Corporate

Governance Policy

December 2016
Corporate Governance Policy 2016 | Version 2.0 December 2016 1
 POLICY STATEMENT

Corporate governance refers to the mechanisms, processes and relations by which ISS is
controlled and directed at every level from customer sites, country operations, country
management teams, regional management teams, Executive Group Management, Board
of Directors and ultimately the shareholders of the ISS Group.

Through our more than 115 years’ history ISS has placed great importance on governance
and accountability and today good corporate governance practices are an integral part of
our values and what we promise our customers, employees and stakeholders. You may ask
how this can be? A policy on governance may, after all, feel a long way from our sites, daily
operations and interactions with customers and employees. But the reality is that only when
our values and leadership principles are lived out on the site, we are truly living up to our
value proposition. We promise, among other things, to protect the brand of our customers
and safeguard their people and assets. Only by doing the right things, at the right time,
in the right way can we live up to this promise and our corporate governance policy is an
important guide in this regard. This way we also protect our own brand and ensure that we
have a strong business built on a solid and sustainable foundation

In August 2009, we issued our Corporate Governance Guidelines followed by 10 Minimum

Requirements, thereby providing a framework and minimum requirements for the
organisation and management of all companies of the ISS Group. We have come a long
way in applying the Corporate Governance Guidelines locally, regionally and globally and
instilling good corporate practices throughout the Group.

With the re-listing of ISS A/S on NASDAQ Copenhagen stock exchange in 2014, a renewed
focus on good corporate governance practices on all levels of the ISS Group has become
important to ensure that we can live up to the requirements of being a public listed company.
We have therefore decided to elevate the Corporate Governance Guidelines to a Corporate
Governance Policy (the “Policy”), building on and consolidating our experience with the
original guidelines.

The purpose of the Policy is to align throughout the Group the mandatory minimum
requirements for processes and procedures to be applied when operating our business,
with clearly defined responsibilities and authority levels for making decisions. The Policy also
provides a measure for accountability that enables us as managers of the business and our
stakeholders to monitor that we observe ethical and responsible business practices in ISS.

Compliance with the Policy is mandatory.

This document does not intend to and cannot answer all questions you may have,
so please consult local legal counsel or Group Legal (Tel: +45 38 17 00 00 or email:
legal@group.issworld.com) with questions or suggestions to improve the application of the
Policy.

Yours sincerely
Executive Group Management

2 Corporate Governance Policy 2016 | Version 2.0 December 2016

Jeff Gravenhorst Pierre-François Riolacci Troels Bjerg
Group CEO Group CFO Regional CEO Northern
Europe

Jacob Götzsche Michelle Healy Dane Hudson

Regional CEO Central Group Chief People & Regional CEO APAC
Europe Culture Officer

Henrik Langebæk Andrew Price Daniel Ryan

Regional CEO Eastern Group CCO Regional CEO Americas
Europe, Middle East & Africa

Richard Sykes Martin Gaarn Thomsen Bjørn Raasteen

Regional CEO Western Group COO Group General Counsel
Europe

Corporate Governance Policy 2016 | Version 2.0 December 2016 3

 TABLE OF CONTENTS

1. INTRODUCTION 6
1.1 Fundamental rules 6
1.2 Adoption of Policy – compliance requirement – audit 8
1.3 How to read and use this Policy and the tools provided 8
1.4 Questions – Review of Policy 10

2. ETHICAL AND RESPONSIBLE BUSINESS CONDUCT – BASIC RULES 11

2.1 ISS Policy on Ethical and Responsible Business Conduct 11
2.2 How we do things – Compliance with Law, ISS Values and Policies 11
2.2.1 Compliance with law, the ISS Values and Code of Conduct 11
2.2.2 Compliance with ISS Group Policies 11
2.3 ISS Policy on Conflict of Interest 11
2.4 How we do things - Conflict of Interest 12
2.4.1 Conflict of interest situations 12
2.4.2 Required action in the event of a potential conflict of interest 13
2.5 Minimum requirements – ISS Group Policies and
Conflict of Interest 14
2.6 Available tools 14

3.MANAGEMENT OF SUBSIDIARIES 15
3.1 ISS Policy 15
3.2 How we do things 15
3.2.1 Composition of Boards 15
3.2.2 Country Management responsibility for governance of Subsidiaries 18
3.2.3 Management of other Countries 18
3.2.4 Legal structure reporting, Disclosure & Litigation reporting and review
of key country risks and controls 18
3.2.5 Merging, dissolving, establishing and changing capital structure of
legal entities – Project Recommendation Paper and CCPC approval process 19
3.2.6 Business review meetings 19
3.2.7 Books and records – control requirements 20
3.3 Minimum requirements - Management of Subsidiaries 20
3.4 Available tools 21

4. REMUNERATION GOVERNANCE, EMPLOYMENT TERMS, ETC. 22

4.1 ISS Policy 22
4.2 How we do things 22
4.2.1 Grandparent principle 22
4.2.2 Governance on Remuneration and Appointment of ISS Managers 22
4.2.3 Terms of employment or service agreements of Country Managers
and Country CFOs 23
4.2.4 Terms of employment or service contracts of other members of
Country Management 25

4 Corporate Governance Policy 2016 | Version 2.0 December 2016

 4.2.5 Terms of employment or service contracts for other senior managers
in the country 25
4.2.6 Confidentiality obligation 26
4.2.7 Succession planning 26
4.3 Minimum requirements - Employment terms of managers, etc. 27
4.4 Available tools 28

5. SIGNATURE RULES; GENERAL APPROVAL PROCEDURES 29

5.1 ISS Policy 29
5.2 How we do things 29
5.2.1 Double signature rule – “four eyes principle” 29
5.2.2 Country Delegation and Approval matrix 30
5.2.3 Regional Management approval – approval thresholds 30
5.2.4 Specific approval procedures – expenditures outside budget, customer
contracts and mandatory ISS Group HQ approvals 30
5.3 Minimum requirements - Signature rules; general approval procedures 31
5.4 Available tools 31

6. CUSTOMER CONTRACT APPROVAL PROCEDURES 32

6.1 Policy 32
6.2 How we do things 32
6.2.1 Standard contracts 32
6.2.2 Customised customer contracts 32
6.2.3 Large customer contracts 33
6.2.4 Regional and cross-border contracts (not subject to the LCC) 33
6.2.5 Document Retention and Contract Change Management 34
6.3 Minimum requirements – Standard contracts, customised contracts,
large customer contracts, document retention, etc. 35
6.4 Available tools 36

7. MANDATORY ISS HQ APPROVAL AND REPORTING REQUIREMENTS 37

7.1 ISS Policy 37
7.2 How we do things 37
7.3 Available policies, guidelines and tools 40

8. MONITORING AND AUDIT 41

8.1 ISS Policy 41
8.2 How we do things 41
8.3 Minimum requirements monitoring and audit 41
8.4 Available tools 41

Document version
Document version: Version 2.0 Approved by: EGM
Document location: Responsible for maintenance: Group Legal
governance.policies.group.issworld.com Next review/update: December 2017
Last updated: December 2016Governance Policy 2016 | Version 2.0 December 2016
Corporate 5
 1. INTRODUCTION

1.1 Fundamental rules

Good corporate governance practices are an integral part of how we operate our business
and a key element in the value proposition we offer our customers, employees and stake-
holders. As an international group performing our services globally based on self-delivery
at the facilities of our customers, it is fundamental for ISS to always operate the business
responsibly and in compliance with laws and regulations.

This Policy, which is addressed to ISS managers (as defined in subsection 1.3 below), pro-
vides a solid foundation for ethical and responsible decision making throughout the ISS
Group.

ISS Corporate Values

These are our four core values, which

Honesty guide how ISS conducts its business,
We respect and which each manager is expected to
understand and follow.
Entrepreneurship
We act

Responsibility
We care

Quality
We deliver

ISS Code of Conduct

• Personal Conduct of Employees Each manager is

• Anti-Corruption & Bribery responsible for managing
• Competition Laws the ISS business in
• Business Partner Relations compliance with our Code
• People Standards of Conduct and ensuring
• Corporate that all employees are ISS Code of Conduct
– Standards for the global operation

Responsibility aware of and adhere to

of ISS
Adopted by the ISS Board of Directors,
16 June 2003
Revised October 2016

the same principles. The

Code of conduct-1016.indd 1

10-11-2016 14:09:28

Code of Conduct is considered part of all

ISS employees’ employment terms.

