48 government official to obtain or retain business or an advantage in the conduct of business. Nor may they accept or solicit such payments or advantages. “Payment” includes making bribes or kickbacks, as well as conferring anything of value or any advantage, whether tangible or intangible (e.g., gifts, entertainment, travel expenses, charitable donations, political contributions, hiring an individual or relative). Through various ongoing Company programs, including Crown’s Code of Business Conduct and Ethics, 100% of our operations are analyzed for risks related to corruption. Crown’s Code of Business Conduct and Ethics applies to every employee, officer and director of Crown Holdings, Inc. and its subsidiaries. Using our annual ethics training, as well as other Company programs that underpin the Code, such as our Supplier Code of Conduct, the Company aims to mitigate corruption risk on topics such as conflicts of interest, money laundering, gifts and hospitality, charitable contributions and third-party relationships and interactions. MANAGING CYBERSECURITY RISKS As technology advances, we are aware there are associated risks. Crown is dedicated to keeping our employees and their data safe. Governance & Oversight Crown created the position of Chief Information Security Officer (CISO) in 2021 as a proactive measure in information security, privacy and data protection. This subject is critical to the safety of our employees and to the success of the Company. This Corporate Officer position has oversight of policies and processes to assure the security and integrity of our systems, data and networks and is responsible for communicating with Crown’s Board of Directors. Briefing the Board and reporting on information security matters are among primary responsibilities. Our CISO works closely with the Risk Management team, including decision-making related to the Company’s information security risk insurance policy protections. The Company’s Information Security Policies and Systems are annually audited by regulations set by Sarbanes-Oxley. External vulnerability assessments are also conducted. Global Information Security Awareness Campaign By 2021, the highest level of management, along with over 300 Crown global employees, participated in security awareness training. Crown is leveraging new and existing security awareness training platforms in 2022. Our goal is to ensure we are providing our employees at all levels with an immersive cyber-savvy experience. This will include in-person/virtual and online training methods. The cyber education and awareness we will be providing employees will help us improve and assess our “cyber smarts” and readiness. Employees can take this knowledge and apply it at work and at home. Our first step in this journey is a Cyber Security assessment of our employees’ awareness and knowledge of cyber security. Results from this assessment are underway and will aid us in establishing a baseline to guide future security training initiatives. ANY EMPLOYEE WHO REPORTS A VIOLATION WILL BE TREATED WITH DIGNITY AND RESPECT AND WILL NOT BE SUBJECTED TO ANY FORM OF DISCIPLINE OR RETALIATION FOR REPORTS MADE IN GOOD FAITH. FAST-TRACKING PROGRESS FOCUSING ON OUR CORE OUR PEOPLE & COMMUNITIES REPORT OVERVIEW REPORTING STANDARDS SUSTAINABILITY STRATEGY FROM OUR CEO WHO WE ARE