CITI REQUIREMENTS FOR SUPPLIERS SECTION 1

CITI REQUIREMENTS FOR SUPPLIERS

(FORMERLY KNOWN AS CITI STANDARDS FOR SUPPLIERS)

SECTION 1

(APPLICABLE TO ALL SUPPLIERS)

OWNER:

GLOBAL HEAD OF RESOURCE MANAGEMENT ORGANIZATION (RMO)

ISSUE DATE:

JANUARY 2015

REVISED:

FEBRUARY 2021

VERSION:

5.0

   
            
   
    © 2020 CITIGROUP INC. 
TABLE OF CONTENTS 
 
 
 GENERAL OVERVIEW ............................................................................................. 3 
 CITI  CODE OF CONDUCT ....................................................................................... 4 
 EQUAL EMPLOYMENT OPPORTUNITY / AFFIRMATIVE ACTION ....................... 5 
 ANTI-MONEY LAUNDERING (“AML”) ..................................................................... 6 
 ANTI-BRIBERY .......................................................................................................... 8 
 GIFT AND ENTERTAINMENT ................................................................................... 9 
 SUPPLY CHAIN DEVELOPMENT, INCLUSION, AND SUSTAINABILITY ........... 10 
 PROHIBITION AGAINST MODERN SLAVERY ..................................................... 11 
 FRAUD MANAGEMENT .......................................................................................... 13 
 MEDIA INTERACTION AND PUBLIC APPEARANCES; USE OF CITI NAME, 
FACILITIES OR RELATIONSHIPS ........................................................................ 15 
 WRITTEN ELECTRONIC COMMUNICATIONS ...................................................... 16 
 POLITICAL ACTIVITIES AND CONTRIBUTIONS .................................................. 17 
 SUPPLIER RELATIONSHIP AND CONTRACT COMPLIANCE ............................ 18 

Citi Requirements for Suppliers Section 1 General Overview

Page 3 of 19

1. GENERAL OVERVIEW

PURPOSE

The purpose of the Citi Requirements for Suppliers (“Requirements”) Section I is to

facilitate Suppliers’ compliance with contractual requirements and Citi policy obligations in

the course of doing business with Citi. While the requirements Section I are applicable to

all Suppliers, there is a separate Section II of the Requirements document which includes

an applicability matrix based on types of product(s) and service(s) provided to Citi.

a. These Requirements provide a general overview of Citi’s policy requirements with

which Suppliers must comply. Each Citi business and legal entity may also indicate in

the applicable agreement (including any transactional document - work orders or

license schedules) additional policies with which Suppliers must comply. In the event

such business-specific policies differ from these Requirements regarding the same

topic, the more restrictive policy will prevail. Suppliers must take a proactive role and

consult with their primary Citi business contact (or designee) regarding any questions

they have regarding Citi policies or any related requirement changes to ensure

compliance.

b. Failure to comply with the Requirements set forth in this document, Citi’s Code of

Conduct and / or the policies and procedures applicable to the Citi business and legal

entity that a Supplier is providing products and / or services may result in termination

of a Supplier’s engagement with Citi, including any and all agreements related thereto,

and / or other contractual consequences. Furthermore, violations of the Requirements

may also be violations of applicable law and may result in civil damages owed to Citi

(or third parties) or criminal penalties for the Supplier.

c. In some cases, a Supplier’s policies address a Citi requirement in an alternative way,

but one that Supplier’s management warrants is substantively and / or functionally

equivalent to the requirements of the Citi Requirements. Suppliers may not use

compliance with its own policies to substitute with the obligation to comply with any

provisions of these Requirements without Citi’s written consent. Suppliers may consult

with their primary Citi business contact (or his or her designee) regarding any

questions with respect to consent.

d. If local laws or regulations establish a higher standard than what is outlined in these

documents, Suppliers must comply with those applicable laws and regulations. If local

laws or regulations appear to conflict with these Requirements, the affected Supplier

must inform its primary Citi business contact (or his or her designee) and work in good

faith with Citi to reach a mutually agreeable resolution that ensures full compliance

with the relevant law(s) or regulation(s) and, to the extent possible, these

Requirements.

