POLICY: October 2017
CONTENTS 1. PURPOSE P3 2. SCOPE P3 3. LEGISLATION AND CORPORATE GOVERNANCE REQUIREMENTS REFERENCE 4. POLICY STATEMENT AND INTERNAL STANDARDS P3 P4 4.1 Background P4 4.2 Actions constituting fraud P4 5. RESPONSIBILITIES P5 5.1 Senior management P5 5.2 All employees P5 5.3 Lonmin business assurance services (LBAS) fraud and investigations/group Security P5 5.4 LBAS fraud and investigations/group Security 5.5 Social and ethics and transformation committee/audit and risk committee 6. REPORTING RESPONSIBILITIES P5 P6 P6 7. OWNERSHIP P6 8. ADMINISTRATION OF POLICY 9. APPLICABLE BUSINESS GOVERNANCE FORUMS REFERENCE P6 P7 10. NON-COMPLIANCE P7 11. PERIOD OF OPERATION P7 12. DEFINITIONS P7 Appendix A Decision matrix REVISION NUMBER DESCRIPTION DATE ROLE NAME AND SURNAME/COMMITTEE SIGNATURE DATE Originator Reviewed by Approved by Recommended by Approved by Devan Somiah Head of Assurance and Risk Barrie van der Merwe Chief Financial Officer Ben Magara Lonmin Exco Dr Len Konar Lonmin Audit and Risk Committee Brian Beamish Lonmin Board of Directors 8 August 2017 22 August 2017 24 September 2017 nn September 2017 nn September 2017 2
POLICY: PURPOSE 1 The purpose of this Policy is to: Convey the expectations of the Board of Directors and Senior Management with regard to managing fraud risk Establish procedures and assign responsibility for the investigation of fraud and related offences Provide guidance to employees who find themselves having to deal with suspected cases of theft, fraud and corruption Develop awareness of risk and fraud in the organisation SCOPE 2 The policy applies to any fraud or suspected fraud, as defined in this policy, involving directors and employees as well as shareholders, consultants, vendors, contractors, outside agencies and/or any other parties with a business relationship with Lonmin. LEGISLATION AND CORPORATE GOVERNANCE REQUIREMENTS REFERENCE 3 The Fraud Prevention Policy needs to support the current legislative and regulatory framework. Regular reviews of Lonmin s legislative and regulatory framework should be undertaken to ensure that the Fraud Prevention Policy is aligned to this framework at all times. The following main pieces of legislation and guidelines are applicable to the policy: Prevention and Combating of Corrupt Activities Act 12 of 2004 Prevention of Organised Crime Act 121 of 1998 United Kingdom Bribery Act 2010 3
POLICY: continued POLICY STATEMENT AND INTERNAL STANDARDS 4 All employees are responsible for the detection and prevention of fraud, misappropriation and other inappropriate conduct. Each member of the management team should be reasonably familiar with the types of improprieties that may occur within his or her area of responsibility and be alert to any indication of irregularity. Fraud or irregularities detected or suspected should be reported, without delay, to Deloitte Tip-offs Anonymous. 4.1 BACKGROUND Lonmin is committed to ethical behavior, and to the prevention, detection and reporting of fraud in terms of a zero-tolerance approach. All members of staff are expected to share this commitment. The Group will manage fraud risk by: Defining, setting and maintaining cost-effective control procedures to prevent, identify and deter fraud Ensuring implementation of and compliance with key controls Investigating all incidences of actual, attempted or suspected fraud, and all instances of major control breakdowns Encouraging staff to be vigilant and raising fraud awareness at all levels Providing staff with effective confidential reporting mechanisms and encouraging their use Taking action against individuals and organisations perpetrating fraud against the company, its shareholders or its customers Seeking restitution of any asset fraudulently obtained and the recovery of costs Co-operating with law enforcement and other appropriate authorities in the investigation and prosecution of those suspected of fraud. 4.2 ACTIONS CONSTITUTING FRAUD At Lonmin, fraud includes the crimes listed below (as defined under Definitions): Fraud in the broadest sense Forgery Bribery Corruption Insider trading Hacking For the purposes of this policy, the term fraud can be used interchangeably with the crimes reflected above. In this context, actions constituting fraudulent behaviour include, but are not limited to, the following: Any dishonest or fraudulent act Embezzlement or misappropriation Forgery or alteration of any document or account belonging to Lonmin Forgery or alteration of a cheque, bank transfer or any other financial document Theft or misappropriation of funds, securities, supplies or other assets Impropriety in the handling or reporting of money or financial transactions Transacting in securities or financial instruments using insider knowledge of Group or customer activities, irrespective of whether or not a profit or loss is made Unauthorised disclosure or manipulation of sensitive, confidential or proprietary information The offering or taking of inducements, gifts or favours as referred to in the Lonmin Code of Business Ethics, and