Anti-Fraud and Whistleblower Policy
CHINA NATURAL RESOURCES, INC.
Anti-Fraud and Whistleblower Policy
Chapter 1. General Principles
1. China Natural Resources, Inc. (the 'Company') establishes this policy according to the operation objectives of the Company and the rules and requirements of laws, regulations, stock exchange market and supervision authorities for listed companies, and regarding the Company practice. The purpose of this policy is to prevent fraud, enhance the governance and internal controls, reduce risks, standardize business activities, maintain the Company's interests, ensure to achieve the business objectives and develop continually, stably and healthy, and to protect the legal interests of its shareholders.
2. This policy mainly sets out the followings:
• The aim of anti-fraud acts, and definition and categories of fraud
• Responsibilities of anti-fraud
• Prevention and control of fraud
• Whistleblower, investigation and reporting of fraud
• Standing organization and its function for anti-fraud
• Guidance and supervision of anti-fraud
• Remedial measure and punishment for fraud
• Applicable scope
3. The aim of anti-fraud is to standardize the business behavior of directors, senior and mid-level management, and employees, who should strictly comply with applicable laws, industry rules and regulations, business ethics and the policies of the Company. They also should be disinterested and diligent, and behaviors of injure the interests of the Company and shareholders are prevented.
Chapter 2. Definition and Categories of Fraud
4. Fraud in this Policy is defined as the use of deception with the intention of pursuing personal interests and causing loss to the proper interests of the Company, or conduct pursuing inappropriate Company interests and taking advantage to personal interest at the same time.
5. Fraud that causing loss to the proper interests of the Company, is that, people in or outside of the Company use deception or other illegal artifice with the intention of obtaining personal benefit, causing loss to the proper interests of the Company and the shareholders. Some examples are as follows:
(1) Receiving bribes or kickbacks
(2) Transferring dealing to others which is profitable normally.
(3) Misappropriation of assets, corruption, embezzlement and theft.
(4) Let the Company pay for fake transactions
(5) Intentional hiding or false representation of transactions
(6) Forgery or alteration of accounting record or vouchers
(7) Betray the business or technique secrets of the Company
(8) Other fraud behaviors causing loss to the Company interests.
6. Fraud that pursuing inappropriate Company interests, is that, to obtain inappropriate advantage to the Company and to oneself, people in the Company use deception or other illegal artifice causing loss to the interests of the country, other organizations, individuals or shareholders. Examples are as follows:
(1) Pay for inappropriate purpose, like payment of bribes or kickbacks
(2) Sale of inexistent or unreal assets
(3) Intentional false representation of transactions, recording of fake transactions, including overstatement of assets and understatement of liabilities, issuing inaccurate financial reports, and misleading the financial reports reader or user to make inappropriate investment decision.
(4) Hiding or deletion of important information which should be disclosed.
(5) Pursuing illegal business activities
(6) Forgery or alteration of accounting record or vouchers
(7) Theft or welsh of taxations
(8) Other fraud behaviors pursuing inappropriate interests.
Chapter 3. Responsibilities of Anti-fraud
7. Management shall have the responsibility for fraud activities. Management is responsible for establishing, improving and implementing effectively of procedures and controls for anti-fraud, including fraud risk assessment and prevention of fraud, and performing self-assessment as well. Management has the responsibility of coordination and guidance for multi-departmental and overall anti-fraud works. The Company set up an anti-fraud standing organization (Internal Audit Department), to organize and carry out anti-fraud in multi-departments and within the Company. All operation departments have the responsibility for anti-fraud work in the department.
Chapter 4. Prevention and Control of Fraud
8. Management's anti-fraud work mainly includes:
• To advocate corporation culture of honesty and integrity;
• To build up anti-fraud culture environment;
• Assessment of fraud risk and to establish detailed control procedures and policies, to reduce fraud opportunities;
• To set up anti-fraud standing organization supervised by Board of Directors and Audit Committee, to receive, investigate, report and provide suggestions to whistleblower cases.
9. To advocate corporation culture of honesty and integrity includes (but not limit to) the following methods:
1) Top managements set themselves an example to others, and take the lead to comply with applicable policies and regulations of the Company in practice.
2) The anti-fraud policy and procedures of the Company should be effectively communicated or trained within the Company by different ways (through Employee Handbook, release and spread of rules and regulations, or intranet, etc.), to ensure employees attend trainings concerning laws and regulation and business ethics, and understand relevant definition in Code of Conduct; to help employees distinguish between legal and illegal, ethical and unethical. All employees must clearly know about the Company's serious attitude to prevent fraud and employees' responsibilities on anti-fraud, in addition, they should actively improve anti-fraud sense and skill.
