Anti-fraud and
fraud awareness policy

1 - Policy statement

Iress Limited (incorporated in Australia, ABN 47 060 313 359) and all companies within its Group (together, “Iress”) is committed to the prevention of fraud and the promotion of an anti-fraud culture. Consistent with this policy, Iress will not tolerate any form of fraudulent activity or corruption. Iress must ensure that neither it, nor any third party acting on its behalf, acts fraudulently in its dealings with any other person or entity. Iress expects all of its people, and third parties acting on their behalf, to act honestly and with integrity at all times. Iress encourages its people to report any suspicion of fraud to their People Leader and Legal and / or Compliance team, or through Iress’ Whistleblowing Policy.

This Anti-Fraud and Fraud Awareness policy:

a - sets out Iress’ responsibilities in relation to the prevention of fraud;

b - provides information and guidance to Iress people and other people working for and with Iress on how to report potential fraud issues; and

c - provides examples of potentially fraudulent activities.

This policy applies to all people working for Iress or on its behalf in any capacity, including employees (whether permanent, fixed term or temporary), directors, officers, agency workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners. Iress will investigate all instances of actual, attempted and suspected fraud committed by these people and will, where appropriate, work with the local law enforcement agency to investigate acts of fraud. Any person at Iress who breaches this policy will face disciplinary action, which may include dismissal (or termination of contract, in the case of a contractor) and criminal liability (which may include imprisonment).

2 - Definition of Fraud

Fraud can be defined as ‘a criminal activity where deception is used for personal gain or to cause a loss’. Fraud can be committed in one of three ways:

a - fraud by false representation;

b - fraud by failing to disclose information; and

c - fraud by abuse of position.

The term ‘fraud’ is commonly used to describe the use of deception to deprive, disadvantage or cause loss to another person or party; or secure unwarranted personal gain. Examples include (but are not limited to) submitting false documentation, falsely claiming expenses, and facilitating a payment(s) to authorised or unauthorised person(s) or third parties that is not consistent with applicable contractual terms.

By way of illustration, the following scenarios could amount to fraud, and should be reported by those to whom this policy applies:

a - internal theft, which is the stealing of company assets by people, such as taking supplies or products;

b - payoffs and kickbacks, which are situations in which people accept cash or other benefits in exchange for access to the company’s business, often creating a scenario where the company that the person works for pays more for the goods or products than necessary. That extra money finds its way into the pocket of the person who helped facilitate the access; and

c - embezzlement, also called larceny, which is the illegal use of funds by a person who controls those funds. For example, a bookkeeper may use company money for his/her personal needs.

3 - Responsibility for the policy

All people to whom this policy applies must read, understand and comply with this policy. Iress people and contractors of Iress are required to confirm they have read and understood this policy upon commencing employment with Iress. All people must re-acquaint themselves with this policy whenever it is updated.

The Legal and Compliance teams are responsible for:

a - regularly reviewing this policy to ensure that it remains effective and relevant;

b - potentially undertaking initial investigations of allegations of fraud and taking appropriate action, and / or referring the matter to the relevant law enforcement agency; and

c - co-ordinating all contact with the relevant law enforcement agency and any third party consultants.

The Leadership Team is responsible for:

a - developing , implementing and maintaining adequate systems of internal control to prevent and detect fraud;

b - reporting to Legal and Compliance teams on all aspects of fraud risk management, including known and suspected fraud;

c - assisting in the investigation of suspected fraud;

d - monitoring compliance with internal controls and agreed policies and procedures; and

e - reporting all high material fraud events to the Iress Limited Board of Directors.

All Iress people and contractors are responsible for:

a - conducting themselves with integrity, objectivity, accountability, openness and honesty;

b - being alert to the possibility that unusual events or transactions could be indicators of fraud;

c - alerting their People Leader when they believe the opportunity for fraud exists e.g. because of poor procedures or lack of effective oversight;

d - reporting details immediately if they suspect that a fraud has been committed or see any suspicious acts or events; and

e - cooperating fully with whoever is conducting internal checks or reviews, or fraud investigations.

4 - The prevention and detection of fraud

Iress is focused on ensuring that its fraud controls are effective in preventing or detecting fraudulent activity.

The following controls mitigate Iress’ fraud risk and are regularly reviewed to ensure they meet the required control effectiveness ratings:

a - background checks are conducted on all new Iress people to check for criminal records, bankruptcy records, and confirm country of residence;

b - expense claims are authorised by People Leaders, and guidance is provided on what can be claimed in Iress’ expenses policy;

c - due diligence is completed on all new suppliers to Iress;

d - annual compliance training on anti-bribery and corruption (which includes fraud) is completed by all Iress people; and

e - payments in and out of Iress are monitored to detect patterns of suspicious activity and all incidents must be reported to the Leadership Team.

5 - How to to raise a concern

Iress encourages all people who work with and for Iress to immediately raise concerns about any suspicion of actual, attempted or suspected fraud. Individuals should not attempt to investigate fraud themselves.

If a person has any suspicion of fraudulent activity, they must report it to their People Leader and the Legal and / or Compliance teams, or through Iress’ Whistleblowing Policy (which can allow for an anonymous report and various protections for the reporting individual). Iress is committed to ensuring that people to whom this policy applies can voice any concerns regarding the application of this policy in strict confidence.

Iress will not tolerate retaliation of any form against anyone raising concerns or reporting what they suspect is fraudulent behaviour. All reports made by Iress people will be treated as confidential.

6 - Monitoring and review

Iress will review the implementation of this policy at least annually, and will consider the policy’s suitability, adequacy and effectiveness. Policy improvements as a result of legislative or best practice changes will be made to this policy as soon as is practicable. Internal control systems and procedures will be subject to regular review to provide assurance that they are effective in counteracting fraud activity.