Regulatory Framework Violation Reporting Policy

1. Introduction

The Motor Oil (Hellas) Refineries of Corinth S.A. (“Group”) group of companies adopts the present Regulatory Framework Violation Reporting Policy (“Whistleblowing Policy”) which is in line with the current legislative and regulatory requirements (Law 4808/2021, MD 82063/01.11.2021, Law 4990/2022, European Directive 1937/2019, CMD 47312/11.12.2023) and international best practices. This Policy contributes to the strengthening of integrity, transparency, accountability, identification and adoption of appropriate corrective measures, thus strengthening the Internal Control System, as well as the protection of employees and the Group’s interests. 

The Group encourages the submission of confidential anonymous or anonymous reports of illegal conduct that may be taking place within the Group through existing reporting channels. Reports shall be managed and investigated with objectivity and independence and with respect for all parties involved. The Group assures that Whistleblowers will be protected from any retaliation, which is expressly stated to be prohibited against the affected persons, and that the personal data of both Reporting and Reported Persons are protected.

2. Purpose

The purpose of the Whistleblowing Policy is to:

a) to define the principles and framework for the management and investigation of reports within the Group.
b) to encourage all those referred to in Article 4 to report, in the event that they become aware of illegal conduct of the kind referred to in Article 5 below within the Group.
c) To achieve the prevention and timely suppression of regulatory violations within the Group.

3. Definitions

• Report: the oral or written or via an electronic reporting platform provision of information on violations of the regulatory framework within the Group, in particular those referred in art. 4 of the Law no. 4990/2022 as well as in Law no. 4808/2021.
• Internal report: the oral or written or via an electronic platform provision of information on violations to the Company’s Officer Responsible for the Receipt and Monitoring of Reports (“O.R.R.M.R.”).
• External report: the oral or written or via an electronic platform provision of information on violations to the National Transparency Authority (NTA).
• Whistleblower – Reporting Person: the natural person who makes an internal or external report or public disclosure, providing information on violations obtained in the course of his/her work activities.
• Reported person: a natural or legal person who is named in the internal or external report or public disclosure as the person to whom the violation is attributed or who is related to the person to whom the violation is attributed that falls within the scope of the Law no. 4990/2022 and Law No. 4808/2021.
• Retaliation: Any direct or indirect act or omission that takes place in an employment context and that is related to a report or public disclosure and that causes or is likely to cause undue harm to the Reporting Person or place the Reporting Person at a disadvantage.
• Officer Responsible for the Receipt and Monitoring of Reports (“ORRMR”): The natural person designated as responsible for receiving and monitoring reports and notified to the Labor Inspectorate by each Group Company that has the corresponding obligation. 
• Reporting Management Committee (RMC): The three-member committee which meets and is responsible for the management and investigation of reports and is composed of authorized persons, namely: 

(i) the Officer Responsible for the Receipt and Monitoring of Reports (“ORRMR”), or in case a Group Company is not required to appoint an ORRMR, by the Group Compliance Officer as the Head of the Committee,

1. ii) the Chief Human Resources Officer; and

(iii) the Director of Internal Audit. 

The following authorized persons are appointed as alternate members of the RMC, in order of precedence:

(i) the Management Consultant, 

(ii) the Chief Financial Officer of the Commercial Subsidiaries; and 

(iii) the Director of Legal Services of Trading Companies. 

The alternate members shall be replaced by the alternate members in the event of serious incapacity of a regular member and in the event that a member of the RMC is the same as or closely related to the reporting person or the report relates to the department in which the RMC member is a director.

