54
Infosys | ESG REPORT 2022-23
External Document © 2023 Infosys Limited
The Ethics and Compliance Program at Infosys has two key objectives – to uphold and ensure the
values of integrity and transparency and to assure enterprise-wide regulatory compliance.
Integrity is key to nurturing a responsible business. Beyond regulation and stakeholder
attention, there is a growing recognition that good behavior is good for business. At Infosys, our
commitment to a value-based ethos is enshrined in our Code of Conduct and Ethics.
Our values are the principles we use to run the Company daily and are the source of our Code of
Conduct and Ethics. Our values are the foundation of everything we do and are encapsulated in
the acronym C-LIFE (Client value; Leadership by example; Integrity and transparency; Fairness and
Excellence).
Reinforcing a culture of
compliance
1. Code of Conduct and Ethics (Digital
version): We also have a digital version of
the Code of Conduct and Ethics. It provides
user-friendly access to specific topics
in an interactive manner. It is a unique
audio-visual experience and is easy to
navigate. The Code can be accessed on
mobile devices as well. The digital version
of the Code aims to help every employee
understand the behavior we expect and
the principles and values we uphold.
We aim to continue to build a culture of
compliance, where everyone feels they are
able to do the right thing and prioritize
legal and ethical choices. The digital version
of the Code is available here.
2. Code of Conduct and Ethics training:
Our employees and Board members
are trained on the Code of Conduct and
Ethics. We have a Smart Awareness Quiz
(SAQ) which includes training modules
that employees are mandatorily required
to undertake every year to renew their
commitment to the Code of Conduct and
Ethics. Our vendor partners were also
trained on the Supplier Code of Conduct
through various channels including
live sessions during the vendor partner
meet called Sambandh. We also have
a detailed communication plan to use
multiple channels of communication like
emails, video messages, blogs, gamified
assessments, and storyboards to spread
awareness about various policies.
3. #SwipeRightforIntegrity:
#SwipeRightforIntegrity is an annual
legal and compliance event organized
by Infosys. The event brings our leaders
together to reinforce our values of integrity,
Integrity and compliance
transparency and good governance to
build enduring relationships with our
clients, employees and partners. It has
become a platform to create awareness
and have an engaging dialogue with all
stakeholders, and influence behavior and
showcase the Infosys culture. This has
taken forward the compliance and ethics
program and created increased awareness
of expected behavior.
4. Local Compliance Officer program:
To further raise awareness among our
employees about ethical aspects globally, a
local compliance officer (LCO) network has
also been created across the Infosys Group
in collaboration with Office of Integrity
and Compliance. The LCO network plays a
crucial role, in promoting an organizational
culture that encourages ethical conduct
and a commitment to compliance with the
law, regulations, and policies and helps in
maximizing the impact of ethics-related
communication and training.
Corporate governance
Governance
Code of Conduct and Ethics
We firmly believe that following the highest
standards of business conduct and ethics helps
us run our business responsibly. Our Code
of Conduct and Ethics helps us maintain the
highest ethical standards for our employees.
It complies with the legal requirements of
applicable laws and regulations, including
anti-bribery and anti-corruption and ethical
handling of conflicts of interest. It also
highlights expectations from our employees.
The Code of Conduct and Ethics is signed off
by the Board and the Office of Integrity and
Compliance is the custodian of the Code of
Conduct and Ethics. Our business partners
acknowledge and comply with the Supplier
Code of Conduct which is based on the UNGC
principles.
Purpose statement
Our Code of Conduct and Ethics now
encapsulates our purpose statement:
To amplify human potential and create the
next opportunity for people, businesses and
communities.
Recognition as
one of the world’s
most ethical companies
Infosys has been recognized as one
of the 2023 World’s Most Ethical
Companies for the third consecutive
year by Ethisphere, a global leader in
defining and advancing the standards
of ethical business. Through this
recognition, Infosys becomes one of
only four honorees in the software
and services Industry, globally, and
the only honoree from India.
55
Infosys | ESG REPORT 2022-23
External Document © 2023 Infosys Limited
Export Control Policy
The export control policy describes Infosys’
export control program and is reviewed
periodically by the Management. The export
control program protects the company and
its employees from potential risk of violation
of sanctions prescribed under export control
regulations and facilitates business expansion
in accordance with these regulations. All our
customers and vendors are screened against
various sanctions to ensure that we are
compliant. As part of the program, training
modules are rolled out to relevant employees
to ensure that they are aware and are
compliant with export control laws.
