Appendix 3: Anti-fraud Policy

Policy statement

The purpose of this Policy is to set out prevention and detection measures to mitigate and, where possible, avoid any fraud attempts. It also outlines the internal reporting requirements to efficiently report any fraud incident as well as the investigation and remediation of fraud.

We are committed to protecting the anonymity of those raising concerns and conducting investigations in a confidential and independent manner.

Scope & responsibilities

This Policy applies to all VMS associated companies worldwide and to all our employees, directors and officers. It governs any fraud, actual or attempted, either internally or externally, involving:

• our employees, including directors and officers; or
• any third parties with whom VMS conducts business (e.g. contractors, suppliers etc.).

Every VMS employee is responsible for the prevention and detection of fraud. We must all take prompt action to immediately report any fraud we suspect or identify as outlined in the Reporting section below.

Fraud definition

For the purpose of this Policy, the term “fraud” refers to any action or omission, whether attempted

or successful, which misleads or deceives, or which intends to mislead or deceive, any person for the purpose of obtaining an undue advantage and/or which results in an unjustified financial gain or loss for VMS. It includes but is not limited to:

• Misappropriation of assets: a theft or an improper or unauthorized use of VMS’s assets, such as VMS’s funds, products, supplies including scrap material and intellectual property;
• False accounting and financial reporting: an intentional misstatement or omission of material information in VMS’s financial reports or accounting books;
• Impersonation: any action to pass off as an VMS employee or supplier, such as document forgery to obtain undue information or payment by any means, including falsification of bank details;
• Malicious IT acts: any cyber-attack or unauthorized access to VMS’s IT systems;
• Non-compliance: any intentional infringement of any of VMS’s policies including the Travel and Business Expense Policy.

Fraud prevention

VMS has put in place the following safeguards to efficiently mitigate the risk of fraud incidents:

• a periodical fraud-risk assessment within the overall risk management system (“RMS”) to identify exposed areas and develop risk-mitigation strategies;
• an independent internal audit function;
• appropriate processes for internal controls including authorisation controls, reporting and investigation procedures; and
• sign off by all our employees to our Code of Conduct, including this Policy.
• VMS has various procedures, safeguards and processes in place to identify potentially fraudulent activity.

Fraud Detection

To protect the company, VMS strives to detect any fraud and requires all employees to be on alert for any signs of fraud such as:

• alarmist or overly complimentary language;
• abusive or aggressive requests;
• email address variation or domain changes;
• altered contact details for suppliers or their bank details.

VMS has various procedures, safeguards and processes in place to identify potentially fraudulent activity.

If you are in ANY doubt about initiating or authorising a transaction, do not do it and contact your Manager, Finance Manager or Chief Financial Officer.

Reporting

Identifying fraud at its early stages allows VMS to take prompt actions to mitigate any impact it might have. If you suspect or identify fraud, you must follow the below process and refer to the key contacts at the end of this Policy:

• Speak up without delay. Contact immediately your direct manager and your Finance Manager.
• Report promptly. Promptly notify the Group Compliance Committee (via Finance Manager)
• Document. Complete a Fraud Incident Report and submit it as soon as possible to the Group Compliance Committee.

All complaints will be dealt with in a strictly confidential manner. VMS is committed to protecting employees who raise concerns in good faith, where necessary (and permitted under national law) protecting their identity, and ensuring that they do not face any form of retaliation, discrimination or disciplinary action as a result of their raising concerns.

The Group Compliance Committee will inform the Chief Financial Officer. The Chief Financial Officer will report to the Board of Directors of VMS as necessary.

Investigation

The Group Compliance Committee has the responsibility to launch, supervise and finalize an investigation into any fraud in the manner described below:

• An initial assessment will be carried out to determine
  • whether public disclosure is required
  • whether it is necessary to appoint a specific dedicated team to assist with an investigation (the “Investigation Team”), taking into account the circumstances of the case
  • whether external assistance is required e.g. for legally privileged reasons
• The Investigation Team will put in place an investigation plan. The Investigation Team will consider matters set out in the Fraud Incident Report Form, but will not be limited to it and may, if necessary, conduct a broader investigation
• All work of the Investigation Team should be documented, including, if appropriate, the interviews.

All investigations into alleged or suspected fraud will be undertaken in an independent, open-minded, fair and proper manner. Investigations will be conducted with integrity, confidentiality and impartiality and ensuring that those on the Investigation Team have the necessary competence. Where applicable, the Investigation Team may refer suspected fraud to relevant national authorities for further investigation and/or criminal prosecution and provide further assistance to those authorities as may be requested. The Group Compliance Committee will periodically update the Board of Directors  regarding reported frauds and ongoing fraud investigations.

Remediation

The Group Compliance Committee will identify the group function responsible for the implementation of the appropriate remediation measures, which may include:

• Disciplinary procedures, which may result in various action, up to and including termination of employment of:
  • any employee directly involved in the fraud, and
  • any employee whose negligence, through lack of supervision and control, may have facilitated the fraud
• Legal actions to recover damages with the assistance of Group legal counsel
• Internal process changes to prevent re-occurrence of fraud

Closing Report

The Group Compliance Committee will prepare a report following an investigation into any fraud, which will include a summary of the facts of the investigation, remediation actions and key recommendations.  Upon clearance by the Chief Financial Officer, the Closing Report will be distributed to the Group Compliance Committee for review and will then be submitted:

• upon approval by the Group Compliance Committee, to the Chief Financial Officer; and
• if the Chief Financial Officer deems fit, to any other members of management

This Policy will be updated as necessary to reflect best practice and to ensure compliance with any changes or amendments to applicable laws.