Business Ethics & Conduct

Appendix 8. M&T BANK CORPORATION CODE OF BUSINESS CONDUCT AND ETHICS

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

NEVRO CORP. CORPORATE GOVERNANCE GUIDELINES. (Adopted October 9, 2014)

GAP INC. AUDIT AND FINANCE COMMITTEE CHARTER February 23, 2016

GOODWILL INDUSTRIES OF COLORADO SPRINGS

2018 CODE OF BUSINESS CONDUCT AND ETHICS

CODE OF BUSINESS CONDUCT AND ETHICS

AUDIT COMMITTEE CHARTER AS AMENDED AS OF MAY 6, 2015

F5 NETWORKS, INC. AUDIT COMMITTEE CHARTER AS AMENDED AND RESTATED BY THE BOARD OF DIRECTORS OF F5 NETWORKS, INC. APRIL 21, 2017

SHRINERS HOSPITALS FOR CHILDREN CORPORATE COMPLIANCE PLAN

UPMC POLICY AND PROCEDURE MANUAL. Links to policies referenced within this policy can be found in Section V.

ENMAX CORPORATION PRINCIPLES OF BUSINESS ETHICS

DIVERSITY POLICY. Minorities means, where applicable, Black Americans, Native Americans, Hispanic Americans, and Asian Americans.

CODE OF BUSINESS CONDUCT PENN NATIONAL GAMING, INC.

to inform employees of their obligation to report serious wrongdoing within Monsanto India;

CODE OF ETHICS/CONDUCT

AMETEK, Inc. Code of Ethics and Business Conduct

CODE OF BUSINESS CONDUCT AND ETHICS (Amended and Restated as of May 7, 2013)

ULTA BEAUTY, INC. Corporate Governance Guidelines

Audit Committee Charter

CRESCENT CAPITAL BDC, INC. AUDIT COMMITTEE CHARTER

Corporate Governance Guidelines

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

Audit Committee of the Board of Directors Charter CNL HEALTHCARE PROPERTIES II, INC.

NORFOLK SOUTHERN CORPORATION. Committee s Role and Purpose

Assume that any action you take could ultimately be publicized, and consider how you and PCA would be perceived. When in doubt, stop and reflect.

METHANEX CORPORATE MANUAL

INTRODUCTION. Overview of Compliance Program. I. Leadership and Structure. GSK Ethics & Compliance Program US Operations

Message to All Directors, Officers and Employees of Atmos Energy Corporation

WHISTLEBLOWER POLICY Whistleblower Policy and Procedures (the Policy ) of Canadian Solar Inc. and its Subsidiary Entities.

THE YANKEE CANDLE COMPANY, INC. Code Of Business Conduct And Ethics

SPRINT CORPORATION AUDIT COMMITTEE CHARTER

VIRTUA DATE OF LAST REVIEW 5/11; 4/14, 8/16

Audit Committee Charter Amended September 3, Tyco International plc

The Kroger Co. Board of Directors. Guidelines on Issues of Corporate Governance. (Rev. 3/9/17)

CODE OF BUSINESS CONDUCT AND ETHICS. FRONTIER AIRLINES, INC. Adopted May 27, 2004

Lackey Memorial Hospital. Corporate Compliance Manual. And. Code of Conduct

MacLean-Fogg Company Conflict of Interest Policy

In-service Education Packet Corporate Compliance

FIAT CHRYSLER AUTOMOBILES N.V. AUDIT COMMITTEE CHARTER

AMENDED AND RESTATED ON SEMICONDUCTOR CORPORATION CORPORATE GOVERNANCE PRINCIPLES

CODE OF CONDUCT. (As Amended June 11, 2015)

MINDEN BANCORP, INC. AUDIT COMMITTEE CHARTER

Vanderheyden s. Corporate Compliance Program

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

Atlas Financial Holdings, Inc. Code of Business Conduct & Ethics

A. Independence/Composition. The Committee shall be comprised of not less than three members. The members of the Committee:

CODE OF ETHICS FOR CHIEF EXECUTIVE OFFICER AND SENIOR FINANCIAL OFFICERS UGI CORPORATION

UTAH VALLEY UNIVERSITY Policies and Procedures

CITY OF VANCOUVER ADMINISTRATIVE REPORT

TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Risk Oversight Committee - Terms of Reference