6 Corporate Governance Policy 2016 | Version 2.0 December 2016

 ISS Leadership Principles

• In ISS we put the customer first ISS is a people business. Leadership The
ISS Way

• In ISS we have a passion for Our employees are

performance our core asset. The
The ISS Group is
one of the world’s
providing Integrated
Facility Manageme
leading Facility Services
Facility Services based
on the core business
companies,
areas of

• In ISS we encourage innovation desired behaviours

nt, Cleaning, Catering,
Property, Security
Services. and Support

Everyday, ISS employees

create value by working
of our client’s organisatio as integrated members
ns. Thus, a key

• In ISS we treat people with respect for how we lead our

part of the ISS approach
management is to to
develop capable
employees in all functions.

Team spirit, innovation

and passion for performan
9 Leadership Principles ce are just some of
we introduce in this the
brochure and we
you will see the potential hope that

• In ISS we lead by example employees and manage

of these guidelines
to create a successful
for our company future
and your employees
.

• In ISS we lead by empowerment the business of ISS are

• In ISS we develop ourselves and others reflected in the ISS
www.issworld.com

- with a Human
Touch

• In ISS teamwork is at the heart of our Leadership Principles.

performance
• In ISS we are one company with shared
values, one brand and one strategy

ISS Group Policies Policy owner

All business units and operations of ISS must comply with
the policies and follow the guidelines issued by the ISS
Group.

A full list of ISS Group Policies and guidelines in force can

be found at governance.policies.group.issworld.com.

ISS Corporate Governance Group Legal

Global People Standards Group People & Culture
ISS Speak Up Policy Group Internal Audit
ISS Escalation Policy Group Legal
ISS Anti-Corruption & Bribery Group Legal
ISS Competition Law Group Legal
Group Accounting Manual Group Controlling
ISS Tax Policy & Strategy Group Tax
ISS Corporate Responsibility Policy Group People & Culture
ISS Health, Safety Environment & Quality Policy Group People & Culture
ISS Policy on safeguarding children and vulnerable adult Group People & Culture
ISS Remuneration and Appointment governance structure Group People & Culture
ISS Information Security Policies Group IT
ISS Data Protection Policy Group IT
ISS Communication & Stakeholder Policy Group Investor Relations
ISS Investor Relations Policy Group Investor Relations
Local Management guide to Treasury Group Treasury
M&A Divestment Manuals Group M&A
ISS Risk Policy Group Risk
ISS Group Insurance Manual Group Risk
ISS Supplier Code of Conduct Group Procurement

Corporate Governance Policy 2016 | Version 2.0 December 2016 7

 1.2 Adoption of Policy – compliance requirement – audit

The Policy shall be tabled for review and, to the extent possible, adoption by the highest
management board level of the top holding company in each country where ISS operates.
It is the responsibility of Country Management to ensure compliance with the Policy and the
minimum requirements.

The minimum requirements established in this Policy are mandatory. Deviations must be
agreed with Regional Management or, as applicable, with the EGM or Head of Group
Function and recorded in writing e.g. board resolutions or minutes of business review
meetings.

Country Management shall ensure that appropriate information and training sessions are
organised to support implementation of the Policy and changes to the local governance
structure that may follow from the Policy.

The minimum requirements described in this Policy are included in the Group Internal
Audit control catalogue and will form part of the audits performed by Group Internal
Audit. Coun tries and Regions are required to monitor compliance and maturity through the
Group Internal Audit Self-Assessment Form, see section 8.

1.3 How to read and use this Policy and the tools provided

Each section of the Policy is structured as follows:

• ISS Policy: A short description and background for the policy of ISS.

• How do we do things: A description of general requirements and guidelines and

how the ISS policy is applied.

• Minimum compliance requirements: The minimum requirements in each section

of the Policy that must be implemented and complied with continuously.

• Available tools: A description of tools and templates that are available to

implement the corporate governance requirements. All tools and templates are
available at governance.policies.group.issworld.com.

8 Corporate Governance Policy 2016 | Version 2.0 December 2016

Definitions applied in this Policy

BRM: Business review meetings held at regular intervals between (i) EGM and
Regional Management, (ii) Regional Management and Country Management, and
(iii) Country Management and country business units, as applicable.

BRM minutes: The written and approved minutes of the BRMs.

Country Board of Directors: The board of directors or equivalent governing body/

supervisory organ of the country’s Top Holding Company.

Country Management: For each ISS country, the Country Manager and all
managers directly reporting to the Country Manager, such as but not limited to, the
Country CFO, the People & Culture Director, the Commercial Director, Corporate
Affairs Director and the business segment directors.

CCPC country: Corporate Clients Partnership Country is a country, in which

ISS op-erates a Global Operations contract without having a dedicated country
management structure in the country, and typically through a subcontractor.

CRAM@ISS: The Contract Risk Assessment Model online tool.

EGM: Executive Group Management of ISS A/S.

EGMB: Executive Group Management Board of ISS A/S, which consists of the
executive officers of EGM registered with the Danish Business Authority.

Hyperion Financial Management system (HFM): The system for reporting

financial results of all business units in the ISS Group.

ISS Managers: ISS employees with senior managerial responsibilities, including

EGM, Regional Management, Heads of Group functions @ ISS HQ, Leadership
teams of Group People & Culture, Group Finance, Group Commercial and Global
Operations, as well as Country Management.

ISS Group Policies: Policies and guidelines issued and updated by the ISS Group
from time to time, and located at governance.policies.group.issworld.com.

ISS Key Compliance Policies: The Corporate Governance Policy, the Code of
Conduct, the Anti-Corruption Policy, the Competition Law Policy, the Supplier Code
of Conduct, the Escalation Policy and the Speak Up Policy.

LCC: The Large Customer Contract Approval Policy and Procedures applicable to the
ISS Group.

Corporate Governance Policy 2016 | Version 2.0 December 2016 9

 Definitions applied in this Policy

Process Frameworks: The Sales Process Framework, the Solution Process

Framework, the Negotiation Process Framework (NPF), the Transition Process
Framework (TPF), The Operational Process Framework (OPF) or any one of them
individually referred to.

Subsidiaries: All ISS subsidiaries in a particular country or any one of those.

Subsidiary Board of Directors: The board of directors or equivalent governing

body/supervisory organ of the country’s subsidiaries excluding for the avoidance of
doubt the Country Board of Directors.

Top Holding Company: Ultimate holding company in each country.

1.4 Questions – Review of Policy

Any questions you may have with respect to this Policy or with respect to a particular
topic or transaction should be addressed to Group Legal (Tel: +45 38 17 00 00 or email:
legal@group.issworld.com). If you are in doubt, always ask or seek guidance before
proceeding.

The Policy will be reviewed by the EGM as and when required and at least once annually.

10 Corporate Governance Policy 2016 | Version 2.0 December 2016

2. ETHICAL AND RESPONSIBLE BUSINESS
CONDUCT – BASIC RULES

2.1 ISS Policy on Ethical and Responsible Business Conduct

Leadership and integrity start at the top. In ISS, we lead by example and the behaviour of us
as ISS Managers play an important role in guiding our 500,000 colleagues around the world
and in demonstrating our value-based culture to our customers and external stakeholders.
The basic rules for conducting our business in an ethical and responsible manner in line with
our values are outlined below. These rules are mandatory for all ISS Managers.

2.2 How we do things – Compliance with Law, ISS Values and Policies

2.2.1 Compliance with law, the ISS Values and Code of Conduct
ISS Managers must operate the business in accordance with the law and regulations of the
countries where we operate.

In a people intensive business like ISS the behaviours of our managers have a profound
impact on our employees, customers and stakeholders. ISS Managers must therefore follow
the ISS Values and adhere to the ISS Code of Conduct.

ISS Managers are expected to protect the good reputation of the ISS Group and refrain
from any behaviour or act that may bring the ISS Group, its country operations, customers
or themselves in disrepute. Acting in a manner compatible with the ISS Values and Code of
Conduct also applies when an ISS Manager is off duty.