Citi Requirements for Suppliers Section 1 Citi Code of Conduct

Page 4 of 19

2. CITI CODE OF CONDUCT

Citi has adopted the 2013 Committee of Sponsoring Organizations of the Treadway

Commission (COSO) Internal Controls integrated framework, which assists Citi in

complying with applicable laws and regulations. Additionally, Citi has set forth internal

control guidelines, which Citi’s Suppliers who work with, or represent Citi directly or

indirectly, are subject to, as per applicable contracts.

Citi strives to earn and maintain the public’s trust by adhering to the highest ethical

standards. We ask our colleagues to ensure that their decisions pass three tests: they are

in our clients’ interests, create economic value, and are always systemically responsible.

When we do these things well, we make positive financial and social impacts in all the

communities we serve and show what a global bank can do.

Citi Code of Conduct includes topics such as:

• Citi’s Value Proposition

• Fostering a Respectful Work Environment

• Protecting Personal, Proprietary, and Confidential Information

• Doing Business Fairly and Honestly

• Contributing to Our Communities

• Speaking up and Escalating Ethical Concerns

Please read the Citi Code of Conduct (or “the Code”) for more information on the topics

mentioned above.

The Code has been adopted by the Board of Directors of Citigroup Inc. (“Citi”) and applies

to all directors, officers, and employees of Citigroup Inc. and its consolidated subsidiaries,

including Citibank, N.A. Other persons performing services for Citi are also subject to this

Code. It is Citi’s commitment to conduct business in the highest standards of ethics

globally.

The Code is available in multiple languages on Citigroup’s Investor Relations site and has

additional information regarding topics covered in the Requirements.

Citi Requirements for Suppliers Section 1 Equal employment opportunity / affirmative action

Page 5 of 19

3. EQUAL EMPLOYMENT OPPORTUNITY / AFFIRMATIVE ACTION

As a federal contractor to the US Government, Citi is subject to the non-discrimination

and affirmative action compliance requirements of Executive Order 11246, as amended,

the Rehabilitation Act of 1973, as amended, and the Vietnam Era Veteran’s

Readjustment Assistance Act (VEVRAA) of 1974, as amended. As part of our efforts to

comply with these requirements, Citi has developed an Equal Employment Opportunity

and Affirmative Action program and policies which are designed to ensure equal

employment opportunities to all qualified persons without regard to race, color, religion,

sex, sexual orientation, gender identity, national origin, age, marital status, genetic

information, disability, protected veteran status or any other reason prohibited by law.

This includes, but is not limited to, the following:

• Hiring, placement, transfer, demotion or promotion

• Recruitment, advertising or solicitation for employment

• Treatment during employment

• Rates of pay or other forms of compensation

• Selection for training, including apprenticeship

• Layoff or termination

It is the policy of Citi to comply to the fullest extent with the applicable regulations of the

Civil Rights Act and any legislation on Equal Employment Opportunity.

We request the cooperation of our subcontractors, vendors and suppliers in our equal

opportunity and affirmative action efforts and expect them to take appropriate action in

ensuring their compliance with equal opportunity, non-discrimination and affirmative

action regulations.

Citi Requirements for Suppliers Section 1 Anti-Money laundering (“AML”)

Page 6 of 19

4. ANTI-MONEY LAUNDERING (“AML”)

Money laundering is the process of converting illegal proceeds so that funds are made to

appear legitimate and thereby enter the stream of commerce. Terrorist financing

includes the financing of terrorist acts and terrorist organizations and may involve use of

proceeds from both illegitimate and legitimate sources. Risks of money laundering or

terrorist financing may be present when a Supplier is:

• Performing certain customer-related services (i.e. on-boarding, customer account

and transaction screening) or the delivery of data/metrics related to the foregoing

activities

• Acting as an intermediary with regard to cash or financial instruments (e.g.,

remote deposit capture, courier, armored car or lockbox services)

Due diligence performed on the Supplier may also surface regulatory or reputational

concerns related to money laundering or terrorist financing-related activities.