CDM Smith Code of Ethics

Corporate Governance Guidelines

THE UNIVERSITY OF BRITISH COLUMBIA

Code of Business Conduct and Ethics

Triple C Housing, Inc. Compliance Plan

CODE OF CONDUCT AND ETHICS

#6-687 Workplace Violence Prevention Policy Rev. 01/26/2016 Page 1 of 6

Code of Business Conduct and Ethics

LIBBEY INC. CORPORATE GOVERNANCE GUIDELINES

POLICY The following are the principles of the Conduent Global Ethics Policy that govern all practices concerning business ethics:

CORPORATE GOVERNANCE GUIDELINES As Amended and Restated by the Board of Directors November 14, 2017

CABLEVISION SYSTEMS CORPORATION CSC HOLDINGS, INC. Code of Business Conduct and Ethics

AUDIT COMMITTEE CHARTER

Ethics Policy for Employees of the Presbyterian Mission Agency and the Office of the General Assembly of the Presbyterian Church (U.S.A.

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS

CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF COMPUTER TASK GROUP, INCORPORATED

CSL BEHRING COMPLIANCE PLAN

DOUBLE-TAKE SOFTWARE, INC. CODE OF BUSINESS CONDUCT AND ETHICS

Allergan plc COMPREHENSIVE COMPLIANCE PROGRAM

TG Therapeutics, Inc. Audit Committee Charter

Transcription:

Santander Holdings USA, Inc. WHISTLEBLOWER OPERATING POLICY

Table of Contents 1. INTRODUCTION... 3 1.1 PURPOSE OF DOCUMENT... 3 1.2 SCOPE... 3 1.3 DOCUMENT APPROVAL AND MAINTENANCE... 3 1.4 DEFINITIONS... 3 2. GOVERNANCE AND ACCOUNTABILITY... 5 2.1 WHISTLEBLOWER COMPLIANCE GOVERNANCE STRUCTURE... 5 3. POLICY... 7 3.1 POLICY STATEMENT... 7 3.2 POLICY COMMUNICATION... 7 3.3 OBLIGATION TO REPORT... 7 3.4 REPORTING WRONGDOING... 7 3.5 CONFIDENTIAL REPORTING AND NON-RETALIATION... 8 3.6 INQUIRIES AND INVESTIGATIONS... 8 3.7 PROTECTION OF THE WHISTLEBLOWER... 9 3.8 RECORD RETENTION... 9 4. ROLES AND RESPONSIBILITIES... 10 4.1 THREE LINES OF DEFENSE... 10 4.2 FUNCTIONAL ROLES AND RESPONSIBILITIES... 11 5. REPORTING STRUCTURE... 12 6. EXCEPTIONS... 13 7. DOCUMENT HISTORY AND VERSION CONTROL... 14 7.1 OWNERSHIP AND AUTHORSHIP... 14 7.2 SIGN OFF... 14 8. APPENDICES... 15 8.1 APPENDIX A KEY CONTACTS... 15 8.2 APPENDIX B REGULATORY OBLIGATIONS ADDRESSED BY THIS POLICY... 15 8.3 APPENDIX C RELATED POLICIES AND PROCESS AND ADMINISTRATIVE DOCUMENTS... 16 Page 2

