Code of Conduct

1. Purpose of the Document

ThreatMark commitment to ethical conduct and integrity is at the forefront of our organizational principles. The Code of Conduct serves as the foundational document outlining the standards and expectations that define our work culture. This policy is a reflection of our dedication to fostering an environment of fairness, honesty, and respect in all our interactions, both within the company and in our engagements with clients, partners, and the wider community.

At ThreatMark, we recognize the profound impact our actions can have on individuals and organizations. With this awareness, our Code of Conduct establishes a commitment to social and ethical responsibility and sustainable business practices that not only govern our day-to-day operations but also underscore our responsibility to customers, their clients, and the broader stakeholders we engage with.

We encourage all employees, partners, and stakeholders to familiarize themselves with the principles outlined in this Code of Conduct and to integrate them into their professional endeavors. By upholding these standards, we collectively contribute to the preservation of our company’s reputation as a trustworthy, transparent, and ethically responsible entity.

The Code of Conduct is based on the ten principles of the United Nations Global Compact.

1.1. Responsibilities

Compliance Manager

ThreatMark appoints a Compliance Manager as a central reference point for reporting any suspicious or unlawful actions, transactions, or breach of law or this Code of Conduct. The responsibilities of a Compliance Manager are described in Chapter 9.1. Compliance Manager fulfills the role of a Competent Person according to the Czech Whistleblowing Act no. 171/2023 Coll.

Managers have a responsibility to:

  • Ensure that all workers have easy access to this policy at any time.
  • Actively support and contribute to the implementation of this policy and the strategies within.
  • Monitor compliance with this policy and ensure action is issued in the case of non-compliance,
  • Ensure this policy is reviewed, updated, and communicated to staff on an ongoing basis,

Acknowledge successes achieved because of the policy. This Policy imposes on all personnel specific responsibilities and obligations that will be enforced through standard disciplinary measures and properly reflected in personnel evaluations. All managers, employees, and contractors are responsible for understanding and complying with the policy related to their jobs, namely are obliged to:

  • Be familiar with applicable aspects of the policy and communicate them to subordinates.
  • Ask questions if the policy or action required to take in a particular situation is unclear.
  • Properly manage and monitor business activities conducted through third parties.
  • Be alert to indications or evidence of possible wrongdoing.
  • Promptly report violations or suspected violations through appropriate channels (see Chapter 9).
  • Consider this policy while completing work-related duties and when representing ThreatMark.
  • Support colleagues in their awareness of this policy.
  • Support and contribute to ThreatMark’s aim of implementing this policy in practice.

Employees who violate this policy will be subject to disciplinary action, up to and including dismissal. Violations can also result in prosecution by law enforcement authorities and serious criminal and civil penalties.

2. Human and Labor Rights

We align our practices with the principles outlined in the Universal Declaration of Human Rights. This includes recognizing the inherent dignity, equality, and inalienable rights of all individuals. Our approach to Human Rights includes:

2.1. Gender and Diversity

ThreatMark is committed to treating everyone with dignity and respect regardless of position or circumstance. Our commitment extends to promoting gender equality and creating an environment where all individuals, regardless of gender or background, feel empowered, respected, and provided with equal opportunities. ThreatMark supports the protection of vulnerable groups and supports diversity in all its forms.

2.2. Non-Discrimination

We are committed to maintaining a safe and respectful workplace for all employees. Harassment or discrimination, whether active or by means of passive support, based on ethnicity, gender, gender identity, national origin, disability, sexual orientation, religion, unionization, employee representation, political affiliation, parenthood, age, or any other characteristic, is strictly prohibited, and we have mechanisms in place to address and prevent such behaviors.

Special protective, supportive, and advancement measures may be extended to disadvantaged groups when either mandated or permitted by local legislation.

2.3. Fair Working Conditions

Employees have employment terms/contracts in a language they understand specifying their terms of employment and termination.

Employees with the same qualifications, experience, and performance receive equal pay for equal work. Employees are under no circumstances subject to corporal punishment, unlawful detentions, violence, threats, coercion, or verbal or sexual harassment.