Where money laundering / terrorist financing risk is identified, AML and the party

engaging the Supplier must work together to require that the Supplier complies with

applicable AML rules and regulations and has in place reasonable and appropriate AML

program, consistent with Citi requirements and supported by appropriate policies,

procedures and training. The program may include such components as:

➢ Reporting and escalation of suspicious activity

➢ A “Know Your Customer” program, including a Customer Identification Program,

sanctions and name screening, customer due diligence and enhanced due diligence

➢ Transaction monitoring

➢ Periodic reporting/metrics, including reporting on legal and regulatory changes and

material AML program changes

➢ Testing and controls of AML program effectiveness, including site visits

The Contract with the Supplier must appropriately addresses AML risk by clearly

defining the program to be instituted by the Supplier, including defining AML roles and

responsibilities and permitting monitoring and oversight by Citi.

Citi further requires that:

a. The Supplier will maintain and comply with policies or procedures designed to

address the requirements of applicable laws, including (i) the Gramm-Leach-Bliley

Act and the regulations promulgated thereunder; (ii) the USA PATRIOT Act and the

regulations promulgated thereunder; (iii) any law or regulation addressing money

laundering; and (iv) any law or regulation related to economic sanctions. Such

policies and procedures will address anti-money laundering roles and

responsibilities, including the requirements to promptly report any observed activity

that appears unusual or potentially unusual related to the intake of cash.

b. The Supplier will ensure that those of its Personnel providing the services receive

annual training with respect to anti-money laundering roles and responsibilities,

including the requirements to promptly report any observed activity that appears

unusual or potentially unusual related to the intake of cash.

Citi Requirements for Suppliers Section 1 Anti-Money laundering (“AML”)

Page 7 of 19

c. The Supplier will promptly report to Citi in writing any suspected breaches of law,

including any observed activity that appears unusual or potentially unusual related to

the intake of cash related to Citi or its customers.

d. Suppliers must ensure they comply with all applicable tax laws and regulations in the

countries where they operate. Under no circumstances should suppliers engage in

deliberate illegal tax evasion or facilitate such evasion on behalf of others, which may

include engaging in activities that would assist in evading the payment of taxes that

are due and payable or concealing information from tax authorities. As such,

Suppliers should adopt reasonable prevention procedures relating to tax evasion and

promptly report to Citi in writing any violations or suspected violations that relate to

Citi.

The Supplier will certify to Citi on annual basis that it continues to maintain the policies

and procedures required by subsection ‘a’ hereof, that those of its Personnel performing

the services have received the training set forth in subsection ‘b’ hereof and that it has

complied with its obligations under subsection ‘c’ hereof.

Citi Requirements for Suppliers Section 1 Anti-Bribery

Page 8 of 19

5. ANTI-BRIBERY

Citi has policies, procedures, and internal controls for complying with anti-bribery laws

and strictly prohibits bribery or facilitation payments in any form. Citi expects all its

Suppliers or anyone acting on Citi’s behalf, to conduct their activities in accordance with

the highest standards of business conduct, which includes compliance with all laws

prohibiting bribery, corruption, fraud and false statements, including the U.S. Foreign

Corrupt Practices Act (“FCPA”), the U.K. Bribery Act, and any other applicable anti-

bribery or anti-corruption laws.

Under no circumstance may a Supplier, or any of its personnel, operating on Citi’s

behalf, offer, provide, or agree to provide, accept or request, “anything of value” to or

from any person, whether directly or indirectly, if doing so would be, or would be

reasonably perceived to be corrupt, inappropriate, or prohibited. “Anything of value”

includes any advantage, financial or otherwise, such as gifts, entertainment, charitable

or political contributions, or employment. Suppliers shall also maintain appropriate

policies and procedures to comply with the FCPA, the U.K. Bribery Act, and other

applicable anti-bribery laws.