1. Introduction 1.1 Purpose of Document The SHUSA Whistleblower Policy ( Policy ) establishes requirements and standards for all Employees of Santander Holdings USA, Inc. ( SHUSA ) 1 and all of its current and future full or majority owned subsidiaries (the Legal Entities or LEs, ) (collectively the Company ) related to reporting, receiving, investigating, and acting on complaints and concerns of Employees and others about any known or suspected accounting or audit impropriety, legal or regulatory violation. 1.2 Scope The Policy applies to all current and former Employees and Third Parties of SHUSA and its LEs. 1.3 Document Approval and Maintenance This Policy is owned by the SHUSA Chief Compliance Officer ( CCO ). The Compliance Committee ( CC ) reviews and recommends this Policy to the Enterprise Risk Management Committee ( ERMC ) for final review and approval. Along with the CCO, the respective management committees and the Board of Directors ( Board ) may initiate reviews of this Policy. At least annually, the CCO reviews and updates this Policy, or when relevant changes occur, to ensure that it remains applicable to the business and operational needs of SHUSA and its LEs. All material changes or updates to this Policy must be reviewed and approved by the ERMC. 1.4 Definitions Chain of Command Code of Conduct & Ethics ( Code ) Employees may choose to report Misconduct to their direct manager. If the manager is unavailable or an Employee believes it would be inappropriate to contact that person, then the next manager (Assistant Vice President, Director / Vice President), in the chain of command should be contacted. Employees can also report Misconduct through the Ethics Line or directly to their Human Resources Representative and/or the SHUSA Chief Legal Officer or an external advisor. The ethical principles and rules of conduct by which all activities of SHUSA Employees should be governed. 1 Legal Entities: as of the date of approval of this Policy, SHUSA s principal subsidiaries are: Santander Bank, N.A. ( SBNA ); Santander Consumer USA Holdings Inc. ( SC ); Santander Bancorp and its subsidiaries Banco Santander Puerto Rico ( BSPR ) and Santander Insurance Agency Inc.; Santander Securities LLC ( SSLLC ); Banco Santander International ( BSI ); Santander Investment Securities, Inc. ( SIS ); Services and Promotions Delaware Corporation and its subsidiary Services and Promotions Miami LLC. As of 1st July 2017, Santander Financial Services Corporation Inc. ( SFS ) will also become a fully-owned subsidiary of SHUSA. Page 3

Misconduct Employee(s) Third Party Whistleblower Ethics Line A violation of accounting, internal accounting and financial reporting controls and auditing matters, including attempted or actual circumvention of internal accounting controls or complaints regarding violations of the Company s accounting policies; a violation of state and/or federal law or regulation; health and safety violations; or global anticorruption laws, the reporting of which is specifically protected by the laws listed in Appendix B. Individual(s) who has/have been hired by the Company in the capacity of a regular full-time or part-time, occasional, seasonal, intern, or periodic worker whose pay is recorded on IRS Form W-2. A Third Party is an entity or person that has entered into a business relationship with the Company to perform or provide one or more of the following activities: Products or services directly or indirectly Performs an operational function on behalf of the Company Business on behalf of the Company or refers or sells products approved by the Company Products or services directly or indirectly to any current or prospective customer of the Company in connection with the Company s offer or provision of financial services Entities that the Company pays for that are common items and sundries, or only for the purpose of community relations and civic involvement, may be classified as Payees and not a Third Party. Payees may include: Municipal services (e.g., city and local tax payments) Publication subscriptions Membership fees & professional dues Applicable regulatory fees Corporate sponsorships and events Any person within the scope of this Policy or former Employee who reports Misconduct to a responsible person or entity which has the power to correct the Misconduct. Telephone number, managed by an independent third party vendor, which may be used to submit reports where there is reasonable belief of Misconduct. Page 4

2. Governance and Accountability 2.1 Whistleblower Compliance Governance Structure SHUSA sets and implements a whistleblowing process to which all LEs must adhere. Foreign Banking Organization (FBO) Banco Santander, S.A. (Santander) Santander Holdings USA, Inc. (SHUSA) SHUSA Board Audit Committee US Intermediate Holding Company SHUSA Management Committees Enterprise Risk Management Committee (ERMC) SHUSA Compliance Committee (SHUSA CC) US Management Committees US Legal Entity Figure 1: SHUSA Whistleblower Compliance Governance Structure Oversight responsibility for this Policy resides, respectively, with the CCO, who will coordinate efforts with Legal and Human Resources ( HR ) and other SHUSA departments as necessary, the Chief Risk Officer (the CRO ), CC, ERMC and the SHUSA Board. The SHUSA Audit Committee is responsible for oversight of the Whistleblower process and any reports of Misconduct. The SHUSA Audit Committee, or its appointee, is also responsible for responding to allegations sent directly to the SHUSA Board or Audit Committee by a potential Whistleblower. The ERMC is responsible for: Reviewing and approving this Policy; and Overseeing implementation of this Policy. Overseeing exceptions to this Policy. The CC is responsible for: Reviewing and recommending approval of this Policy to the ERMC; Overseeing the implementation of this Policy; and Overseeing compliance with this Policy. Page 5

