AYGAZ A.Ş.

Governance Information • Dec 26, 2024

Aygaz Group

Compliance Policy

1.	PURPOSE AND SCOPE	3
2.	DEFINITIONS 3
3.	COMPLIANCE OBLIGATIONS 4
	3.1. Overview of Obligations	4
	3.2. Compliance Domains and Risk Analysis	4
4.	COMPLIANCE PROGRAM	5
	4.1. Main Components of the Compliance Program 5
	4.2. Compliance Organization	5
	4.3. Raising Concerns and Disciplinary Actions	8
	4.3.1. Reporting and Whistleblowing	8
	4.3.2 Investigations and Disciplinary Actions	8
	5. AUTHORITY AND RESPONSIBILITIES	9
6.	REVISION HISTORY 9

1. PURPOSE AND SCOPE

The purpose of this Compliance Policy ("Policy") is to establish a customized, comprehensive and effective compliance framework for Aygaz Group, and to demonstrate Aygaz Group's commitment to compliance with laws and regulations, internal policies, good corporate governance practices and ethical rules.

All employees, directors, and officers of Aygaz Group shall comply with this Policy, which is an integral part of Aygaz Group Code of Ethics.

2. DEFINITIONS

"Aygaz" means Aygaz A.Ş.

"Aygaz Group" means Aygaz A.Ş. and Aygaz A.Ş.'s subsidiaries and joint ventures.

"Business Partner" includes suppliers, distributors, dealers, authorized services and other third parties with whom the company has a business relationship and all kinds of representatives, subcontractors, consultants, etc. acting on behalf of the company, as well as their employees and representatives.

"Compliance" is defined as adhering to the requirements of laws, regulations, industry and organizational standards, internal policies and procedures and generally accepted ethical standards.

"Koç Group" means Koç Holding A.Ş., companies which are controlled directly or indirectly, jointly or individually by Koç Holding A.Ş. and the joint venture companies listed in its latest consolidated financial report.

"Koç Holding" means Koç Holding A.Ş.

"Legal and Compliance Director" is primarily responsible for managing and overseeing the Compliance Program for Aygaz Group.

"Retaliation" is any negative action, including but not limited to demotion, discipline, firing, salary reduction, or job or shift reassignment, to punish an employee for a protected activity, such as reporting an injury, safety concern, mismanagement, abuse of authority, or legal violation in the workplace.

"Risk Management Committee" is established for the purpose of early diagnosis of the risks that may endanger the existence, development and continuity of Aygaz Group to implement measures, manage and report these risks in line with Aygaz Group's corporate risk-taking profile, and to make suggestions to the board of directors of Aygaz Group, about developing and integrating internal control systems.

"Systematic Risk Analysis" is a process to identify, assess and monitor the principal compliance risks that Aygaz Group faces as a business.

3. COMPLIANCE OBLIGATIONS

3.1. Overview of Obligations

Effective compliance management can only be achieved through a well-designed and tailored Compliance structure. It can then be sustainable if it is embedded in the corporate culture and in employee behavior, by being integrated into all processes and operations.

Compliance obligations of Aygaz Group go beyond adherence to mandatory regulations (laws, permits, licenses, rules and guidance of regulatory authorities, court decisions, conventions etc.) and include its Compliance commitments such as agreements with third parties, organizational standards such as policies and procedures, or other voluntary commitments.

3.2. Compliance Domains and Risk Analysis

At Aygaz Group Legal and Compliance Department, together with the relevant business units shall periodically conduct risk assessments for relevant normative domains, and analyze the specific Compliance related risks to which operations, employees and/or Business Partners may be particularly exposed to (through questionnaires, workshops, one-on-one interviews etc.). Company policies and procedures shall be drafted/revised as necessary in accordance with such assessment and analysis.