New forms of flexible employment require additional care to specify the nature, volume, or duration of work. Decentralized, self-organized forms of work can increase worker autonomy, boost business development, and lead to lower awareness of rights and unclear information requirements for employers.

ThreatMark respects and recognizes, in accordance with the laws of the country in which employees are employed, the right to freedom of association and collective bargaining, and employees will be free to terminate their employment under established rules.

We do not engage in forced labor, slave labor, or other non-voluntary labor in our company and its value chain.

2.4. Work Hours and Benefits

Our operations strictly adhere to all relevant laws governing wages, work hours, overtime, and benefits, ensuring full compliance.

2.5. Safe, Healthy, and Secure Workplace

Injuries and accidents occurring at work are logged, investigated and preventive measures are introduced.

Ensuring protection against occupational injuries and ill-health to all workers offers an important way to reduce precariousness, and social costs and improve firms’ productivity. Reinforcing reintegration and rehabilitation efforts requires more involvement of the employers for re-training or workplace adaptation.

2.6. Training and Education

We invest in training and educational programs that raise awareness and provide tools for fostering a more inclusive workplace.

2.7. Flexibility and Work-Life Balance

We acknowledge the significance of achieving work-life balance and provide flexibility in work arrangements to cater to the diverse needs of our employees. This encompasses flexible schedules, remote work alternatives, and family-friendly policies.

2.8. Right to Privacy

Following relevant laws and global best practices, data pertaining to employees and customers within the company is considered confidential. As a result, special attention and security measures are implemented during the handling, processing (including storage and deletion), transfer, disclosure, and sharing of such data. All individuals working with employee or customer data are mandated to adhere to data protection policies.

2.9. Health Promotion

An unhealthy lifestyle may contribute to ill health, sick leave, lost productivity, and reduced ability to work. Our health promotion program aims to improve the lifestyle of our staff and consequently improve their health and prevent chronic diseases. ThreatMark is committed to creating a workplace environment that supports and encourages healthy lifestyles and to supporting and encouraging workers to participate in education and activities that improve their health.

2.10. Child Labor Policy

Child labor refers to work that deprives children of their childhood and affects their schooling, potential, and dignity. It’s work that’s harmful to them mentally, physically and socially.

ThreatMark ensures that our company, its subsidiaries, and everyone we’re connected with (suppliers, vendors, and contractors) follows the law and cares for children’s interests.

To make sure we enforce this policy and help eliminate child labor, we’re committed to:

  • Follow the stricter law if more than one law applies (e.g., state and federal, local and international).
  • Require suppliers, partners, and vendors to follow the stricter applicable laws and recognize children’s rights. They must also require their suppliers, subcontractors, and stakeholders to do the same.
  • Working with governments and other organizations to end child labor.
  • Educating our staff on youth work and showing them how to report child labor if they see or suspect it.
  • Requiring hiring managers and HR to avoid hiring minors under the legal age for work.
  • Keeping and validating documentation verifying our employees’ age after they’re hired. If we discover that we’ve employed a minor under 18, we’ll review applicable laws and adjust working hours accordingly. If we need to let the child go, we’ll assess their situation and make sure to provide for them to the best of our ability (e.g., pay them their would-be salary for a couple of months) when necessary.
  • Communicating our no child labor policy to organizations we’re connected with and ensuring our contracts have the right stipulations.
  • Auditing suppliers and partners with high child labor risk to ensure they aren’t involved in child labor, possibly with unannounced onsite visits. If we discover hidden business sites that employ children, we’ll dissolve our contract immediately.
  • Demanding and monitoring an elimination plan in cases where suppliers discover child labor in their business.
  • Employing or consulting with experts on child labor, health, and safety standards, or corporate social responsibility.

2.11. Social Dialogue and Involvement of Workers

We prioritize open social dialogue and actively involve our workforce in decision-making processes. This commitment fosters collaboration, ensuring that the perspectives and insights of our employees contribute to a positive and inclusive work environment.

