1. Introduction

ESAF Small Finance Bank’s (hereinafter referred to as ‘the Bank’) vision to build a society with equal opportunities which has complete access to sustainable financial services so as to help in promoting livelihood opportunities and economic development and to address environmental concerns is the foundation for all the decisions taken.The Bank believes in conducting all affairs of its constituents in a fair and transparent manner by adopting the highest standards of honesty, professionalism, integrity, and ethical behaviour.

The Whistle Blower policy has been formulated as part of corporate governance norms and transparency where the employees, customers, stakeholders are encouraged to prefer any complaints which have not been resolved or satisfactorily resolved within the usual applicable protocols. The employees may refer any complaints covering areas such as corruption, misuse of office, criminal offences,behavioural issues, suspected / actual fraud, failure to comply with existing rules and regulations and acts resulting in financial loss/ operational risk, loss of reputation, etc. detrimental to depositors’ interest/ public interest.

This policy shall provide a channel to the employees (including directors) and other stakeholders to report to the management about unethical behaviour, actual or suspected fraud or violation of the Codes of conduct or legal or regulatory requirements, incorrect or misrepresentation of any financial statements and reports and such other matters.

2. Objectives of the Policy

The following are the objectives of the Whistle Blower Policy:

Promote a culture of integrity and compliance by encouraging stakeholders to speak up/ raise red flags on matters relating to breaches/ violations ofthe Bank’s Code of Conduct and/or fraudulent transactions.

• Provide a platform and mechanism for the employees and relevant stakeholders to voice genuine concerns of grievances about unprofessional conduct without the fear of reprisal to the employee raising the concern.
• Provide a non-threatening environment to employees to discuss matters relating to our Code of Ethics.
• Adhere to the highest standards of ethical, moral and legal conduct of business operations.
• Promote clean business transactions, professionalism, productivity, promptness and transparent practices and ensures putting in place systems and procedures to curb opportunities for corruption.
• Institutionalize a mechanism for protection of employees from reprisals or victimization, for whistle blowing in good faith as the Bank strictly follows No Retaliation Policy.
• Provide an assurance to external stakeholders that there is internal cordiality and transparency.
• Treat the violations/ breaches/ non-compliance at various levels of the Bank with vigour and due care and accordingly realign processes and take corrective actions as part of its corporate governance.

The Policy shall help the Bank to create an environment where employees and relevant stakeholders feel free and secure to raise the alarm where they see a problem. It shall also ensure that Whistle Blowers are protected from retribution, whether within or outside the Bank.

4. Governance Structure

The Bank shall devise an effective Whistle Blower mechanism enabling stakeholders, including individual employees and their representative bodies, to freely communicate their concerns about illegal or unethical practices.

4.1 Audit Committee

The Bank shall have an Audit Committee which reviews the effectiveness of the vigil mechanism and implementation of the Whistle Blower Policy to provide adequate safeguards against victimisation of employees and relevant stakeholders.The details of establishment of Vigil mechanism shall be disclosed by the Bank on the website, if any, and in the Board’s Report to the stakeholders.

In case of frivolous complaints being filed by a director or an employee, the Audit Committee or the director nominated to play the role of Audit Committee shall take suitable action against the concerned director or employee.

The independent directors shall ascertain and ensure that the Bank has an adequate and functional vigil mechanism and to ensure that the interests of a person who uses such mechanism are not prejudicially affected on account of such use.

4.2 Internal Complaint Committee

The Internal Complaints Committee shall be headed by the Chairman of the Audit Committee, Head HR, Head Vigilance, Head Risk & Compliance and Head Internal Audit. The Internal Complaint Committee shall look into the complaints report prepared by the Head Vigilance (HV)/ Head Risk & Compliance. The decision on addressing the complaint raised by the Whistle Blower shall be taken by the Internal Complaint Committee.

The Committee shall institute investigation into complaints wherever required and shall review the investigation report before giving a final decision on the matter.

4.3 Head Risk & Compliance

The Head Risk & Compliance of the Bank shall act as a Special Assistant/Advisor to the MD&CEO of the Bank in the discharge of these functions. He shall report to the Audit Committee/ Board on the Vigilance activities, disciplinary cases and related investigation reports as well as aspects relating to the implementation of the Whistle Blower Policy.