Tailor-made Compliance reviews and analysis take into account the Aygaz Group's fingerprint, including but not limited to its own characteristic, complexity, risks, risk appetite, governance, business lines, products and services, the industry sector, market competitiveness, regulatory landscape, potential customers and Business Partners, transactions with foreign governments, payments to foreign governments, use of third parties, gifts, travel and entertainment expenses, charitable contributions. Besides, while the purpose of such a compliance risk analysis is to address and take action in all relevant Compliance domains, based on their likelihood and impact, the following shall be prioritized:

• 1) Anti-Bribery and Corruption
• 2) International Sanctions
• 3) Anti-Money Laundering
• 4) Data Privacy
• 5) Competition
• 6) Human Rights

Koç Holding Legal and Compliance Department monitors the Compliance risk analysis carried out by Aygaz Group companies and while evaluating such results, it also considers Koç Group's relevant indicators, internal audit reports and case related investigations, Compliance cases and control results to determine potential compliance related risks and take necessary precautions.

4. COMPLIANCE PROGRAM

4.1. Main Components of the Compliance Program

The Compliance Program of Aygaz Group ("Compliance Program") is a set of rules, policies and procedures aimed at addressing the Compliance issues of Aygaz Group with a risk-based approach. It incorporates the corporate governance and compliance culture and written standards promoted by the top management, and monitored by the Legal and Compliance Department, with the participation of all employees.

The main operational pillars of the Aygaz Group Compliance Program are as follows:

• Prevention
• Detection
• Response

The following illustration shows the components of the Compliance Program and its composition. This framework reflects the general approach and strategy towards Compliance, i.e. the Compliance Program of Aygaz Group.

Illustration I: The Compliance Program of Aygaz Group

Prevention is managed through Compliance risk assessments, due diligence practices, written policies and procedures as well as communication and trainings. Detection, is supported by technology and data analysis as well as monitoring, testing and audit practices. Response refers to investigations and reporting activities.

4.2. Compliance Organization

Aygaz Group's approach to Compliance is shaped by the tone at the top, showing the importance senior management attributes to Compliance related issues. By applying the core values, generally accepted corporate governance and ethical standards, the leadership acts as an organization-wide example and helps embed Compliance into the culture, behavior and attitude of every member of Aygaz Group.

A solid Compliance organization is the key to ensuring an effective Compliance structure. The Compliance organization refers to the leadership and organizational structure that is responsible and accountable for the decision-making, development, execution, monitoring and oversight of the Compliance Program.

The figure below presents the current Compliance organization at Aygaz Group.

Illustration II: The Compliance Organization at Aygaz Group

As shown above, the Compliance organization is fulfilled by:

• Aygaz Group Legal and Compliance Director,
• Legal and Compliance Department of Aygaz Group,
• Compliance Committee;
• Risk Management Committee

Considering the importance of the senior management's leadership towards Compliance related issues, Aygaz Holding General Manager and the Board of Directors have the overall responsibility to show leadership towards Compliance related issues by monitoring the applications of core values, generally accepted corporate governance and ethical standards.

In order to have a successful Compliance Program, the Legal and Compliance Director position shall have:

— Empowerment: Full and clear authority, C-level designation and empowerment to carry out his/her duties.

— Independence: In order to preserve its independence, the Legal and Compliance Director reports to the Board of Directors through the Risk Committee, while directly reporting to the General Manager.

— Seat at the Table: The Legal and Compliance Director attends the important meetings where all major business decisions are taken.

— Line of Sight: The Legal and Compliance Director determines the standards in risk areas even if it is related and implemented by other business units.

— Resources: The Legal and Compliance Director has sufficient resources to manage the Compliance Program.

The Legal and Compliance Director performs his/her duties with the support of Legal and Compliance Department, The Legal and Compliance Director has the ultimate responsibility for the activities of the Legal and Compliance Department.

The Legal and Compliance Department has 3 main functions: Functional Responsibilities, Monitoring and Line of Sight.