• External partners: Third parties contractually linked to the Group and their personnel, namely consultants, subcontractors, contractors, suppliers, partners of all kinds and shareholders. 
• Employee: a person who contracts with a Group Company under a fixed-term or indefinite employment contract or a person who is connected to the Group by another employment relationship or assignment or a person who is a seasonal employee or a person employed as an intern by a Group Company.
• Malicious Report: A report made with the knowledge of the Reporting Person that it is not true.
• Electronic Reporting Platform: The specially designed platform that is accessible online via computer or mobile device, a link to which can be found on the website of the parent company Motor Oil and those of its subsidiaries that have a website.
• Infringements: acts or omissions that are illegal under Union law or contrary to the object or purpose of the rules of Union law falling within the scope of the Law no. 4990/2022 and the Law no. 4808/2021, as applicable.
• Good faith: A reasonable belief on the part of the applicant, based on the circumstances and the information available to it, that the information provided is true.

Register of Reports: A record in electronic (and/or paper) format maintained by the ORRMR that includes all reports received by the ORRMR and handled by the RMC from whatever channel they originate.

4. Scope

According to the Whistleblowing Policy, Reporting Persons may be those who fall within the scope of the Law no. 4990/2022 (as referred to in art. 6) and the Law no. 4808/2021 (as referred to in art. 3 par. 4):

1. A) The Board of Directors and its Committees, as well as all employees (current and former), fixed or indefinite term or with other employment or mandate, seasonal staff and interns, who report in good faith illegal or contrary to the Code of Conduct and Corporate Responsibility conduct. The same applies to those who report violations based on information obtained during the recruitment process or at another stage of negotiation prior to the award of a contract.
2. B) Third parties contractually linked to the Group as well as their personnel (referred to in the Whistleblowing Policy as “external partners”) who have become aware of any illegal conduct within the Group, namely consultants, contractors, contractors, subcontractors, suppliers, and partners of any kind. In addition, shareholders, and customers exclusively for matters of breaches of business principles and misconduct expressly mentioned in Article 5. 

A prerequisite for falling within the scope of protection of the Whistleblowing Policy is that the report is made in good faith. Those making reports must have reasonable grounds and a reasonable belief, based on the circumstances and the information available to them, that the information they provide is true. In any event, good faith shall be presumed unless it can be shown that the report was made in bad faith. In the case of a malicious report, the protection described in this Policy is not provided.

5. Types of wrongdoing

Persons subject to this Policy should report immediately if they become aware that any of the violations of EU law within the meaning of Article 4 of Law no. 4990/2022, as currently in force, as well as the legislation on combating violence and harassment at work, within the meaning of Articles 3 and 4 of Law no. 4808/2021. In addition, violations of the provisions of the Anti-Bribery and Corruption Policy and of the Group’s Code of Conduct and Corporate Responsibility also fall within the scope of this document.

The Whistleblowing Policy does not cover:

– Disputes on matters relating to management policies and decisions

– Personal matters and disagreements with colleagues or supervisors

– Rumors

6. Reporting channels

The Group establishes multiple reporting channels. Any employee, external partner or other person falling within the scope of the Reporting Policy and the against Violence and Harassment at Work who suspects that one of the above offences is being committed may contact the ORRMR or the Compliance Officer (for Group companies that have not designated an ORRMR) and in any case may communicate by name or anonymously through the following communication channels:

– Electronic Reporting Platform: https://whistleblowing.moh.gr/#/

– Written Report – Letter with the indication “To the attention of the ORRMR or the Compliance Officer (for Group companies that have not designated an ORRMR)” or “Report of the Law on the Compliance Officer” Law no. 4808/2021 or Law no. 4990/2022″ at the address: 12A, Irodou AttikoU 12A, 151 24, Maroussi, Greece

– Personal meeting of the Reporting Person with the ORRMR or with the Compliance Officer (for Group companies that have not appointed an ORRMR) upon request of the Reporting Person in writing or orally or by email to the ORRMR or the Compliance Officer, respectively.

Furthermore, if the report is received by an unauthorized person, the latter is obliged to forward it immediately to the ORRMR, without any modification of its content or disclosure of information that may lead to the identification of the Reporting Person or any third party named in the report, in compliance with the provisions of Chapter F of Law No. 4990/2022.

In any case, the Group ensures the protection of personal data related to the report and in this context, every effort is made to prevent any leakage, limit their processing and further circulation.