2.12. Remuneration and Reward Policy

ThreatMark provides competitive employee compensation packages that are aligned with company profitability. Our policy is designed to attract, retain, and motivate top talent. We strive for competitive and equitable compensation, aligning with industry standards. Our policy emphasizes performance-based incentives, recognizing and rewarding exceptional contributions. We are committed to transparency, ensuring that our employees understand the criteria for remuneration decisions.

Pension insurance aims at ensuring an appropriate standard of living for employees after retirement. Pension insurance is in accordance with local laws, regulations, and market practice.

ThreatMark provides benefits to employees as a component of the comprehensive reward package, which is determined either through individual agreements or influenced by local regulations, market norms, and company-established practices.

To effectively motivate and reward employees ThreatMark has implemented the Employees Stock Option Plan.

3. Anti-Corruption

ThreatMark adheres to the following core principles regarding anti-corruption:

  • Zero tolerance towards corruption, including but not limited to Bribery, Extortion, and Fraud.
  • Requirement to uphold the highest ethical standards and act with integrity when doing business.
  • Prohibition of the offer or acceptance of business courtesies – gifts, hospitality, expenses, or other benefit – if they could constitute, or appear to constitute, an undue influence.
  • Establishing appropriate policies and processes to prevent, detect, and tackle financial crime, including but not limited to corruption, fraud, extortion, tax evasion, sanctions violations, and money laundering in all its business arrangements.
  • Taking effective measures to avoid, or when necessary mitigate, possible and actual conflicts of interest.
  • Prohibition to enter into discussions or agreements with competitors regarding price fixing, market sharing, bid rigging, or other similar activities.

3.1. AntiBribery

Bribery means to promise/request, offer/accept, or transfer an item (material or non-material) of value (financial or non-financial) to induce or reward improper performance related to a commercial arrangement or public affairs. It also includes an unofficial payment made to secure or expedite a performance of a routine or necessary action to which the payer has legal entitlement.

ThreatMark is committed to conducting its business ethically and in compliance with applicable laws and regulations, e.g. the U.S. Foreign Corrupt Practices Act (FCPA), the United Kingdom Bribery Act (UKBA), and similar laws in other countries that prohibit improper payments from obtaining a business advantage.

ThreatMark strictly prohibits bribery or other improper payments in any of its business operations. This prohibition applies to all business activities, anywhere globally, whether involving government officials or other commercial enterprises. A bribe or other improper payment to secure a business advantage is never acceptable. It can expose individuals and ThreatMark to possible criminal prosecution, reputational harm, or other serious consequences. This policy applies to everyone at ThreatMark, including all officers, employees, contractors, or other intermediaries acting on ThreatMark’s behalf. Each officer and employee of ThreatMark has a personal responsibility and obligation to conduct ThreatMark business activities ethically and in compliance with all applicable laws based on the countries wherein ThreatMark does business. Failure to do so may result in disciplinary action, up to and including dismissal.

Improper payments prohibited by this policy include bribes, kickbacks, excessive gifts or entertainment, or any other payment made or offered to obtain an undue business advantage. These payments should not be confused with reasonable and limited expenditures for gifts, business entertainment, and other legitimate activities directly related to the conduct of ThreatMark business.

ThreatMark has developed a comprehensive program for implementing this policy through appropriate guidance, training, investigation, and oversight. ThreatMark’s Compliance Manager has overall responsibility for the program, supported by the executive leadership of ThreatMark.

ThreatMark’s Compliance Manager is responsible for giving advice on the interpretation and application of this policy, supporting training and education, and responding to the prohibition on bribery and other improper payments that apply to all business activities. Still, it is particularly important when dealing with government officials. The U.S. Foreign Corrupt Practices Act and similar laws in other countries strictly prohibit improper payments from gaining a business advantage and impose severe penalties for violations. The following summary is intended to provide personnel engaged in international activities with a basic familiarity with applicable rules so that inadvertent violations can be avoided and potential issues recognized in time to be properly addressed.

Common Questions About Anti-Bribery Laws

The FCPA, UKBA, and other anti-bribery laws make it unlawful to bribe a foreign official to gain an “improper business advantage.” A violation can occur even if an improper payment is only offered or promised and not made. Still, it fails to achieve the desired result, or the result benefits someone other than the giver (for example, directing business to a third party).

