I. INTRODUCTION

The Board of Directors of MMG Bank Corporation, together with Senior Management, is responsible for promoting among their directors, executives, employees, clients and suppliers, the highest standards of ethical conduct.

Being aware that unethical behavior and acts of fraud may adversely affect the image of the Bank and therefore achievement of the vision and goals set forth by its stockholders, the Board of Directors has established an Antifraud Policy clearly stating the position of the Board in respect to fraud, the actions that are considered fraud, who is responsible for preventing, detecting and investigation fraud, as well as the procedure to lodge a fraud report.

II. ANTIFRAUD POLICY

Senior Management is responsible for the administration, prevention and detection of Fraud risk. Every member of the Bank must be alert to any indication of fraud within their areas of responsibility.

Any person having a suspicion, knowledge or indication of an act or possible act of fraud must report it forthwith through any of the mechanisms put in place for such purpose.

The investigation of fraudulent acts will be coordinated with the Legal Department and the affected areas.

A) SCOPE

The Antifraud Policy applies to any act that implies the commission or possible commission of fraud whether by a stockholder, director, executive, employee or client of the Bank, as well as suppliers and third parties that may have any kind of business or contractual relationship with the Bank.

B) ACTIONS THAT CONSTITUTE FRAUD

Fraud is defined as any act by one or several persons for the purpose of illegally taking, obtaining or getting hold of something belonging to someone else, whether corporeal or intangible, in prejudice of another party, and normally due to lack of knowledge or malice on the part of the injured party.

Among other, and without being exclusive, the following is considered fraud:

·         Any dishonest or deceptive.

·         The forgery or alteration of information, signatures, sums or content or any other document of the Bank, its clients, suppliers or third parties.

·         The forgery or alteration of checks, bank drafts or any other financial instrument.

·         The misappropriation of any kind of assets including monies and securities owned by the Bank or that a third party may have deposited with or in under the custody of the Bank;

·         The misuse and/or unauthorized use of goods owned by the bank or that a third party may have deposited with or in under the custody of the bank;

·         The misuse and/or unauthorized disclosure of confidential information of the Bank and/or its clients.

·         The misappropriation of commissions payable to the Bank or produced by an employee as a result of performing his/her duties in the Bank.

·         The mismanagement of money, cash reports or financial transactions.

·         Obtaining any profit or compensation in any way from the misuse or unauthorized disclosure of confidential information or intellectual property rights of the Bank and its clients.

·         Unauthorized disclosure of operations that the Bank carries on or contemplates to carry on.

·         Accepting or asking for anything of value from contractors, sellers or persons providing services/materials to the Bank. Exception: gifts valued at less than $50.00

·         The destruction, deletion or misuse of records, furniture, fixtures and equipment.

·         Any other like or related behavior.

III. FURTHER INAPPROPRIATE BEHAVIOR

The antifraud policy also seeks to prevent behavior or acts that are in contradiction with morality and good customs.

Suspicion of unethical or immoral behavior by stockholders, directors, executives and employees of the Bank shall be reported to the Human Resources Department, who will take pertinent actions.

Any question on whether or not a particular action constitutes fraud must be addressed to the Head of Internal Audit for orientation.

IV. WHISTLEBLOWER SYSTEM

The Whistleblower System is the means by which the members of the Bank, its clients, suppliers or third parties may denounce, anonymously, any act of fraud.

V. PERSONS RESPONSIBLE FOR THE INVESTIGATION

Great care must be taken when investigating a suspicion of fraud to avoid false accusations or alerting the suspect that an investigation is taking place.

The Head of Internal Audit shall be responsible for receiving the reports and investigating the facts thereof in agreement with the definition of fraud in the policy.

Investigations shall be made regardless of the years of service, position/title, or relation of the suspect with the Bank.

If the investigation shows that there was fraud, the Head of Internal Audit shall send a report to the Audit and Risk Management Committee.

The decision to process or refer the results of the investigations to the pertinent legal authorities and/or regulating entities for an independent investigation shall be made jointly by the Bank’s legal counsel and Senior Management.

VI. CONFIDENTIALITY

The Head of Internal Audit shall treat any information received as confidential.

Supervisors and the Head of Internal Audit shall ensure the anonymity of those who lodge a report.

The results of the investigation shall not be disclosed or discussed with anyone other than those who are required to know them. This is essential to avoid injuring the reputation of persons that may have been found innocent during the investigation and to protect the Bank from potential civil liability.

VII. REPORTING PROCEDURE

1. Employees who find out or suspect the existence of fraudulent activities may denounce it through any of the following channels:

·         To the immediate Supervisor. In these cases, the Supervisor shall report the matter immediately to Senior Management and this to the Head of Internal Audit, who will follow the investigation procedures set forth hereinafter.

·         To the e-mail denuncias@mmgbank.com or through the Whistleblower System published in the webpage of the Bank, www.mmgbank.com. Only the Head of Internal Audit is authorized to receive the reports sent to these addresses.

·         Directly to the Head of Internal Audit of the Bank.

2. Clients, suppliers and persons foreign to the Bank may file their reports directly at denuncias@mmgbank.com or the whistleblower system published in the Bank’s webpage, www.mmgbank.com.

Persons who file a report should never:

·         Contact the suspect in an effort to determine facts or request restitution.

·         Discuss the case, fact, suspicion or allegation with anyone unless asked by the Head of Internal Audit.

·         Any consultation regarding the activity or person under investigation shall be addressed to the Head of Internal Audit. No information regarding the status of the investigation may be provided without proper authorization from the Head of Internal Audit. The proper reply to any question is: “I am not at liberty to discuss this matter.” Under no circumstances should any reference be made to the “allegation”, the “crime”, the “fraud”, the “forgery”, the “misappropriation”, or any other specific reference.

VIII. INVESTIGATION AND REPLY PROCEDURES

The Head of Internal Audit will confirm receipt of the report provided it is possible and will immediately notify the Bank’s Senior Management of any reports received, provided that they do not involve Senior Management.

The Head of Internal Audit will develop a strategy to investigate the report in consultation with any other area of the Bank as appropriate.

Upon receipt of a report that is not contemplated in the categories covered by the Antifraud Policy, the Head of Internal Audit shall determine which authority of the Bank is responsible for attending to it.

The Head of Internal Audit will also report to the Chairman of the Audit and Risk Management Committee any report received and the strategies recommended for their investigation. The Chairman of the Audit and Risk Management Committee may provide support and advice regarding the development of the investigation.

IX. CAPACITIES TO INVESTIGATE

The Head of Internal Audit and his team will have:

Free and unlimited access to all records and premises of the Bank, whether owned or leased; and

The power to examine, copy and/or withdraw all or any part of the files, desks, drawers, and further storage spaces without the prior knowledge or consent of any person who may be using or having custody of such articles or facilities, as long as they fall within the scope of the investigation.

X. PRESUMPTION OF GOOD FAITH

When a person lodges a report regarding the commission or possible commission of an act of fraud, it shall be presumed that the person is doing it in good faith and based on actual indications or elements.

XI. NO RETALIATION

The person filing a report on the commission or possible commission of an act of fraud shall not be subjected to retaliation, threat, discrimination or sanctions of any kind. Nevertheless, if proven that the informer acted in bad faith and based on false facts for the purpose of injuring the accused party, Senior Management will be authorized to apply the measures and sanctions set forth in the law for such cases.