3) To carry out anti-fraud training and laws & regulations and ethics instructions for new employees.
4) To encourage employees to comply with regulations and act honestly and ethically in daily work and associations, and help employees to deal with the conflicts of interests and temptation of impropriety. To notify all direct or indirect interest related parties including external parties (customers, suppliers, supervision authorities and shareholders) through appropriate ways, that the company promote to comply with laws and ethics.
5) For wrongdoings and dishonest behaviors, employees can anonymously or openly report those situations through the ways mentioned in the whistleblower policy of the Company. And the Company should establish and implement effective instruction and punishment policy.
10. Assess fraud risk and establish detailed control policy, to reduce the risk that fraudulent acts take place. Major ways are as follows:
1) At the beginning of every year, the fraud risk assessment is included in management's company risk assessment (including the risk assessment for SOX 404 compliance). Management should identify and assess fraud risk in entity level, business department level and significant accounts level, to assess the importance and possibility of fraud risk. Besides, the assessment should include false financial report, embezzlement of company assets, authorized or improper income or expenditure, and fraud risk assessment on senior management or Board of Directors.
2) Set up control procedures to reduce the opportunity that fraud take place, those procedures can be in different ways, such as approval, authorization, audit, check, segregation of duties, review on achievements and protection of company assets, etc. As for the high risk areas of fraud, like false financial reporting and management's override of controls, and information systems and technology, necessary internal control procedures should be established. Those procedures include preparing operation flowchart and establishing administration policy, connecting the risk of operation fraud and financial fraud with control procedures, to set up control policy and effective operate in the source that fraud take place.
11. The Company will perform background checks for individuals being considered for employment or for promotion to positions of trust, such as education background, working experience, criminal record, etc. Formal written documents for background checks should be retained and filed in employee's record.
12. Set up anti-fraud standing organization, which is responsible to receive, investigate, report and provide suggestions for whistleblower cases, and supervised by Audit Committee and Board of Directors.
13. Continual supervision of fraud should be in management's daily control activities, including daily administration and supervision, and testing activities for SOX 404 compliance as well.
Chapter 5. Whistleblowing, investigation and reporting of Fraud
14. Anti-fraud standing organization is responsible for establishing email for concerning on business ethics and fraud cases, and publicize the email address, so that all employees and parties that have direct or indirect economic relationship with the Company can be able to report violation of business ethics, or actual or suspected fraud cases. Complaints and concerns relating to accounting, internal control or auditing matters can also be reported through the specified emails. Anti-fraud standing organization should standardize this responsibility and establish written procedures and policies, to prescribe how to receive, retain, act on complaints, and employees or external parties openly or anonymously report, and retain written record for senior management, Audit Committee and Board of Directors' review.
15. For employees' suspected, alleged but not confirmed complaints, considering the degree and emergency, the Anti-fraud standing organization will assess and decide to investigate or not. If senior management is involved in the whistleblower, with the approval of Board of Directors and Audit Committee, special investigation team will be built up by personnel from anti-fraud standing organization and related departments. When undertaking relevant investigation, external experts may participate if necessary. For affected business units, assessment on internal control should be performed and suggestions should be provided.
16. After complaint and investigation, the reporting documents should be timely filed by anti-fraud standing organization in accordance with the Company's document retention policy. The result of fraud cases and anti-fraud standing organization's report should be submitted to Board of Directors and Audit Committee respectively based on the report nature quarterly.
Chapter 6. Anti-fraud Standing Organization and its Function
17. Internal Audit Dept. is appointed as the anti-fraud standing organization of the Company, which is responsible for organizing and implementing the anti-fraud works in multi-departments and within the Company, including: assisting to organize the departments to perform annual fraud risk assessment; assisting the departments to perform annual anti-fraud self-assessment; performing independent assessment on anti-fraud acts of the Company; assisting to propagate anti-fraud; review and assessment on the establishment and operation of anti-fraud control policy for SOX 404 compliance; receiving, recording, investigation and providing suggestions for fraud complaints and reporting to management, Audit Committee and Board of Directors. Internal Audit Dept. takes the responsibilities of anti-fraud standing organization specified in Chapter 5.
18. As the standing organization under Audit Committee, Internal Audit Dept. is also responsible for reporting to Audit Committee, regarding the anti-fraud plan and progress, and receiving, investigation and resolution for fraud cases. Internal Audit Dept. is supervised by Audit Committee and Board of Directors.
19. Internal Auditors should actively improve anti-fraud sense and skill, retain proper business prudence, initiatively attend the trainings for anti-fraud laws and regulations, industry rules, knowledge and skills required by related stock exchange market and supervision authorities, and understand the Company's business development and plan, accounting policy and other applicable rules and regulations.
