COMPLIANCE POLICY

1. Compliance Commitment

Viable Core Business (Pty) Ltd ("VCB-AI") is committed to conducting business with the highest standards of ethics, integrity, and regulatory compliance. This policy establishes our framework for ensuring adherence to all applicable laws, regulations, industry standards, and internal governance requirements.

2. Regulatory Framework

VCB-AI operates in compliance with the following legislative and regulatory framework:

2.1. South African Legislation

• Companies Act 71 of 2008: Corporate governance, director duties, shareholder rights
• Protection of Personal Information Act 4 of 2013 (POPIA): Data privacy and protection
• Electronic Communications and Transactions Act 25 of 2002: Electronic commerce and digital signatures
• Promotion of Access to Information Act 2 of 2000: Information access rights
• Financial Intelligence Centre Act 38 of 2001: Anti-money laundering and counter-terrorism financing
• Prevention and Combating of Corrupt Activities Act 12 of 2004: Anti-corruption measures
• Broad-Based Black Economic Empowerment Act 53 of 2003: B-BBEE compliance
• Labour Relations Act 66 of 1995: Employment and labor standards
• Income Tax Act 58 of 1962: Tax compliance and reporting

2.2. International Standards

• ISO/IEC 27001: Information security management systems
• ISO/IEC 27701: Privacy information management
• SOC 2 Type II: Security, availability, and confidentiality controls
• GDPR Principles: Where applicable to international data transfers

3. Code of Conduct

All employees, directors, contractors, and partners must adhere to our Code of Conduct:

4. Anti-Corruption and Bribery

VCB-AI maintains a zero-tolerance policy toward corruption, bribery, and unethical business practices:

• Prohibition of all forms of bribery, kickbacks, and facilitation payments
• Transparent gift and hospitality policies with documented approvals
• Due diligence on third-party agents, partners, and intermediaries
• Compliance with the Prevention and Combating of Corrupt Activities Act
• Mandatory reporting of suspected corruption or unethical conduct
• Protection for whistleblowers reporting in good faith

5. Data Privacy and Protection

VCB-AI is committed to protecting personal information in accordance with POPIA:

• Lawful processing based on consent, contractual necessity, or legitimate interest
• Purpose specification and limitation to defined uses
• Data minimization - collecting only necessary information
• Accuracy and timely correction of personal information
• Appropriate security safeguards and breach notification protocols
• Respect for data subject rights including access, correction, and deletion
• Cross-border transfer protections and adequacy assessments

See our Privacy Policy for comprehensive data protection details.

6. Information Security

VCB-AI implements comprehensive information security controls:

• Multi-layered security architecture with defense-in-depth strategies
• Encryption of data in transit and at rest using industry-standard protocols
• Role-based access controls and principle of least privilege
• Regular security assessments, penetration testing, and vulnerability management
• Incident response and business continuity planning
• Employee security awareness training and phishing simulations
• Vendor security assessments and third-party risk management

7. Financial Compliance

VCB-AI maintains rigorous financial controls and reporting standards:

• Accurate financial records in accordance with International Financial Reporting Standards (IFRS)
• Timely tax filing and payment compliance with SARS requirements
• Internal financial controls and segregation of duties
• Annual financial audits by independent auditors
• Anti-money laundering (AML) customer due diligence procedures
• Suspicious transaction reporting to the Financial Intelligence Centre
• Transparent invoicing and payment processing

8. Conflict of Interest

All personnel must disclose and manage conflicts of interest:

• Annual conflict of interest declarations by directors and senior management
• Disclosure of related-party transactions and business interests
• Recusal from decisions where conflicts exist
• Prohibition of self-dealing and misuse of corporate opportunities
• Board oversight of conflict management procedures

9. Partner and Vendor Compliance

VCB-AI requires compliance standards from business partners:

• Due diligence assessments before engaging partners or vendors
• Contractual compliance obligations including anti-corruption, data protection, and security
• Regular compliance questionnaires and certifications
• Right to audit partner compliance with contractual terms
• Termination rights for material compliance breaches

10. Reporting and Whistleblowing

VCB-AI encourages reporting of compliance concerns and protects whistleblowers:

11. Training and Awareness

VCB-AI provides ongoing compliance training to all personnel:

• Onboarding compliance training for new employees
• Annual refresher training on key compliance topics
• Role-specific training for functions with heightened compliance risks
• Regular communications on compliance updates and regulatory changes
• Testing and certification to verify training effectiveness

12. Monitoring and Enforcement

VCB-AI maintains active compliance monitoring and enforcement:

• Regular compliance audits and self-assessments
• Key risk indicators and compliance metrics reporting
• Board and executive oversight of compliance performance
• Investigation of suspected violations with appropriate discipline
• Remediation plans for identified compliance gaps
• Continuous improvement of compliance program effectiveness

13. Policy Review and Updates

This Compliance Policy is reviewed annually by the Chief Legal Officer and approved by the Board of Directors. Updates will be communicated to all personnel and published on our website. Material changes will be notified at least 30 days prior to implementation.