For an overview of Citi’s Anti-Bribery Program, please visit Citigroup’s Investor Relations

(under Citi Policies, select Anti-Bribery Program).

Citi Requirements for Suppliers Section 1 Gift and Entertainment

Page 9 of 19

6. GIFT AND ENTERTAINMENT

Suppliers may not provide gifts or convey anything of value (including entertainment) to

Citi employees, where doing so would create an actual or apparent conflict of interest,

compromise the employee’s integrity or judgment or otherwise improperly influence the

employee’s decision-making or cause the employee to act contrary to his / her duties.

Without limiting the foregoing, cash gifts or their equivalent (e.g., gift cards or vouchers)

are not permitted under any circumstances and Suppliers must not provide non-cash

business gifts exceeding, in aggregate, U.S. $100 per person per calendar year to a Citi

employee. Any Citi employee’s acceptance of Business Gifts is subject to pre-approval

per the Citi Gifts and Entertainment Standard, and may be subject to additional limits

under specific Citi businesses, regional and / or legal entity policies.

When a Supplier provides business entertainment (e.g., an invitation to a meal, social,

sporting, cultural or other comparable event) to a Citi employee, the Supplier must be in

attendance at the event and the entertainment must be appropriate, customary and

reasonable, not lavish or excessively frequent and clearly not meant to influence Citi

business.

Supplier may not, on behalf of Citi or purportedly on behalf of Citi, provide gifts or

entertainment, or anything of any value, to any person outside Citi.

Citi Requirements for Suppliers Section 1 Supply Chain Development, Inclusion, and Sustainability

Page 10 of 19

7. Supply Chain Development, Inclusion, and Sustainability

Citi encourages the utilization of Diverse Suppliers and is committed to assist Diverse

Suppliers in their growth and development on a long-term basis. In addition, Citi

encourages its Suppliers to develop and utilize Diverse Suppliers as sub-contractors,

when applicable. The Supplier, its agents, sub-contractors, employees and workers shall

remain compliant at all times with all anti-discrimination labor laws and workplace safety

regulations, and equal opportunities legislation applicable to each of its Personnel

(including disabled Personnel) and to Services and Deliverables as per Citi’s instructions

(as may be specified in any agreement or transactional documents raised thereunder).

Additional information can be found on Citi’s Supply Chain Development, Inclusion and

Sustainability website:

Citi Supplier Diversity and Sustainability Program

Our sustainable supply chain initiative is anchored by the guidelines we have set forth in

the Citi Statement of Supplier Principles. When Suppliers adopt their own codes or

statement of best practices, such requirements must include the following principles and

core elements:

• Ethical Business Practices

• Human Rights in the Workplace

• Environmental Sustainability

• Management Systems, and Implementation

Additional information is available on the site Doing Business with Citi, which describes

Citi’s additional expectations for Suppliers that may be found in:

Citi Statement of Supplier Principles

Citi Sustainable Progress Strategy

Environmental and Social Policy Framework

Citi Statement of Human Rights

Citi Requirements for Suppliers Section 1 prohibition against modern slavery

Page 11 of 19

8. PROHIBITION AGAINST MODERN SLAVERY

Citi is committed to implementing systems and controls aimed at ensuring that modern

slavery and human trafficking is not taking place anywhere within its organization or in

any of its supply chains. All of Citi’s Suppliers are expected to adhere to the principles

set out below.

Child Labor Avoidance: child labor shall not be employed. The term “child” refers to

any person under the age of 15 (or 14 where the law of the country permits), or under

the age for completing compulsory education, or under the minimum age for

employment in the country, whichever is the youngest. Subject to the overriding

prohibition on the use of child labor, if workers under the age of 18 are employed, then

particular care shall be taken as to the duties that they carry out and the conditions in

which they are required to work to ensure that they come to no physical, mental or other

harm as a direct or indirect result of their work or working conditions.

