Speaking up
policy

Overview

1. Purpose

Iress is committed to fostering a culture where people feel safe to speak up.

You are encouraged to speak up and constructively challenge at any time, including by calling out behaviour that isn’t or doesn’t seem right. This could be anything from concerns about conduct that is possibly illegal, to behaviour that is out of step with our Code of Ethics & Conduct.

This Policy explains:

• how to speak up at Iress, including how to report concerns through Iress’ Whistleblower Channels;
• the types of concerns that will be assessed as Whistleblower Disclosures (including e.g. fraud, theft, bribery, harassment, insider trading and failing to disclose conflicts of interest, but not client complaints or work-related grievances that impact you but do not have broader implications for the Group);
• how Whistleblower Disclosures are managed and Iress will do with concerns that are not Whistleblower Disclosures; and
• how we will support and protect you if you are a Whistleblower.

Capitalised terms are defined in Attachment 1: Key Terms or as roles in Section 4: Roles and Responsibilities, unless specified otherwise.

2. Scope

This Policy applies to the Group, Directors, Employees and other persons described in this Policy as Eligible Persons or Eligible Recipients.

This Policy may apply outside Australia and is applied in accordance with the laws of the relevant jurisdictions in which Iress operates. For those parts of the Group that are subject to laws or regulatory requirements that are in conflict with this Policy, the more stringent standard applies.

Any local or business-related policies or standards made under local regulatory requirements are to be consistent with this Policy unless applying a higher standard. All such documents are to be approved by the Policy Owner prior to their effective date or prior to being materially amended.

Nothing in this Policy is intended, or should be construed, to interfere with your rights under applicable laws and you may exercise any such rights.

This Policy can be accessed internally on Iress’ Policy Hub (via Iress HQ) and is also published externally on Iress’ corporate website: www.iress.com.

3. Policy Requirements

3.1 Key principles

• We are all responsible for constructively challenging one another and speaking up as soon as possible if we suspect that something is not right.
• You are encouraged to speak up in the ordinary course of business, however, the Whistleblower Channels set out in Section 3.3.1 of this Policy are available if you are not comfortable doing so and feel as though you may need support and protection.
• Any concern you report under this Policy will be treated seriously and sensitively.
• All Whistleblower Disclosures will be handled in accordance with this Policy and applicable whistleblower legislation.
• We will not tolerate any form of actual or threatened victimisation (including termination, demotion, harassment, harm or injury) towards someone because they (or another person) has or may have made, or proposes to or could make, a Whistleblower Disclosure. This sort of conduct is referred to as Detrimental Conduct in this Policy.

3.2 Speaking up at Iress

Speaking up and raising matters in the ordinary course of business is important. We encourage you to speak up by contacting:

• your People Leader, or his or her People Leader; or
• one of our Corporate Functions, such as Group Risk & Compliance or People & Culture.

3.3 Whistleblower process

There may be times when you do not feel comfortable raising your concerns in the ordinary course of business and you need confidentiality and protection. In these circumstances, we encourage you to raise your concerns in accordance with this Policy. The following sections of this Policy outline how the whistleblower process operates at Iress.

Overview of the whistleblower process at Iress

3.3.1 Iress’ Whistleblower Channels: Reporting a concern

How can I report a concern?

You can report a concern in the following ways:

• Iress’ Speaking Up online portal: www.yourcall.com.au/iress (click on ‘Make a Report’)
• Iress’ Speaking Up hotline: (available 9am to midnight on business days)
  • Australia: 1300 790 228
  • United Kingdom: 0800 046 5662
  • Singapore: 800 492 2390
  • New Zealand: 0800 492 2930
  • Canada: 1(800) 897 2861
  • United States: 1(800) 897 2761

These services are managed by Your Call, an external vendor. With your consent, your concern will be provided to the Group Compliance team so that it can be managed in accordance with this Policy. If you choose to remain anonymous, your identity will not be passed on to us. Your Call will not investigate your concern.

You can also report a concern to the other Eligible Recipients listed on page 7 of this Policy.

Group Compliance is responsible for maintaining a record of all concerns raised under this Policy.

Can I report a concern anonymously?

Yes. If the concern is a Whistleblower Disclosure, you will qualify for whistleblower protection under this Policy. You can remain anonymous after raising your concern, including during and after any investigation into your concern. You may also refuse to answer questions at any stage of the process that could reveal your identity.

If you report a concern anonymously to Iress’ Speaking Up online portal or Speaking Up hotline, you will receive a unique Issue ID and be prompted to create a password. Please take note of your Issue ID and password as it cannot be reset and is required to contact the relevant service to provide further information or to request an update at any time.

Although you are not required to, you are encouraged to share your identity, at least with Group Compliance, when reporting a concern. Remaining anonymous may limit Iress’ ability to investigate or manage your concern.