Conflicts of Interest, Bribery and Anti-Corruption policies, which may influence the action of any persons Wilful destruction, removal or inappropriate use of records or Group assets Engage in any practices or pursue any private activities which conflict in any way with Lonmin s interests Hacking of and unauthorised access to Lonmin s computer systems Making a payment to or on behalf of any official (including government officials) for the purpose of obtaining or retaining business for or with any person or directing business to any person Any similar or related inappropriate conduct as outlined in the Lonmin Code of Business Ethics, and Conflicts of Interest, Bribery and Anti-Corruption policies, which place a fiduciary duty on all employees to disclose such activities, with disciplinary action as a consequence for failure to disclose such conduct Any queries about actions that could constitute fraud should be addressed to the Company Secretary or Head of Assurance and Risk or the Group Manager: Security and Risk. 4
POLICY: continued RESPONSIBILITY 5 5.1 SENIOR MANAGEMENT Exco Members, General Managers, Heads of Functions, Senior Managers and Managers, at all levels, have a responsibility to: Promote the highest levels of ethical and lawful conduct in accordance with the Lonmin Code of Business Ethics and embrace good corporate governance by reporting any conduct which may be regarded as unethical, unlawful or in breach of good corporate governance, or which has the potential to tarnish the good name and reputation of Lonmin Set the tone at the top by preventing, detecting and deterring fraud through word and deed by management creating a culture that clearly does not tolerate fraud and deals with fraudulent behaviour swiftly and decisively Be familiar with the types of improprieties that might occur within his/her area of responsibility and remain alert to any indication of irregularity Ensure that an adequate system of internal controls exists within their areas of responsibility and that controls operate effectively Ensure that the Lonmin Code of Business Ethics, and Conflicts of Interest, Bribery and Anti-Corruption and Fraud Prevention policies are well communicated to all staff within their areas of responsibility In consultation with Legal and Human Resources, take appropriate legal and/or disciplinary action against perpetrators of fraud Take disciplinary action against employees where employee negligence has contributed to the commission of the fraud Ensure employees comply with this policy and annually declare acknowledgment of and the contents of this policy Confirm that all vendors dealing with Lonmin comply with this policy 5.2 ALL EMPLOYEES All employees have a responsibility to: Ensure that they are familiar with, and comply with, the Lonmin Code of Business Ethics, and Conflicts of Interest and Bribery and Anti-Corruption policies, which should be included in annual induction training for all employees and contractors Ensure they are familiar with, and comply with, controls and procedures in their areas of responsibility, and understand that their job procedures are designed to manage fraud risks and that non-compliance may create an opportunity for fraud to occur or go undetected Have a basic understanding of fraud and be aware of the red flags Recognise specific fraud risks within their own areas of responsibility and understand that they have a duty to ensure that these risks are identified and addressed, and discussed with their line managers and/or Head of Assurance and Risk or Group Security and Risk Manager when they believe that there is an opportunity for fraud because of poor procedures or oversight Report any suspected irregularities in accordance with the Lonmin Code of Business Ethics, and Conflicts of Interest and Fraud Prevention policies Co-operate in investigations Treat information relating to fraud investigations as confidential 5.3 LONMIN BUSINESS ASSURANCE SERVICES (LBAS) FRAUD AND INVESTIGATIONS/GROUP SECURITY LBAS Fraud and Investigations/Group Security is responsible for: Conducting investigations reported to Deloitte Tip-Offs Anonymous or directly to LBAS relating to commercial and white collar crime Identify internal controls once an investigation has been completed to address any weaknesses contributing to fraud and make recommendations for remedial action if necessary Reporting the results of fraud investigations, and actions that have been taken to manage fraud risks, to appropriate management and the Board through the Audit and Risk Committee, and provide an appropriate source of information to management regarding instances of fraud, corruption, unethical behaviour and irregularities Group Security is responsible for: Predominantly investigating syndicated crime, and performing surveillance, intelligence and covert operations relating to all PGM theft 5.4 LBAS FRAUD AND INVESTIGATIONS/GROUP SECURITY Fraud and Investigations and/or Group Security, depending on the merits of each case, are responsible for: Conducting investigations into any matter referred to them directly or reported to Deloitte Tip-Offs Anonymous or the Group Company Secretary 5
