1. Introduction

The Lonsec Group (Lonsec) is committed to the highest levels of ethics and integrity in the way that we do business. Our values are an essential part of who we are and support our vision, our strategy and how we work with our clients and each other. We strongly believe in responsible action, supporting the integrity of the financial services industry, and maintaining the highest standards of professional and ethical conduct.

Lonsec is required to have in place a Whistleblower policy (Policy) which meets the requirements of:

• The Corporations Act 2001 Part 9.4AAA - Protection for Whistleblowers
• ASIC Regulatory Guide RG 270 Whistleblower policies

and the Policy must be made available to all officers and employees of Lonsec.

1.1 Purpose

Lonsec acknowledges that officers and employees are often the first in identifying wrongdoing. Lonsec encourages officers and employees (and other Eligible Whistleblowers) to raise concerns regarding actual or suspected contravention of our ethical and legal obligations without fear of reprisal or intimidation. Lonsec's approach is aligned to our values of:

Integrity - We stand behind our promises and always do the right thing by our people and clients

Collaboration - We build great relationships and work in partnership with our clients and colleagues

Client focus - Our culture puts the client at the core and focuses on helping then achieve their goals

Independent Thinker - We encourage our people to be curious, think critically and independently where required as well as provide an environment to safely raise their thoughts

This Policy supports Lonsec's commitment to its values by providing a framework to:

• encourage disclosures of actual or suspected wrongdoing
• help deter wrongdoing, in line with the Lonsec's risk and compliance management framework
• ensure individuals who disclose wrongdoing can do so safely, securely and with confidence that they will be protected and supported
• ensure disclosures made are dealt with appropriately and on a timely basis
• provide transparency around Lonsec's receiving, handling, and investigating disclosures
• support Lonsec's values
• support Lonsec's long-term sustainability and reputation
• meet Lonsec's legal and regulatory obligations

This Policy sets out information regarding:

1. who is an Eligible Whistleblower (section 2)
2. what is a Protected Disclosure (section 3)
3. who can receive a disclosure at Lonsec (i.e., Eligible Recipient) (section 4)
4. how to make a Protected Disclosure (section 5)
5. what protections are available to a Whistleblower (section 6)
6. how a disclosure will be handled and investigated (section 7)
7. access of this Policy (section 8)

1.2 Scope

This Policy applies to anyone who is an Eligible Whistleblower regarding Lonsec. For the avoidance of doubt, Lonsec in the context of this Policy refers to Lonsec Holdings Pty Ltd and all its subsidiaries.

2. Who is an eligible Whistleblower?

There are certain protections under the Corporations Act that are available to disclosers who qualify for protection as a Whistleblower. You must be, or have been, any of the following in relation to Lonsec to qualify for these protections:

(a) A Lonsec officer or employee (e.g., current (and former) employees who are (or were) permanent, part-time, fixed-term or temporary, interns, secondees, managers, and directors)

(b) a supplier of services or goods to Lonsec (whether paid or unpaid), including their employees (e.g., current, and former contractors, consultants, service providers and business partners)

(c) an associate¹ of Lonsec

(d) a relative, dependant or spouse of one of these individuals is for example a relative, dependant or spouse of current and former employees, contractors, consultants, service providers, suppliers, and business partners

While you must hold or have held one of the roles above to access the protections, you do not have to identify yourself or your role and you can raise your concerns anonymously.

3. What is a Protected Disclosure?

Under the whistleblowing regime, there are certain matters that are considered protected under the Corporations Act (i.e., Disclosable Matter) and other matters that are not protected under the legislation. In this Policy, the terms Disclosable Matter, Whistleblowing report and disclosure(s) are used interchangeable. A Disclosable Matter is discussed in more detail below:

₁ Defined as associate of the company or organisation, usually a person with whom the company or organisation acts in concert. Information Sheet 239 How ASIC handles Whistleblower reports</small >

3.1 Types of matters considered Disclosable Matters

Disclosable Matter is a disclosure of information where the person disclosing (the eligible Whistleblower) has reasonable grounds to suspect that Lonsec (including its employees or officers) has engaged in conduct that constitutes an offence or is in contravention of financial services law (as applicable), any Commonwealth offence that is punishable by imprisonments for 12 months or more, represents a damage to public safety or the financial system or is prescribed by regulations.

'Reasonable grounds' means that a reasonable person in your position would also suspect the information indicates misconduct or a breach of the law.

A Whistleblower does not need to prove their allegations and can still qualify for protection even if the disclosure turns out to be incorrect.