20. Whereas the external organizations, like local government organizations and external auditors, may receive fraud complaints from individuals within the Company, Internal Audit Dept. should initiatively contact and communicate with them, and carry out cooperation if necessary.
Chapter 7. Guidance and Supervision for Anti-fraud
21. Management need to put anti-fraud as one aspect of daily administration works, and support the daily works of anti-fraud standing organization, providing adequate guarantee of budget, staffing and working condition.
22. Management of the Company should hold anti-fraud reporting meeting, at least once a year. In case that there are general managers of Head Quarter's departments or general managers of subsidiaries/branches involved in fraud cases, or fraud cases that significantly affect the Company's normal production and operation, or significant matters that have impact on the issuance of financial report or false reporting, a meeting should be held at any moment. During the reporting meeting, each head of department should report the anti-fraud work progress in his/her responsible department to Management, and obtain suggestions and guidance from it. Internal Audit Dept. should issue assessment report on the Company's anti-fraud work plan and progress, and report the receiving, investigation and suggestion of fraud cases, and obtain suggestions and guidance from Management.
23. At least once in a year, Internal Audit Dept. need to report the anti-fraud acts to Audit Committee and Board of Directors. To the works of management and Internal Audit Dept, Board of Directors and Audit Committee should provide guidance and supervision and participate if necessary. Details as follows:
1) Take the lead to participate and supervise the management to build up anti-fraud environment within the Company, and monitor management's works according to the Company's anti-fraud policy.
2) Review management's anti-fraud procedures and control policies, including management's identification of fraud risk and operation of anti-fraud acts.
3) Review Internal Audit Dept's annual fraud risk assessment and working plan and report.
4) Review the possibility of management override of controls, or other inappropriate influences over the financial reporting process.
5) Understand whistleblower policy, and monitor its operation and efficiency.
6) Obtain the investigation report and suggestions for fraud cases identified by management, internal or external audit. Communicate with external auditors about the Company's anti-fraud works.
7) Inquire management about the receiving and review of quarterly report for confirmed or suspected fraud or wrongdoings, including the nature, condition and final resolution for fraudulent behaviors.
8) Understand management's feedback on internal and external auditors' suggestions of reinforcement of anti-fraud controls.
9) Participate deeply or assign proper personnel to participate in the investigation of fraud cases which are significant or financial personnel involved.
10) Review the internal audit plan for fraud risk.
11) Debrief Internal Audit Dept's anti-fraud works for management.
12) Review accounting principles, policies and estimates used by management.
13) Review management's significant non-concurring transactions and related party transactions.
24. For Audit Committee and Board of Directors' independent or common discussion and instructions, written record should be retained. And the feedbacks on management's inquiry, opinion and instructions to above organizations also should be recorded in written and retained properly.
25. Internal Audit Dept. should consider fraud risk when devising and implementing annual audit plan. Internal Audit Dept. plays the role of providing necessary guidance and supervision for the Company's anti-fraud works, whose working plan and achievements should be properly communicated with management. Internal Audit Dept. is instructed and monitored by Audit Committee and Board of Directors.
26. With Audit Committee and Board of Directors' authorization, Internal Audit Dept. can perform investigation on fraud cases independently or with business departments. It can also perform investigation on specific fraud cases consigned by management, and perform special assessment on anti-fraud policy and process for specific matters. Internal Audit Dept's investigation report, suggestions and assessment report should be reported to senior management, Board of Directors and Audit Committee respectively.
Chapter 8. Remediation and Punishment for Fraud
27. Once fraud occurs, there should be written report on assessment and improvement for internal controls within the remediation measures. Violators should be properly treated and reported internally and to necessary external parties.
28. All employees that have fraudulent behaviors, no matter criminal or not, Internal Audit Dept should suggest management to carry out internal economic and administrative punishment according to related regulations. Employees that violate the criminal laws will be handed over to prosecution.
29. Party member officers who have fraudulent behaviors, will be handed over to related authorized departments according to the Party and political rules.
Chapter 9. Applicable Scope
30. This policy applies to CHNR. Affiliated companies with CHNR can refer to this policy and establish its own anti-fraud policy based on specific conditions, but the golden rule and basic method are consistent.
Chapter 10. Supplementary Clauses
31. Internal Audit Dept. is responsible for interpretation and revision of this policy.
32. This policy is effective from January 2, 2008.
Whistleblower Email address: email@example.com firstname.lastname@example.org
Mail address: Room 2205, ShunTak Centre, West Tower, 200 Connaught Road Central, Hong Kong
January 2, 2008