KnowBe4 Anti-Corruption Policy

Last Updated: December 8, 2022

KNOWBE4 ANTI-CORRUPTION POLICY

Purpose and Scope

KnowBe4, Inc. and its subsidiaries (collectively “KnowBe4” or the “Company”) are committed to conducting domestic and international business in accordance with all applicable anti-bribery and corruption laws enforced in the United States, United Kingdom, European Union, Canada, and other jurisdictions where it operates or transacts business. These laws govern how KnowBe4 conducts business with its channel partners, customers, dealers, distributors, suppliers and government officials around the world.

KnowBe4 maintains this Anti-Corruption Policy (“Policy”) to promote compliance with these laws on a global basis. This Policy covers its channel partners, customers, dealers, distributors, suppliers, agents, contractors, consultants, and any other third-party representatives acting on behalf of any entity owned or controlled by KnowBe4 Affiliates anywhere in the world (“Third Party Representatives”). Violations of anti-bribery and corruption laws can result in severe consequences, including substantial monetary penalties and possible incarceration. Accordingly, violations of this Policy will result in disciplinary action, up to and including termination.

Third-Party Representatives must follow this Policy whether they use personal resources to pay for an expense or use company resources.

Anti-Corruption Laws

All Third-Party Representatives are strictly prohibited from promising, offering, providing, or authorizing cash payments (including bribes or kickbacks) or anything else of value (including gifts, entertainment, favors, and offers of employment), directly or indirectly, to any person in order to achieve an improper purpose related to the Company’s business anywhere in the world.

Anti-bribery and corruption laws prohibit using bribes, gifts, or other inducements to secure an improper business advantage. These laws regulate how Third Party Representatives conduct business with government agencies, public officials, and other private companies. The Company has a zero-tolerance policy and therefore strictly prohibits all forms of bribery and corruption regardless of whether they involve a public official or a private person. Most of these laws fall into three broad categories:

1. Official Corruption. U.S. Foreign Corrupt Practices Act (“FCPA”), the United Kingdom Bribery Act (“UKBA”), the Canadian Corruption of Foreign Public Officials Act (“CFPOA”), the OECD Anti-Bribery Convention, and other similar laws (collectively referred to as the “Anti-Corruption Laws”) all prohibit offering, promising, authorizing, or giving anything of value to a “Foreign Official” in order to improperly influence that individual in any way, such as to misuse their official position, obtain or retain business, direct business to another person or to secure an improper business advantage.

   The term “Foreign Official” is interpreted broadly and includes, but is not limited to:

   • any employee, director, or officer of a foreign government or any department, agency, or instrumentality of a foreign government;
   • any employee, director, or officer of a foreign state-owned or controlled entity, including, in many countries, sovereign wealth funds, telecommunications companies, health care institutions, oil and gas companies, and educational institutions;
   • any employee, director, or officer of a public international organization, such as the Red Cross or World Bank;
   • any consultant or other person acting in an official capacity for or on behalf of such foreign governmental bodies or public organizations, including entities hired to review and accept bids for a government agency; and
   • foreign political parties, candidates for political office, and members of royal families.

   Likewise, under U.S. laws prohibiting domestic bribery, you may not offer, give, authorize the giving of, or promise anything of value to any U.S. “public official” in exchange for influencing an official government act (i.e., no quid pro quo). “Public Officials” include U.S. federal officials and state and local government officials, as well as candidates for public office. In addition, every U.S. state and territory prohibits bribery of Public Officials.

   Gifts or payments of any size can violate these laws if their purpose is to secure some action or benefit from government officials. The same can also be true for campaign donations, charitable donations, and other business courtesies. KnowBe4 strictly prohibits all forms of bribery involving government officials.

2. Commercial Corruption. In addition to prohibiting official corruption, the U.S. Travel Act, the UKBA and other laws also bar bribes to or from private entities and individuals for an improper purpose or to influence the performance of any activity connected with their employment. KnowBe4 strictly prohibits all forms of bribery, including those involving private entities or individuals.

3. Kickbacks. The U.S. Anti-Kickback Act prohibits KnowBe4 from offering, giving, soliciting, or receiving any money or anything of value to or from government officials, government contractors, or subcontractors for the purpose of obtaining business, retaining business, or securing any kind of favored treatment. Similar laws exist in other jurisdictions where KnowBe4 Affiliates operate. For this reason, KnowBe4 strictly prohibits giving or receiving kickbacks of any kind.

   Against this backdrop, Third Party Representatives must never offer, promise, or give bribes, kickbacks, or anything of value to government officials, business partners, or any other parties to secure any improper business advantage. Third Party Representatives who receive requests for bribes, gifts, or kickbacks from government officials or other parties (or who otherwise become aware of such actions) must immediately suspend the underlying transaction(s) and contact their legal/compliance department, or external advisors as may be applicable, for further guidance.

Third-Party Representative Risks

The FCPA and other Anti-Corruption Laws impose stringent requirements on Third-Party Representatives. This includes third parties that make business contacts for KnowBe4, sell KnowBe4 products and services, lobby for KnowBe4, secure government licenses or authorizations for KnowBe4, or otherwise act as KnowBe4’s authorized agents in foreign countries.

KnowBe4 can be held liable for Third-Party Representatives’ violations of the FCPA and other Anti-Corruption Laws. For this reason, Third Party Representativesmust never authorize, direct, or encourage the use of bribes, kickbacks, or other improper inducements when conducting business on behalf of KnowBe4. This is true even if local laws and customs might impose less rigorous standards.

Third Party Representatives are prohibited from hiring agents or sub-agents without prior written approval from the Company.