2.2.2 Compliance with ISS Group Policies

The ISS Group Policies have been adopted to support the business of ISS and drive
alignment of processes and procedures throughout the Group.

It is the responsibility of each ISS Manager to comply with the ISS Group Polices and
guidelines, and Country Management shall ensure country compliance with ISS Group
Policies and guidelines.

A full overview of and access to applicable ISS Group Policies is available at

governance.policies.group.issworld.com. New ISS Group Policies and updates to existing
policies will be communicated to Regional and Country Management through appropriate
communication channels from time to time.

2.3 ISS Policy on Conflict of Interest

ISS Managers must avoid any situation that involves or may involve a conflict between their
personal interest and the interest of ISS. The mere possibility or appearance that a conflict of
interest could exist is often sufficient to raise suspicion or cause others to lose confidence and
proper caution should be exercised to avoid situations that can be perceived as conflicts of
interest. Where a conflict of interest may exist, ISS Managers have an obligation to disclose
such conflict and all relevant circumstances to their superior.

Corporate Governance Policy 2016 | Version 2.0 December 2016 11

 Country Management shall implement proper procedures to ensure transparency and ability
to identify and manage potential conflicts of interest at all management levels. This includes
a procedure whereby every ISS Manager each year declares that he or she does not have any
undisclosed conflict of interest.

2.4 How we do things - Conflict of Interest

2.4.1 Conflict of interest situations

It is impossible to describe every scenario that might give rise to a conflict of interest. The
situations and examples described below are not exhaustive, and if you are in doubt it is
important that you consult your local legal counsel or Group Legal before acting.

The following situations and examples are considered a conflict of interest that has to be
disclosed by the ISS Manager:

(i) Situations where a manager has a personal (financial) interest, direct or indirect, in
a transaction or arrangement entered into by an ISS company or in an entity doing
business with ISS.

Examples
• A manager having a direct or indirect financial interest in or a financial relation-
ship with a supplier or customer (investment below 2 % of the share capital or
bonds of a public traded company is not considered a conflict).

• A manager taking part in any ISS business decision that involves a company that
employs or is owned by the spouse/partner, child or other close relative, or friend.

• A manager making or promoting a corporate sponsorship contribution to a sports

club or a social event in which the manager and/or the spouse/partner, child or
other close relative, or friend has a personal interest.

(ii) Situations where a manager has a direct or indirect financial interest in a competing
business or business activities outside ISS.

Examples
• A manager having an interest in a business competing with ISS (investment below
2 % of the share capital or bonds of a public traded company is not considered a
conflict).

• A manager having a significant or time-consuming interest in any trade, business

or profession outside the ISS business e.g. membership of a supervisory board,
where such interest has not been disclosed and approved.

12 Corporate Governance Policy 2016 | Version 2.0 December 2016

 (iii) Situations where a manager intends to exploit a corporate opportunity that
rightfully belongs to ISS.

Examples
• A manager using non-public ISS information for his/her (including his/her relatives,
partner or friends) personal gain or advantage.

• A manager setting up a business based on technology or proprietary information

developed while employed by ISS.

(iv) Situations where a manager’s personal financial situation is mixed with the
company’s funds or assets.

Examples
• A manager obtaining, or taking part in a decision to obtain, loans or advances of
cash from an ISS company (except to cover reasonable business expenses).

• A manager using company equipment, property or other assets for private purposes
(without contractual entitlement or specific approval).

(v) Situations where personal relations between ISS employees may cause others to
lose confidence in their judgement or objectivity.

Examples
• A manager taking part in a decision by ISS to employ a close relative, partner or
friend.

• A manager having an intimate relationship with an ISS employee within the

manager’s direct or indirect reporting line.

• A manager acting an ISS executive management body while being married or

having an intimate personal relationship with another member of that executive
management body. It is the policy of ISS not to allow senior managers to be in the
same executive management body (e.g. Country Management) if they are married
to each other or otherwise have an intimate personal relationship with each other.

2.4.2 Required action in the event of a potential conflict of interest

The conflict of interest situations cover a broad range of situations from matters that can
be approved provided there is proper disclosure and transparency to matters which are
detrimental to the interest of ISS and not compatible with employment by ISS.

It is the obligation of each manager to disclose a potential conflict of interest to the

immediate superior and refrain from acting while having an undisclosed and not approved
conflict of interest.

Corporate Governance Policy 2016 | Version 2.0 December 2016 13

 A disclosed conflict of interest must be reviewed and approved in accordance with the
grandparent principle described under section 4, and any approval must be recorded in
writing.

2.5 Minimum requirements –

ISS Group Policies and Conflict of Interest

With respect to the ISS Group Policies and conflicts of interest, the following minimum
compliance requirements apply:

(i) The ISS Key Compliance Policies shall be distributed to and included by
reference in employment agreements of all ISS Managers.

(ii) All ISS Managers shall receive training in the ISS Code of Conduct at on-
boarding and shall be retrained every second year.

(iii) Employment agreements of ISS Managers shall include a prohibition against

acting with an undisclosed conflict of interest and a disclosure undertaking
in accordance with this Policy.

(iv) Regional CEO and CFO as well as Country Manager and CFO shall sign
Management Representation letters in connection with the half-year and
full year HFM reporting of the results to Group Controlling confirming
compliance with the ISS Group Policies referred to in the Management
Representation letters and absence of undisclosed conflict of interest.

(v) Country Management shall implement procedures to ensure transparency

and disclosure of conflict of interest at all management levels. As a
minimum, ISS Managers must once annually declare in writing that they
have no undisclosed conflict of interest.

(vi) Approval of disclosed conflicts of interest shall be recorded in writing at the

appropriate level (e.g. in BRM minutes with Country Management for an ISS
Manager, Regional Management for Country Management and Group CEO
for Country Managers).

2.6 Available tools

Tools are available at governance.policies.group.issworld.com.

• Code of Conduct e-learning training module
• Forms of Management Representation letter/declaration in HFM
• Form of Disclosure concerning Conflict of Interest

14 Corporate Governance Policy 2016 | Version 2.0 December 2016

3. MANAGEMENT OF SUBSIDIARIES

3.1 ISS Policy

The ISS Group conducts business worldwide and operates locally via country-based
subsidiaries with dedicated country management teams. The Subsidiaries are established
and managed as independent legal entities, but they also form part of the ISS Group.
Consequently, the ability of the ISS Group to exercise its voting, managerial and financial
rights as a shareholder must take precedence in the way the Subsidiaries are established
and managed.

The governance of the Subsidiaries shall ensure local accountability and compliance with
the law and ISS Group Policies. The principles set out in section 3.2 below apply within
each country and it is the responsibility of Country Management to actively ensure that all
Subsidiaries are in compliance with legal requirements and operate in accordance with the
ISS Group Policies.

3.2 How we do things

3.2.1 Composition of Boards

The overriding principle when composing the Country Board of Directors and Subsidiary
Board of Directors is to ensure that the ultimate shareholder of the ISS Group (ISS A/S),
directly or indirectly, at all times is able to exercise its control over the Board and thereby
the relevant Subsidiary. Any composition, structure or procedure impeding or posing an
obstacle to the exercise of such control must be avoided.

ISS considers a two-tier system of governing bodies to be the best management structure
for each company in the ISS Group. Where it is feasible under local law a two-tier system
of governing bodies shall be put in place with a board of directors (or similar body) having
supervisory and oversight responsibilities of a board of management (or similar body) with
responsibility for day-to-day matters.

The board of management, which shall be registered with the relevant local Companies
House/Business Authority, shall be composed of members of the Country Management, and
as a rule the Country Manager and the CFO shall be permanent members of the Subsidiary
Board of Directors.

Local laws and practices may prevent a two-tier system and require the use of a one-tier
system with one management body. In these situations, it can be decided to apply a different
management structure. Such deviation shall be approved by Regional Management in
consultation with Group Legal.

a. Country Board of Directors of Top Holding Company

As a rule, each ISS country’s Top Holding Company should have a Board of Directors
with a limited number of members (preferably three to four) composed as set out
in the example below:

Corporate Governance Policy 2016 | Version 2.0 December 2016 15

 ISS Holding Voldavia (Parent)

Board of Directors:
Regional CEO (chairman)
Regional CFO
Other regional or Group representative.