The Head Risk & Compliance shall also act as a liaison officer between the Bank and the Police/ Serious Fraud Investigation Office (SFIO)/ other law enforcement authorities. The Head Risk & Compliance shall collect intelligence about the corrupt practices committed, or likely to be committed, by the employees of the Bank; investigate or cause an investigation to be made into verifiable allegations reported to him; process investigation reports for further consideration of the disciplinary authority concerned andreport/ refer the matters to the MD&CEO of the Bank.

4.4 Head Vigilance (HV)

The HV shall render active support to the Head Risk & Compliance in performing the above functions for his respective regions. The HV shall investigate complaints of the following nature:

• Demanding and/or accepting gratification other than legal remuneration in respect of an official act or for using his influence with any other official.
• Obtaining valuable thing, without consideration or with inadequate consideration from a person with whom he has or is likely to have official dealings or his subordinates have official dealings or where he can exert influence.
• Obtaining for himself or for any other person any valuable thing or pecuniary advantage by corrupt or illegal means or by abusing his position as an employee.
• Possession of assets disproportionate to his known sources of income.
• Cases of misappropriation, forgery or cheating or other similar criminal offences.

In case of other irregularities like gross or wilful negligence; recklessness in decision making; blatant violations of systems and procedures; exercise of discretion in excess, where no ostensible organizational interest is evident; failure to keep the controlling authority/ superiors informed in time, the Head HRand Head Risk & Compliance with the help of the HV should carefully study the case and weigh the circumstances to arrive at a conclusion whether there is reasonable ground to doubt the integrity of the officer concerned.

5. Scope

This Policy intends to cover serious complaints that could have grave impact on the operations and performance of the business of the Bank.Receipt of information about corruption, malpractice or misconduct on the part of employees, from whatever source, would be termed as a complaint. Complaints may be received from employees of the organisation or from the public.

Under the Policy, employees and relevant stakeholders of the Bank having sufficient grounds for a concern can lodge complaints.

The Policy intends to cover the following types of complaints:

• Fraudulent activities or activities in which there is suspected fraud
• Intentional or deliberate non-compliance with laws, regulations and policies
• Questionable accounting practices including misappropriation of monies
• Illegal activities
• Corruption and deception
• Misuse/ Abuse of authority
• Violation of Bank rules,manipulations and negligence
• Breach of contract
• Pilferation of confidential/propriety information
• Deliberate violation of law/regulation
• Wastage/misappropriation of Bank’s funds/assets
• Malpractices/ events) causing danger to public health and safety.
• Immoral/questionable behaviour that can cause reputational risks to the Bank/Brand, etc.

The following nature of complaints shall not be covered in the policy:

• Complaints those are frivolous in nature.
• Issues relating to personal grievance (increment, promotion, etc.)
• Sexual harassment as it is covered by Policy on Prevention of Sexual Harassment.

6. Guiding Principles

To ensure that this Policy is adhered to, and to assure that the concerns raised under this Policy will be acted upon seriously, the Bank will:

• Ensure that the Whistle Blower and/or the person processing the Protected Disclosure is not victimized
• Ensure complete confidentialityof the identity of the Whistle Blower
• Not attempt to conceal evidence of the Protected Disclosure
• Take disciplinary action, if any one destroys or conceals evidence of the Protected Disclosure made/to be made
• Provide an opportunity of being heard to the persons involved, especially to the subject
• Provide protection to Whistle Blower under this Policy provided that Protected Disclosure is made in good faith, the Whistle Blower has reasonable information or documents in support thereof and not for personal gain or animosity against the subject
• Ensure that the Whistle Blowers, who make any Protected Disclosures, which have been subsequently found to be mala fide, frivolous or malicious be liable to Disciplinary Action.
• Take Disciplinary Action for event covered under this Policy or upon victimizing Whistle Blower or any person processing the Protected Disclosure or if any one destroys or conceals evidence of the Protected Disclosure made/to be made.

