Corporate governance Governance Anti-Bribery and Export Control Policy Use of technology for effective Sometimes, services to be obtained include permits, licenses, approvals, marketing Anti-Corruption (ABAC) The export control policy describes Infosys’ compliance monitoring of activities / expenses, awareness campaigns ESG REPORT 2022-23 export control program and is reviewed and liasoning with the authorities for filings practices and policy periodically by the Management. The export controls and reporting requirements. ESG is an opportunity control program protects the company and • To ensure appropriate proof of service Our Anti-Bribery and Anti-Corruption practices its employees from potential risk of violation We have leveraged Artificial Intelligence (AI) by vendors is submitted, reviewed, and and policy is reviewed by the Management at of sanctions prescribed under export control and Machine Learning (ML) technology to approved before payments are released and ENVIRONMENT regular intervals. regulations and facilitates business expansion review and identify exceptions in compliance to ensure that the process of requisitioning, With an evolving landscape, Infosys is in accordance with these regulations. All our and ABAC controls. purchasing, receiving, paying for, and SOCIAL committed to a responsible Anti-Bribery & customers and vendors are screened against Compliance proof-testing accounting for goods and services, covering Anti-Corruption risk management framework various sanctions to ensure that we are the entire process from point of order right GOVERNANCE to demonstrate a comprehensive risk compliant. As part of the program, training • Infosys implemented a compliance program through to payment, is monitored, Infosys management program to reduce the risks by modules are rolled out to relevant employees covering 80 countries and 14 regulatory has implemented the following controls by Performance on governance goals regularly assessing risk in alignment with its to ensure that they are aware and are areas across major business enabling reimagining system logic in procurement growth strategies, and to drive an ethical and compliant with export control laws. functions in September 2018. systems and use of AI and ML techniques: Corporate governance risk intelligent culture, to increase the certainty We have a self-assessment and certification • The program instituted a self-assessment of – Traceability of transactions at initial Data privacy of business outcomes. program in place for anti-bribery and anti- the compliance status against a compliance procurement stages through user Risk assessment for bribery and corruption corruption, anti-trust / anti-competition, and framework with a maker checker process declaration and OCR technology. Information management risks is done periodically and the criteria export control. built into it. – Trail of documentation to substantiate used for risk assessment include business • The program also enabled the creation of various milestones and proofs of services units / internal departments, location and the Whistleblower Policy a repository of compliance proofs against availed. Corruption Perception Index (CPI) index of self-assessment. – Built-in escalation matrix to ensure countries, among others. The Infosys Whistleblower Policy, last amended • By consolidating compliance proofs across timely approval of red flags identified for in January 2022, is a comprehensive and countries and regulatory areas, Infosys appropriate resolution and action. Anti-competitive practices well-designed mechanism that encourages designed an OCR-based technology to – Tracking of potential red flag indicators employees, vendors, customers, and any other scan the proofs and validate if the proofs through keyword searches and OCR policy stakeholders to report any unethical conduct, corroborate the compliance status. technology before raising procurement violation of applicable laws or the Company’s • The OCR technology was combined with request and payment processing. The Anti-Trust / Anti-Competitive Practices Code of Conduct and Ethics occurring within a rule engine to test compliance controls – Periodic assessments of transactions on Policy states the objective, scope, applicability, the Company. With strict confidentiality around timeliness and accuracy of the sample basis considering factors such as and regulatory consequences, and is reviewed measures and multiple reporting channels, compliance proof. high-risk vendors / transactions. periodically by the Management. This policy the policy ensures that whistleblowers are includes the three aspects of anti-trust law: protected from any retaliation. The company ABAC program – In addition, digitized self-assessment and (i) abuse of dominance; (ii) anti-competitive reviews all complaints impartially and takes certification is also rolled out as part of practice; (iii) merger control. Besides, a list appropriate action, as applicable, while • Infosys develops and manages multiple monitoring and controls. of do’s and don’ts are communicated to the providing regular communication to ensure office facilities and collaborates with relevant stakeholders highlighting expected awareness about the policy. The Infosys multiple vendors / service providers during behaviors. Whistleblower Policy is a testament to the the various phases of construction. Infosys Company’s commitment to transparency, engages with vendors for infrastructure accountability, and responsible corporate development and facility maintenance. citizenship. Infosys | ESG REPORT 2022-23 External Document © 2023 Infosys Limited 55