3rd-Party Risk Assessment Policy

1. Purpose

The purpose of this policy is to establish a process for identifying the ultimate beneficial owners (UBOs) or controllers of third-party entities. This ensures transparency and mitigates risks associated with engaging entities with undisclosed ownership structures.

2. Scope

This policy applies to all third-party entities, including suppliers, vendors, contractors, and business partners, with whom the company establishes a commercial relationship.

3. Policy Statement

Our company is committed to transparency and compliance with regulatory requirements concerning the identification of final beneficiaries or controllers. We implement thorough procedures to identify and verify the identities of individuals who ultimately own or control our third-party entities.

4. Procedures

4.1 Initial Information Collection

Request for Disclosure:

Require all potential third parties to complete a UBO disclosure form, providing details about the ownership structure, including the identities of individuals holding significant ownership or control.

Documentation Verification:

Obtain and verify official documents, such as corporate registration certificates, shareholder agreements, and other legal documents that disclose the ownership structure.

4.2 Due Diligence Process

Beneficiary Identification:

Identify individuals who directly or indirectly own or control a significant percentage (typically 25% or more) of the third-party entity's shares or voting rights.

In the case of no individual meeting this threshold, identify those with significant influence or control over the entity.

Verification Methods:

Utilize reliable sources such as government databases, public records, and other trusted verification services to confirm the identities and ownership details provided.

Risk Assessment:

Evaluate the risk associated with the identified UBOs or controllers, considering factors such as their legal history, reputation, and the nature of their business activities.

4.3 Approval and Contractual Requirements

Approval Process:

Present the findings to relevant internal stakeholders for review and approval before establishing a relationship with the third party.

Contractual Safeguards:

Include clauses in contracts that require the third party to notify the company of any changes in their ownership structure or control within a specified period.

4.4 Ongoing Monitoring and Review

Periodic Reassessment:

Regularly update the information on UBOs or controllers as part of ongoing due diligence, especially if there are significant changes in the third party's ownership or control.

Reporting and Record Keeping:

Maintain detailed records of all identification and verification activities, including the documentation received and any risk assessments conducted.

5. Roles and Responsibilities

Compliance Team: Responsible for collecting and verifying UBO information, maintaining records, and conducting periodic reassessments.

Legal Department: Ensures that contractual agreements include necessary clauses related to UBO disclosure and notification requirements.

Management: Provides oversight and approves relationships with third parties, considering the risk associated with their UBOs or controllers.

6. Review and Updates

This policy and its procedures will be reviewed annually or as required to ensure they remain current with legal requirements and industry best practices.

Approval and Effective Date:This policy is approved by the Senior Management/Board of Directors and is effective from 2021-01-01.

Contact Information:For any questions or concerns about this policy, please contact the Compliance Department at compliance@dgs-online.com