55
Infosys | ESG REPORT 2022-23
External Document © 2023 Infosys Limited
Export Control Policy
The export control policy describes Infosys’
export control program and is reviewed
periodically by the Management. The export
control program protects the company and
its employees from potential risk of violation
of sanctions prescribed under export control
regulations and facilitates business expansion
in accordance with these regulations. All our
customers and vendors are screened against
various sanctions to ensure that we are
compliant. As part of the program, training
modules are rolled out to relevant employees
to ensure that they are aware and are
compliant with export control laws.
We have a self-assessment and certification
program in place for anti-bribery and anti-
corruption, anti-trust / anti-competition, and
export control.
Whistleblower Policy
The Infosys Whistleblower Policy, last amended
in January 2022, is a comprehensive and
well-designed mechanism that encourages
employees, vendors, customers, and any other
stakeholders to report any unethical conduct,
violation of applicable laws or the Company’s
Code of Conduct and Ethics occurring within
the Company. With strict confidentiality
measures and multiple reporting channels,
the policy ensures that whistleblowers are
protected from any retaliation. The company
reviews all complaints impartially and takes
appropriate action, as applicable, while
providing regular communication to ensure
awareness about the policy. The Infosys
Whistleblower Policy is a testament to the
Company’s commitment to transparency,
accountability, and responsible corporate
citizenship.
Corporate governance
Governance
Use of technology for effective
compliance monitoring of
controls
We have leveraged Artificial Intelligence (AI)
and Machine Learning (ML) technology to
review and identify exceptions in compliance
and ABAC controls.
Compliance proof-testing
• Infosys implemented a compliance program
covering 80 countries and 14 regulatory
areas across major business enabling
functions in September 2018.
• The program instituted a self-assessment of
the compliance status against a compliance
framework with a maker checker process
built into it.
• The program also enabled the creation of
a repository of compliance proofs against
self-assessment.
• By consolidating compliance proofs across
countries and regulatory areas, Infosys
designed an OCR-based technology to
scan the proofs and validate if the proofs
corroborate the compliance status.
• The OCR technology was combined with
a rule engine to test compliance controls
around timeliness and accuracy of the
compliance proof.
ABAC program
• Infosys develops and manages multiple
office facilities and collaborates with
multiple vendors / service providers during
the various phases of construction. Infosys
engages with vendors for infrastructure
development and facility maintenance.
Sometimes, services to be obtained include
permits, licenses, approvals, marketing
activities / expenses, awareness campaigns
and liasoning with the authorities for filings
and reporting requirements.
• To ensure appropriate proof of service
by vendors is submitted, reviewed, and
approved before payments are released and
to ensure that the process of requisitioning,
purchasing, receiving, paying for, and
accounting for goods and services, covering
the entire process from point of order right
through to payment, is monitored, Infosys
has implemented the following controls by
reimagining system logic in procurement
systems and use of AI and ML techniques:
– Traceability of transactions at initial
procurement stages through user
declaration and OCR technology.
– Trail of documentation to substantiate
various milestones and proofs of services
availed.
– Built-in escalation matrix to ensure
timely approval of red flags identified for
appropriate resolution and action.
– Tracking of potential red flag indicators
through keyword searches and OCR
technology before raising procurement
request and payment processing.
– Periodic assessments of transactions on
sample basis considering factors such as
high-risk vendors / transactions.
– In addition, digitized self-assessment and
certification is also rolled out as part of
monitoring and controls.
Anti-Bribery and
Anti-Corruption (ABAC)
practices and policy
Our Anti-Bribery and Anti-Corruption practices
and policy is reviewed by the Management at
regular intervals.
With an evolving landscape, Infosys is
committed to a responsible Anti-Bribery &
Anti-Corruption risk management framework
to demonstrate a comprehensive risk
management program to reduce the risks by
regularly assessing risk in alignment with its
growth strategies, and to drive an ethical and
risk intelligent culture, to increase the certainty
of business outcomes.
Risk assessment for bribery and corruption
risks is done periodically and the criteria
used for risk assessment include business
units / internal departments, location and the
Corruption Perception Index (CPI) index of
countries, among others.
Anti-competitive practices
policy
The Anti-Trust / Anti-Competitive Practices
Policy states the objective, scope, applicability,
and regulatory consequences, and is reviewed
periodically by the Management. This policy
includes the three aspects of anti-trust law:
(i) abuse of dominance; (ii) anti-competitive
practice; (iii) merger control. Besides, a list
of do’s and don’ts are communicated to the
relevant stakeholders highlighting expected
behaviors.