3.3.2 Assessment

Will my concern be assessed as a Whistleblower Disclosure?

Your concern will be assessed as a Whistleblower Disclosure if it meets the following criteria:

• You are an Eligible Person;
• Group Compliance determines that your concern is about Reportable Conduct; and
• You reported your concern to an Eligible Recipient.

Am I an Eligible Person?

You are an Eligible Person if you are, or have been:

• a current or former Employee or Contractor, including those employed on a temporary basis;
• a current or former officer or Director;
• a current or former service provider (e.g. auditors, accountants and consultants) or supplier (whether paid or unpaid);
• a current or former employee of a service provider or supplier (whether paid or unpaid); or
• a current relative, dependent or spouse of an individual identified above.

Is my concern about Reportable Conduct?

Reportable Conduct includes any past, present or likely future act, omission or course of action at Iress that you have reasonable grounds for suspecting:

• amounts to misconduct or an improper state of affairs, such as:
  • fraud or theft (such as falsifying invoices or misappropriating funds);
  • corrupt behaviour (such as accepting or offering a bribe or dishonestly taking advantage of an employment position);
  • illegal activities (such as money laundering, engaging in insider trading, knowingly making false statements to clients, illicit drug sale or use, violence or threatened violence or criminal property damage);
  • improper conduct relating to accounting, internal controls, taxation affairs, auditing or financial reporting;
  • a serious mismanagement of Iress resources;
  • a serious or systemic breach of an Iress policy, such as the Code of Ethics & Conduct or failing to disclose conflicts of interest;
  • concealing Reportable Conduct;
  • negligent acts, or a breach of duty; or
• indicates a significant or serious threat to health or safety; or
• constitutes an offence against, or a breach of, one or more laws.

Reportable Conduct usually relates to the conduct of our people, but it can also relate to the actions of a third party, such as a client, supplier or service provider, if it has significant implications for Iress.

If your concern is not able to be substantiated, you won’t be penalised and any relevant protections under this Policy will still apply. However, deliberately raising a concern that you know is false or misleading will likely breach our Code of Ethics & Conduct, which may result in disciplinary action being taken against you. There could also be legal consequences.

What types of concerns are not Reportable Conduct?

Personal work-related grievances are generally not considered to be Reportable Conduct. These are grievances that relate to your employment (such as remuneration, performance reviews, transfers, promotion or disciplinary action) or a conflict between you and another employee. Personal work-related grievances tend to have implications for you personally, but do not have significant or broader implications for the Group.

To raise a personal work-related grievance under the Group’s grievance process, refer to the Iress Grievance Policy available on Iress’ Policy Hub.

In rare circumstances, a personal work-related grievance may amount to Reportable Conduct under this Policy. This may include where the grievance:

• indicates a systemic issue (such as a systems error that has resulted in systemic underpayment of remuneration);
• relates to conduct that constitutes a breach of employment laws punishable by imprisonment for a period of 12 months or more (including certain WHS offences); or
• relates to actual or threatened Detrimental Conduct against a person because they have made, may have made, propose to make or could make a disclosure about other Reportable Conduct.

Client complaints are another type of concern that generally do not constitute Reportable Conduct. If you are a client and you are not satisfied with our products or services, please contact Iress using the details available on our website: https://www.iress.com/contact/contact-sales/

Who is an Eligible Recipient?

The Speaking Up online portal and hotline are the Group’s primary Eligible Recipients of Whistleblower Disclosures.

Each of the following is also an Eligible Recipient:

• a Director or company secretary of any Iress Group entity;
• the Chief Executive Officer and any of their direct reports;
• an internal or external auditor of Iress; and
• if your concerns relate to the tax affairs of any Group entity, any Employee who has responsibilities that relate to the tax affairs of any Group entity.

You can find further details about these Eligible Recipients in Attachment 1- Key Terms.

If one of the Eligible Recipients listed above is your People Leader or your two-up People Leader, and you want to raise a concern with them under this Policy, we encourage you to indicate to them that you are raising the concern with them specifically in their capacity as an Eligible Recipient, rather than as your People Leader or two-up People Leader.

What will happen if my concern is assessed as a Whistleblower Disclosure?

If your concern is assessed as a Whistleblower Disclosure, it will be referred to a Whistleblower Investigation Officer, who is generally a senior member of the Group Compliance team.

In some cases (including where there may be a conflict), a member of another internal team may be appointed as the Whistleblower Investigation Officer. Eligible Recipients typically do not conduct a review or an investigation into the concerns raised with them.

The Whistleblower Investigation Officer will review the Whistleblower Disclosure to determine whether any of the concerns raised should be investigated. Sometimes a decision may be made to not investigate a Whistleblower Disclosure, or a part of it (such as if the concern has previously been investigated and there is no new material information). If we are able to contact you, we will advise you whether an investigation has been undertaken.

