Global Whistleblower Policy

Last updated: October 2024

Global Whistleblower Policy Kyriba Corp.

Executive Summary: This Global Whistleblower Policy (“Policy”) sets forth guidance for Kyriba Corp. and its affiliates and subsidiaries (collectively, “Kyriba” or the “Company”) regarding whistleblowing. This Policy is critical for protecting individuals both in the areas of confidentiality and non-retaliation in reporting activities believed to be illegal, dishonest, unethical, or otherwise improper. Kyriba conducts its worldwide operations ethically and in compliance with U.S. laws, applicable foreign laws, and international conventions. All Company Personnel are expected to maintain the highest ethical standards of business conduct. Kyriba will not tolerate any business practice that does not comply with applicable law and its internal policies.

For questions regarding this Policy or possible violations, please contact compliance.legal@kyriba.com

Defined Terms


Anonymity: the condition of remaining anonymous.

Company Personnel: Is defined in this policy as all Kyriba employees, officers, directors, agents, consultants and contractors of the Company.

Good Faith: A report is made in good faith when the employee believes that there may be activity the Company should be aware of or should investigate. A report that the employee knows is false is not made in good faith.

Retaliation: Retaliation occurs when an employer (through a manager, supervisor, administrator or directly) fires an employee or takes any other type of adverse action against an employee for engaging in protected activity.

Whistleblower (Reporting Party) : Is defined in this Policy as an employee, officer, director, or agent of the Company who in Good Faith reports any actual or suspected activity that he or she considers to be unethical, dishonest, illegal, or in violation of Company policy, or otherwise improper or information related to a crime, an offense threat or harm to the the general interest.

1. Purpose

Kyriba is committed to nurturing an environment in which all individuals are treated with the utmost respect and professionalism. Our policies strictly prohibit any kind of discrimination, harassment and retaliation and apply to all Company Personnel. The Global Whistleblower Policy contains important guidance for Kyriba Corp. and its affiliates and subsidiaries (collectively, “Kyriba” or the “Company”) regarding the reporting and investigation of complaints. This Policy: (1) reinforces Kyriba’s commitment to creating a safe, positive, and productive work environment for Company Personnel and ensuring consistent administration of remedial action; (2) encourages Company Personnel to immediately report in Good Faith any actual or suspected activity that he or she considers to be unethical, dishonest, illegal, or in violation of Company policy, or is otherwise improper (a “Report”); and (3) provides a safe and reliable channel for Company Personnel to submit Reports and to assist in any investigations without fear of retaliation and retribution

2. Policy Scope

This Policy applies to Kyriba Corp., its subsidiaries and affiliates, and each of its Company Personnel at all locations globally. For specific guidance and requirements on whistleblowing and reporting procedures for Company Personnel in Poland, please refer to the Poland Local Kyriba Whistleblowing Policy.

3. Policy Statement

The Company requires all Company Personnel of the Company to observe high standards of business and personal ethics. Ethical behavior includes but is not limited to acting with professionalism, respect, and integrity in fulfilling job responsibilities and complying with all applicable laws and regulations and Company policy.

In order to maintain these standards of conduct, the Company relies on Company Personnel to report any suspected behavior that he or she believes to be unethical, dishonest, illegal, or in violation of Company policy, or is otherwise improper, including the list of behaviors below. This list of behaviors is not exhaustive.

  • Criminal activity
  • Fraud, dishonesty or deliberate error in the recording and maintenance of financial records of the Company.
  • Deficiencies in or noncompliance with the Company’s internal controls or policies or regulatory requirements.
  • Breaches of policies, procedures and applicable laws and regulations.
  • Bribery and/or corruption.
  • Conflicts of interest.
  • Theft or embezzlement.
  • Misuse of Kyriba’s property and proprietary information. Unauthorized disclosure of confidential information.
  • Abuse of power, harassment, sexual harassment and/or intimidation. EEO and code of conduct violations.
  • Antitrust and competition violations.
  • Improper dealings with customers or vendors. Use or sale of illegal drugs; and/or
  • Creating or ignoring health and safety hazards.

3.1 Obligations and Guidance on Making a Report.

All Company Personnel is expected to report ethical breaches and suspected or actual behavior of non-compliance. Company Personnel may raise issues and or make Reports through various channels. Issues and concerns may be raised to managers if Company Personnel feels comfortable doing so and the issues or behavior do not involve their manager. Company Personnel can also report any concerns or issues through the following channels.