A “foreign official” can be essentially anyone who exercises governmental authority. This includes any officer or employee of a foreign government department or agency, whether in the executive, legislative, or judicial branch of government, and whether at the national, state, or local level. Officials and government-owned or controlled enterprises are also covered, as are private citizens who act in an official governmental capacity. Foreign official status often will be apparent, but not always. In some instances, individuals may not consider themselves officials or be treated as such by their governments but exercise authority that would make them a “foreign official” for anti-bribery laws. Personnel engaged in international activities are responsible under this policy for inquiring whether a proposed activity could involve a foreign official or an entity owned or controlled by a foreign government and should consult with ThreatMark’s Compliance Manager when questions about status arise.

ThreatMark prohibits offering, promising, or giving “anything of value” to a foreign official to gain an improper business advantage. In addition to cash payments, “anything of value” may include:

  • Gifts, entertainment, or other business promotional activities.
  • Covering or reimbursing an official’s expenses.
  • Offers of employment or other benefits to a family member or friend of a foreign official.
  • Political party and candidate contributions.
  • Charitable contributions and sponsorships.

Other less obvious items provided to a foreign official can also violate anti-bribery laws. Examples include in-kind contributions, investment opportunities, stock options or positions in joint ventures, and favorable or steered subcontracts. The prohibition applies whether an item would benefit the office directly or another person, such as a family member, friend, or business associate.

Under the law, ThreatMark and individual officials or employees may be held liable for improper payments by an agent or another intermediary if there is actual knowledge or reason to know that a bribe will be paid. Willful ignorance – which includes not making reasonable inquiries when in suspicious circumstances – is not a defense. It also does not matter whether the intermediary is itself subject to anti-bribery laws. All employees, therefore, must be alert to potential “red flags” in transactions with third parties.

ThreatMark and its affiliates must keep accurate books and records that reflect transactions and asset dispositions in reasonable detail, supported by a proper system of internal accounting controls. These requirements are implemented through ThreatMark accounting rules and procedures, which all personnel are required to follow without exception. Special care must be exercised when transactions may involve payments to foreign officials. Off-the-books accounts should never be used. Facilitation or other payments to foreign officials should be promptly reported and properly recorded regarding purpose, amount, and other relevant factors. Requests for false invoices or payment of unusual, excessive, or inadequately described expenses must be rejected and promptly reported. Misleading, incomplete, or false entries in ThreatMark books and records are never acceptable.

3.2. Gifts & Entertainment

On a modest scale, business gifts and entertainment are commonly used to build goodwill and strengthen working relationships among business associates. Providing or accepting occasional meals, small company mementos, and tickets to sporting and cultural events may be appropriate in certain circumstances. Occasionally, it may also be applicable to accept or provide offers involving travel with our business associates for business events. However, if offers of gifts, entertainment, or travel are frequent or of substantial value, they may create the appearance of, or an actual, conflict of interest or illicit payment.

ThreatMark has developed this policy to help employees make the right decisions when providing or accepting gifts, entertainment, or travel while conducting business on behalf of ThreatMark.

3.3. Accepting Gifts (Non-Government Officials)

ThreatMark recognizes that it is customary for some of its suppliers, customers, and other business associates to occasionally give small gifts to those with whom they do business. However, these gifts must not affect an employee’s business judgment or give the appearance that judgment may be affected and must follow the customer’s gift policy.

Accordingly, ThreatMark and its employees must be very careful when it comes to accepting gifts. As a rule, ThreatMark employees may accept gifts from suppliers, customers, or other business associates, provided the gift:

  • does not create the appearance (or an implied obligation) that the gift giver is entitled to preferential treatment, an award of business,
  • better prices or improved terms of sale;
  • would not embarrass ThreatMark or the gift giver if disclosed publicly;
  • if valued US$100 or above (even if promotional), is reported to the recipient first and evidenced in the internal system (Compliance Service Desk on help.threatmark.com);
  • does not exceed any specific limits established by local management; and
  • would not prevent the recipient from awarding ThreatMark business to one of the gift giver’s competitors.