Ensure that any other Director/ Employee or other stake holders assisting in the said investigation or furnishing evidence, is protected to the same extent as the Whistle Blower

7. Procedure

7.1 Lodging of Complaints

The Protected Disclosure shall be submitted in a closed and secured envelope and shall be super scribed as “Protected disclosure under the Whistle Blower policy”. Alternatively, the same can also be sent through email with the subject “Protected disclosure under the Whistle Blower policy”. If the complaint is not super-scribed and closed as mentioned above, it will not be possible for the Audit Committee to protect the Whistle Blower and the protected disclosure will be dealt with as if a normal disclosure. The Whistle Blower shall have the option of retaining anonymity or revealing his/her identity.

In order to protect identity of the Whistle Blower, the HV/ Head Risk & Compliance will not issue any acknowledgement to the Whistle Blowers and they are advised neither to write their name/address on the envelope nor enter into any further correspondence with the HV/ Head Risk &Compliance. The HV/ Head Risk & Compliance shall assure that in case any further clarification is required he will get in touch with the Whistle Blower.

The Bank shall not entertain anonymous/ pseudonymous disclosures except of such disclosures have merit shall be entertained. This shall be decided by the appointed officer

The Protected Disclosure shall be forwarded under a covering letter signed by the Whistle Blower. TheHV/ Head Risk & Complianceor the Chairman of the Audit Committee or MD& CEO as the case may be, shall detach the covering letter bearing the identity of the Whistle Blower and process only the Protected Disclosure.

All Protected Disclosures shall be addressed to the HV/ Head Risk & Compliance of the Bank or to the Chairman of the Audit Committee or MD&CEO in exceptional cases.

7.2 Receipt of Complaint

On receipt of the protected disclosure the HV/ Head Risk & Compliance shall maintain and preserve records of the Protected Disclosure and also ascertain from the Whistle Blower whether he was the person who made the protected disclosure or not. The record will include:

• Brief facts
• whether the same Protected Disclosure was raised previously on the same subject and if so, the outcome thereof
• Details of actions taken by HV or MD&CEO for processing the complaint
• Findings of the Audit Committee, the recommendations of the Audit Committee/ other action(s).

The Audit Committee, if deems fit, may call for further information or particulars from the Whistle Blower.

7.3 Investigation Report& Appeal

All Protected Disclosures reported under this Policy will be thoroughly investigated by the HV/ Head Risk & Compliance of the Bank who will investigate/ oversee the investigations under the authorisation of the Audit Committee. The Chairman of Audit Committee or HV/ Head Risk & Compliance may at its discretion consider involving any investigators for the purpose of investigation.

The decision to conduct an investigation taken into a Protected Disclosure by itself is not an acceptance of the accusation by the Authority. It is to be treated as a neutral fact-finding process because the outcome of the investigation may or may not support accusation; unless there are compelling reasons not to do so, subjects will be given reasonable opportunity for hearing their side during the investigation. No allegation of wrongdoing against a subject shall be considered as maintainable unless there is good evidence in support of the allegation.

The subject shall have right to access any document/ information for their legitimate need to clarify/ defend themselves in the investigation proceedings.The HV/Head Risk & Compliance shall normally complete the investigation within 90 days of the receipt of protected disclosure.

Based on a thorough examination of the findings, theHV/ Head Risk & Complianceshall submit a report to the Chairman of the Audit Committeeon a regular basis about all Protected Disclosures referred to him/her since the last report together with the results of investigations, if any. Where an improper practice is proved which would result in suggested disciplinary action, including dismissal, if applicable, as well as preventive measures for the future. All discussions would be documented and the final report will be prepared.

If the report of investigation is not to the satisfaction of the Whistle Blower, the Whistle Blowerhas the right to report the event to the appropriate legal or investigating agency.

7.4 Decision

If an investigation leads the HV/Head Risk & Compliance or Chairman of the Audit Committeeto conclude that an improper or unethical act has been committed, the HV/ Head Risk & Complianceor Chairman of the Audit Committee shall recommend to the Internal Complaints Committee of the Bank to take such disciplinary or corrective action as he may deem fit. Any disciplinary or corrective action initiated against the subject as a result of the findings of an investigation pursuant to this Policy shall adhere to the applicable personnel or staff conduct and disciplinary procedures.