Management:
Country Manager and Country CFO

In certain countries there is a requirement to elect employee representatives to

the Board, and in such situations Regional and Country Management shall consult
with Group Legal and external legal counsel on the appropriate set-up.

As a rule, the Regional CEO or the Regional CFO should be appointed as chairman
of the Board of Directors of the Top Holding Company. Where feasible, the
Chairman shall have a casting vote in case of split vote in the Board.

Mandates are not remunerated. If remuneration is required e.g. due to external

board members, the ISS Manager appointed to the Board shall waive the entitlement
to any board fee, or, where this is not possible, accept that receipt of such fee will
result in a corresponding reduction of salary or other remuneration elements.

Deviation from the composition principles for the Board of Directors can be
necessary or desirable due to for example:

• Local nationality or residency requirements for directors

• Geopolitical circumstances
• Extraordinary risk exposure
• Legal requirements.

Deviation from the board composition principles shall be approved by Regional

Management in consultation with Group Legal. Such decision shall be recorded in
writing (e.g. BRM minutes or records of Group Legal) together with the rationale
for the decision.

b. Subsidiary Board of Directors and board of management

The rules and composition of Boards of Subsidiaries shall be kept as straightforward,
standardised and consistent as possible in order to streamline operations and
limit potential obstacles to the exercise of shareholder control. This means that
the Country Manager and the Country CFO as a rule should be members of the
Subsidiary Board of Directors to ensure consistency.

16 Corporate Governance Policy 2016 | Version 2.0 December 2016

 Member(s) of board of management, who has responsibility for the day-to-day
matters of the Subsidiary, shall be a member of Country Management (other than
Country Manager and Country CFO) or a senior manager with functional and
financial authority to best operate the Subsidiary.

If local laws and practices prevent a two-tier system and require the use of a
one-tier system with one management body, a different management structure
and composition can be applied for the relevant Subsidiary with the approval of
Regional Management.

Clear reporting lines and signature rules need to be put in place in accordance with
section 5 below.

Mandates are not remunerated.

Illustrative example:

ISS Holding Voldavia (Parent)

Board of Directors:
Regional CEO
Regional CFO
Other regional or Group representative.

Management:
Country Manager and Country CFO

Voldavia Subsidiary 1 Voldavia Subsidiary 2

Board of Directors: Board of Directors:

Regional CEO (chairman) Regional CEO
Regional CFO Regional CFO
Other regional or Group representative. Other regional or Group representative.

Management: Management:
Country Manager and Country CFO Country Manager and Country CFO

Corporate Governance Policy 2016 | Version 2.0 December 2016 17

 c. Directors and Officers Liability Insurance (D&O Insurance)
As part of its global insurance program the ISS Group subscribes for a D&O
insurance policy covering directors and officers of supervisory boards and
management boards of ISS Subsidiaries. The core purpose of the D&O policy is to
provide financial protection for the directors and officers against the consequences
of actual or alleged “wrongful acts” when acting in the scope of their managerial
duties. The D&O policy will pay for defence costs and financial losses. It is important
to note that the D&O policy has a number of exclusions and it does not cover
fraudulent, criminal or intentional non-compliant acts. The D&O will also not cover
cases where directors obtained illegal remuneration, or acted for personal profit.

To safeguard cover under the D&O policy any claims under the D&O Policy must be report-
ed to Group Risk as soon as possible and legal action may only be taken in consultation
with Group Risk. For more guidance on the D&O Policy consult with Group Risk and the ISS
Group Insurance Manual, see section 7.3 below.

3.2.2 Country Management responsibility for governance of Subsidiaries

It is the responsibility of Country Management to:

(i) Ensure the proper governance of the Subsidiaries by putting in place an appropriate
system of decision-making bodies (executive body, business review meetings per
business line etc.) and ensure that regular meetings are held.

(ii) Facilitate the information flow towards the parent company and the ISS Group.

(iii) Ensure that appropriate documentation is drawn up and kept of all management
and board meetings and their decisions.

(iv) Ensure (through consultation and instructions to in-house or external counsel)

that articles of association and other documents are standardised, up-to-date and
comply at all times with local law.

3.2.3 Management of other Countries

From time to time a Country Manager can be assigned additional managerial responsibility for
another ISS country on a permanent or interim basis. In that case the Country Manager shall
be regarded as Country Manager for the additional country and assume the responsibilities
and obligations entailed.

3.2.4 Legal structure reporting, Disclosure & Litigation reporting and review of key country
risks and controls
Legal structure reporting is an important part of the HFM reporting requirements as it
ensures transparency and enables ISS to fulfil its reporting requirements towards various
third parties. The reporting via the HFM reporting format shall therefore be kept up-to-
date at all times, which includes among other things legal entities, names of legal entities,

18 Corporate Governance Policy 2016 | Version 2.0 December 2016

corporate addresses, VAT and tax numbers and names of board members. Certain reporting
categories have gatekeeper functions and require assistance from ISS Group to update. It is
the responsibility of Country Management to ensure that the HFM reporting is continuously
updated.

Country Management is responsible for ensuring that material claims and disputes are dis-
closed and reported quarterly in the HFM system in accordance with the Disclosure and
Litigation Reporting guidelines.

Bi-annually Country Management shall review the key country risks and related controls and
report the outcome to Group Risk Management in accordance with the Group Risk Policy.

3.2.5 Merging, dissolving, establishing and changing capital structure of legal entities –
Project Recommendation Paper and CCPC approval process
Change of the legal structure including capital structure in a country is not allowed unless
such change has been approved in accordance with the Project Recommendation procedure,
see subsection 7.2-7.3 below. Country Management is responsible for preparing the relevant
documentation and submitting this to the Regional CFO for approval in accordance the
Project Recommendation procedure.

Corporate Client Partnership Countries (CCPC) are defined as countries where there is no
established ISS country management team and where the operations of ISS are limited
to servicing one or more Corporate Clients/Global Operations contracts, typically via a
managed local subcontractor. To ensure that legal formalities are observed and that ISS
appropriately assesses commercial, legal and operational risks in establishing business in
such countries an approval process must be followed, whereby the EGM signs off before a
CCPC can be approved.

3.2.6 Business review meetings

The business review meeting (BRM) is the primary line management forum for the ISS Group,
ISS Regions and ISS Countries. These meetings can be held as physical meetings, video and/
or telephone conference, as required.

a. Regional level
BRMs between Regional Management and Country Management are generally to
be held on a monthly basis (holiday periods excluded), and conducted according
to the standard agenda and minute template.

It is the responsibility of Country Management to ensure that minutes reflecting

decisions made and information required to be given pursuant to the Policy are
prepared and approved by Regional Management within 14 days of each meeting.

b. Country level
Country Management shall ensure that business review meetings are conducted

Corporate Governance Policy 2016 | Version 2.0 December 2016 19

 on a monthly basis in all business lines in the country following a standard agenda
and minute template.

3.2.7 Books and records – control requirements

Country Management shall ensure that book-keeping and financial reporting are made
properly and controlled to protect the accuracy and reliability of the data entered in the
books and records and reported to the ISS Group and public authorities.

No transaction shall be entered in a deceptive manner and no false or misleading

documentation or book entry shall be made for any transaction. All transactions and all assets
and liabilities must be disclosed and recorded in the appropriate books and accounted for
properly, in line with legal requirements and the Group Accounting Manual and accounting
policies.

Country Management shall ensure that the following control requirements are in place and
complied with in the relevant country:

(i) A separate, daily cash balance reporting (SWIFT MT940) from approved external
banks.

(ii) Local engagement of the Group auditor to ensure integrity of the local statutory
accounts and review of the reconciliation to HFM; these audits shall include
information on local finance arrangements (overdrafts, guarantees, factoring,
leasing etc.).

(iii) Filing with Group Finance of statutory accounts for consolidated local financial
statements or significant entities no later than six months following the end of the
financial year.

In addition Country Management shall comply with any additional requirements prescribed
in the ISS Group Accounting Manual and ISS Local Management Guide to Treasury as well
as local laws and regulations.

3.3 Minimum requirements - Management of Subsidiaries

With respect to the composition of boards, legal reporting, business review meetings and
control requirements, the following minimum compliance requirements apply:

20 Corporate Governance Policy 2016 | Version 2.0 December 2016

 (i) Subject to local law, establish and maintain for the Top Holding Company, a
Country Board of Directors with Regional Management and Group representa-
tives.