What will happen if my concern is assessed as not being a Whistleblower Disclosure?

If your concern is assessed as not being a Whistleblower Disclosure, the Whistleblower Investigation Officer has the discretion to refer the concern to the most appropriate area of the Group for management in accordance with relevant policies and procedures. If we are able to contact you, you will be notified of the assessment decision and the referral pathway.

If your concern does not contain sufficient information to form a reasonable basis for investigation, the Whistleblower Investigation Officer will attempt to request additional information from you. If additional information cannot be obtained or you do not wish to engage further with the concern, the Whistleblower Investigation Officer will close your concern and you will be informed. Should further information be subsequently provided, the Whistleblower Investigation Officer will assess that new information in accordance with this Policy.

3.3.3 Investigation

What happens during an investigation?

If the Whistleblower Investigation Officer decides that your Whistleblower Disclosure will be investigated, he or she will conduct or commission an investigation with the support of internal or external resources as deemed appropriate.

These resources are bound by the same confidentiality rules as the Whistleblower Investigation Officer to ensure that your confidentiality is maintained.

The Whistleblower Investigation Officer may also recommend to the Policy Owner that an external party lead the investigation.

Investigations will be conducted objectively and impartially. We will seek to conduct the investigation as quickly as the circumstances allow.

3.4.4 Outcome

What happens after an investigation?

The investigation outcome provided to you is subject to privacy and confidentiality rights of any individual under investigation and any other confidentiality requirements that may arise during the investigation. In some circumstances, we may not be able to notify you of the outcome (including where we are prevented by law from doing so, or if it would pose a risk of serious harm to an individual). Findings will be communicated to you in the manner that the Whistleblower Investigation Officer considers is appropriate.

For all investigations, the Whistleblower Investigation Officer will notify Group Compliance of the investigation outcome for governance and record-keeping purposes.

3.4.5 Whistleblower protections, support and escalations

What protections and support will be available to me if my concerns are assessed as a Whistleblower Disclosure?

We understand that you may be concerned about being identified, or potential repercussions for making a Whistleblower Disclosure. The support and protections outlined below are available irrespective of whether your concerns are substantiated.

How will my identity be protected?

We take our obligation to protect your confidentiality very seriously. If you choose to disclose your identity, it will be protected in accordance with this Policy at all stages of the process. Your identity (if disclosed) will only be known by a select number of people, including:

• a limited number of people in the Group Compliance team who undertake the initial assessment of your concern to determine if it is a Whistleblower Disclosure;
• the Whistleblower Investigation Officer (and any individuals supporting them in the investigation); and
• the Whistleblower Support Officer.

By reporting a Whistleblower Disclosure under this Policy, you consent to this information, including your identity (unless you choose to remain anonymous) being recorded and accessible by these people.

Other than the above, your identity (or any information likely to lead to you being identified) as a Whistleblower will not be shared with anyone except in the following circumstances:

• you provide consent;
• it is necessary to prevent or lessen a threat to a person’s health, safety or welfare;
• the disclosure is to a legal practitioner to obtain legal advice or representation regarding the operation of the whistleblower provisions of the Corporations Act or the Tax Administration Act, as appropriate;
• we are legally obliged to do so; or
• the disclosure is otherwise permitted or required by law (for example, your identity may be disclosed to ASIC, or a member of the Australian Federal Police, or in relation to tax-related disclosures, to the ATO, Tax Practitioners Board or the Inspector-General of Taxation).

Information provided in your Whistleblower Disclosure may be disclosed as required for the purpose of investigating the matter under this Policy. Reasonable steps will be taken to reduce the risk that you could be identified as part of any process conducted under this Policy. This may include, to the extent we are able to do so, removing information relating to your identity or other information likely to lead to your identification.

Non-identifying information about your Whistleblower Disclosure may also be shared with Iress senior management or relevant governance bodies (such as the Iress Board or the Board Audit & Risk Committee).

To further protect your identity, Iress will securely store all paper and electronic documents and other materials relating to your Whistleblower Disclosure.

How will I be protected against Detrimental Conduct?

You may be worried about possible repercussions from speaking up. We will take all reasonable steps to protect you from Detrimental Conduct.

Detrimental Conduct is any actual or threatened detrimental conduct against you or another person because you or another person has made, proposes to make, or could make a Whistleblower Disclosure, or because you have been involved in the investigation of a Whistleblower Disclosure.

Detrimental Conduct is against the law and includes action such as:

• dismissal, suspension, demotion or involuntary transfer;
• any form of harassment, bullying, intimidation or threatening behaviour;
• current or future discrimination or bias, including being denied a promotion or transfer;
• having authority undermined or work heavily scrutinised;
• harm or injury, including psychological harm;
• any other conduct that constitutes retaliation, victimisation or less favourable treatment; and
• threatening to carry out any of the above.