7. Guidelines for submitting reports

Α) The report should be made in good faith and without delay.

1. B) The report should be clear, defined and contain as much information and detail as possible to facilitate its investigation.
2. C) The report should include at least the name of the person (or persons) who may have engaged in misconduct, the date/time period and place where the incident took place, the Group Company to which the incident relates, the type of misconduct and as detailed a description of the misconduct as possible.
3. D) Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, health-related data, data concerning an individual’s sex life or sexual orientation, and more generally information not related to the incident should not be included in the report.

(E) The Reporting Party need not be certain of the validity of the report. It is sufficient to maintain reasonable concerns or suspicions. He/she should not take illegal actions that may put himself/herself, the Group or a third party at risk to seek and gather more evidence to support his/her report.

1. F) The Reporting Person should be available, either confidentially or anonymously through the online reporting platform, to provide further information if requested. 
2. Z) By name confidential reporting is encouraged. However, it is clarified that anonymous reports are treated with the same care and weight.

8. Competences of the organizational units involved

Officer Responsible for the Receipt and Monitoring of Reports (ORRMR)

The ORRMR in cases where he/she has been appointed, cooperates with the members of the RMC, which he/she chairs and reports directly to the Board of Directors. The ORRMR assisted by the other members of the RMC, shall have the following statutory responsibilities:

(a) provides appropriate information on the possibility of reporting within the Group and communicate electronically the relevant information to the Group Companies,

(b) receives reports,

1. c) acknowledges receipt of the report to the Reporting Person within seven (7) working days from the day of receipt,
2. d) for its part, ensures the confidentiality and protection of the personal data of the Reporting Person and any third party named in the report, preventing unauthorized persons from accessing it,

(e) registers the report in the Register of Reports in paper or digital form, 

1. f) forwards the report for investigation pseudonymized – if it concerns unauthorized persons – as regards the Reporting Person (if he/she does not wish to reveal his/her identity) and in accordance with the provisions of Chapter F of Law no. 4990/2022 on confidentiality and protection of personal data to the competent bodies of the Company and/or the competent bodies, as the case may be,
2. g) archives the report, informing the Reporting Person in case it is obviously unintelligible, vague, unreasonable, malicious or abusive, the content does not fall within the scope of Law no. 4990/2022 (and/or Law no. 4808/2021) or there are no serious indications of violations,
3. h) if there are indications of the commission of a criminal act prosecuted ex officio, shall forward a copy of the report to the competent public prosecutor, informing the Reporting Person,

(i) maintains contact with the Reporting Person and, if necessary, request additional information.

(j) follows up the report and contact the competent body of the Company that has dealt with the report,

1. k) provides information to the Reporting Person on the actions taken within a reasonable period of time, which does not exceed three (3) months from the acknowledgement of receipt, or if no acknowledgement has been sent to the Reporting Person, three (3) months from the end of seven (7) working days from the submission of the report, after being informed by the competent body of the Company,

(l) provides clear and easily accessible information on the procedures under which reports may be submitted to the National Transparency Authority and, where applicable, to public bodies or institutions and other bodies or agencies of the European Union; and

(m) designs and coordinates training activities on ethics and integrity, participates in the development of internal policies to enhance integrity and transparency in the Group.

Reports Management Committee (R.M.C.) 

The RMC shall assist the ORRMR in the management of reports submitted through the reporting channels. The RMC reports to the Board of Directors and is composed of authorized persons.

The RMC shall assist in the overall work of the ORRMR and in particular in the following actions: 

– Examining the admissibility of reports that come to its attention through the Group’s established reporting channels.

– Evaluation and prioritization of reports.

– Appointment of the Investigator in charge for reports requiring investigation, proposal of corrective measures and approval of the investigation report.

– Ensuring the protection of the Personal Data included in the reports, namely the definition of the levels – access rights to them and their deletion, in accordance with the deadlines provided for in the Procedure for the Management and Investigation of Reports of Regulatory Framework Violation (Whistleblowing Procedure).