  1. Report the concern or behavior through the Kyriba Ethics Hotline*
  2. Contact Human Resources directly at hr@kyriba.com
  3. Contact Legal Compliance directly at compliance.legal@kyriba.com

* Please Note: Local laws may limit the use of anonymous reporting to specific types of matters. Additionally, due to local privacy laws in certain countries and the European Union region, you may only report specific types of incidents (including Anti-Bribery, Accounting, Banking and Financial Concerns). Any limitations will be reflected in our automated system for the impacted geographies.

3.2 Kyriba’s Ethics Hotline

Kyriba has partnered with an Ethics Reporting vendor, an independent reporting service that allows Company Personnel to communicate anonymously** and confidentially via Internet or telephone, 24-hours a day, 7 days a week. This partnership enables a comprehensive and confidential reporting tool to assist management and employees in properly addressing any violations or misconduct and affording Company Personnel assurance of adequate protection and non-retaliation.

Our Ethics Reporting vendor provides a mechanism by which Reporting Parties and investigators may engage in ongoing communications while maintaining confidentiality. This includes reporting via telephone hotline, or via the web, in the Reporting Party’s local language on Kyriba’s Ethics Website. The Global telephone numbers for accessing our hotline are available in Appendix A to this policy as well as on the Kyriba Ethics Website.

Reporting Parties are encouraged to provide accurate and complete information when reporting a concern or violation, to permit a thorough investigation or response. Omissions or errors in the initial data reported (who/what/when/where) may cause a delay in the case intake process that may delay or negatively impact the case assignment and/or investigation process.

Company Personnel should only report concerns or suspected violations if the report is made in Good Faith. Abuse of the Ethics Hotline or another reporting process to intentionally harass someone or to knowingly file false information is prohibited and will not be tolerated. Such prohibited behavior may result in disciplinary action up to and including termination.

3.3 Confidentiality and Anonymity.

Although Reporting Parties are encouraged to disclose their identity if they feel comfortable doing so, if they choose to remain anonymous, Kyriba’s ability to investigate the matter may be diminished. While every effort will be made to investigate, Kyriba may be limited in its ability to fully investigate the Reporting Party’s concerns if it is not able to obtain further information from the Reporting Party.

All complaints, whether or not reported anonymously, are handled in a confidential manner, with disclosure limited to conduct a full investigation of the alleged violation, to carry out appropriate disciplinary or corrective actions, to meet legal requirements, or provide the accused individual(s) applicable defense rights. The Company will make every effort to only disclose the identity of the reporting person, and anyone mentioned in the reported concern, as necessary and proportionate in the context of the investigation. For any Whistleblower Concern under EU law, the identity of the Reporter will not be disclosed without their express consent. **Please Note: Local laws may limit the use of anonymous reporting to specific types of matters.

3.4 Investigations

Upon receipt of a concern or report, the Company will acknowledge receipt within seven (7) days and will aim to provide further feedback to the Reporter within 60 days. All Reports are assigned to an investigator by the Company to promptly and thoroughly investigate in accordance with internal procedures. All Company Personnel have a duty to cooperate in an investigation and failing to do so or deliberately providing false information during an investigation shall be grounds for disciplinary action, up to and including termination of employment. For Reports submitted via the EthicsPoint website, the Reporting Party may request follow-up directly via the EthicsPoint website using the provided login. For Reports made directly to the local Human Resources team, the Reporting Party may request follow-up by contacting their local Human Resources team.

3.5 External Reporting

The aim of this policy is to provide guidance on the internal mechanism for reporting wrongdoing in the workplace so that Kyriba can investigate and resolve any issues internally. In some circumstances it may be appropriate to report concerns to an external body such as a regulator. Company Personnel are protected by law from retaliation where they report certain violations to an external party. The Appendix B to this policy sets out some of the Whistleblower reports that may be reported externally under EU law, together with the competent authorities in the EU member-states to which such reports may be made. Company Personnel are not required to notify the company that they have made such reports or disclosures or obtain authorization from the Company prior to making such reports or disclosures.

3.6 Protection of Reporters

It is understandable that Reporters are sometimes worried about possible repercussions such as Retaliation. Kyriba aims to encourage openness and will support Company Personnel who raise concerns in Good Faith under this policy, even if they turn out to be mistaken. Kyriba will not tolerate Retaliation against anyone who, in Good Faith, reports any wrongdoing, a violation of the Code, a Kyriba policy or the law or who cooperates with an investigation, regardless of whether such report is protected by law. Global applicable Whistleblowing laws provide statutory protection from Retaliation for Whistleblowers who raise Whistleblower Concerns in Good Faith. If a Reporting Party believes that they have experienced a form of Retaliation, they should inform legal.compliance@kyriba.com or hr@kyriba.com immediately. The Company has a zero tolerance for Retaliation. Colleagues must not threaten or retaliate against Reporting Parties or those individuals who assist in an investigation, in any way. Anyone involved in such retaliatory conduct will be subject to disciplinary action up to and including termination, as per local law. The right of a Reporting Party for protection against retaliation does not include immunity for any personal wrongdoing that is alleged and investigated.