Freely Chosen Employment: workers shall not be forced, mentally or physically

coerced, bonded, indentured, or subjected to involuntary prison labor or slave trafficked

or subjected to compulsory labor in any form, including forced overtime. All work must be

carried out voluntarily. The principles set out below further support this commitment.

▪ Contracts, Wages and Working Hours: Workers shall have their terms of

employment or engagement set out in a written document that is easily

understandable to them and which clearly sets out their rights and obligations.

This written document shall include, but not be limited to, transparent terms with

respect to wages, overtime pay, payment periods, working hours and rights in

respect of rest breaks and holiday. Such written terms shall be provided to the

worker in advance of his or her commencement of work, shall be honored by the

employer and shall meet industry standards and the minimum requirements of

applicable laws and collective agreements where the work is carried out.

▪ Right to Freely Terminate Work: Workers must have the right to terminate their

employment freely, as appropriate following a reasonable period of notice in

accordance with applicable laws and collective agreements, and without the

imposition of any improper penalties.

▪ Inhumane Treatment: Workers, their families and those closely associated with

them, shall not be subject to harsh or inhumane treatment, including, but not

limited to, physical punishment, physical, psychological or sexual violence or

coercion, verbal abuse, harassment or intimidation. Migrant workers, their

families and those closely associated with them, should not be subject to

discrimination in their terms or conditions of work due to their nationality.

▪ Wages, Benefits and Working Hours: Compensation should comply with all

applicable wage laws, including those relating to minimum wages, overtime

hours and legally mandated benefits. Employees should be able to earn fair

wages, as determined by applicable local law. Work weeks should not exceed

the maximum set by local law.

Citi Requirements for Suppliers Section 1 prohibition against modern slavery

Page 12 of 19

▪ No Confiscation of Identity Documents: Workers shall not have their identity

or travel permits, passports, or other official documents or any other valuable

items confiscated or withheld as a condition of employment and the withholding

of property shall not be used, directly or indirectly, to restrict workers' freedoms or

to create workplace slavery.

▪ No Recruitment Fees or Debt Bondage: Fees or costs associated with the

recruitment of workers (including, but not limited to, fees related to work visas,

travel costs and document processing costs) shall not be charged to workers,

whether directly or indirectly. Similarly, workers shall not be required to make

payments which have the intent or effect of creating workplace slavery, including

security payments, or be required to repay debt through work. If it is determined

that fees or costs have been charged to workers related to the recruitment

process or are incurred during the course of employment, the Supplier should

seek to have those costs reimbursed. Where it is necessary to recruit workers

who are engaged via a third party, such as an employment agency, then only

reputable employment agencies shall be engaged. Where workers are sourced

to be employed directly, only reputable recruitment agencies shall be engaged.

▪ Freedom of Movement: Workers shall be free to move without unreasonable

restrictions and shall not be physically confined to the place of work or other

employer controlled locations (for example, accommodation blocks). There shall

be no requirement placed on workers that they take accommodation in employer-

controlled premises except where this is necessary due to the location or nature

of the work being performed.

▪ Grievances without retaliation: Workers shall be free to file grievances to their

employers about the employer's treatment of them and workers shall not suffer

detriment, retaliation, or victimisation for having raised a grievance.

Citi Requirements for Suppliers Section 1 Fraud Management

Page 13 of 19

9. FRAUD MANAGEMENT

Citi is exposed to internal and external fraud risks that may cause financial loss, impact

customer experience and may result in additional legal, reputational and regulatory risks,

including changes to capital requirements.

Citi defines Fraud as an intentional act, misstatement or omission designed to deceive

others, resulting either in the victim suffering a loss or the perpetrator achieving a gain.

Fraud occurs when a person deliberately gives false information or intentionally fails to

disclose information in order to deceive an owner of assets, resources, services or

benefits. Fraud also occurs when dishonest acts are committed without personal gain

but intended to create a loss or risk of loss for another person or entity. This includes the

intentional misrepresentation of financial condition.