Disclosable Matters that relate to Lonsec include:

• Illegal conduct, such as theft, violence, or damage to property.
• Fraud, money laundering or misappropriation of funds.
• Offering or accepting a bribe.
• Financial irregularities
• Failure to comply with, or breach of, legal or regulatory requirements; and
• Engaging in or threatening to engage in detrimental conduct against a person who has made a disclosure or is believed or suspected to have made, or be planning to make, a disclosure.

a disclosure or is believed or suspected to have made, or be planning to make, a disclosure. Disclosable Matters include conduct that may not involve a contravention of a particular law. Information that indicates a significant risk to public safety or the stability of, or confidence in, the financial system is also a disclosable matter, even if it does not involve a breach of a particular law.

Disclosures that are not about Disclosable Matter(s) are not covered by this Policy and do not qualify for protection under the Corporations Act, refer to section 3.3 below on matters not considered a Disclosable Matter.

3.2 Whistleblower matters involving personal work-related grievances

There may be instances where a personal work-related grievance made by a Whistleblower may still be protected under the Corporations Act. The following are some examples (which are not exhaustive):

• (a) A personal work-related grievance which includes information about misconduct, or information about misconduct includes or is accompanied by a personal work-related grievance (mixed report).
• (b) Lonsec has breached employment or other laws punishable by imprisonment for 12 months or more.
• (c) Lonsec has engaged in conduct that represents a danger to the public.
• (d) The disclosable matter relates to information suggesting misconduct beyond the Whistleblower's personal circumstances.
• (e) The Whistleblower suffers from or is threatened with detriment for making a disclosure.
• (f) The Whistleblower seeks legal advice or legal representation about the operation of Whistleblower protections under the Corporations Act.

3.3 Types of matters not considered Disclosable Matters

There are certain matters that are not considered Disclosable Matters and therefore not awarded protection under the Corporations Act. Employees experiencing employment disputes, or a personal work-related grievance are not covered by this Policy. A personal work-related grievance include:

• an interpersonal conflict with another employee
• a decision about your employment, transfer, or promotion
• a decision about the terms and conditions of your employment
• a decision to suspend or terminate your employment or otherwise discipline you

You may be able to rely on the Whistleblower regime protection only if the report also raises significant implications for Lonsec. For example, if Lonsec's treatment of you breaks employment or other laws or suggests systemic misconduct beyond your own circumstances.

f you are a current or former Employee of Lonsec who solely has an employment dispute or workrelated grievance, contact the Fair Work Ombudsman for queries or concerns regarding workplace laws or access the Employee Assistance Program for confidential professional counselling support.

3.4 Deliberate false disclosure

Lonsec encourages disclosure regarding improper conduct under the Whistleblowing regime, however, it is important that note that deliberate false reporting of disclosures that are not about 'Disclosable Matters' do not qualify for protection under the Corporations Act.

4. Who can receive a disclosure at Lonsec (i.e., Eligible Recipient)?

If you confirm that you are an Eligible Whistleblower under section 2 above, you must make your Whistleblowing disclosure to an Eligible Recipient.

Lonsec encourages Whistleblowers to make a disclosure to one of the entity's internal Eligible Recipient (refer Section 4.1 below) in the first instance. Lonsec takes such disclosures very seriously and would like to identify and address wrongdoing as early as possible.

Visit www.asic.gov.au for more information on how to make a disclosure to an external party

4.1 Who is an Eligible Recipient

The role of the Eligible Recipient is to receive disclosures that qualify for protection under the Corporations Act. At Lonsec an Eligible Recipient means any one of the following persons:

(a) a director, company secretary, a member of the Executive team of Lonsec; or

(b) Head of Risk and Compliance; or

(c) General Counsel

A Whistleblower is entitled to make a disclosure to parties external and still be protected under the Corporations Act, these external parties are any of the following:

(a) Lonsec's external auditor (including a member of the external audit team conducting the audit)

(b) an external legal practitioner, for the purposes of obtaining legal advice or legal representation in relation to the Whistleblower protection (even if the report or disclosure may not relate to a reportable matter);

(c) any Commonwealth regulator, such as ASIC or APRA.

To report and disclose about a reportable matter to ASIC. Refer to ASIC Information Sheet 239 How ASIC handles Whistleblower reports.

5. How to make a Protected Disclosure?

Disclosures can be made in writing by mail or email, or verbally in person or by telephone. Where verbal disclosure is made you may be requested to confirm the details and any supporting evidence in writing depending on the complexity of the matter.

Out of hours disclosures can be made via email to complaints@lonsec.com.au. If you require further information on how to make a disclosure contact the Lonsec Whistleblower Protection Officer via the methods below:

Email: complaints@lonsec.com.au marking the email subject "Confidential”

Via Mail: Head of Risk and Compliance, Lonsec, Level 7/90 Collins Street, Melbourne, VIC 3000 (marked “Confidential”).