Functional Responsibilities cover addressing the major risks identified with the Systematic Risk Analysis process, which include but are not limited to the following:

• Identifying and managing Compliance risk areas (including the risks related to Business Partners),
• Ensuring the Compliance risks are classified and analyzed and based on the outcome, prioritized,
• Creating and identifying the policies, procedures and controls which the organization must have to prevent, detect and manage the Compliance breaches,
• Providing or organizing on-going training support for employees and running Compliance awareness campaigns to ensure that all employees are aware of what is expected of them to be complaint with Aygaz Group policies,
• Setting up a Compliance reporting and documentation system for Aygaz Group,
• Establishing Compliance performance indicators, monitoring and measuring the Compliance performance of Aygaz Group companies,
• Analyzing performance of Aygaz Group to identify the need for corrective action plans,
• Ensuring the Compliance Program is reviewed at planned intervals,
• Ensuring that there is access to appropriate professional advice in the establishment and implementation and maintaining of the Compliance Program,
• Ensuring that the Compliance policies, procedures and the other documents are appropriate and accessible to employees and Business Partners,
• Ensuring that Compliance structure is applied uniformly and consistently throughout the Aygaz Group,
• Developing and implementing processes for managing information such as complaints and/or feedback by means of whistle-blowing system and other mechanisms,
• Ensuring that whistleblowing mechanisms are easily accessible, known and confidential,

Monitoring Responsibilities include monitoring and scrutinizing certain Compliance risks, which are deemed primary responsibility of other departments or units. These activities include but are not limited to the following:

• Promoting the inclusion of Compliance responsibilities into job descriptions and employee performance management processes,

• Ensuring only authorized persons have access to the confidential documentation related to the Compliance Program.

Lastly, Line of Sight means that the Legal and Compliance Department acts as an advisory function for all the Compliance related risks identified with the Systematic Risk Analysis.

Considering its roles and responsibilities, Legal and Compliance Department shall have sufficient and qualified resources and staff, including Compliance Managers assisted by the Compliance Officer/s, who are fully dedicated to the compliance matters.

The Compliance Committee ("Committee") aims to increase the efficiency of the Compliance structure by advising to the Aygaz Group Legal and Compliance Director (and Directorate). The Committee, which consists of the Aygaz Group Legal and Compliance Director, the Human Resources (HR) Director, the CFO and other Presidents as appropriate, acts as an advisory body to assist the Aygaz Group Legal and Compliance Director in the decision-making process as required.

The Risk Management Committee consists of at least two non-executive members of the Board of Directors. In this respect, the Committee acts as a link between the Legal and Compliance Department and the Board of Directors.

4.3. Raising Concerns and Disciplinary Actions

4.3.1. Reporting and Whistleblowing

Any stakeholder or employee who witnesses or is aware of any action inconsistent with Aygaz Group Code of Ethics, or any misconduct or who is suspicious of such situation, is expected to raise his/her concerns through the Hotline at "koc.com.tr/hotline".

The Hotline is designed to protect the whistleblowers' confidentiality and their anonymity, if requested. It is crucial that anyone who reports an incident should feel comfortable and safe in raising their concerns and should not refrain from reporting. All complaints will be kept confidential and the owners of notification made in good faith will be protected from any possible Retaliation.

In good faith reports, no action will be taken against the person who raised the concern, even if the accuracy of the incident could not be proved by investigation. Those who deliberately make false notifications may be subject to various disciplinary action.

4.3.2 Investigations and Disciplinary Actions

All incidents reported through the Hotline or different channels will be reviewed to determine the need for an investigation. If an investigation is initiated, and as a result there is a recommendation for a disciplinary action, the relevant matter shall be brought to the attention of the Ethics Committee of Aygaz. The disciplinary precautions are taken based on objective criteria. For those discipline matters that shall be reviewed by Aygaz Holding, Ethics Committee shall have the authority to rule whether or not a disciplinary action shall be taken and the type of the disciplinary action.

5. AUTHORITY AND RESPONSIBILITIES

If you become aware of any action you believe to be inconsistent with this Policy, the applicable law or Aygaz Group Code of Ethics, you may seek guidance or report this incident to your line managers. You may alternatively report the incident to Ethics Hotline via the following link: "koc.com.tr/hotline"

Aygaz Group employees may convey the Legal and Compliance Department in Aygaz Group for their questions related to this Policy and its application via following link: "uyum@aygaz.com.tr".

6. REVISION HISTORY

This Policy takes effect on 18.05.2021 as of the date approved by the Board of Directors and is maintained by Aygaz Group Legal and Compliance Department.

Revision	Date	Comment
1	26.12.2024	Addition of the job description of the Compliance Committee and Risk Management Committee