Fraud risks relating to Supplier relationships can include:

➢ Processes and / or Controls operated by the Supplier being targeted by criminals to

facilitate or commit fraud against Citi or a Citi Client;

➢ The Supplier misrepresenting, giving of false information or failing to disclose

information either at the selection and on-boarding stage or through the ongoing

lifecycle of an established relationship;

➢ Abuse of position by the Supplier, their employees or sub-contracted service

providers to use their access to Citi data and / or processing capabilities to enable or

commit fraud.

➢ False, inflated or duplicate invoices are submitted for work or goods provided.

Citi does not tolerate:

➢ Fraud committed by its staff and non-compliance with regulations;

➢ Fraudulent or deceptive actions committed by third parties, including Suppliers; and

➢ Untimely or incomplete escalation of fraud events to Citi Senior Management.

➢ Unreported conflict of interests between Citi Suppliers and/or Citi Employees

Citi reserves the right to investigate suspected or alleged theft, fraud or other potential

criminal activity or wrongdoing and to prosecute any fraudulent or criminal behaviour to

the fullest extent of the law.

All Suppliers, irrespective of the products or services provided, are required to:

a. Ensure timely reporting and referral of any potential fraud events to Citi. This

includes but is not limited to, attempted, suspected, alleged or actual theft, fraud

(e.g., submitting knowingly false, inaccurate or misrepresented data regarding the

Supplier, billing schemes, disappearance of funds or securities, etc.), criminal activity

or wrongdoing involving Citi, a Citi employee, a Citi Supplier or agent or a Citi non-

employee (e.g., temporary employees and contractors).

b. Permit monitoring and oversight by Citi and its representatives and support Citi – and

Law Enforcement – led investigations into potential fraudulent activity involving that

Supplier.

c. Report any conflict of interests Suppliers are made aware of timely

Citi Requirements for Suppliers Section 1 Fraud Management

Page 14 of 19

Further to this, Suppliers that provide services that are inherently more exposed to fraud

risk are required to:

a. Document and follow a Fraud Risk Management Program that identifies the material

fraud risks relevant to the services they provide to Citi and the controls and

procedures in place to mitigate these risks;

b. Complete fraud awareness training (within 90 days of hire and annually thereafter)

and train staff on specific elements of fraud risk that relate to the specific services

provided to Citi;

c. Monitor instances of attempted fraud and maintain effective controls to mitigate the

risk of fraud on the services they provide to Citi, document procedures for controls

and test the effectiveness of controls on an ongoing basis, reporting any deficiencies

to the Business Activity Owner (BAO).

Suppliers with higher inherent fraud risk include, but are not limited to, those that:

a. have access to data classified as Confidential or higher (when not under Citi’s direct

control or supervision) that can be used to enable fraud such as access to internal

accounts, financial transactions, cash transactions;

b. have connectivity to Citi networks / systems;

c. provide, support, or have access to, services and capabilities which could be

targeted to commit or enable fraud, including:

1. Identification, on-boarding or processing applications from new clients;

2. Citi or Client Payment / Fund Transfer activities, and / or authentication of Citi

clients access these services;

3. Making, checking or fulfilling changes to Citi data or Citi-client (e.g.,

demographic) data;

4. Provision, servicing or authorization of transactional instruments (e.g., debit /

credit cards, eWallets, chequebooks, etc.);

5. Provision or support of operational fraud management activities to Citi, relating to

the prevention, detection or response to fraud events;

6. Providing physical access to cash, financial instruments and assets / physical

goods;

7. Unescorted or off hours access in Citi facilities;

8. Financial Statements: accounting activities, such as posting entries to the GL / SL;

9. Earning and spending Rewards for incentivized activities.

Citi Requirements for Suppliers Section 1 Media Interaction and Public Appearances; Use of Citi Name, Facilities

or Relationships

Page 15 of 19

10. MEDIA INTERACTION AND PUBLIC APPEARANCES; USE OF CITI NAME, FACILITIES OR

RELATIONSHIPS

Citi Global Public Affairs is the only department authorized to issue press releases or

public statements on behalf of Citi. Suppliers may not issue any press release, which

directly or indirectly identifies Citi, any Contract or arrangement between a Supplier and