3.7 Data Privacy

Kyriba is committed to safeguarding the privacy of those involved in the Whistleblowing process. The Company is subject to various privacy and data protection laws in the jurisdictions in which it operates. Kyriba has established global policies to protect and secure personal data, including in particular. Any personal data obtained in conjunction with this policy will be used for reasons outlined in this policy or as otherwise permitted by data protection laws.

4. Sanctions for Policy Violations

Kyriba is committed to imposing consistent remedial action for like or similar offense to the extent permitted by applicable law. At the conclusion of an investigation, if the Company determines a violation of policy has occurred, it will take effective remedial action commensurate with the severity of the offense. This action may include disciplinary action against the accused party, up to and including termination. Steps will also be taken, as reasonable and necessary, to prevent any further violations of policy. While the Company recommends the following sanctions be applied as a general matter, the actual sanctions imposed may be more or less severe depending on the specific facts and circumstances involved. As such, an employee’s first violation of policy can result in termination of employment if warranted. Each compliance violation will be kept in the employee’s personnel file and may result in a reduction of his or her discretionary bonus or raise, or delay in promotion.

5. Training

Kyriba maintains a comprehensive training program to ensure Companywide compliance with policies and procedures and applicable compliance laws and regulations. All Company employees are required to complete a series of mandatory training courses on topics including, Code of Business Conduct, non-retaliation principles and guidance on how to report any violations, in accordance with this Policy. In addition, all Company employees certify annually that they have read and attest to complying with the law and all Company policies.

6. Responsible Parties

This Policy is approved by the Chief Legal Officer and the Audit, Finance, and Risk Committee (“AFRC”). Legal Compliance initiates a review of this policy on an annual basis.

7. Related Policies

All policies are located on the Compliance Insider Page.

  • Code of Business Conduct
  • Global Sanctions and Export Controls Policy
  • Gifts and Entertainment Policy
  • Anti -Money Laundering Policy
  • Conflict of Interest Policy
  • Anti-Bribery and Corruption Policy

Appendix A: Ethics Hotline

Direct Dial and Local Access Number

Direct Access from France From an outside line dial the direct access number for your location:

At the English prompt dial 844-869-8671

Direct Access from Hong Kong

From an outside line dial the direct access number for your location:

Hong Kong

800-93-2266

Hong Kong

800-96-1111

At the English prompt dial 844-869-8671.

Direct Access from Japan From an outside line dial the direct access number for your location:

At the English prompt dial 844-869-8671.

France (France Telecom)

0-800-99-0011

France (Paris Only)

0-800-99-0111

France

0-800-99-1211

France (Telecom Development)

0805-701- 288

Japan (NTT)

0034-811- 001

Japan (KDDI)

00-539-111

Japan (Softbank Telecom)

00-663-51 11

Direct Access from Singapore
From an outside line dial the direct access number for your location: Singapore (StarHub) 800-001-0001 Singapore (SingTel) 800-011-1111
At the English prompt dial 844-869-8671.

Direct Access from United Kingdom
From an outside line dial the direct access number for your location: United Kingdom (British Telecom) 0-800-89-0011 At the English prompt dial 844-869-8671.

Direct Dial in the United States
From an outside line dial direct for your location: United States 1-844-869-8671

Appendix B- External Reporting

The specific Whistleblower reports that may be reportable externally vary by member state. However, violations of EU Law that may be reported externally are in the areas of:

  • Public procurement
  • Financial services, prevention of money laundering and terrorist financing
  • Corporate tax
  • Product and transport safety
  • Environmental and nuclear safety
  • Protection of privacy, data protection and security of network and information systems
  • Violations affecting the financial interests of the EU; and violations relating to the internal markets (including violations of EU competition and State aid rules).

NOTE: The following information is required to be provided under EU law. Colleagues outside of Europe may also report externally in some circumstances. Each EU member-state has designated competent authorities to whom Whistleblower reports may be made to:

France: Defender of Rights (defenseur des droits) plus others for specific sectors

Germany: Federal Office of Justice plus authorities competent to oversee the regulated financial sector

Italy: Autorità Nazionale Anticorruzione (National Anti-corruption Authority)

Spain:Independent Authority for the Protection of Informants (AAI). Additional regional competent authorities have also been appointed. An official website has not yet been created for the Independent Authority for the Protection of Informants.

UK: Financial Conduct Authority (FCA)

Poland: Please refer to the Local Kyriba Whistleblowing Policy.