The following gifts are never appropriate:

  • cash or cash equivalent (such as gift cards or gift certificates);
  • gifts that are prohibited by local law;
  • gifts were given as a bribe, payoff, or kickback (e.g., to obtain or retain business, or to secure an improper advantage, such as securing favorable tax treatment);
  • the gift giver’s organization prohibits gifts the recipient knows; and
  • gifts are given in the form of services.

Employees who receive a gift at an event of a ceremonial nature (e.g., a customer outing or a commemoration of a business transaction) that might not be appropriate under these guidelines, but is impractical or offensive to refuse, may accept the gift and then promptly report it to their supervisor and to Compliance Service Desk on help.threatmark.com. The employee and supervisor can then discuss the appropriate response. ThreatMark employees must never ask for gifts, gratuities, or other items that benefit them personally, regardless of value. Employees are expected to exercise good judgment in accepting gifts from suppliers, customers, or other business associates. Employees should talk to their supervisor when in doubt as to whether a gift is appropriate.

3.4. Conflict of Interest

A conflict of interest occurs when an individual’s personal interests could compromise his or her judgment, decisions, or actions in the workplace. Any case of conflict of interest must be immediately reported (see Chapter Reporting and Monitoring System).

Examples of conflict of interest:

  • Starting a business that competes with ThreatMark business.
  • Hiring an unqualified relative or friend.
  • Failing to disclose that you’re related to a job candidate ThreatMark is considering hiring,
  • Making arrangements to work for a vendor or client at a future date while continuing to do business with them.
  • Posting to social media about the company’s weaknesses.
  • Offering paid services on your time off to a company customer or supplier.
  • Working (even part-time) at a company that sells a competing product or service as ThreatMark.
  • Accepting payment from another company for information about ThreatMark or its business.
  • Failing to investigate a subordinate or coworker’s wrongdoing because they are a friend.
  • Sharing confidential information about ThreatMark, its business or products with a competitor.
  • Making a purchase or business choice to boost a business that you have a stake in.
  • Accepting a favor or a gift from a client above the amount or not in a form specified as acceptable by ThreatMark.
  • Owning part of a business that sells goods or services to ThreatMark.
  • Doing business or working for a competitor.
  • Accepting consulting fees and providing advice to another company for personal gain.
  • Sharing information about ThreatMark activities or plans that were not made public.
  • Taking advantage of confidential information learned on the job for your benefit.
  • Cashing in on a business opportunity that ThreatMark might have pursued.
  • When a decision-maker at ThreatMark is closely related to a person, who is involved on a customer side. Closely related persons are spouses, children, parents, and other close family members.
  • You are a politically exposed person (it means a natural person who is or who has been entrusted with prominent public functions).

4. Anti-Money Laundering / Anti-Terrorism Financing

ThreatMark implements the following procedures and controls to mitigate the risks of money laundering and terrorist financing.

“Money Laundering (ML)” means any act or attempted act to conceal or disguise the identity of illegally obtained proceeds so that they appear to have originated from legitimate sources i.e. the concealment, acquisition, use, or possession of criminal property.

“Terrorist financing (TF)” encompasses the means and methods used by terrorist organizations to finance their activities. This money can come from legitimate sources, for example from business profits and charitable organizations, or from illegal activities.

4.1. Culture and Values

ThreatMark takes all reasonable measures to ensure that proper safeguards exist to mitigate the risks of Money Laundering (ML) and Terrorist Financing (TF) and to prevent a contravention of any requirement under the Guideline on Anti-Money Laundering and Counter-Terrorist Financing (AML Guideline).

ThreatMark implements adequate and appropriate Anti-Money Laundering (AML) and Counter-Terrorist Financing (CFT) policies, procedures, and controls, considering factors including types of customers, products, and services offered, delivery channels, and geographical locations involved.

4.2. Allocation of Responsibilities

ThreatMark’s senior management assesses the risks the firm faces and how the ML/TF risks are to be managed and ensures all relevant staff is trained and made aware of the law and their obligations under it.