5.1 Public Interest Disclosure

Lonsec recommends that a discloser should contact an independent legal adviser before making a public interest disclosure.

A public interest disclosure is the disclosure of information to a journalist or parliamentarian that qualifies for protection where:

• (a) at least 90 days has passed since the previous disclosure was made to ASIC, APRA or another commonwealth prescribed by regulation;
• (b) the discloser does not have reasonable grounds to believe action is being, or has been taken, in relation to their disclosure;
• (c) the discloser has reasonable grounds to believe that making a further disclosure of the information would be in the public interest, and
• (d) before making the public interest disclosure, the discloser has given written notice to ASIC, APRA or another commonwealth prescribed by regulation that:
  • (i) includes sufficient information to identify the disclosure and that they intend to make a public interest disclosure; and
  • (ii) states that the discloser intends to make a public interest disclosure.

5.2 Emergency Disclosure

An emergency disclosure to a journalist or parliamentarian qualifies for protection where:

• (a) the discloser has previously made a disclosure of that information that qualifies for protection to ASIC, APRA or another Commonwealth body prescribed by regulations;
• (b) the discloser has reasonable grounds to believe the information concerns a substantial and imminent danger to the health or safety of one or more persons or the natural environment;
• (c) before making the emergency disclosure, the discloser has given written notice to ASIC, APRA or another commonwealth prescribed by regulation that:
  • (i) includes sufficient information to identify the disclosure; and
  • (ii) states that the discloser intends to make an emergency disclosure; and
  Lonsec recommends that a discloser should contact an independent legal adviser before making an emergency disclosure.
• (d) the extent of the information disclosed in the emergency is no greater than is necessary to inform the recipient of the substantial and imminent danger.

6. What protections are available to a Whistleblower?

6.1 Confidentiality

Maintaining confidentiality is crucial to the whistleblowing process to ensure the Whistleblower is not subject to detrimental actions, reprisals, disciplinary action, or victimisation. Lonsec takes its legal obligation to protect Whistleblower confidentiality very seriously.

Access to all information received as a part of a disclosure and any record which forms a part of the investigation will be treated with the strictest confidence. Access to this information is restricted to those persons who require access to the information under this Policy and for the investigation of the disclosure.

It is illegal for any person to identify a Whistleblower or disclose information that is likely to lead to the identification of a Whistleblower without the consent of the Whistleblower.

6.1.1 Exemptions to confidentiality

Lonsec may in certain circumstances disclose a Whistleblower's identity to the following parties:

(a) ASIC, APRA, or a member of the Australian Federal Police (within the meaning of the Australian Federal Police Act 1979); or

(b) to a legal practitioner for the purpose of obtaining legal advice; or

(c) with the consent of the whistlebower.

6.1.2 Anonymity

A disclosure can be made anonymously and if a Whistleblower chooses to remain anonymous, they may refuse to answer questions that they feel could reveal your identity. When making a disclosure, a Whistleblower may wish to use of a pseudonym to maintain the confidentiality of their identity.

It is important that two-way communication is maintained, and adequate information is provided at the time of making the disclosure to enable a thorough investigation into the mater being raised. The Whistleblower's anonymity will be maintained while making a disclosure, over the course of the investigation and after the investigation is finalised. Further information during the investigation may be requested, therefore, if the Whistleblower does not provide a method of on-going communication, Lonsec will not be able to follow up for further information or inform the Whistleblower what steps may be taken based on the information they have provided.

Disclosures made via email which does not identify the discloser in the email will be treated as an anonymous disclosure.

6.1.3 Protection from detrimental acts or omissions

It is illegal for anyone to cause or threaten detriment to a Whistleblower because they believe or suspect that a disclosure has made, may have made, or could be made. It is also illegal for anyone to engage in conduct that causes detriment to the Whistleblower based on the believe a disclosure has been made or may have been made or proposes to make or could make.

It is illegal for a person to make a threat to cause detriment to a Whistleblower (or another person) in relation to a disclosure. A threat may be express or implied, or conditional or unconditional. A Whistleblower (or another person) who has been threatened in relation to a disclosure does not have to actually fear that the threat will be carried out.

Whistleblowers who make a disclosure are protected and will not be personally disadvantaged or subject to detrimental acts or omissions for having made the disclosure. It is illegal for anyone to cause detriment to a Whistleblower which could include any of the following:

• (a) If the Whistleblower is an employee:
  • (i) dismissal;
  • (ii) alteration of position or duties of the Whistleblower to their disadvantage;
  • (iii) discrimination (either direct or indirect) between an employee and other employees at Lonsec;
• (b) harassment or intimidation;
• (c) harm or injury, including psychological harm;
• (d) damage to a Whistleblower's property;
• (e) damage to a Whistleblower;s reputation;
• (f) damage to a Whistleblower's business or financial position; or
• (g) any other damage to a Whistleblower

6.2 Reporting detrimental acts, or omissions

If a Whistleblower believes that a detrimental act or omission is occurring, they should contact the Whistleblowing Protection Officer.

