Whistle Blowing System

Purpose

This procedure aims to provide guidelines for reporting violations at PT. Pemindo Mitra Sinergi. By providing a safe and transparent reporting mechanism, the company ensures effective handling of legal, ethical, and internal policy violations.

Scope

This procedure applies to all employees, business partners, vendors, and external parties associated with the company. Reportable violations include:

• Fraud in IT procurement (price mark-ups, collusion, fictitious procurement).
• Information security breaches (data leaks, unauthorized access).
• Misuse of company assets.
• Conflicts of interest between employees and vendors.
• Unethical behavior, including bribery or illegal commissions.

Key Principles of the Whistleblowing System (WBS)

• Anonymity: Whistleblowers may choose not to disclose their identity.
• Confidentiality: All provided information is kept confidential.
• Independence: Reports are handled by an independent team.
• Anti-Retaliation: No retaliatory action will be taken against whistleblowers.

Legal Basis

This procedure is based on the following regulations and laws:

• Law No. 13 of 2006 on Witness and Victim Protection: Provides legal protection for whistleblowers to prevent retaliatory actions.
• Law No. 20 of 2001 on the Eradication of Corruption Crimes: Encourages the reporting of corruption practices within companies.
• Corruption Eradication Commission (KPK) Regulation No. 2 of 2014: Guidelines for reporting violations in private and public entities.
• ISO 37001:2016 – Anti-Bribery Management System: Provides guidelines on reporting corruption and bribery violations.
• Law No. 19 of 2016 on Electronic Information and Transactions (ITE Law): Protects digital data and information related to reports.
• Financial Services Authority (OJK) Regulations: Requires public companies and financial service sectors to have a whistleblowing mechanism.

Reporting Procedure

1. Reporting Channels

Reports can be submitted through:

• Online Portal: Access at pemmz.com.
• Hotline: [____________].
• Dedicated Email: [pengaduan@pemmz.com].

2. Required Information

• Description of the violation (what, when, where).
• Involved parties (if known).
• Supporting evidence (documents, emails, IT logs).
• Whistleblower’s data (optional if anonymity is chosen).

3. Reporting Steps

1. The whistleblower accesses one of the reporting channels and submits the information.
2. The system records the report and provides a reference number to the whistleblower.
3. If anonymity is chosen, the report will still be processed without disclosing the whistleblower’s identity.

Report Handling

1. Initial Receipt and Verification

• The WBS team receives the report and verifies the completeness of the information.
• If the report is valid, it is forwarded to an independent investigation team.
• If the report is irrelevant, the whistleblower is notified (if possible).

2. Investigation

• The investigation is conducted within a maximum of 14 working days after receiving the report.
• The IT security team is involved in cases related to digital data.
• All investigation activities are documented in writing.

3. Follow-Up Actions

If the violation is proven:

• Disciplinary action is taken against the responsible party.
• Internal procedures are improved to prevent similar incidents.

If the violation is not proven:

• The case is closed with a final report.

4. Feedback to Whistleblower

If the whistleblower’s identity is known, they will receive updates regarding the report status:

• Report received.
• Investigation in progress.
• Final investigation results (without disclosing confidential details).

Whistleblower Protection

• The whistleblower’s identity is kept confidential and is only accessible by the WBS team.
• No retaliation or discrimination is allowed against whistleblowers acting in good faith.
• If the whistleblower faces threats, the company will provide legal support and additional protection.

System Evaluation and Improvement

• Periodic Audits: The WBS system is evaluated every six months to ensure effectiveness.
• Awareness Campaigns: Regular training is provided to employees on the importance of WBS.
• Technology Enhancements: The reporting system is updated to meet the latest security standards.

Sanctions for WBS Misuse

• Whistleblowers who deliberately submit false reports will be subject to company disciplinary action.
• Misuse of WBS for personal gain or to harm others will be strictly dealt with.

Documentation and Archiving

• All reports, investigations, and follow-ups are documented and stored in a secure cloud-based system.
• Access to archives is restricted to authorized personnel only.

Conclusion

With this procedure in place, the company aims to create a transparent, safe, and legally and ethically compliant work environment. All parties are expected to contribute to maintaining corporate integrity through responsible use of the WBS.