Legal Entity Responsibilities and Governance: Each Legal Entity is required to adopt this Policy and develop a Whistleblower Program consistent with this Policy and approved in accordance with its respective governing documents. Page 6

3. Policy 3.1 Policy Statement Employees have the responsibility to understand the requirements of this Policy as well as the contents of any related Company policies, standards and procedures. Employees also have a responsibility to promptly report any known or suspected Misconduct using any of the processes described herein. Employees wishing to make anonymous or confidential reports under this Policy are able to do so in confidence with no fear of retaliation and with the full protection of the law. SHUSA or its LEs will not discharge, demote, suspend, threaten, harass or in any manner discriminate against any Employee, former Employee, or Third Party in the terms and conditions of employment based upon any lawful actions of such Employee with respect to good faith reporting of Misconduct. Employees who fail to report known or suspected violation of law, regulation, policy, accounting or auditing standards, or the SHUSA Code of Conduct and Ethics may be subject to discipline, up to and including termination of employment. 3.2 Policy Communication This Policy and all related procedures and guidelines shall be communicated to all Employees as part of the new hire process. The documents will be posted on the SHUSA intranet as well as the intranet sites for each LE and will be a part of annual training. 3.3 Obligation to Report Employees must immediately report their reasonable belief of Misconduct pursuant to the procedures identified in this Policy. Employees must also report any of the specific events regarding Misconduct identified below, whether the events arise from the Employee s employment or not: Any inquiry or action alleging Misconduct against an Employee, Third Party, or other business partner of SHUSA or its LEs brought by a regulatory authority; and Any private action against an Employee, other Third Party, or other business partner of SHUSA or its LEs alleging Misconduct. Lastly, Employees have an obligation to report any known or suspected retaliation against another Employee who reported Misconduct. 3.4 Reporting Wrongdoing SHUSA encourages all Employees to immediately report when they have a reasonable belief of a suspected Misconduct. Employees are encouraged to immediately speak with their direct managers or someone in their Chain of Command. The managers are required to assist with the reporting of the Misconduct to the department designated in SHUSA s or the LE s operating documents. Employees can also report known or suspected Misconduct directly to their Human Resources Representative and/or the SHUSA Chief Legal Officer or an external advisor. Page 7

Employees wishing to report a complaint confidentially or anonymously can call the Ethics Line. The Ethics Line is administered by an independent party to preserve anonymity and confidentiality. Reports registered with the Ethics Line will be transferred to the appropriate area of responsibility for collection and response in a format that preserves anonymity and confidentiality. 3.5 Confidential Reporting and Non-Retaliation To ensure that Employees feel secure in reporting Misconduct, if an Employee discloses his or her identity, SHUSA and its LEs will keep any report of Misconduct and the resulting investigation confidential to the fullest extent permissible by law. It is strictly prohibited to retaliate against Employees for reporting or assisting in an investigation of conduct that the Employee reasonably believes is Misconduct. An Employee s terms, conditions, or privileges of employment shall not be harmed due to the Employee engaging in activity protected by this paragraph. An Employee who believes he or she may have been the subject of such retaliation should make a report as provided in Section 3.4. Employees are not permitted to discover or disclose the identity of a person who submits an anonymous complaint, unless such discovery or disclosure is necessary to fully investigate or resolve the complaint or unless required by law. Improper disclosure of the identity of a person who submits an anonymous complaint is subject to disciplinary action, up to and including termination of employment. 3.6 Inquiries and Investigations It is every Employee s responsibility to promptly and honestly respond to inquiries from SHUSA and its LEs related to any potential Misconduct. The concealment or omission of pertinent information is prohibited and may result in disciplinary action, up to and including termination of employment. Investigation of Misconduct shall be the responsibility of the SHUSA Audit Committee. All investigations will begin based on priority. The Employee, who is reporting the Misconduct or potential violation, if he or she identifies himself or herself, may be asked to provide additional information. The Employee will also be notified once the investigation is complete. However, the results will not be reported to the Employee who reported the Misconduct or potential violation, as the outcome and subsequent disciplinary action, if any, is confidential. If the alleged Misconduct is verified after the investigation, disciplinary action may be taken in accordance with the Company s Employee Handbook. This decision will be made by the SHUSA Audit Committee, or an appropriate person specified by SHUSA or the LEs in their operating documents. Any falsified or deceptive statements made by the Employee who is reporting the Misconduct, will be subject to disciplinary action. However, no disciplinary action will be taken against the Employee if the allegation was made in good faith and of the belief that a Misconduct or violation was committed. Page 8

