3rd-Party Risk Assessment Policy

---

1. Purpose

The purpose of this policy is to establish a structured process for evaluating, approving, and monitoring third-party relationshipsto ensure compliance with applicable laws, mitigate risks, and uphold DGS’s ethical and business integrity standards.

2. Scope

This policy applies to all third-party entitiesengaged by DGS, including suppliers, vendors, contractors, consultants, and business partners. It covers due diligence, risk assessment, contracting, and ongoing monitoring of third-party relationships.

3. Policy Statement

DGS is committed to responsible and ethical business practices. We implement risk-based due diligence on third parties to prevent potential risks related to corruption, bribery, money laundering, fraud, sanctions violations, and conflicts of interest.

4. Due Diligence Process

4.1 Initial Risk Screening

DGS applies a tiered risk approach to assess third parties based on:

• Business  Nature & Industry: Identifies sectors with higher risk exposure.
• Geographic Risk: Evaluates jurisdictional risks related to corruption, political instability, and regulatory enforcement.
• Ownership & Governance: Reviews beneficial ownership to detect politically exposed persons (PEPs) or links to restricted entities.
• Legal & Regulatory Compliance: Verifies business licenses, legal standing, and prior sanctions or litigations.

4.2 Risk-Based Due Diligence

Documentation & Verification:

Third parties must provide:

• Business registration certificates, tax IDs, and financial records.
• Evidence of regulatory compliance and certifications.
• Details of ownership and key executives.
• Compliance with anti-corruption and money laundering laws.

Enhanced Due Diligence (EDD) for High-Risk Third Parties

If a third party is classified as high-risk, additional measures are required:

• Reputational due diligence, including media searches and litigation records.
• Review against global sanctions lists (OFAC, UN, EU, etc.).
• Assessment of financial stability and transaction monitoring.
• Legal and compliance approvals before engagement.

4.3 Approval & Contracting Requirements

• Risk Review & Approval:
  • Low-risk third parties require standard approval.
  • High-risk third parties need executive approval and additional contractual safeguards.
• Mandatory Contractual Clauses:
  • Adherence to DGS’s Anti-Corruption Policy.
  • Right to audit and compliance reviews.
  • Termination rights for non-compliance with ethical and regulatory requirements.

4.4 Ongoing Monitoring & Audits

DGS implements continuous monitoring to assess compliance, detect red flags, and reassess risk levels:
✅ Annual risk reassessments for medium and high-risk third parties.
✅ Random compliance audits based on risk rating.
✅ Transaction and payment monitoring for irregularities.
✅ Sanctions screening and adverse media monitoring to detect changes in risk profiles.

4.5 Reporting & Record-Keeping

• DGS maintains records of all due diligence activities, approvals, audits, and remediation actions.
• Red flags must be escalated to Compliance & Legal teams for resolution.
• Employees and third parties must report concerns via DGS’s Whistleblowing Channel:
  🔗 DGS Ethics      Reporting Portal

5. Roles & Responsibilities

📌 Compliance Team– Conducts due diligence, maintains risk assessments, and monitors compliance.
📌 Legal Department – Ensures contracts include necessary compliance safeguards.
📌 Senior Management – Approves high-risk engagements and provides oversight.

6. Enforcement & Disciplinary Measures

• Violations of this policy may result in termination of contracts and legal actions.
• Third parties failing compliance checks may be barred from future engagement.
• Regulatory violations will be reported to relevant authorities when required.

7. Review & Updates

This policy is reviewed annually to align with regulatory changes and global best practices.

📌 Contact for Compliance Questions:
For questions regarding this policy, contact: compliance@dgs-online.com