– Monitoring the progress and results of investigations.

Investigator in charge 

The Investigator in charge is the authorized person and is responsible, in cooperation with the ORRMR, for the following actions:

• Plan and conduct the investigation to establish the validity of the report.
• Seek and propose to the RMC qualified and experienced internal or external partners, depending on the needs of the investigation.
• Identify, collect, and analyze the necessary evidence.
• Conduct interviews to establish facts.
• Identify the appropriate time to brief the Reporting Person about the investigation and conducts the examination.
• Monitor the legality of the procedure and the implementation of the timetable.
• Draw up the investigation report and present it to the RMC for approval. 
• Make recommendations for the legal treatment of the suspect(s), for corrective action to be taken and for the violation to be reported or not to the relevant public bodies. 

Board of Directors 

The Board of Directors of the Group company involved is informed of the progress and results of the investigations by the RMC and in particular the ORRMR, whenever deemed necessary. It also takes decisions on the reports, in particular:

– On the legal treatment of the Reported Persons

– On taking corrective action 

– For the notification or non-disclosure of the findings of the internal investigation to government agencies or independent authorities. 

Finally, it adopts the corrective action plan developed by the ORRMR.

9. Protection of Reporting Persons

The Group protects all those included in Article 4 of this Policy who report in good faith illegal conduct. In this context, any kind of negative behavior against anyone who has made a report is prohibited, even if the report is subsequently proven to be incorrect. The Reports Management Committee, in particular the ORRMR and the Administration, shall ensure that there is no retaliation if anyone in good faith makes a report.

In particular, the Group is committed that employees who have made a report will not suffer retaliation, harassment or marginalization, intimidation or threats and unfair treatment because of their report, (e.g. exclusion from training courses, non-approval of expenses, denial of leave, unfounded negative evaluation, etc.). Also, unjustified changes in the employment relationship because of the report are not allowed. In the case of a malicious report, the above protection does not apply.

The same level of protection also applies to third persons connected to the Reporting Persons who could be retaliated against in a work context, such as colleagues or relatives of the Reporting Persons.

Where the Reporting Persons is an external contractor, early termination, or cancellation of a contract for goods or services because of the report is not permitted.

Any potential act of retaliation should be reported immediately to the ORRMR and will subsequently be investigated, if found to be substantiated.

10. Rights of Reporting and Reported Person

The Reporting Person has the right to be informed of the receipt of his/her report, at the latest, within seven (7) working days of its receipt and irrespective of the way it was submitted. He/she shall also be informed of the progress or outcome of the investigation within three (3) months of the acknowledgement of receipt or, if no acknowledgement has been sent to the Reporting Person, within three (3) months of the expiry of seven (7) working days from the submission of the report and when the investigation is completed. The Group shall have the corresponding obligation to inform the Reporting Person. 

The Reported Person has the right to be informed of the misconduct of which he/she is accused, of the people who have access to the personal data included in the report and of the right to a prior hearing. However, where there is a serious risk that the above information could impede the investigation of the case and the collection of the necessary evidence or could lead to the identification of the Reporting Person, the information shall be postponed until such risk has ceased to exist.

If the report turns out to be malicious and the Reported Party has become aware of the content of the report in the course of the investigation, then the Reported Party has the right to be informed of the identity of the Reporting Party (if the report was made by name) in order to exercise its rights.

Persons falling within the scope of the Whistleblowing Policy may, at any stage of the procedure followed within the Group, also submit a complaint to the competent administrative authorities within their competence (Labor Inspectorate, Ombudsman, etc.) as well as to the judicial authorities, at their choice.

11. Incident Investigation

During the investigation stage, all parties involved are treated based on the principles of equality, fairness, respect for human dignity and justice. In all cases, the presumption of innocence and the right to a prior hearing shall apply and the confidentiality of information and the confidentiality of personal data shall be protected. The investigation shall be initiated and concluded as soon as possible after the submission of the report and its subsequent assessment. 