3.7 Protection of the Whistleblower The Compliance, Legal, and HR Departments as well as the SHUSA Audit Committee shall protect the identity of the Whistleblower, and shall protect him/her from any retaliation resulting from or arising out of reporting allegations of Misconduct or violation. 3.8 Record Retention All reports and investigations should be retained for five (5) years. Page 9

4. Roles and Responsibilities 4.1 Three Lines of Defense SHUSA and its Legal Entities organize their roles and responsibilities for risk management into a three lines of defense ( LoD ) model, with separately defined and segregated responsibilities consistent with applicable regulations and guidance. 1st LoD Risk Management SHUSA, its Legal Entities, Business Units and Support Units: reporting to the CEO, 1st LoD units have responsibility for the primary management of the risks that emanate from their activities. 1st LoD units own, identify, measure, control, monitor and report all risks that are originated through activities such as business origination, the development, marketing or distribution of products, client maintenance, or operational or technological processes supporting customer activity. 2nd LoD Risk Control Risk Function reporting to the CRO: 2nd LoD unit that defines risk management frameworks and policies independently monitors risk exposures, implements comprehensive and appropriate risk controls, and reviews and challenges 1st LoD units on their activities, to ensure that risk is managed in line with the agreed frameworks and Risk Appetite levels. The Risk function is comprised of Enterprise Risk Management, risk-type areas (Credit, Market, Liquidity, Operational, Model and Compliance) and other specialized functions (Model Development, Decision Sciences). Legal Function reporting to the Chief Legal Officer ( CLO ): the Legal Function is responsible for assisting the business in conducting its operations in compliance with applicable laws and regulations, approving legal documentation, representing SHUSA in legal proceedings and overseeing SHUSA s consumer practices and public policy functions. Financial Control reporting to the Chief Financial Officer ( CFO ): the Financial Control function is responsible for the integrity of SHUSA s financial reporting. 3rd LoD Risk Assurance Internal Audit reporting to the Chief Audit Executive ( CAE ) and to the Board: independent of any other function or unit in SHUSA or its Legal Entities; provides independent assurance to the SHUSA Board and senior management by assessing the quality and effectiveness of the processes and systems of internal control, risk management and risk governance, compliance with applicable regulations, and the reliability and integrity of financial and operational information. Credit Risk Review Function reporting to the Chief Credit Risk Review Officer and to the RC (and administratively to the SHUSA CRO): independent of any other function or unit in SHUSA or its Legal Entities; provides an independent assessment to the SHUSA Board and senior management of SHUSA s credit risk profile and credit risk practices, ensuring credit practices are consistent with SHUSA s desired risk profile and Risk Appetite limits. Page 10

Note: Refer to the SHUSA ERM Framework for a complete definition of the model and the roles and responsibilities for each of the three lines of defense. 4.2 Functional Roles and Responsibilities The table below summarizes the roles and responsibilities for SHUSA and LE committees and personnel under this Policy. Line of Defense Party Role/Responsibility First Employees This Policy applies to all SHUSA Employees. Each Employee must review this Policy at designated times, and this review must be recorded as part of the training of each Employee. Employees will be responsible for reporting known or suspected violations of law, regulation, policy, accounting or auditing standards, or the Code. First HR HR is responsible for assisting in developing, designing, deploying and archiving the training curriculum for SHUSA. HR is also responsible for collecting, distributing, and maintaining quarterly and annual Whistleblower training reports and reporting any exceptions to the CCO. Additionally, HR receive complaints, conduct the review and investigation of complaints as defined in the relevant SHUSA or LE operating documents. Second Legal Additionally, Legal will conduct the review and investigation of complaints as defined in the relevant SHUSA or LE operating document. Second CCO The CCO is the Policy owner and is responsible for overseeing reporting of complaints from the Ethics Line and Employees, assisting in investigations as necessary, and distributing the complaints as appropriate. Second Compliance Compliance Department is responsible, as defined in the relevant SHUSA or LE operating document, for receiving incoming reports from the Ethics Line and Employees, distributing the reports and the review and investigation of complaints as appropriate. Compliance maintains the Whistleblower training. Third Internal Audit Independently validate compliance with the Policy Page 11