(ii) In the other Subsidiaries, the Country Manager and the Country CFO shall as a
rule be members of the Subsidiary Board of Directors.

(iii) Legal structure reporting to be kept updated in the required reporting format
of HFM, and reported every quarter.

(iv) Quarterly reporting in HFM of material claims and disputes (“Litigation

Reporting”).

(v) Monthly BRM meetings (holiday periods excluded) between Regional

Management and Country Management, and between Country Management
and local business units.

(vi) Use of standard BRM agenda and written minutes for BRMs with Regional
Management and Country Management.

(vii) Annual reports audited by the Group auditor.

(viii) Annual reports filed with appropriate authorities at due date and no later than
six months after the end of the relevant financial year with Group Controlling.

(ix) Bi-annual review and update of key country risks and related controls as per the
Group Risk Policy.

3.4 Available tools

Tools are available on governance.policies.group.issworld.com.

• Template BRM agenda and minutes
• Legal Structure reporting – included in HFM
• Disclosure and Litigation Reporting guidelines
• Project Recommendation Paper template for legal and capital structure changes
• Approval procedure for Corporate Clients Partnership Country (CCPC)
• Country Risk Model

Corporate Governance Policy 2016 | Version 2.0 December 2016 21

 4. REMUNERATION GOVERNANCE,
EMPLOYMENT TERMS, ETC.

4.1 ISS Policy

The employment and service agreements for ISS Managers are not only important contracts
for the individual managers but also for the ISS Group. In recognition of their importance
and to ensure transparency and alignment of terms and conditions such agreements and
changes thereto have to be approved according to the “grandparent principle” as further
described below.

Furthermore, for certain managerial levels the templates and guidelines (set out below in
sub-section 4.2) on the content of employment agreements shall be followed.

4.2 How we do things

4.2.1 Grandparent principle

The grandparent principle means that employment terms of ISS Managers, including bonus
and salary terms, any changes to the terms or decisions to enforce or waive any terms, must
be approved by the manager’s manager.

The following examples illustrate how the principle is applied:

Examples
• Service or employment agreements and any changes thereof for managers
reporting to a Country Manager’s direct report must be approved by the Country
Manager.

• Service or employment agreements and any changes thereof for managers reporting
directly to a Country Manager must be approved by Regional Management.

• Service or employment agreements of Country Managers and changes thereof

must be approved by the Group CEO, and the same applies to employment
agreements and changes thereof of members of the Regional Management.

Note that in addition to an approval under the grandparent principle, approval of the hiring
or the dismissal of a head of a function (country or regional) within global functions such
as People & Culture, Global Operations, Commercial, Finance and Legal require approval of
the Head of the Global function, as applicable. As example, the employment or dismissal
of a People & Culture Officer in a country requires the approval of the Regional People &
Culture Officer.

4.2.2 Governance on Remuneration and Appointment of ISS Managers

At ISS, remuneration policies, procedures and practices are structured to ensure that we
have competitive, fair and affordable remuneration at all levels throughout the organisation.
The nomination and appointment policies, procedures and practices are structured to
ensure that we nominate and appoint the best qualified person for the position based on

22 Corporate Governance Policy 2016 | Version 2.0 December 2016

a thorough review and assessment process, and that we cultivate talent development and
succession planning.

The remuneration and nomination governance structures are set up to ensure adherence
to common standards and practices, empowerment at the right level of the organisation,
speed of decisionmaking, transparency and fairness.

The Board of Directors of ISS A/S has established a Remuneration Committee and a
Nomination Committee. The Remuneration Committee reviews and recommends the
remuneration of the EGM and above-country roles and the overall guidelines for senior
executive incentives and general remuneration policies. The Nomination Committee reviews
and recommends candidates for the Board of Directors of ISS A/S and the EGM as well as
succession plans.

To support this structure the EGM has established a remuneration committee (the EGM
Remuneration Committee), which comprises the Group CEO, Group CFO and Chief People
& Culture Officer (CPCO). The EGM Remuneration Committee reviews and determines the
remuneration for direct reports to EGM members and above-country roles and also reviews
and approves nomination and appointment of direct reports to EGM members and above-
country roles.

Regions and countries are required to set up regional/local remuneration committees that
mirror and cascade the principles of the Board and EGM Remuneration and Nomination
Committees.

4.2.3 Terms of employment or service agreements of Country Managers and Country CFOs
Employment terms and/or nominations of the Country Manager and the Country CFO must
follow the guidelines from Group People & Culture and the agreements must be based on
the templates developed or approved by Group People & Culture, subject to relevant adjust-
ments under local law or market practice.

Particular attention needs to be given to the appropriateness of (i) bonus agreements, (ii)
pension arrangements, (iii) termination provisions, including length of termination notice
and/or severance payments and (iv) non-compete obligations and other restrictive covenants.

Group People & Culture must be consulted on the employment terms to verify cost implications
and to ensure consistency with Group guidelines and best practice implementation. The
final terms of employment and any amendment, adjustment or waiver of employment
terms (including for the avoidance of doubt waiver in full or in part of restrictive covenants)
shall be approved according to the grandparent principle.

Corporate Governance Policy 2016 | Version 2.0 December 2016 23

 a. Language of contract
The employment or service agreements must be drafted in English. In countries where
it is a requirement by law that an employment or service agreement is drafted in local
language, such agreements shall include an accurate English translation.

b. Bonus and pension plan(s)

Individual bonus agreements or any amendments to such as well as the actual
payment of bonuses shall be approved according to the grandparent principle. For
Regional Management and Country Management, the guidelines of the Group Bonus
Plan must be followed.

No manager can authorise a change of their own bonus agreement including any
advance payments before a written approval has been obtained in accordance with
the grandparent principle.

The Group Long-term Incentive Plan (LTIP or similar) is governed by terms and conditions
approved by the Board of Directors of ISS A/S pursuant to the Remuneration Policy
of ISS A/S. Participation in such plan(s) is subject to the discretionary approval by the
Board of Directors, and no promise to participate in such plan(s) can be made without
prior written authorisation by Group People & Culture.

Individual pension contributions and pension arrangements for members of Country

Management must be approved by Regional Management. Details of such pension
contributions by ISS must be provided to Group People & Culture in connection with
the annual reporting of compensation & benefits (please refer to item e. below).

Establishment of any pension, profit sharing, bonus or incentive scheme generally

applicable to country employees or groups hereof (or the amendment of an approved
scheme) that is in addition to or goes beyond what is required by local legislation
or applicable collective bargaining agreements has to be approved by Regional
Management in consultation with Group People & Culture.

c. Non-compete restrictions and other restrictive covenants

Members of Country Management must assume non-compete restrictions and other
restrictions deemed normal and reasonable under local law such as customer and
employee protection covenants. The scope and costs of such restrictions shall be
evaluated on a case-by-case basis.

d. Business expenses and reimbursement

No manager of ISS shall be entitled to authorise the reimbursement of his/her business
expenses for travel, accommodation and gifts/entertainment without the approval of
a superior manager.

24 Corporate Governance Policy 2016 | Version 2.0 December 2016

 Reasonable and appropriate expenses for travel, accommodation and gifts/
entertainment incurred by the Country Manager for a business purpose will be
reimbursed by the company subject to receipt of appropriate documentation. An
overview of the business expenses incurred by the Country Manager shall be submitted
for review by the Regional CEO at regular intervals and no less frequent than on a bi-
monthly basis.

On an ongoing basis the Country Manager shall review and approve business expenses
for his/her direct reports at a similar frequency.

e. Mandatory reporting and information requirements

An accurate, updated and complete copy of the employment or service agreements
of all Country Managers and Country CFOs, including any bonus agreement,
supplements or amendments must be sent to Group People & Culture.

In addition, the Country Manager shall provide Group People & Culture once every
calendar year with an accurate and updated overview of the employment terms
and full compensation and severance package of other members of the Country
Management.

4.2.4 Terms of employment or service contracts of other members of Country Management

It is the responsibility of the Country Manager to ensure that nominations and employment
terms (including bonus agreements, notice of termination and severance clauses and
restrictive covenants) of other members of Country Management are aligned with the
principles described above under subsection 4.2.3 above and template developed by Group
People & Culture.