Citi or any products and services procured from a Supplier by Citi. Suppliers may not

consent to or engage in any public relations activity relating to Citi with Clients, Citi

employees, other Citi Suppliers, other customers of Suppliers or any other third parties

without prior written approval from their primary Citi business contact and Citi’s Director

of Global Public Affairs.

Suppliers may not publish or post any material in written or electronic format (including

books, articles, podcasts, webcasts, blogs, website postings, photos, videos, social

media or other media), conduct or make speeches, give interviews or make public

appearances that mention Citi, Citi’s operations, Clients, products or services, without

prior written approval from their primary Citi business contact and Citi’s Director of

Global Public Affairs.

Whether or not in connection with the provision of services or products to Citi, Suppliers

may not use Citi’s proprietary indicia, trademarks, service marks, trade names, logos,

symbols or brand names, without, in each case, securing the prior written consent of Citi.

Suppliers may not use Citi’s name, logo or trademarks, facilities or relationships for

benefit or for work outside of Citi (including on letterhead or personal websites, blogs or

other social networking sites). Further, Suppliers may not make any use of Citi’s name,

facilities or relationships for charitable or pro bono purposes.

Citi Requirements for Suppliers Section 1 Written Electronic Communications

Page 16 of 19

11. Written Electronic Communications

When interacting with Citi personnel, or in the performance of its obligations for or on

behalf of Citi, Suppliers are permitted to use only those Electronic Communications

Equipment, Systems and Services that are provided by, sanctioned by, or approved by

Citi. The use or creation of new or revised written electronic communication functionality

must first be reviewed by a Citi Business Information Security Officer (BISO), Legal, and

Independent Compliance Risk Management, and approved in accordance with

applicable Business, Function and Technology requirements. Communicating Citi

business with Citi personnel on non-Citi approved messaging platforms, such as

WhatsApp, WeChat, and any other interactive electronic platform, is prohibited.

Additionally, Suppliers should have no expectation of privacy with respect to written

Electronic Communications created, discovered, used, accessed, downloaded, stored,

transmitted, received or deleted via Citi-provided Communications Equipment, Systems

and Services. Citi may monitor Electronic Communications Equipment, Systems and

Services, and Electronic Communications. Such Electronic Communications are owned

by Citi and may be retained in accordance with applicable record retention requirements

(subject to local law and regulation).

Citi Requirements for Suppliers Section 1 Political Activities and Contributions

Page 17 of 19

12. POLITICAL ACTIVITIES AND CONTRIBUTIONS

A variety of laws, such as campaign finance, gifts and entertainment, legislative and

regulatory lobbying, procurement, pay-to-play, and securities, regulate political activities,

including disclosure requirements, of Citi and its Suppliers. Any political activity by

Suppliers that does not comply with relevant Citi policy or standards, law or regulation is

prohibited.

Political activity includes: (i) making corporate or personal political

contributions, soliciting political contributions, using company funds or resources (such

as facilities, equipment, software or personnel) or volunteering personal services during

company time on behalf of a candidate campaigning for a public office, a political party

committee or a political committee; (ii) lobbying or engaging in any outreach to public

officials, whether directly or through third parties, including attempts to influence

legislation and, depending on the jurisdiction, may include attempts to influence agency

rulemaking or the awarding of government contracts; or (iii) seeking, accepting or

holding any political office associated with a government, including any government

board, commission or other similar organization.

No political activity may be undertaken or conducted by any Supplier on behalf of (or

purportedly on behalf of) Citi without prior written authorization of Citi’s Global

Government Affairs office. Although Citi may pay a fee and/or reimburse out of pocket

costs for contracted and permissible political activity services provided by the Supplier,

such as lobbying, Citi will never reimburse a Supplier or any of its employees for

personal or corporate political contributions of any kind.