ThreatMark senior management (C-level) oversees all activities relating to ML/ the prevention and detection of ML/TF and provides support and guidance to ensure that ML/TF risks are adequately managed.

4.3. Risk Identification and Assessment

ThreatMark applies a risk-based approach to assess which customers are to be of higher risk of ML/TF. The following are some risk factors to be identified:

  • types of customers and behavior;
  • products and services offered;
  • delivery channels; and
  • customer’s business organization/geographical locations involved.

ThreatMark takes enhanced measures (including customer due diligence and ongoing monitoring) to manage those customers with higher risks and knows that simplified measures may be applied to customers with lower risks.

4.4. Customer Due Diligence (CDD), Record Keeping and Ongoing Monitoring

ThreatMark carries out CDD according to the conditions as stated in the AML Guideline. ThreatMark adopts a risk-based approach to use appropriate controls and oversight and accordingly determines the extent of due diligence to be performed and the level of ongoing monitoring to be applied.

ThreatMark monitors the business relationships with its customers under the conditions and keeps the documents obtained in the course of identifying and verifying the customer’s identity and maintains the documents obtained in connection with the transactions for six years.

4.5. Cooperation with Regulators and Law Enforcement Agencies

ThreatMark will cooperate with law enforcement agencies (e.g. Customs & Excise Department) in case of their routine inspection or investigation.

5. Third-party Due Diligence

ThreatMark has established standards and procedures for selecting, appointing, and monitoring partners, consultants, and other third parties. In all cases, these standards and procedures must be followed, with particular attention to “red flags” that may indicate possible legal or ethical violations. Due diligence ordinarily will include appropriate reference and background checks, written contract provisions that confirm a business partner’s responsibilities, and appropriate monitoring controls. Personnel working with third parties should pay particular attention to unusual or suspicious circumstances that may indicate possible legal or ethical concerns, commonly referred to as “red flags.” The presence of red flags in a relationship or transaction requires greater scrutiny and implementation of safeguards to prevent and detect improper conduct. Appointment of a partner or another third party ordinarily requires prior approval by an appropriate senior manager, a description of the nature and scope of services provided in a written contract, and appropriate contractual safeguards against potential violations of law or ThreatMark policy.

6. Segregation of Duties

At ThreatMark, we ensure the proper distribution of responsibilities within our organization. This principle is fundamental to maintaining internal controls, preventing conflicts of interest, and safeguarding against potential misconduct. Employees are assigned tasks in a manner that minimizes the risk of any single individual having control over multiple stages of a process, thus promoting transparency, accountability, and the integrity of our operations.

Task Allocation – responsibilities are distributed to different individuals or departments to create a system of checks and balances. This helps prevent the concentration of power and reduces the risk of errors or fraudulent activities.

Conflict Prevention – we mitigate conflicts of interest by ensuring that no single individual has unchecked authority over a critical business process. This measure is essential in maintaining ethical conduct and protecting the interests of our stakeholders.

Internal Controls – we implement internal controls to enforce the segregation of duties effectively. Regular rights reviews and assessments are conducted to identify and address any potential weaknesses.

Chinese wall arrangement – the purpose of a Chinese wall is to maintain confidentiality and prevent conflicts of interest that involve handling sensitive or privileged information. ThreatMark access management policy ensures that individuals within one part of the organization do not have unauthorized access to information held by another part without the proper reason. Thus minimizing the risk of insider trading, conflicts, or the misuse of privileged information.

7. Environmental obligations

ThreatMark conducts its activities with due respect for the environment and takes initiatives to reduce its ecological footprint by the following:

  • Actively supports activities that promote health and contribute to cleaner air and more pleasant, safer, and healthier cities where we live and work.– e.g. Bike to work challenge.
  • Promotes eco-friendly technologies, products, and services, with the aim of contributing to sustainable development.
  • Implement appropriate measures to prevent and/or minimize consequences while continually striving to enhance environmental performance.
  • Support the objectives outlined in the Paris Agreement.