Terms of employment or decision to dismiss a member of Country Management including

any amendment or waiver of employment terms (including for the avoidance of doubt waiver
in full or in part of restrictive covenants) shall be approved according to the grandparent
principle.

In line with the matrix structure decisions to employ and dismiss members of Country
Management shall be aligned with Regional Management and the relevant Head of Group
Functions.

4.2.5 Terms of employment or service contracts for other senior managers in the country
It is the responsibility of Country Management to ensure that the employment terms of
other levels of management contain appropriate provisions relevant to the specific function
and level at the relevant ISS Company and that the full employment package (including any
bonus plan and termination costs by contract, law and collective bargaining) is approved in
line with the grandparent principle.

Corporate Governance Policy 2016 | Version 2.0 December 2016 25

 In line with the matrix structure decisions to employ and dismiss senior managers, who are
not members of Country Management, shall be aligned with Regional Management and
the relevant Head of Group Functions.

4.2.6 Confidentiality obligation

All managers of ISS shall undertake not to disclose or make accessible to any third party any
confidential information with respect to the ISS Group during or after his or her employment
with ISS. The confidentiality obligation shall apply to non-public information about ISS’
operations, strategy, finances, customers, suppliers, trade secrets, processes and plans.

Certain managers are furthermore subject to the ISS rules on insider information and trading
in ISS financial instruments (ISS’s Internal Rules) and shall comply with these at all times.
Insiders will be included on an insider list and as such required to comply with the Internal
Rules of ISS A/S as communicated from time to time by Group Legal as well as relevant laws
applicable to trading in ISS financial instruments.

No manager of ISS shall, during or after their employment or service with the ISS Group, use
for his or her own benefit or for the benefit of any person or entity other than the ISS Group
itself, any confidential or proprietary information developed or received during employment
or service with ISS.

4.2.7 Succession planning

It is an important and sound governance principle to make succession plans to safeguard
against business interruption in case of emergency replacements and to ensure smooth
transitions in connection with management changes. Country Management shall develop
appropriate succession plans that appoint successors for all ISS Managers both in the
event of an emergency and in the ordinary course of business. The succession plan shall be
discussed and assessed on a regular basis with Regional Management. Succession planning
for Country Management and Country Senior Managers shall follow the guidelines of Group
People & Culture and be reported in Performance Page or such other tools communicated
by Group People & Culture.

26 Corporate Governance Policy 2016 | Version 2.0 December 2016

4.3 Minimum requirements - Employment terms of managers, etc.

With respect to employment terms and service agreements for ISS Managers, the following
minimum compliance requirements apply:

(i) Implementation of grandparent approval procedures for employment terms

of ISS Managers including bonus/salary letters and amendments and waivers
thereto.

(ii) Group People & Culture templates in English used for Country Manager and
direct reports’ employment or service agreements.

(iii) An updated copy of the Country Manager’s and the Country CFO’s employment
or services agreements (including all addenda and appendices) must be filed
with Group People & Culture whenever an update or change is made.

(iv) An overview of the business expenses of the Country Manager submitted

for reimbursement shall be submitted for review by Regional CEO at regular
intervals and no less frequent than bi-monthly. At similar frequency Country
Manager shall review and approve business expenses of direct reports.

(v) Updated overview of employment terms of Country Management to be sent

to Group People & Culture once a year, using the Group People & Culture tem-
plate.

(vi) All employment agreements for ISS Managers shall include provisions on (i)
compliance with ISS Code of Conduct and ISS Key Compliance Policies, (ii)
conflict of interest, (iii) confidentiality obligations applicable during and after
employment as well as (iv) appropriate and enforceable restrictive (non-
compete, non-solicitation and/or non-interference, as applicable) covenants.

(vii) Succession plan implemented for all ISS managers and succession planning for
Country Management and Country Senior Managers reported in Performance
Page or such other tool designated by Group People & Culture.

(viii) Regions and countries are required to set up regional/country remuneration

committees that cascade the principles of the Board and EGM Remuneration
and Nomination Committees.

Corporate Governance Policy 2016 | Version 2.0 December 2016 27

 4.4 Available tools

Tools are available upon request to Group People & Culture.

• Remuneration and appointment governance structure
• ISS template employment agreements for Country Managers and Country CFOs
(and other members of the Country Management team)
• Senior Management Employment Overview (excel sheet)
• Standard terms and conditions of Group Bonus Plan
• Performance Page
• Template for overview of business expenses of the Country Manager for review by
the Regional CEO

28 Corporate Governance Policy 2016 | Version 2.0 December 2016

5. SIGNATURE RULES; GENERAL APPROVAL
PROCEDURES

5.1 ISS Policy

Efficient and appropriate signature rules and approval procedures covering transactions at
Group, Regional and Country level mitigate risks and safeguard the interests of ISS and its
managers. Signature rules and approval procedures are key drivers of accountability and
provide an efficient risk management tool.

Country Management is delegated the authority to make decisions and transactions in

the ordinary course of business and while doing so Country Management must observe
restrictions under (i) governing law, (ii) Constitutional corporate documents and resolutions,
(iii) ISS Policies including specific mandatory HQ approval procedures and guidelines (see
Section 7 below) (iv terms of employment, (v) approval thresholds agreed with Regional
Management (see subsection 5.2.2-5.2.3), and (vi) specific written instructions from EGM
or Regional Management.

5.2 How we do things

5.2.1 Double signature rule – “four eyes principle”

Although Country Management or other senior officers by law or by virtue of the position
may be authorised vis-à-vis third parties to sign a contract, assume certain liabilities or incur
a certain cost, it is the policy of ISS Group to generally require two signatures. The aim of
this policy is to safeguard the interests of ISS and the manager by ensuring that more than
one person has reviewed and verified the transaction. When designing an approval matrix,
Country Management needs to ensure that the second signature is a meaningful signature
in the sense that it adds the necessary checks and balances to the transaction or decision
made.

Country Management must therefore ensure that all material agreements and commitments
entered into on behalf of Subsidiaries are signed by two members of Country Management.
Further, Country Management must ensure that the double signature rule is applied in
a sensible way to all levels of activity in each Subsidiary with appropriate authority levels
embedded in the internal approval matrix. A risk-based approach may be applied in the
implementation.

Approval matrices will only add value if they are supported by a solid review and approval
process. Review and approval should always be carried out before execution of the contract
or transaction.

5.2.2 Country Delegation and Approval matrix

Country Management shall implement a delegation and approval matrix setting out
signature rules and transaction authority with financial and other materiality thresholds
appropriate for the size of their operations. It is recommended to use a matrix with three to
five local approval levels not counting Regional Management or ISS HQ.

Corporate Governance Policy 2016 | Version 2.0 December 2016 29

 The delegation and approval matrix shall as a minimum include thresholds (i) for decisions
or transactions related to expenditure, procurement contracts including subcontractors,
investments, treasury & finance, litigation, insurance, (ii) for specific contracts such as lease
agreements, sponsoring, agreements with consultants or agents and (iii) with respect to
customer contracts: revenue and contract contribution thresholds, as well as the legal and
commercial risks described in the NPF.

A copy of the country delegation and approval matrix shall be filed with Group Internal
Audit. The delegation and approval matrix shall be reviewed once every calendar year.

5.2.3 Regional Management approval – approval thresholds

Country Management shall prepare and agree with Regional Management a list of applicable
thresholds for material contracts and transactions that are subject to approval from Regional
Management and a reporting format for such contracts and transactions. This shall include
as a minimum contracts over a specific size or with an extraordinary risk profile, consultancy
agreements, sponsorship agreements, investments and lease agreements and material cor-
porate transactions. Approvals shall be reflected in BRM minutes or in minutes of commer-
cial sign off procedures. Matters of urgency can be approved ad hoc in writing by Regional
Management.

The approval thresholds agreed with Regional Management can be included in the country
approval matrix described in subsection 5.2.2 above.

A copy of the delegation and approval matrix agreed with Regional Management shall be
filed with Group Internal Audit.

The delegation and approval matrix shall be reviewed once every calendar year.