Citi Requirements for Suppliers Section 1 Supplier Relationship and Contract Compliance

Page 18 of 19

13. SUPPLIER RELATIONSHIP AND CONTRACT COMPLIANCE

A. Suppliers and potential Suppliers must cooperate with their primary Citi business

contact to ensure that a Non-Disclosure Agreement (NDA) is executed (or that an

agreement including similar confidentiality and non-disclosure obligations for the

Supplier is in place) with Citi prior to any discussions or exchange of any Citi

information classified as Confidential or higher, between Citi and Supplier.

B. Suppliers must not commence performance of any services or provide any products

to Citi unless a Contract has been fully negotiated and executed between Citi and the

Supplier or a purchase order (PO) has been issued to the Supplier by Citi.

C. Suppliers must keep their primary Citi business contact aware of any changes in the

Supplier’s key management team and / or respective contact information.

D. Suppliers must support Citi’s efforts to perform appropriate and required ongoing

Supplier management activities and cooperate as necessary, including additional due

diligence for Suppliers designated as Outsource Service Providers (OSPs). Suppliers

must provide necessary support to Citi businesses to perform such activities and

additional due diligence, when applicable.

E. Unless otherwise agreed by Citi in writing, a Supplier may not use a sub-contractor to

fulfil Supplier’s obligations to Citi. If permitted to use a sub-contractor (i) the Supplier

must ensure that the proposed sub-contractor will comply with all obligations

applicable to the Supplier; and (ii) the Supplier will remain responsible to Citi for overall

performance and any noncompliance by the sub-contractor with Supplier’s Contract

with Citi.

F. Citi’s approval of a sub-contractor must be documented in a written acknowledgement

signed by the Supplier that reaffirms the Supplier’s obligations in the preceding

paragraph (E). The exact form and text of the written Acknowledgement may be

changed based on Supplier’s agreement with Citi. Please work with the primary Citi

business contact to document approval using the appropriate Consent Form.

Acknowledgement of Supplier in Connection With Use of Subcontractor

Acknowledgement of Supplier in Connection With Use of Designated Subcontractors

G. Citi may require Suppliers to provide the most recent three (3) years audited year-end

financial statements and upon request the most recent financial interim statements.

Supplier may further be asked to provide written consent to allow Citi to provide the

Supplier’s financial statements to a third party service provider engaged by Citi for the

purpose of translation or performing a Financial Evaluation.

H. Supplier and its personnel must always ensure full compliance with all applicable laws,

rules and regulations in providing services and products to Citi. If the services and

products provided by Supplier to Citi involve or require the sharing of any technical

data, computer software or any product (or any part thereof), process or service that

is the direct product of any such technical data or computer software outside of the

United States or with any individuals who are not citizens or residents of the United

States, supplier shall provide Citi with all necessary information, and ensure

compliance with all applicable export laws. In addition, depending on the nature of the

products and services, Citi may require Suppliers to identify export classification for

Citi Requirements for Suppliers Section 1 Supplier Relationship and Contract Compliance

Page 19 of 19

such products and services. Additionally, Suppliers will comply with all applicable

export laws outside of the United States, as well as applicable local laws and

regulations and will notify Citi of any specific requirements with respect to Citi’s use of

the products and services outside of the United States. Citi may require Supplier to

procure and ensure that Suppliers’ Personnel read, acknowledge and accept their

compliance with Citi policies, including those related to security and privacy, workplace

policies and other policies, procedures and guidelines intended to ensure compliance

with applicable law or regulatory requirements. Supplier will sign and provide, and as

applicable ensure that its Personnel will sign and provide, to Citi on-boarding

documents as required by Citi before assigning Supplier Personnel.

I. Suppliers must notify Citi of any material changes in operational processes, data flows

or the handling of Citi data in a timely manner.