8. Social Responsibility (CSR)

As part of our commitment to Corporate Social Responsibility (CSR), we recognize the profound impact we can have on the community and the environment, and thus, we collaborate with ADRA, a distinguished charity organization. Throughout the year, our team engages in meaningful volunteering activities, dedicating our time and resources to make a positive difference in the lives of those in need. Through these initiatives, we aim to foster a culture of compassion, community engagement, and environmental consciousness within our organization, embodying our commitment to social responsibility and more sustainable future for all.

9. Reporting and Monitoring System

ThreatMark appoints a Compliance Manager as a central reference point for reporting any suspicious or unlawful actions, transactions, or breach of law or this Code of Conduct.

9.1. Compliance Manager

For receiving and assessing reports of possible infringements within the company is responsible Compliance Manager, who is

Veronika Zelinko, HR & Back Office Manager, .

In carrying out his/her activities under this Policy, the Compliance Manager shall be impartial and shall observe confidentiality of the facts of which he/she becomes aware in the performance of his/her duties.

Compliance Manager shall maintain strict confidentiality about the identity of the reporting person (whistleblower), the details of other natural persons, and in relation to the information contained in the received report. ThreatMark declares that the Compliance Manager will not be penalized in any way for the proper performance of his or her activities according to this Policy.

Responsibilities and duties:

  • Notify the CEO within 10 days that he/she has ceased to meet the integrity requirement.
  • Not to disclose information that could undermine or jeopardize the reporting process.
  • Must not provide information on the identity of the Reporting Person (without the written consent of the whistleblower), unless they’re obliged to provide this information to the competent (public) authorities under other legislation.
  • Keep a record of reports and documentation received for at least 5 years after receipt of the report.
  • Recommend remedial action.
  • Compliance Manager shall submit to his/her immediate superior by 1 March of the following calendar year, a written report of his/her activities for the preceding calendar year.

9.2. Protection of Reporting Person

Any natural person who has reason to believe that a violation of this policy or any law has occurred, or may occur, must promptly report this information through an internal or external reporting system.

The person who reports or publicly discloses information on breaches acquired in the context of his or her work-related activities is referred to as a Reporting person, also known as a whistleblower. It can be a current, former, or future employee, job applicant, contractor, partner, member of ThreatMark’s governing bodies, contractors, or subcontractors.

Retaliation in any form against an employee who has, in good faith, reported a violation or possible violation of this policy is strictly prohibited. ThreatMark declares that it will protect the reporting persons and will not retaliate against him/her. Retaliation means any direct or indirect act or omission which occurs in a work-related context, is prompted by reporting or by public disclosure, and which causes or may cause unjustified detriment to the reporting person.

This protection includes also third persons who are connected with the reporting persons and who could suffer retaliation in a work-related context, such as colleagues or relatives of the reporting persons; and legal entities that the reporting persons own, work for, or are otherwise connected within a work-related context.

The protection does not apply to persons who knowingly make false accusations or deliberately provide false information.

9.3. Internal Reporting System

A report can be made by the following means:

The report may also be made anonymously (for example from an anonymous email or by sending a letter), in which case ThreatMark declares that it will not seek the identity of the notifier.

9.4. External Reporting

The Reporting Person can also make a report to the Ministry of Justice Czech Republic.

9.5. Procedure For Handling Reports

The report is accepted in any form (written, oral, or in person). Compliance Manager informs the Reporting Person within 7 days of receipt of the report. Compliance Manager assesses the validity of the report and notifies the Reporting Person within 30 days of the results of the assessment of the report. In legally and factually complex cases, this time limit may be extended by up to 30 days.

If Compliance Manager finds the notification to be justified, he/she shall propose to remedy the situation or procedure to prevent and mitigate the unlawful situation.

10. Final Provisions

ThreatMark provides training to all relevant staff (including new staff) to ensure they are made aware of the Code of Conduct facilitating them to recognize suspicious activities/transactions. ThreatMark keeps training records/records of relevant courses or seminars attended.

ThreatMark keeps this policy and procedures under regular review and assesses that the risk mitigation procedures and controls are working effectively.

Questions about the policy or its applicability should be directed to ThreatMark’s Compliance Manager.