5. Reporting Structure Whistleblower complaints will be discussed, as necessary with the SHUSA Audit Committee or an appropriate body specified by SHUSA or the LEs in their operating documents. Escalation of items that require additional action will be routed through the governance structure as appropriate. Page 12

6. Exceptions Policy exceptions are expected to be infrequent but may be warranted to address specific business needs, in particular those of the Legal Entities. Nonmaterial exceptions to this Policy must be approved by the SHUSA CCO. Material exceptions to this Policy must be approved by the SHUSA CCO and the SHUSA Chief Legal Officer ( CLO ), or his/her designee. As appropriate, the SHUSA CCO and/or the SHUSA CLO will escalate material exceptions to the SHUSA ERMC. Exceptions to this Policy must be documented in an addendum to this Policy, as applicable. Exceptions must capture the rationale for the exception, an assessment of risk associated with the exception (if appropriate), expiration dates for the exceptions (if appropriate), and other relevant comments. The SHUSA CCO in coordination with the applicable Legal Entity contacts is responsible for monitoring policy exceptions and periodic review of their necessity. Page 13

7. Document History and Version Control 7.1 Ownership and Authorship Version Date Author Owner Reason for Change SHUSA Legal Fred Springer, 1.0 10/5/2016 Initial version SHUSA Compliance Chief Compliance Officer 7.2 Sign Off Approving Body Governance Committee Approval Final Approval Date SHUSA ERMC Compliance Committee 10/05/2016 Page 14

8. Appendices 8.1 Appendix A Key Contacts Title Role Name and Contact Chief Compliance Officer Policy owner Fred Springer, fred.springer@santander.us, 617-316-3964 Chief Legal Officer Chief Human Resources Officer Review and investigation Training, review, and investigation Michael Lipsitz, michael.lipsitz@santander.us William Wolf, william.wolf@santander.us 8.2 Appendix B Regulatory Obligations Addressed by this Policy Regulatory Agency Citation Title US Securities Exchange 15 U.S.C. 78j-1(m)(4); 17 CFR US Securities and Exchange Act of 1934 and Commission 240.10A-3 US Securities Exchange Section 922 of Dodd-Frank Act; SEC Whistleblower laws and regulations. and Commission Section 21F of Securities Exchange act of 1934 (15 USC 78u); SEC rule 21F (17 CFR 240.21F); US Securities Exchange 18 USC 1514A Sarbanes-Oxley Act and Commission US Commodity Futures Section 748 of Dodd-Frank Act (7 Dodd-Frank Act. Trading Commission USC 26); CFTC rule (17 CFR 165) Occupational Safety Section 1057 of Dodd-Frank act Dodd-Frank Act protections for whistleblowers and Health Agency (12 USC 5567) Federal Court System United States Sentencing Sentencing Guidelines for Organizations Guidelines 8 Occupational Safety 29 USC 660(c); 29 CFR 1977 Occupational Safety & Health Act and Health Agency Occupational Safety and Health Agency 29 USC 218C Affordable Care Act. Occupational Safety and Health Agency 42 U.S.C. 9610 & 29 CFR 24; 42 U.S.C. 7622 & 29 CFR 24; 15 U.S.C. 2651 & 29 CFR 1977; 42 U.S.C. 6971 & 29 CFR 24 Federal Environmental Protection Laws. Various State Agencies CT 31-51m; Del. Code Ann. Title 19; FL 448.102; ME Title 5 4572; MA Ch. 149 185; NH 275-E; NJ 34:19-1; NY Lab L 740; PA Statute Ann. Title 35 & 43; Tex. Lab. Code Ann. 411.082; Tex. Lab. Code Ann. 21.055. These state laws protect employees of private entities from retaliation. Page 15

8.3 Appendix C Related Policies and Process and Administrative Documents Document Type Entity and Owner Document Title Department Enterprise SHUSA Compliance CCO Code of Conduct & Ethics Handbook SHUSA Human Resources CHRO Employee Handbook Page 16

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback