Introduction

Monnify is a payment solutions platform operated by TeamApt Limited ("TeamApt" or "the Company"). This Whistleblowing Policy applies to Monnify and all employees and stakeholders of TeamApt Limited.

Monnify (TeamApt Ltd) actively encourages employees to embrace its values, especially with respect to upholding the highest levels of integrity. Consequently, the Company's employees are obliged to report any unlawful, irregular, or unethical conduct that they observe.

The Company is also required by the CBN's Guidelines for Whistle-Blowing 2014 and the Nigerian Code of Corporate Governance 2018 to have a whistle-blowing policy that includes the provision of dedicated hotlines for such reporting. These guidelines apply to all employees of Monnify (TeamApt Ltd).

Whistle-blowing essentially means to alert others of misconduct or wrongdoing. You do not need to be certain as suspicion is adequate provided it is done in good faith. The Company will apply the highest standards of accountability and corporate governance in response to cases of whistle-blowing.

The Company's whistle-blowing policy provides for the following:

• Disclosure of information, in good faith which it believed shows wrongdoing within the Company, without fear of retaliation;
• No disadvantage when reporting legitimate concerns;
• A promise to protect the identity of the reporting staff if report is done in good faith and in line with the procedures set out in this policy; and
• Non-protection of the identity of any employee who maliciously makes false reports and appropriate disciplinary action will be taken in such cases.

Policy Objective

The Company's whistle-blowing policy is not to be used to report petty disputes, grievances, false or misleading disclosures, issues currently under disciplinary inquiry and issues already pending before the courts.

This commitment rests on the fundamental belief that business should be conducted honestly, fairly, and within the framework of applicable laws.

The Company will proactively protect funds and resources under its custodianship from abuse or misdirection.

Furthermore, employees deserve to work for an organization that supports, and acts upon, the highest ethical values. Therefore, reporting misconduct by blowing the whistle is an act of care and loyalty to fellow employees, shareholders, and other stakeholders.

This Policy therefore seeks the following:

• Give clarity on what types of misconduct are reportable.
• Assure all Stakeholders of the Company's commitment to protecting disclosures. Assure all stakeholders that the Company will do everything in its power to ensure that people who report misconduct in good faith are not retaliated against or victimized.
• Inform all stakeholders of the various ways of making a disclosure and give clarity on these processes; and
• Indicate what the Company's responsibilities are when alerted to misconduct.

Policy Scope

This policy applies to all Employees.

Policy Elements

Whistle-Blowing Protection

The Company will treat all disclosures resulting from whistle-blowing in a confidential manner; both confidential and anonymous whistle-blower identities will be kept confidential. Safety is a concern because those who benefit from misconduct may attempt to retaliate against or victimize a whistle-blower for loss, or potential loss, of that ill-gotten gain.

However, importantly:

• Such dire consequences can only come into play if the identity of the whistle-blower is known through a breach of confidentiality; and
• As an anonymous whistle-blower, you cannot be victimized, provided you protect your own anonymity.

The Company assures all stakeholders that it will not tolerate retaliation against any person who reported in good faith.

Good Faith Reports

A good faith report is made by a whistle-blower who believes the report to be true and relevant to the interests of the Company. The Company will maintain the necessary internal systems and procedures to protect the interests of whistle-blowers. In addition to this, the Banks and Other Financial Institutions Act 2004 (As amended) protects against adverse claims for company employees in respect of anything done in good faith in connection with the execution of powers conferred on the Company or officer.

Stakeholders are encouraged to disclose their names when filling in reports to make their reports more credible and the identification remains confidential for this purpose unless authorized.

Confidentiality

Confidentiality here means that the person providing advice will know your identity when you seek advice but will not make your identity known to anyone else without your permission unless there is an overriding legal or ethical obligation to do so. Anonymous disclosures will also be considered and investigated accordingly should you prefer your identity to be unknown.

Furthermore, the CBN guidelines provide that an employee who reports in good faith may take appropriate legal action if they are subjected to any 'detriment' due to speaking up. Issues that could amount to 'detriment' are listed by the Company as being:

• Dismissed, suspended, demoted, harassed, or intimidated
• Transferred against their will
• Refused transfer or promotion
• Subjected to a term or condition of employment or retirement that is altered or kept altered to his or her disadvantage
• Refused a reference, or being provided with an adverse reference
• Denied appointment to any employment, profession, or office

The Company assures that it will not act against anyone who reports in good faith. A whistle-blower will not be victimized or disadvantaged in any way by Monnify (TeamApt Ltd). However, reporting in no way protects a whistle-blower from going through a legitimate disciplinary process if the whistle-blowing was not done in good faith or the person is involved in any misconduct or wrongdoing.

Who Should Blow the Whistle?

Anyone, but especially employees, management, directors, depositors, service providers, creditors, and other stakeholder(s) within Monnify (TeamApt Ltd), if they are aware of or have reasonable grounds to suspect any misconduct or wrongdoing associated with activities of the Company.

When Should You Blow the Whistle?

Misconduct or wrongdoing is reportable when it has taken place, is taking place, or is reasonably likely to take place. Damage to Monnify (TeamApt Ltd) and its stakeholders can happen when any misconduct is not checked or addressed. The sooner misconduct or wrongdoing is reported, the greater the chances of mitigating any possible impact. Importantly, in determining whether to report misconduct, harm is not only measured in terms of resources lost, or damage to a program or initiative but may also damage the integrity and reputation of the Company.

Reportable Conduct

Reportable conducts fall into the following categories:

• Illegal or Unlawful Conduct: Conduct may be illegal or unlawful in terms of the laws of the Federal Republic of Nigeria and other applicable laws and regulations. Criminal offenses such as theft, fraud, bribery, corruption, or money laundering fall into this category and should be reported.
• Unprocedural Conduct: Conduct is unprocedural when it violates any policies, procedures, rules, or regulations of the Company or those of any other party that impact its operations. It is particularly important to highlight those rules and processes that guide accounting practices and control financial reporting, auditing matters, and the like. These procedures are important for good governance, and breaching them may expose the Company and its stakeholders to the risk of loss or reputational damage.
• Other Forms of Unethical Conduct: The Company's Code of Ethics provides guidance as to what is considered ethical and unethical. This code does not cover all unethical actions and if you believe that an activity is unethical, in other words, it goes against the values of the firm, then you should report this or obtain advice on the matter. However, not all forms of unethical conduct should be reported using the whistle-blowing channels. For example, some kinds of conduct may be disrespectful, and therefore undesirable, without harming any serious interests other than personal feelings. For this type of conduct, it is recommended that you refer to the People Operations /HR knowledge library and, more specifically, to the Grievance Policy and Procedures.
• Wasteful Conduct: When one wastes resources, it is reportable under this policy since responsible stewardship of resources is crucial to the success of Monnify (TeamApt Ltd). Everyone in the service of the Company has an obligation to ensure that all resources are used prudently and efficiently. If a staff perceives that resources were spent in a wasteful manner, and in breach of the trust under which they are provided to Monnify (TeamApt Ltd) and its members, this would be reportable under the whistle-blowing mechanism.

The misconduct in the above-mentioned categories can include various types of activities. While it is not possible to list all these activities, we appeal to staff to be especially vigilant about the following issues:

• Actions Detrimental to Health and Safety or the Environment
• Other forms of Corporate Governance breaches
• Insider Trading
• Non-disclosure of interest
• Attempts to conceal or suppress any information relating to any of the above

Important Information Required When Blowing the Whistle

A formal investigation will be carried out when there is reason to believe that improper acts have been committed. Hence the Complaint should be as specific as possible and include the following details:

• The alleged wrongdoing
• Where and when (dates and times, if available)
• Who was involved
• How the individual or firm committed the act
• Why you believe the activity is improper

The Whistleblower will not be expected to prove the truth of an allegation when reporting, what is expected however, is to show that there are enough grounds for concerns.

How to Blow the Whistle

There are various ways of raising a concern or speaking up. The preferred option will depend on the seriousness of the misconduct being reported and the one most comfortable to the reporter.

Minor Misconduct

In cases of minor misconduct (i.e. if it is not illegal or it does not pose significant potential damage to Monnify (TeamApt Ltd) or any of its stakeholders), the whistleblower is encouraged to approach the offending colleague directly if this will resolve or prevent the misconduct. The whistleblower may also approach the Compliance Department, his line manager, or any other manager in Monnify (TeamApt Ltd) who he/she can trust.

Whistleblowing Procedure

The whistleblowing procedure involves steps that should be taken by the whistleblower in reporting misconduct, and steps required for the investigation of the reported misconduct. The whistleblowing process will be guided by the following procedures:

Outsourced Whistleblowing Platform managed by Deloitte

To assure all TeamApt stakeholders of the confidentiality and anonymity of reported concerns, TeamApt maintains an outsourced whistleblowing service managed by an independent party, Deloitte. This platform provided by Deloitte for raising concerns is branded Deloitte Tip-offs Anonymous (TOA). All whistleblowing reports should be made using any of the Deloitte TOA reporting channels (see Appendix I).

Before making a tip-off (report of alleged misconduct), it is important to obtain as much relevant information as possible, as the whistleblower would be requested to provide relevant information (see Appendix I).

Whistleblower Identity Options

There are three (3) options to choose from in protecting your identity as a whistleblower. This comprises Completely Anonymous, Partially Anonymous and Confidential Disclosure. Deloitte encourages whistleblowers to select either option of 'partially anonymous' or 'confidential disclosure', to afford TeamApt sufficient information to better handle your concern. All whistleblower reports are handled confidentially.

