S S TR The Group Framework Policies are supplemented by functional CODE OF CONDUCT: HIGH INTEGRITY. TR A policies, procedures and standards which move away from principles HIGH PERFORMANCE A TE TE G to address specific actions and requirements. These are added to and G I I C enhanced as laws change and practice evolves. C R R E E P There are established procedures for the delegation of authority to P O O R ensure that decisions are made at an appropriate level within the R T business dependent on either the magnitude or nature of the decision. T In particular, access to the Company IT systems and applications is G provided subject to formal access provisioning processes with the G O objective being to limit access, as appropriate, to enable an individual O VE to perform their role and to enforce appropriate segregation of duties VE R R NAN within business processes. The delegations of authority policy was NAN updated during the year to reflect good practice and incorporate C C E some new key elements. E The Company maintained its ISO 9001 accreditation for its quality F F I management system which ensures that policies, standards and I NAN procedures are appropriate for the business, that they are reviewed on NAN C a regular basis and made available to applicable employees and C IAL contractors through the Group intranet. IAL S Two corporate compliance topics have had particular focus in 2023. S T T A Code of Conduct A T (i) Data protection and cyber-security T E The Group launched a new Code of Conduct in 2023, which was E M Aston Martin complies with the UK and EU GDPR and other applicable M E developed in collaboration with colleagues across the business and E N national data privacy laws, when it comes to the processing of N T approved by the Executive Committee. It applies to all companies T S within the Group and to all directors, employees, temporary workers customer, employee and other individuals’ personal data. As the S Company develops its “connected cars” programme, data protection and contractors. becomes increasingly relevant to the design, engineering, production F F U and on-going management of vehicles. This area, alongside the U R R T The Code and the Group Framework Policies referenced within it are vehicle cyber-security standards, has been an area of particular focus T H H E the foundation of the Company’s governance model, but the Code as we strive to ensure that customer and third party personal E R R INF also sets the tone of the Company’s expectations of high ethical information is managed responsibly and compliantly. INF standards in all business conduct. Building on the Company’s Values to OR address expected behaviours in specific areas, the Code of Conduct (ii) Economic and trade sanctions OR M sets out a decision-tree to help colleagues make the right choices, M A In light of the increase in sanctions being imposed by the UK, EU, UN A T even where there is not a policy to provide guidance. This is an T I and other nations (as a result mainly of the on-going conflict in the I ON ON important part of our mission to drive a culture defined by integrity, Ukraine), the Company has had a particular focus on evaluating and which the Company sees as equal to its drive for high performance. reviewing its dealings with third parties, including suppliers and customers. Some sanctions prohibit dealings with designated Compliance individuals, others are directed at the nature and origin of materials. Led by our Corporate Compliance team, reporting to the Executive There has been an increase in anti-circumvention sanctions measures Committee and the Audit and Risk Committee, the Company has which place greater emphasis on assurance down the supply chain embarked on a programme to review and enhance our compliance as to the origin of supply of parts. As a consequence, the Company management system. In 2023, we have prioritised policies, governance has increased the scrutiny on supplies, as well as enhanced its ‘know and training which set the foundations for effective compliance. your customer/supplier’ checks. The Company also adopted a new Sanctions Compliance Policy in 2023. All corporate compliance policies underwent a significant review and update in the year, with additional risk areas being added to the Enterprise Risk Management Framework and System framework to reflect regulatory change and focus. In anticipation of The Group continues to strengthen the control environment by the coming into force of the new UK “failure to prevent fraud” offence, embedding the Enterprise Risk Management Framework and System fraud risk and prevention has been incorporated into a Framework which is supported by Risk Champions within each function. A Policy. Compliance training courses have been reviewed and new summary of the key risk management activities undertaken by the programmes put in place, tailored to the specific audiences. Group is included within the Risk and Viability Report on page 70. The Internal Audit & Risk Management function is responsible for The Company is committed to conducting all business in an honest administering the Enterprise Risk Management Framework and and ethical manner. The Company expects all employees – and anyone System and for providing independent assurance to the Board, the carrying out work on behalf of the Company – to not only comply with Committee and senior management. the law but also to always maintain the highest standards of ethical business conduct and personal behaviour. ASTON MARTIN LAGONDA ANNUAL REPORT AND ACCOUNTS 2023 103