A Whistleblower may seek independent legal advice or contact regulatory bodies such as ASIC if a Whistleblower believes they have suffered detriment.

6.3 Compensation and other remedies

A Whistleblower can seek compensation and other remedies through the courts if:

• (a) they suffer loss, damage, or injury because of a disclosure; and
• (b) Lonsec failed to take reasonable precautions and exercise due diligence to prevent the detrimental conduct

Lonsec encourages disclosers to seek independent legal advice when considering seeking compensation and/or remedies.

6.4 Civil, criminal, and administrative liability protection

The Corporations Act protects Whistleblowers against certain legal actions related to making a disclosure, including:

• criminal prosecution - the disclosure cannot be used against the Whistleblower in a prosecution, unless the disclosure is false
• civil liability - for breach of an employment contract, duty of confidentiality, or other contractual obligation, or
• administrative action (including disciplinary action).

The protections discussed above does not grant immunity to Whistleblowers for any misconduct that they engaged in that is revealed in the disclosure.

7. How a disclosure will be managed and investigated?

All Disclosable Matters must be received by an Eligible Recipient at Lonsec. It is the responsibility of the Eligible Recipient to confirm the disclosure is indeed a protected disclosure and provide the required details of the disclosure to the Whistleblowing Investigation Officer. The confidentiality of the Whistleblower is vital and as an Eligible Recipient even if you know the Whistleblower's identity, you must maintain their confidentiality unless you have received their consent to disclose their identity. This means that, once you receive a qualifying disclosure, you cannot disclose the Whistleblower's identifying details to others, including other Eligible Recipients and/or anyone else in Lonsec. The Corporations Act makes it illegal (through a criminal offence and a civil penalty) for someone to disclose the identity, or information likely to lead to the identification, of a Whistleblower unless certain circumstances exist (these are detailed in Section 6.1.1 above).

At Lonsec the Whistleblowing Investigations Officer is the General Counsel and, in their absence, the Chief Financial Officer. The Whistleblowing Investigation Officer must ensure that investigations are thorough, objective, fair and independent, while preserving the confidentiality of the investigation.

The Whistleblowing Investigation Officer will take overall responsibility for the investigation, and where specialised skills and experience are required that are not available at Lonsec or conflicts cannot be managed, the Whistleblowing Investigations Officer may have access to and appoint an appropriate external service provider to conduct the investigation to maintain objectivity, fairness, and independence.

The Whistleblowing Investigation Officer will investigate all disclosures appropriately and will, where applicable, provide feedback regarding the investigation's progress and its ultimate outcome, including if any rectification action or if no-action is taken, the Whistleblowing Investigation Officer will provide an explanation.

Lonsec recognises that employees who are mentioned, or to whom a disclosure relates, are entitled to fair process, and will be supported through the investigation process by the Whistleblower Protection Officer. The Whistleblower Protection Officer is the Head of Risk and Compliance and in their absence the Chief Financial Officer. In the unlikely event the Head of Risk and Compliance and Chief Financial Officer are absent, or a conflict arises where the CFO will also fill the role of Whistleblowing Investigation Officer, a People and Culture representative will fill the Whistleblower Protection Officer role. The role Whistleblower Protection Officer is responsible for protecting disclosers and ensuring the integrity of the disclosure.

7.1 Managing the welfare of the Whistleblower

Lonsec is committed to the protection of genuine Whistleblowers against action taken in reprisal for making of a disclosure regarding improper conduct. Lonsec will ensure that Whistleblowers will not be personally disadvantaged because of having made a disclosure. The Whistleblower Protection Officer is responsible for protecting Whistleblowers and ensuring the integrity of the reporting mechanism.

All communication in relation to a disclosure is kept secure in a folder. All personal information or reference to the Whistleblower must be redacted and reference to the Whistleblower must be in a gender-neutral context. Printing of documents and emails in relation to a disclosure to a printer accessible by other employees is prohibited.

Lonsec acknowledges that making a disclosure will not protect the Whistleblower from any reasonable consequences flowing from their involvement in improper conduct. In some circumstances, an admission of improper conduct may be a mitigating factor when considering the action Lonsec may take which could include termination of employment.

The Eligible Recipient will make the chair of the ARCC aware of the report but not the identity of any disclosed parties to maintain confidentiality.

If a disclosure refers to the conduct or actions of the CEO and/or the Chair of Lonsec Holdings Pty Ltd, the Chair of the of the ARCC will be made aware of the disclosure.