A. Completely Anonymous

A Whistleblower who selects the completely anonymous option, will not be required to supply his/her name or any information that might reveal the whistleblower's identity. Consequently, the details of the whistleblower are unknown to either Deloitte or TeamApt. However, Deloitte TOA will be unable to contact the whistleblower for more information on behalf of TeamApt if further information about the whistleblower's reported concern is required.

B. Partially Anonymous

A Whistleblower who selects the partially anonymous option will be required to disclose his/her personal details to Deloitte only. Deloitte Tip-offs Anonymous contact centre manages this reporting facility. The whistleblower's personal details would not be divulged to TeamApt. If further information about the whistleblower's reported concern is required, the Deloitte Tip-offs Anonymous contact centre will reach out to the whistleblower.

C. Confidential Disclosure

A Whistleblower who selects the confidential disclosure option will be required to disclose his/her personal details to Deloitte and TeamApt. The whistle-blower's name and contact details would be known to the Deloitte Tip-offs Anonymous contact centre, TeamApt and the investigators that will conduct the investigation.

Subsequent Action

Upon receipt of a report, via any of the TOA reporting channels, Deloitte transmits the report to the designated recipient(s) within TeamApt for an investigation to be conducted. Deloitte will send each TOA report to designated officers usually within 24 hours of receiving an incident reported by a stakeholder.

Public holidays, weekends, and events/circumstances beyond the control of Deloitte (such as strikes, riots and other force majeure) are excluded from the 24 hours timeline within which reports are required to be submitted to the Company.

Feedback to Whistleblower

Feedback will be provided by TeamApt to Deloitte TOA after investigation and subsequently transmitted to the whistleblower through the initial channel of submission, upon the request of the whistleblower.

Deloitte would immediately acknowledge receipt of any reported concern by a whistleblower. However, feedback on the outcome of any reported concern would be dependent on TeamApt's time to complete its internal investigations.

Manager's Responsibilities

TeamApt's Ethics Office as part of the compliance department is committed to investigating and addressing all cases of reported misconduct.

To this end, the whistle-blowing investigation procedures set out all the steps that should be followed upon receipt of the report. This procedure document also sets out the roles and responsibilities of the Ethics Office and that of others charged with investigation and follow-up. All whistle-blower reports received using the channels prescribed within this policy are sent to TeamApt Ethics Office.

In general, TeamApt's Ethics Office will not conduct detailed investigations but will rather direct and classify reports for distribution to the appropriate departments such as the Internal Audit.

A whistle-blower may follow up for information on the outcome of the investigation of the report. If the report was anonymous, the onus is on the whistleblower to contact TeamApt's ethics Line and provide the unique identity number.

The Head of Internal Audit in collaboration with the Ethics Office will review reported cases and recommend appropriate action to the CEO. Where the reported issues affect Executive Management, such issues will be referred to the Board Governance and Ethics Committee. The Board or CEO will take appropriate actions to redress the situation within a reasonable time. The Head of Internal Audit and the Ethics Office is required to provide the Chairman of the Board Governance and Ethics Committee with a summary of cases reported and the result of the investigation at each quarterly board meeting.

Whistleblowing Investigation Procedure

Whistleblowing Investigation Procedures:

1. Once a report is received, the Ethics Office will establish a unique ID number for the source, and if reported by telephone, will inform the caller of the ID number. Reports from all sources will be logged by date and time received and a brief description of the nature of the reported misconduct.
2. The Ethics Office and the Head of Internal Audit will review all reports and will determine if there are grounds to undertake an investigation.
3. The Ethics Office and the Head of Internal Audit will review all reports within 10 days of receipt. They may further carry out a preliminary investigation, if enough information is given, to assess whether an investigation is appropriate and, if so, what form it should take. Concerns or allegations that fall within the scope of other procedures, will normally be referred for consideration under those procedures.
4. If further information is required and the report is confidential rather than anonymous, the investigator will contact the whistle-blower for further information.
5. The action taken will depend on the nature of the concern. The matter raised may, among other possible actions, be:
   • Investigated internally;
   • Referred to the Nigerian Police Force or other relevant law enforcement agencies;
   • Referred to the Ethics Committee.
6. Some concerns may be resolved by agreed action without the need for investigation. In cases where the Ethics Office with the Head of Internal Audit determines that an investigation is not warranted, the whistleblower, if their identity is known, will be informed.
7. In cases where numerous unwarranted or malicious reports are received from one person, the Ethics Office, may refuse to log reports from this person.
8. Where the Ethics Office determines that retaliatory action has been taken against staff or others for disclosing information to or cooperating with investigators, these retaliatory actions will be investigated and reported for appropriate action.
9. Firm action will be taken against employees who make malicious reports i.e. who knowingly provide false information or make false accusations.
10. All investigations will respect the rights of individuals and will be conducted with fairness and due process for all concerned. Unauthorized disclosure by the investigators of information received may constitute misconduct for which disciplinary measures may be imposed.