It is important to note, however, that not all conduct will amount to Detrimental Conduct. Conduct such as managing poor work performance in line with the Group’s performance management procedures, taking disciplinary action in response to misconduct (including where you intentionally make a Whistleblower Disclosure that you know is false or misleading), or administrative action that is reasonable to protect you from Detrimental Conduct (such as moving you from your immediate work area to another office or team) is not Detrimental Conduct.

We may, at our discretion, grant you immunity from internal disciplinary proceedings relating to matters that come to light as a result of your Whistleblower Disclosure.

Protection and support will be provided to you when you speak up. You will have access to a Whistleblower Support Officer who is a senior employee within the People & Culture team responsible for:

• assessing and monitoring any risks of Detrimental Conduct; and
• taking reasonable steps to protect you from those risks. These reasonable steps may include making modifications to your work arrangements or the way you perform your work duties.

If, despite those reasonable steps, you believe you have been subjected to Detrimental Conduct, we encourage you to raise this immediately with the Whistleblower Support Officer or via any of the other Speaking Up channels.

What wellbeing support is provided?

In addition to the Whistleblower Support Officer, if you are a current or former Employee of the Group (or their immediate family member), you can access Iress’ confidential counselling service, the Employee Assistance Program. Upon request, this service may also be extended to other Eligible Persons.

Contact details for the Employee Assistance Program are available on Iress HQ.

3.4.6 Support for other investigation participants

What happens if a Whistleblower Disclosure raises concerns about me?

If you are the subject of a Whistleblower Disclosure that is being investigated and there are reasonable grounds to support the concerns raised against you, you will be given information about the concerns so that you can respond to them. In these circumstances, you will be informed of relevant investigation findings (subject to confidentiality requirements), however you will not be provided with a copy of any investigation report.

What support will be available if I am a participant in an investigation into a Whistleblower Disclosure?

If you are a current or former Employee of the Group (or their immediate family member), you can access the Group’s confidential counselling service, the Employee Assistance Program, for wellbeing support.

3.4.7 Conflicts management

How are conflicts of interest managed under this Policy?

All people with roles under this Policy must disclose any actual, potential or perceived conflicts of interest in relation to a Whistleblower Disclosure or investigation. Any such conflict of interest must be reported, assessed and managed consistently with the principles set out in the Conflicts of Interest Policy.

Management of any conflict may include appointing a different person to review the Whistleblower Disclosure and/or conduct the investigation.

4. Roles and Responsibilities

The below table outlines the key roles and responsibilities under this Policy.

5. Monitoring and Review

This Policy will be reviewed every two (2) years to validate its effectiveness and alignment with legal and regulatory requirements. Any material amendments to this Policy must be approved by the Board.

6. Non-Compliance

Non-compliance with this Policy could have serious consequences. A breach of this Policy, including breaches of confidentiality or engaging in Detrimental Conduct may result in disciplinary action, up to and including suspension or dismissal.

A breach of this Policy may also attract civil and/or criminal penalties for the individual and/or Iress.

If the potential non-compliance relates to an investigation under this Policy, or the conduct of the Whistleblower Investigation Officer or the Whistleblower Support Officer, the Policy Owner will be responsible for ensuring that it is investigated by a person who is independent of the matter.

If the non-compliance relates to potential Detrimental Conduct, it will be investigated by the Whistleblower Support Officer, with support from internal or external resources as required.

7. Records Management

We will keep a copy of this Policy for at least 7 years, together with records of investigations, reports, actions taken and other related documentation in the form of a secure central repository maintained by Group Compliance.

8. Related Policies

This Policy forms a key part of Iress’ Compliance Risk Management Framework and should be read in conjunction with the following Group policies:

• Code of Ethics & Conduct
• Anti-Bribery and Corruption Policy
• Anti-Fraud Policy
• Conflicts of Interest Policy
• Gifts & Hospitality Policy
• Inclusion & Diversity Policy
• Group Securities Trading Policy

9. Legislative Sources

Australia

• Corporations Act 2001 (Cth) Part 9.4AAA (‘Protection for Whistleblowers’)
• Tax Administration Act 1953 (Cth), Part IVD (‘Protection for Whistleblowers’) and the Taxation Administration Amendment (Extending Tax Whistleblower Protections) Regulations 2024 (Cth)
• Fair Work Act 2009 (Cth)

United Kingdom

• Employment Rights Act 1996

South Africa

• Protected Disclosures Act 2000
• Labour Relations Act
• Protection Against Harassment Act
• Companies Act
• Protection of Personal Information Act

10. Document version control

• Iress Speakin Up Policy - Attachment 1: Key Terms
• Iress Speakin Up Policy - Attachment 2: Legal protections
• Iress Speakin Up Policy - Attachment 3: Additional guidance for the United Kingdom and South Africa