\ CRIMINAL COMPLIANCE AND ANTICORRUPTION POLICY

1.- Purpose

This Criminal Compliance and Anti‐Corruption Policy complements the provisions of the Code of Ethics and List of Prohibited Behaviours and, consequently, it is in tune with the organisation’s values, confirming the Company’s desire to maintain behaviour that abides by those rules and also those values, for which purpose it establishes a framework of crime compliance principles.

Therefore, this Policy is aligned with the culture of integrity and respect for the rules, not only considering the interests of the Organisation, but also any requirements that stakeholders/interested parties may have. Thus, this document is aligned with our core objectives and, consequently, with our determination not to tolerate any behaviour that may constitute a crime within the organisation ‐ a key objective. Therefore, we require the full commitment of the Board of Directors, Senior Management and all other members of the Organisation to comply with its provisions.

On the back of this commitment to compliance, throughout this Manual we have established certain behavioural parameters which are expected of the individuals to whom this document applies, detailing the measures adopted to monitor their adherence and the consequences for non‐compliance.

2.- Entities, people and activities concerned

2.1.- Entities and people concerned

This Policy is mandatory and applicable to the whole Organisation. The members of the Organisation must comply with its contents, regardless of the position they hold.

Due to the foregoing, although this Policy is applicable to the members of the Organisation, it may also be extended, in whole or in part, to business partners, whenever the specific circumstances in each case so advise, thus ensuring that there is compliance with the Organisation’s due diligence procedures for the selection of third parties to ensure abidance by criminal law. This establishes that the Company is obliged to monitor the behaviour of those parties who, while being subject to the authority of legal representatives, may have committed criminal acts due to a serious failure to fulfil its duties to oversee, monitor and supervise them, considering the specific circumstances of each case, regardless of whether they are members of the Organisation or business partners.

2.2.- Organisational measures
All of the Organisation’s activities are subject to this Policy.

3.- Organisational measures

3.1.- Compliance Committee

The Company has a Compliance Committee that has been assigned functions to prevent criminal activity and it is responsible for enforcing this Policy by implementing the various measures established in the Criminal Compliance and Anti‐Corruption Management System that underpins it. This Committee is a deliberative body and it is composed of several members of the Organisation, as detailed later in this Manual.
The Board of Directors approved the creation of this body and the composition of its members, giving it independent powers of initiative and control and the greatest possible degree of independence to perform its functions, meaning that it is free from any business constraints that may impede the performance of its functions.

Under the terms of the Policy, this Committee has the full support of the Board of Directors, to which it has unfettered access, and it is entrusted with the responsibility of overseeing the operation and enforcement of the Criminal Compliance and Anti‐Corruption Management
System. In this regard, it has the power to freely access any documents of the Organisation and the members of the Organisation that may be required to perform its functions. The members of the Organisation are obliged to provide it with any documents or reports it requests
immediately.

The Compliance Committee performs its duties independently, without requiring specific powers to do so, under the terms of this Policy and the stipulations of the Criminal Compliance Management System.

The Compliance Committee’s independence guarantees its neutrality in decision‐making. This independence is underpinned by its functional relationship with and unfettered access to the Board of Directors. Additionally, the Board of Directors is ultimately responsible for evaluating the Compliance Committee’s performance.

3.2.- Main functions of the Compliance Committee
This specific section is examined later in the Manual.

4.- Obligations of the members of the Organisation

4.1.- The Board of Directors and the Senior Management

ONA’s Board of Directors and the Senior Management not only support the Compliance Committee in the exercise of its duties, they also actively promote a culture of compliance within the Organisation, ensuring that it has appropriate resources to effectively implement the Criminal Compliance and Anti‐Corruption Management System, and promoting the use of procedures and channels that are provided to report potential criminal behaviour that may affect the Organisation and its activities, among other things.

4.2.- All members of the Organisation
All members of the Organisation are responsible for understanding, complying with and implementing the provisions of this Criminal Compliance and Anti‐Corruption Policy, cooperating with the Compliance Committee, Board of Directors and General Management when necessary and, in particular, conducting themselves in the manner expected of them, in accordance with the List of Prohibited Behaviours and the expected behavioural parameters.

Similarly, they must all immediately report any action to the Compliance Committee to prevent or remedy the possible commission of a crime or a potential criminal offence of which they are aware and/or which is being addressed without the apparent involvement of the Compliance Committee.

Furthermore, all members of the Organisation are expected to attend any training sessions relating to criminal compliance that may be required because of their role or position in the Organisation, and they are expected to provide any information and documentation requested by the Compliance Committee immediately.

5.- Sanctions

A failure to comply with this Policy and, above all, engaging in any of the prohibited behaviours outlined in the policies and procedures that comprise the Criminal Compliance and Anti‐Corruption Management System must result in the imposition of the sanctions provided for by Law, the employment contracts and the applicable Collective Agreement; these may range from reprimands to the termination of the employment contract. In the case of suppliers and third parties, a written reprimand is the sanction that must be imposed and reported to the supplier’s board, or the contract with the supplier will be terminated immediately in the case of serious infractions.

The foregoing is not withstanding any labour, civil, administrative and/or criminal penalties that may be imposed on the offending party.