Follow-up and Reporting

• We recognize that employees require assurance that their concerns have been properly addressed. However, the progression of investigations will be handled in a confidential manner and will not be disclosed or discussed with any persons other than those who have a legitimate right to such information. This is important to avoid damaging the reputation of suspected persons who are subsequently found innocent of alleged wrongful conduct, as well as the person making the report.
• The Ethics Office will give an update on the status or outcome of an investigation to the whistle-blower, if requested, without disclosing confidential information. An anonymous caller should initiate such an inquiry, citing the unique reference number.
• The Head of Internal Audit will periodically report to the Board Governance and Ethics Committee and any other relevant Governance Committees on the number of hotline reports made, the nature of the reported misconduct, and the result of the investigations.
• The Head of Internal Audit will review reported cases from the Ethics Office and recommend appropriate action to the CEO and, where issues affect Executive Management, these will be referred to the Board. The Board or CEO will take appropriate action to resolve the situation within a reasonable time.
• The Head of Internal Audit will provide the Chairman of the Board Audit Committee with a summary of cases reported and the outcome of the investigations.
• The Compliance Office will report all whistle-blowing activities in the company to the Central Bank of Nigeria every quarter as presented to the Board by the Head of Internal Audit.

Creating Awareness

For the policy to be sustainable, the Company will support it with structured training, education, communication, and awareness programs. It is the responsibility of all managers to ensure that all employees are made aware of the policy and receive appropriate training and education about it.

Administration of This Policy

The Ethics Committee is responsible for ensuring uniformity with the implementation of this policy. The Company has the overall responsibility for the maintenance and operation of this policy. The Chief Compliance officer is charged with implementing this policy while Parties with whom a complaint has been lodged will maintain a record of concerns raised and the outcomes (but in a format that does not compromise confidentiality).

Review and Amendments

This policy will be reviewed regularly to ensure its effectiveness and compliance with applicable laws and regulations. Any updates or revisions will be communicated to all employees and stakeholders.

Additional Information

This policy has been developed to provide a framework to ensure compliance with the CBN Whistle-Blowing Guidelines 2014 and BOFIA Act 2004 (as amended), but it does not serve as an exhaustive list of all issues covered within the framework of the Act.

To download the CBN Whistle-Blowing Guidelines and BOFIA Act 2004 (as amended), visit: cbn.gov.ng and Chapter B3 Volume 2, The Laws of the Federation of Nigeria 2004. More information regarding the different types of protected disclosures provided for in terms of the Act can be obtained from the Ethics Office, particularly in relation to the following further types of protected disclosures:

• Protected disclosure to a legal advisor;
• Protected disclosure to an employer;
• Protected disclosure to certain persons or bodies; and
• Generally protected disclosures.

Dedicated Contacts for Whistleblowing

CBN Whistleblowing email address:

• [email protected]
• [email protected]
• [email protected]

APPENDIX I - Procedure for Using Deloitte Tip-Offs Anonymous

How it Works

Whistleblowing reports should be made using any of the Deloitte TOA reporting channels listed below.

• Toll free hotline: 0800TIPOFFS (0800 847 6337)
• Web Portal: https://tip-offs.deloitte.com.ng/
• E-mail: [email protected]
• Mobile App

Step 1

Whistleblower contacts Deloitte Tip-Offs Anonymous contact centre via the toll-free hotline (national calls are toll-free to all networks). Dial the hotline from any telephone of your choice. You may call anonymously - even if you disclose your name, your identity will remain confidential and will not be disclosed to TeamApt except with your consent.

Step 2

Our contact centre agent provides options of anonymity, prompts questions and provides a unique reference number to the whistleblower. The contact centre agent interviews the whistleblower to obtain as much relevant information as possible. Ensure you provide all the available details:

• Nature of the incident
• People involved
• Dates of incident
• Place of occurrence
• How the incident occurred
• Any other useful information

Step 3

Report analyst sanitizes the report to remove any details that might identify the whistleblower, if the partially anonymous or completely anonymous option is chosen. You will be assigned a unique reference code (PIN) - keep this confidential as you will need this number if you make a follow-up. You may call back for feedback on your report or to provide additional information.

Step 4

The information received is captured in a TOA report format, the report is reviewed by the contact center manager and transmitted to selected TeamApt designated personnel for further action.

Step 5

The investigation is conducted, and feedback is provided by TeamApt to Deloitte.

Step 6

The whistleblower may subsequently call back to provide additional information or request feedback.