Whistleblower Protection Policy

This policy encourages employees and other reporting parties to raise concerns about suspected illegal, unethical, fraudulent, or unsafe conduct in good faith. The policy is intended to support early reporting, prompt investigation, and protection against retaliation.

This policy is designed to align with the anti-retaliation protections in the Sarbanes-Oxley Act of 2002 and the whistleblower provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

This policy applies to all employees, officers, managers, supervisors, contractors, interns, temporary workers, and, where permitted by law, applicants and third parties who report concerns involving the organization.

It covers reports involving, without limitation:

• Accounting, auditing, internal controls, or financial reporting concerns
• Fraud, theft, bribery, corruption, or conflicts of interest
• Violations of law, regulation, or company policy
• Harassment, discrimination, or other workplace misconduct
• Safety hazards or conduct that may implicate the OSHA general duty clause
• Retaliation for making or supporting a report

For purposes of this policy:

• Good-faith means the reporting party honestly believes the information is true or likely true at the time of reporting.
• Retaliation includes termination, demotion, reduced hours, discipline, threats, intimidation, exclusion, poor assignments, pay reduction, or any other adverse action.
• Policy holder means the organization responsible for administering this policy and ensuring compliance.
• Interactive process does not generally apply to whistleblower reports, but may be relevant if a reporting party separately requests a reasonable accommodation under the ADA.
• Confidential information means information that must be protected to preserve privacy, privilege, or investigative integrity.

The organization prohibits retaliation against any person who, in good faith:

1. Reports a concern internally or externally where permitted by law;
2. Participates in, cooperates with, or provides information in an investigation;
3. Refuses to participate in conduct they reasonably believe is unlawful; or
4. Raises concerns protected by applicable whistleblower, labor, or anti-retaliation laws.

Reports may be made anonymously where permitted by the reporting channel and applicable law. The organization will handle reports confidentially to the extent possible, consistent with the need to investigate, take corrective action, and comply with legal obligations.

No manager or supervisor may discourage reporting, interfere with an investigation, or retaliate against a reporting party or witness.

Concerns should be reported as soon as possible using one or more of the following channels:

• Direct manager, unless the manager is involved in the concern
• Human Resources
• Compliance Officer or Legal Department
• Ethics hotline or web reporting portal
• External reporting channel, where permitted by law

Reports should include, when available:

• What happened and when
• Who was involved or witnessed the conduct
• Any documents, messages, or other evidence
• Whether the concern is ongoing or urgent

California employees: Nothing in this policy prohibits protected concerted activity under the National Labor Relations Act (29 U.S.C. § 157) or rights under California law. Employees may also have rights under California whistleblower protections, including Labor Code § 1102.5.

New York employees: This policy does not limit rights under New York Labor Law § 740 or any other applicable whistleblower protection law.

Illinois employees: Reporting and investigation practices will be administered consistently with applicable Illinois law and wage-hour obligations, including the One Day Rest in Seven Act (820 ILCS 140) where relevant.

Washington employees: Employees may use applicable paid sick leave rights under RCW 49.46.210 when needed to participate in a report or investigation, subject to eligibility and notice requirements.

All reports will be reviewed promptly and assigned to an appropriate investigator based on the nature of the concern, potential conflicts of interest, and privilege considerations.

The organization will generally:

1. Acknowledge receipt where feasible;
2. Conduct an initial risk assessment;
3. Preserve relevant records and evidence;
4. Interview witnesses and review documents;
5. Determine whether interim measures are needed;
6. Document findings and corrective action, if any.

Investigations will be conducted on a need-to-know basis and in a manner intended to preserve confidentiality, fairness, and integrity. The organization may involve HR, Compliance, Legal, outside counsel, or an external investigator as appropriate.

Employees must cooperate truthfully in investigations and must not destroy evidence, coach witnesses, or provide false information.

Retaliation is strictly prohibited. Any employee who believes they have experienced retaliation should report it immediately through one of the reporting channels listed above.

Examples of prohibited retaliation include:

• Termination, demotion, suspension, or reduction in hours
• Negative performance actions not based on documented, legitimate business reasons
• Unwarranted discipline, including a documented warning issued in bad faith
• Exclusion from meetings, training, or opportunities because of reporting activity
• Threats, harassment, intimidation, or adverse schedule changes

Managers must ensure employment decisions are based on legitimate, documented business reasons and not on a person’s report, participation, or refusal to engage in misconduct.

The organization protects good-faith reporting even when a concern is not substantiated. However, knowingly false reports, fabricated evidence, or malicious accusations made in bad faith are prohibited and may result in corrective action, up to and including termination.

Discipline will not be imposed merely because a report could not be substantiated. Before any discipline is issued, the organization should confirm the facts through a fair review and document the basis for the decision.

Employees and reporting parties must report concerns honestly and cooperate in good faith.

Managers and supervisors must receive concerns professionally, escalate them promptly, avoid retaliation, and preserve confidentiality.

HR, Compliance, and Legal must assess reports, coordinate investigations, maintain records, and recommend corrective action.

The policy holder must ensure reporting channels are available, investigators are trained, and records are retained in accordance with legal and business requirements.

Investigation leads must maintain impartiality, document findings, and escalate urgent matters immediately.

Violations of this policy may result in disciplinary action, up to and including termination of employment or contract, subject to applicable law and any collective bargaining agreement.

Records related to reports and investigations will be retained according to the organization’s retention schedule and any applicable legal hold requirements. Access to records will be limited to personnel with a business need to know.

Where reports involve personal data, the organization will handle information consistent with applicable privacy laws, including the GDPR where applicable and the CCPA/CPRA for California residents, with appropriate notice, access controls, and retention limits.

This policy will be reviewed at least annually and updated as needed to reflect changes in law, business operations, reporting channels, or investigation practices.

Any material revisions should be approved by the policy holder, HR, Compliance, and Legal as appropriate. Updated versions should be communicated to affected employees and re-acknowledged when required.