5.2.4 Specific approval procedures – expenditures outside budget, customer contracts

and mandatory ISS Group HQ approvals
All Subsidiaries and country operations are bound by the annual operating budgets agreed
with Regional Management. In order to obtain approval of expenditures outside the
approved budget, a business case must be presented for approval by Regional Management.
Note that specific review and approval procedures are specified in section 6 (Customer
Contract Approval procedures) and section 7 (Mandatory ISS HQ Approval).

30 Corporate Governance Policy 2016 | Version 2.0 December 2016

5.3 Minimum requirements - Signature rules; general approval procedures

With respect to approval matrices, double signature and approval procedures, the following
minimum compliance requirements apply:

(i) A country delegation and approval matrix shall be in place covering all country
operations and reflecting the double signatory rule. Such delegation and approval
matrix shall include, as a minimum, thresholds for decisions or transactions
relating to (i) expenditure, procurement contracts including subcontractors,
investments, treasury & finance, litigation, insurance, (ii) specific contracts
such as lease agreements, sponsoring, agreements with consultants or agents
and (iii) with respect to customer contracts: revenue and contract contribution
thresholds, as well as key legal and commercial risks, see section 6 below.

(ii) A regional delegation and approval matrix shall be in place covering all applica-
ble thresholds for certain significant contracts or transactions that require ap-
proval from Regional Management. The regional approval thresholds can be
included in the overall country approval matrix if deemed preferable.

(iii) Copies of the delegation and approval matrix/matrices and the established
approval thresholds shall be filed with Group Internal Audit.

(iv) The delegation and approval matrix/matrices shall be reviewed once every
calendar year by Country Management and Regional Management.

5.4 Available tools

Tools are available on governance.policies.group.issworld.com.

• Standard country approval matrix
• Template for Regional Management approval matrix

Corporate Governance Policy 2016 | Version 2.0 December 2016 31

 6. CUSTOMER CONTRACT APPROVAL
PROCEDURES

6.1 Policy

Building a proper governance structure around the way ISS enters into contracts with its
customers does not only depend on having the right signatory rules and delegation &
approval matrix in place (see section 5 above). It also depends on how good we are at
assessing the risks contained in these contracts. It is important to note that a customer
contract approval process is not a matter of avoiding risk, but rather about identifying and
understanding the risks that we face in order for us to take appropriate mitigating actions
and provide decision makers with the relevant information to make informed decisions.
Ultimately, our goal is to support our customers in fulfilling their purpose and we do that
neither by blindly accepting risk nor by rejecting risk by default.

Country Management is responsible for putting in place an appropriate decision and

approval matrix with respect to all types and sizes of customer contracts as well as their
risk profiles taking into account ISS Policies. It is recommended that Country Management
applies customer size, customer segments and delivery models as categories around which
the approval process is structured.

Specific approval and risk assessment tools and processes (CRAM@ISS and NPF Training
Programme and training materials) based on the main identified risks in ISS customer
contracts have been developed by ISS Group and made available for use in the countries.
For certain types of customer contracts (see below), the use of CRAM@ISS is mandatory.

6.2 How we do things

6.2.1 Standard contracts

All country operations shall maintain up-to-date standard customer contracts. It is
recommended that Country Management ensures that standard customer contracts are
available based on customer segments (Key Account, Specialised Services and Direct/small
customers). Standard contracts shall provide appropriate protection to ISS for all main
identified risks in customer contracts such as limitation of contractual liability, termination,
inflation, changes of law, variation of services, payment terms etc.

6.2.2 Customised customer contracts

Customised customer contracts are often the norm as larger and more sophisticated
customers tend to bring their own contract template. Such contracts need to be reviewed
and approved in accordance with the relevant country’s signatory policies and approval
matrices at the time of execution of these contracts as well as for every amendment,
renewal or extension.

Country Management shall ensure that a review and approval process with appropriate risk
assessment and bid committee sign-off procedure is established.

32 Corporate Governance Policy 2016 | Version 2.0 December 2016

Countries with annual revenue above DKK 1 billion must use CRAM@ISS for risk assessment
of (i) customer contracts to be approved by Regional Management and (ii) other customer
contracts that qualify for review based on threshold(s) agreed with Regional Management.

6.2.3 Large customer contracts

To ensure that an aligned process for reviewing and assessing risks on large customer
contracts is in place and that the right approvals are obtained prior to these often complex
contracts being entered into a special group-wide and mandatory risk assessment and
approval process has been developed, the ISS Large Customer Contract Approval Policy and
Procedures (LCC approval process).

The LCC approval process applies to the following customer contracts:

(i) Country specific or Cross-border contracts with an annual contract value above
DKK 75 million (€ 10 million) or with a value above DKK 300 million (€ 40 million)
over the term of the contract.

(ii) Contracts above DKK 40 million (€ 5 million) in annual revenue with no liability cap
and all Aviation contracts2 with no liability cap.

(iii) Private Finance Initiative (PFI)/Public Private Partnership (PPP) contracts (irrespective
of size).

(iv) Corporate Clients/Global Operations contracts.

For details on the use of the mandatory LCC including the use of CRAM@ISS please refer to
the link set out below under 6.4 Tools Available.

Note that the LCC, when applicable, takes precedence over any approval thresholds/matrices
applicable within the individual regions and countries. Regional Management may agree
with their respective countries that additional customer contracts (for example Regional and
Cross-border contracts – see subsection 6.2.6 below) below the minimum thresholds shall
also be subject to the LCC.

Also note that the LCC requires additional review and sign-off processes to be observed in
respect of (i) EGM approval for contracts above DKK 250 million (€ 33.5 million) in annual
revenue or DKK 1 billion (€ 134 million) over the term of the contract, and (ii) approval by
the Transaction Committee of the ISS A/S Board of Directors for contracts with an
annual revenue above DKK 750 million (€ 100 million).

6.2.4 Regional and cross-border contracts (not subject to the LCC)

Regional or Cross-border contracts can be challenging to manage and before engaging in
bids for regional or cross-border contracts it is important to consider and agree appropriate
process principles with clearly defined responsibilities and negotiation mandate. No
2) The Aviation contracts covered by the LCC Approval process are primarily contracts within airside services. Further guidance on airside
activities can be obtained from Group Risk.

Corporate Governance Policy 2016 | Version 2.0 December 2016 33

 commitment should be made to the customer without a mandate from the involved
countries. It is the responsibility of Country Management in each inscope country to prepare
a joint bid and process plan for approval by Regional Management in each in-scope region.

It is recommended that the joint plan includes the following:

(i) Lead country or lead region (typically the country or region where the main share
of the revenue and/or profit lies).

(ii) Bid/no bid process including Regional Management approval from all inscope
regions and decision on allocation of necessary resources and cost.

(iii) Legal review of contractual documentation including use of CRAM@ISS.

(iv) Negotiation mandate including mandate to agree price, rebates, penalties, savings
and risks identified via CRAM@ISS on behalf of each of the involved countries/
regions.

(v) Process and responsibilities for follow-up on transition and implementation.

Note that larger regional and cross-border contracts (see 6.2.3 above) may be subject to the
LCC, which takes precedence.

6.2.5 Document Retention and Contract Change Management

Country Management shall ensure that a document retention policy is implemented with
respect to customer contracts. The document retention policy shall describe and put in
place procedures and supporting tools which ensure that soft copies of all signed customer
contracts together with relevant material (approvals/mandates, pricing model, financial
business case, due diligence, risk assessments, emails, presentations given during sales
process, RFP/tender packages etc.) are readily available and stored (centrally) in a way that
enables search-facilities.

The document retention policy shall ensure compliance with local law in respect of
the duration of document storage (minimum three years after contract termination is
recommended) and appropriate access rights in view of confidentiality and protection of
customer information and personal data.

As customer contracts develop and change over the term of the contract (as a result of
agreed variations, extended or reduced scope etc.) it is important to ensure that changes
are approved in accordance with the approval authority for such changes and properly
documented in writing. Country Management shall implement a contract change
management policy and procedure to ensure that changes are approved at the right level
and properly documented in writing.

34 Corporate Governance Policy 2016 | Version 2.0 December 2016

6.3 Minimum requirements – Standard contracts, customised contracts, large
customer contracts, document retention, etc.

The following minimum compliance requirements apply:

(i) Standard contracts approved by Country Management are in place for the
various customer segments (Key Account, Specialised Services and Direct
(route-based customers) as agreed with Regional Management.