POLICY: continued RESPONSIBILITY continued 5 Co-ordination of investigations into all suspected fraudulent acts Reporting the results of the investigation to the appropriate person(s) Where applicable, outsourcing certain functions pertaining to investigations to approved service providers and managing such service providers 5.5 SOCIAL AND ETHICS AND TRANSFORMATION COMMITTEE/AUDIT AND RISK COMMITTEE The Social and Ethics and Transformation Committee and/or Audit and Risk Committee shall: Review the appropriateness and effectiveness of policies and procedures for preventing or detecting fraud Direct and supervise investigations into matters within the committee s scope, for example, evaluations of the effectiveness of the Group s internal control to deter/prevent fraudulent acts, cases of employee fraud or supplier fraud, forensic investigations, misconduct or conflict of interest Receive and review reports on the prevention, detection and investigation of fraudulent activity or misconduct within Lonmin Group companies Review significant cases of employee conflicts of interest, misconduct or fraud, or any other unethical activity by employees or the Group REPORTING 6 RESPONSIBILITIES Any employee who suspects dishonest or fraudulent activity should immediately report the matter through Deloitte Tip- Offs Anonymous or directly to the Head of Assurance and Risk and/or Group Security and Risk Manager and/or the Group Company Secretary. OWNERSHIP 7 The Board and Exco are responsible for adopting this policy and taking reasonable steps to ensure that all directors, senior management and employees are aware of the contents hereof. The Head of Assurance and Risk may report of any fraud that could affect the Group s financial statements to the Group s external auditor. In addition, the Group must report any fraud to the applicable regulatory bodies in terms of the relevant legislation including, but limited to, the Prevention and Combating of Corrupt Activities Act, the Prevention of Organised Crime Act and the UK Bribery Act. In terms of the Prevention and Combating of Corrupt Activities Act, fraud greater than R100 000 in value should be reported to [Lonmin, please verify this] Reporting to insurance should also be conducted, where appropriate. ADMINISTRATION OF POLICY 8 The Head of Assurance and Risk is responsible for the administration, revision, interpretation, and application of this policy, which will be reviewed and updated as changes in business or legislation are identified. 6
POLICY: continued APPLICABLE BUSINESS GOVERNANCE FORUMS REFERENCE 9 NON-COMPLIANCE 10 In the event of non-compliance, the individual shall be subject to Lonmin s disciplinary procedures. Lonmin Board of Directors Lonmin Audit and Risk Committee Lonmin Social, Ethics and Transformation Committee Lonmin Health, Safety and Environmental Committee Lonmin Remuneration and Nomination Committee Lonmin Executive Committee PERIOD OF OPERATION 11 This Policy will remain in force from the date of acceptance until amended and circulated as an updated policy. DEFINITION 12 Bribery Corruption Exco Lonmin/the Group Fraud Forgery Hacking Insider trading Policy Theft The offering, acceptance or receipt of anything of value intended to influence behaviour contrary to honesty/integrity The misuse of entrusted power or public office for private gain, covering a range of criminal offences including bribery and other crimes (such as fraud, extortion and money laundering) Lonmin Executive Committee Lonmin The intentional misrepresentation or concealment of a material fact for the purpose of inducing another to act upon it and cause actual or potential prejudice The unlawful and intentional creation of a false document to the actual or potential prejudice of another Intentionally accessing a computer without authorisation or exceeding authorised access in order to obtain or manipulate electronically stored information Using inside information relating to securities or financial instruments when dealing in such securities or financial instruments A set of principles applicable to a specific discipline or processes The unlawful appropriation of moveable corporeal property belonging to another with intent to deprive the owner permanently of the property 7
POLICY: continued APPENDIX A DECISION MATRIX R Responsible A Accountable I Inform C Consult Action required LBAS Fraud and Investigations Finance and Accounting Line Management Legal Counsel Corporate Affairs Executive Management Controls to prevent and detect fraud C R R A Recommendations to prevent fraud R I I I I Reporting of incidents to LBAS Fraud and Investigations R R A Investigation of fraud R C I Referrals to law enforcement officials C R C I Recovery of monies lost due to fraud C R C R Monitoring of recoveries I R I I Communications, publicity and press releases I I C R C Civil litigation I R C Fraud education and training R R C Fraud risk assessment C C R C I Deloitte Tip-Offs Anonymous R I I 8