If the report of investigation is not to the satisfaction of the Whistle Blower, the Whistle Blowerhas the right to report the event to the appropriate legal or investigating agency. A Whistle Blower who makes false allegations of unethical & improper practices or about alleged wrongful conduct of the subject to the HV/ Head Risk & Compliance or the Audit Committee shall be subject to appropriate disciplinary action in accordance with the rules, procedures and policies of the Bank.

7.5 Confidentiality

Every effort will be made to protect the identity of the Whistle Blower, subject to legal constraints except in cases where the Whistle Blower turns out to be vexatious or frivolous and action has to be initiated against the Whistle Blower. In the event of the identity of the Whistle Blowerbeing disclosed, the Bank can initiate appropriate action against the person making such disclosure.

7.6 Protection

The Bank, as a policy, will ensure against any kind of discrimination, harassment, victimization or any other unfair employment practice being adopted against Whistle Blowers. Complete protection will therefore be given to Whistle Blowers against any unfair practice like retaliation, threat or intimidation of termination / suspension of service, disciplinary action, transfer, demotion, refusal of promotion or the like including any direct or indirect use of authority to obstruct the Whistle Blower’s right to continue to perform his duties / functions including making further Protected Disclosure, as per the provision of the Whistle Blowers’ Protection Act, 2011.

A Whistle Blower may report any violation of the above clause to the Chairman of the Audit Committee, Whose decision will be final, as the highest authority for the Whistle Blower Process and Whistle Blower Protection Process of the Bank.

8. Record Keeping

All documentation pertaining to the complaint including the investigation report, corrective action taken and evidence will be maintained for a period of 8 years or such other period as specified by any other law in force, whichever is more.

9. Reporting Requirement

The following are the reporting requirements:

• The details of establishment of Vigil mechanism shall be disclosed by the Bank in the website, if any, and in the Board’s Report.
• Whistle blower policy, and affirmation that no personnel has been denied access to the Audit Committee

The Head Risk & Complianceshall report the following to the Board:

• Areas in the Bank that are most prone to corruption where officers of proven integrity only are posted
• Furnish a report of vigilance activities in the Bank on a periodic basis
• Identify sensitive positions and frame specific Board approved internal policy on staff matters such as rotation of staff in general and in respect of sensitive desks in particular
• The details of establishment of Vigil mechanism shall be disclosed by the Bank in the website, if any, and in the Board’s Report

The Head Risk & Compliance shall submit a report to the Audit Committee, every quarter, containing the summary of all complaints/Protected Disclosures received from Whistle Blowers, complaints/ reports that have been taken up for investigation, corrective actions recommended, status of implementation of corrective action and reason for delay, if any.

10. Policy Review and Updates

The Board approved policy shall be reviewed as and when required or at least annually for incorporating regulatory updates and changes, if any.

Last date of review: DDMMYYYY

11. Regulatory References

• Companies Act, 2013.
• Securities and Exchange Board of India (SEBI) Notification Listing Obligations and Disclosure Requirements) Regulations, 2015
• Introduction of ‘Protected Disclosures Schemefor Private Sector and Foreign banks' dated April 18, 2007
• Internal Vigilance in Private Sector/ Foreign Banks dated May 26, 2011
• The Whistle-blower Protection Act, 2011

12. Annexures

Annexure 1 - Key Definitions

1. Audit Committee: A Committee constituted by the Board of Directors of the Bank in accordance with Companies Act, 2013 and related rules.
2. Protected Disclosure: a concern raised by a written communication made in good faith that discloses or demonstrates information that may evidence unethical or improper activity. Protected Disclosures should be factual and not speculative in nature
3. Subject: a person against or in relation to whom a Protected Disclosure has been made or evidence gathered during the course of an investigation
4. Whistle Blower: an Employee making a Protected Disclosure under this Policy

HV/ Head Risk & Compliance: an officer of the Bank nominated by Competent Authority to conduct detailed investigation under this policy and to receive protected disclosure from Whistle Blowers, maintain record thereof, placing the same before the Audit Committee for its disposal and informing the Whistle Blower the results thereof