We have a self-assessment and certification
program in place for anti-bribery and anti-
corruption, anti-trust / anti-competition, and
export control.
Whistleblower Policy
The Infosys Whistleblower Policy, last amended
in January 2022, is a comprehensive and
well-designed mechanism that encourages
employees, vendors, customers, and any other
stakeholders to report any unethical conduct,
violation of applicable laws or the Companys
Code of Conduct and Ethics occurring within
the Company. With strict confidentiality
measures and multiple reporting channels,
the policy ensures that whistleblowers are
protected from any retaliation. The company
reviews all complaints impartially and takes
appropriate action, as applicable, while
providing regular communication to ensure
awareness about the policy. The Infosys
Whistleblower Policy is a testament to the
Company’s commitment to transparency,
accountability, and responsible corporate
citizenship.
Corporate governance
Governance
Use of technology for effective
compliance monitoring of
controls
We have leveraged Artificial Intelligence (AI)
and Machine Learning (ML) technology to
review and identify exceptions in compliance
and ABAC controls.
Compliance proof-testing
Infosys implemented a compliance program
covering 80 countries and 14 regulatory
areas across major business enabling
functions in September 2018.
The program instituted a self-assessment of
the compliance status against a compliance
framework with a maker checker process
built into it.
The program also enabled the creation of
a repository of compliance proofs against
self-assessment.
By consolidating compliance proofs across
countries and regulatory areas, Infosys
designed an OCR-based technology to
scan the proofs and validate if the proofs
corroborate the compliance status.
The OCR technology was combined with
a rule engine to test compliance controls
around timeliness and accuracy of the
compliance proof.
ABAC program
Infosys develops and manages multiple
office facilities and collaborates with
multiple vendors / service providers during
the various phases of construction. Infosys
engages with vendors for infrastructure
development and facility maintenance.
Sometimes, services to be obtained include
permits, licenses, approvals, marketing
activities / expenses, awareness campaigns
and liasoning with the authorities for filings
and reporting requirements.
To ensure appropriate proof of service
by vendors is submitted, reviewed, and
approved before payments are released and
to ensure that the process of requisitioning,
purchasing, receiving, paying for, and
accounting for goods and services, covering
the entire process from point of order right
through to payment, is monitored, Infosys
has implemented the following controls by
reimagining system logic in procurement
systems and use of AI and ML techniques:
Traceability of transactions at initial
procurement stages through user
declaration and OCR technology.
Trail of documentation to substantiate
various milestones and proofs of services
availed.
Built-in escalation matrix to ensure
timely approval of red flags identified for
appropriate resolution and action.
Tracking of potential red flag indicators
through keyword searches and OCR
technology before raising procurement
request and payment processing.
Periodic assessments of transactions on
sample basis considering factors such as
high-risk vendors / transactions.
In addition, digitized self-assessment and
certification is also rolled out as part of
monitoring and controls.
Anti-Bribery and
Anti-Corruption (ABAC)
practices and policy
Our Anti-Bribery and Anti-Corruption practices
and policy is reviewed by the Management at
regular intervals.
With an evolving landscape, Infosys is
committed to a responsible Anti-Bribery &
Anti-Corruption risk management framework
to demonstrate a comprehensive risk
management program to reduce the risks by
regularly assessing risk in alignment with its
growth strategies, and to drive an ethical and
risk intelligent culture, to increase the certainty
of business outcomes.
Risk assessment for bribery and corruption
risks is done periodically and the criteria
used for risk assessment include business
units / internal departments, location and the
Corruption Perception Index (CPI) index of
countries, among others.
Anti-competitive practices
policy
The Anti-Trust / Anti-Competitive Practices
Policy states the objective, scope, applicability,
and regulatory consequences, and is reviewed
periodically by the Management. This policy
includes the three aspects of anti-trust law:
(i) abuse of dominance; (ii) anti-competitive
practice; (iii) merger control. Besides, a list
of dos and don’ts are communicated to the
relevant stakeholders highlighting expected
behaviors.