(ii) Standard contracts include the fundamental legal and commercial risks as
described in the NPF in a manner appropriate in the country and based on the
legal preferred position and confirmed by internal and/or external legal counsel.
It is recommended that positions are reviewed and updated every two years.

(iii) Standard contracts are easily accessible to relevant employees (e.g. on intranet)
and communication to and training of relevant employees regarding standard
contracts and legal positions, including new versions and updates, are made as
and when appropriate.

(iv) Deviations to standard contracts resulting from contract negotiations to be

approved in accordance with country signature policies and approval matrices.

(v) Country Management shall ensure that a review and approval process with
appropriate risk assessment and bid committee sign-off procedure is estab-
lished.

(vi) Countries with annual revenue above DKK 1 billion must use CRAM@ISS for
contract review and risk assessment.

(vii) As a minimum, all customer contracts with an annual revenue higher than DKK
75 million (€ 10 million) must follow the LCC approval process including the use
of CRAM@ISS.

(viii) Contracts above DKK 40 million (€ 5 million) in annual revenue with no liability
cap and all Aviation contracts with no liability cap must be reported to Group
Risk, reviewed using CRAM@ISS and approved by Regional Management and
Group Risk.

(ix) Document retention policy and procedures are adopted and implemented.

(x) Contract change management policy and procedures are adopted and
implemented.

Corporate Governance Policy 2016 | Version 2.0 December 2016 35

 6.4 Available tools

Tools are available at governance.policies.group.issworld.com.

• CRAM@ISS
• Large Customer Contracts Approval Policy and Procedures including templates
and documents
• Negotiation Process Framework (NPF) Training material

36 Corporate Governance Policy 2016 | Version 2.0 December 2016

7. MANDATORY ISS HQ APPROVAL AND
REPORTING REQUIREMENTS

7.1 ISS Policy

Certain transactions or contracts contain significant risks or may have an impact on the
obligations or financial position of the ISS Group as a whole. For those matters, specific
guidelines and approval requirements apply as set out below.

To the extent that these matters require board or shareholder approval under local law,
Country Management shall ensure that appropriate documentation is prepared, executed
and kept at a central location. All documents regarding transactions involving shares held
by ISS Global A/S or another Danish parent company (e.g. share transfer agreements, copies
of shareholders’ registers, etc.) are to be filed with Group Legal.

7.2 How we do things

The following events and transactions require that specific polices and guidelines must be
followed and/or specific approvals must be obtained from ISS HQ:

Group Accounting Manual and Policy • Group Finance approval for all changes in
application of Group accounting policies
or change of auditors.

Treasury and finance transactions • Local Management Guide to Treasury

(guidelines to Treasury operations
including Senior Facilities and other
treasury transactions).

• Parent Guarantees approval process

pursuant to ISS Guarantee Policy.

• Approval process via the specific Finance

Risk Assessment Module (FRAM) tool
with sign-off by Regional CFO, Group
Legal and Group Treasury for establishing
new or changing existing local finance
arrangements (overdraft, guarantees,
factoring, leasing, vendor financing etc.).

M&A and divestment transactions • Regardless of the value of the transaction

the ISS M&A Manual, or, as applicable,
the ISS Divestment Manual must be
followed.

Corporate Governance Policy 2016 | Version 2.0 December 2016 37

 Corporate transactions (restructurings,
mergers, capital increases/decreases, debt
conversion, intercompany transfer of
shares, intercompany divestment of assets,
agreements with minority shareholders,
joint ventures, appointment or removal of
any directors or auditors in the top holding
company of a country etc.)
Corporate Clients Partnership Countries
Real-estate transactions (including sale
and lease back) and material new leases
including change of country head office
Consultancy/agency agreements and
sponsorship agreements
Claims and disputes - litigation reporting
38 Corporate Governance Policy 2016 | Version 2.0 December 2016
• Recommendation Paper Process for
formal sign-off by Group Functions and
Regional Management.
• Local corporate formalities and approval
by shareholders (ISS Group).
• Filing of share transfer agreements and
documents evidencing share instruments
held by ISS Global A/S or other Group
parent company with Group Legal.
• Update of applicable legal structure
in HFM following country legal
restructuring.
• Process framework for the set-up of
CCPC to be followed including approval
from EGM.
• Specific approval procedure for change
of head office and other significant
real-estate transactions including sale or
purchase of real estate.
• Reporting requirements to Group
Legal for consultancy/agency agreements
in connection with public tenders and
permits in line with ISS Anti-Corruption
Policy.
• Reporting requirements for sponsorship
agreements in line with ISS Sponsorship
Guidelines.
• Quarterly reporting via HFM of all claims
and disputes (i) with a value above
DKK 2 million per claim, (ii) with a
significant impact on the ISS business in a
jurisdiction, regardless of monetary value
or (iii) related to non-compliance with
business integrity matters such as anti-
trust rules, bribery or fraud, regardless of
their monetary value.
Insurance claims – reporting in accordance • Insurance claims above mDKK 0.5 to
with Insurance Manual be reported to Group Risk using Large
Claims memo as well as all claims under
the Crime; Employment Practices Liability
and D&O insurance policies.

HSEQ Policy • Reporting via HSE@ISS-IT system (KMI);

fatalities and serious accidents as per the
Group HSE and CR Reporting Manual
and ISS Escalation Policy.

Escalation Policy • Serious incidents must be reported to

Regional Management and/or Group
Emergency Response Officer within 24
hours.

Large Customer Contracts Approval Policy • Specific approval process for certain
and Procedures customer contracts exceeding the
thresholds set out in the Policy (see
section 6.2.3 above).

Corporate Governance Policy 2016 | Version 2.0 December 2016 39

 7.3 Available policies, guidelines and tools

Tools are available at governance.policies.group.issworld.com.

• ISS Group Accounting Manual
• ISS Local Management Guide to Treasury
• FRAM for financing approvals
• ISS Guarantee Policy
• ISS M&A and Divestment Manuals
• ISS Disclosure and Litigation Reporting guidelines
• ISS Project Recommendation template for all projects impacting legal or capital
structure of an ISS company
• Process framework for the set-up of Corporate Clients Partnership Countries
• ISS Approval guidelines for establishment or change of local head office or other
significant real-estate transaction
• ISS Anti-Corruption Policy
• ISS Sponsorship Guidelines
• ISS Group Insurance Manual and Large Claim memo
• ISS Group Risk Policy
• ISS HSEQ Policy
• ISS Escalation Policy
• ISS Large Customer Contract Approval Policy and Procedures
• ISS@CRAM

40 Corporate Governance Policy 2016 | Version 2.0 December 2016

8. MONITORING AND AUDIT

8.1 ISS Policy

The sound corporate governance principles of this Policy are valuable contributors to
operating our business in a prudent and trustworthy manner. However, they cannot stand
alone. Monitoring and auditing compliance with this Policy are important and necessary to
document accountability and ensure progress of implementation.

8.2 How we do things

Implementation and operation of governance processes and procedures shall be done in a

way that allows monitoring and audit to be conducted in an appropriate manner. Written
documentation shall be available in electronic form or hard copy and be accessible without
undue delay upon request from Group Internal Audit (GIA).

Country Management shall perform an annual maturity level self-assessment of this Policy
using the GIA Control Self-Assessment Form. The results shall be discussed annually with
Regional Management and goals shall be set for improvements of the maturity level.

8.3 Minimum requirements monitoring and audit

With respect to monitoring and audit, the following minimum compliance requirements
apply:

(i) Annual control self-assessment of this Policy using GIA Control Self-Assessment.

(ii) Review of implementation of this Policy and goal setting for next year’s maturity
level (as determined by GIA Control Self-Assessment) to be discussed and
agreed with Regional Management annually.

8.4 Available tools

Tools are available at governance.policies.group.issworld.com.

• GIA Control Self-Assessment

Corporate Governance Policy 2016 | Version 2.0 December 2016 41

 Notes

42 Corporate Governance Policy 2016 | Version 2.0 December 2016

Corporate Governance Policy 2016 | Version 2.0 December 2016 43
44 Corporate Governance Policy 2016 | Version 2.0 December 2016