All persons referred to in the scope shall cooperate with the Investigator in charge, the ORRMR, the other members of the RMC and any other authorized collaborators in the conduct of the internal investigation to provide information and any kind of assistance for the examination of the report.

It should be noted that the Group Companies and the ORRMR cooperate with any competent public, administrative or judicial authority which, either on its own initiative or following a request from an aggrieved person, within the scope of its competence, requests data or information and undertake to provide assistance and access to the data. To this end, any information gathered, in whatever form, shall be kept in a relevant file, subject to the provisions of Law no. 4624/2019.

12.  Corrective Actions

The Group maintains zero tolerance towards the misconduct referred to in article 5 of this document. Depending on the results of the investigation, the ORRMR shall submit the investigation report to the Board of Directors, and after consultation with the other members of the RMC, propose corrective actions to be taken. The final decision on the recommendations of the ORRMR shall be taken by the Board of Directors. 

Specifically with regard to violations of Law no. 4808/2021, when an employee or a person employed in another relationship violates the prohibition of violence and harassment in a. 4 of the same law, the Group is obliged to take the necessary appropriate and proportionate measures, on a case-by-case basis, against the complainant, in order to prevent and prevent a similar incident or behavior from recurring. Such measures may include recommending compliance, changing the position, hours, place, or manner of work or terminating the employment or cooperation relationship, without prejudice to the prohibition of abuse of right in art. 281 Civil Code.

13.  Confidentiality – Anonymity

The Group encourages employees and external partners to raise concerns about potential misconduct through existing reporting channels. It is also committed to making every effort, and taking all reasonable steps, to protect the identity of both the Reporting and Reported Persons and third parties involved, and to handle the matter with complete confidentiality and discretion. The investigation shall be conducted in a discrete manner and the confidentiality of information shall be protected in every appropriate way, even if the specific circumstances require a thorough investigation, subject to the provisions on the protection of personal data.

In any case, during the management and investigation of an incident, the identity of the Reporting Party (if the report is anonymous) shall not be disclosed to anyone other than the authorized persons who are competent to receive, monitor and investigate reports, i.e. beyond the three (3) members of the Report Management Committee, the Investigator in charge, the Investigation Team including any qualified external consultants specifically called upon to investigate the incident, unless the Reporting Person has given express consent or the report is found to be malicious.

Anonymity is achieved using appropriate technical and organizational measures, mainly through the electronic reporting platform, which supports anonymous and two-way communication and meets high security standards.

14.  Personal Data

Any processing of personal data under the Reporting Policy is carried out in accordance with national and European legislation applicable to personal data. The data of all parties involved are protected and processed solely and exclusively in relation to the report in question and for the sole purpose of verifying the validity or otherwise of the report and investigating the specific incident.

The Group takes all necessary technical and organizational measures to protect personal data. Sensitive personal data and other data not related to the report are not processed further.

Access to the data included in the reports may only be granted to as many authorized persons as indicated herein and according to the rights – levels of access that may be defined for them by the RMC.

Personal data shall be deleted within a reasonable period after the completion of the investigation. Personal data shall be deleted from the Register of Reports, from the material generated during the investigation and from the reporting platform, in accordance with clearly defined timeframes.

15.  Information and training

All employees and external partners must comply with this Policy. The HR Department, in cooperation with the Human Resources General Division, shall ensure that Group employees are informed and trained on the content of this Policy. The information is provided through the sending of information material, emails, newsletters, or other appropriate means depending on the category of employees. In addition, information on the Policy is also published in a prominent place on the Group’s intranet and on the online reporting platform. 

Information and awareness-raising activities may be publicized to all interested parties (investors, financial institutions, society, Group partners, etc.) to consolidate that the Group supports the principles of integrity, honesty, and transparency.

16. Related Policies & Procedures

• Policy against Violence and Harassment at work
• Procedure for the Management and Investigation of Reports of Regulatory Framework Violation (Whistleblowing Procedure).
• Personal Data Protection Policy