Third Party Representatives should be particularly alert to any “Red Flags” (discussed below) that may be encountered during due diligence or throughout a relationship with customers and other business partners. “Red Flags” that do not present serious issues at one stage of a transaction or relationship may pose significant liability risks when they appear at a different stage or in combination with a different overall set of facts. Thus, the significance of “Red Flags” must be considered in context rather than in isolation. If you become aware of any “Red Flags,” you should immediately contact your legal/compliance department, or external advisors as may be applicable. The basic rule is simple: a “red flag” cannot be ignored, it must be addressed.

Due Diligence – Employee Onboarding

Hiring decisions could pose corruption risks, particularly if the Third Party Representatives select a candidate at the request of a government official. As a result, Third Party Representatives must conduct due diligence on potential new hires. As part of the Third Party Representatives’ employee onboarding process, all potential new hires must:

• be vetted and approved through an anti-corruption due diligence process as prescribed by the relevant people operations department, which will, for example, require additional scrutiny of prospective employees who have immediate family members or close personal relationships with individuals who are Foreign Officials, Public Officials, or otherwise affiliated with any of the Third Party Representatives’ significant commercial partners;
• certify that they will comply with the Anti-Corruption Laws and this Policy; and
• disclose whether they, any member of their immediate families, or close personal friends are or were Foreign Officials, Public Officials, or otherwise affiliated with any of the Third Party Representatives’ significant commercial partners.

Facilitation Payments

The FCPA allows companies to make small “facilitation” payments to secure routine action from government officials. Examples include, but are not limited to, notarizing documents, processing paperwork, or hooking up a telephone. The UKBA, by comparison, prohibits all facilitation payments except in narrow circumstances involving personal health and safety. Managing the distinctions between these laws can be difficult and the exceptions tend to be narrow. For this reason, Third Party Representatives must make sure the facilitation payment is legal before making such payment.

Business Courtesies

The FCPA, UKBA, CFPOA and other anti-bribery and corruption laws allow Third Party Representatives to provide modest gifts, meals, travel and entertainment (collectively “Business Courtesies”) in certain circumstances. All Business Courtesies must be reasonable, and recorded accurately in Third Party Representatives books and records. Business Courtesies must never be offered, promised or provided as an inducement for securing an improper business advantage.

Third Party Representatives should be especially careful when offering or providing business courtesies to government officials. This is because U.S. law (and the laws of most other countries) generally prohibit giving anything of value to government officials.

Political Contributions

The U.S. Government (and various state and local governments) regulate contributions to political candidates and parties. Contributions to candidates and parties outside the United States also merit attention, as such actions are regulated by the Anti-Corruption Laws and foreign laws. To avoid inadvertent violations of U.S. campaign laws, foreign laws, and the Anti-Corruption Laws, Third-Party Representatives must never make any political contributions on behalf of the Company to any candidates, parties, or government officials anywhere in the world without prior written authorization from KnowBe4’s Legal Department.

Recordkeeping Requirements

The FCPA and other Anti-Corruption laws require Third Party Representatives to maintain accurate books and records, which, in reasonable detail, accurately and fairly reflect the transactions of the Third Party Representatives. Accurate records discourage the use of bribes, kickbacks, and other corrupt inducements, and help Third Party Representatives identify suspicious activity if it occurs. For these reasons, Third Party Representatives must never:

• Make any false, incomplete, or misleading entries in Third Party Representatives’ books and records, or otherwise disguise or mischaracterize any aspect of a transaction;
• Engage in undisclosed payments or transactions, or establish separate books and records for undisclosed payments or transactions;
• Issue invoices that exceed normal price levels, disguise the true nature of a transaction, or involve third parties that are not necessary to the transaction; or
• Use Third Party Representatives’ or personal funds to undertake activities that are prohibited by this Policy or the law.

Additionally, Third Party Representatives could be liable under the Anti-Corruption Laws if its personnel know of certain misconduct by their business partners. For example, if Third Party Representatives know or believe that a business partner has created slush funds (money reserved for illicit activity) or any sort of off-the-books accounts that are used for illicit purposes, the Third Party Representatives could be liable.

KnowBe4’s Legal Department may request information to file disclosures or other reports with government agencies. Third Party Representatives should maintain and immediately produce any information that would assist with such filings and should retain any information involving dealings with government officials or third parties that conduct business with government officials for a minimum of six (6) years, or else provide those materials to KnowBe4’s Legal Department for safekeeping pursuant to this Policy.

Reporting Violations

Third Party Representatives that observe any potential or actual violation(s) of this Policy, or the underlying anti-bribery and corruption laws, must immediately report the potential or actual violation(s) to their legal/compliance department, or external advisors as may be applicable, and to KnowBe4.

APPENDIX A INCLUDES A LISTING OF “RED FLAGS” TO BE AWARE OF WHEN WORKING WITH THIRD-PARTY REPRESENTATIVES.

APPENDIX A

Anti-Corruption “Red Flags”

1. A government official, particularly one with discretionary authority over the business at issue, suggests that the Third Party Representatives use a specific company.
2. A reference check reveals a history of providing bribes, kickbacks, or other illegal inducements to Public Officials or other parties.
3. The existence of business, family, or other connections with government officials, political candidates, or political parties.
4. Failure to provide accurate or complete information about their ties to government officials, political candidates, or political parties.
5. Reluctance to provide accurate or complete information about the name, nature, or location of their business(es).
6. A company indicates that a particular amount of money is needed in order to “get the business” or “make the necessary arrangements” or because “you know how business is done.”
7. A company seeks commissions that are above the normal rates for the services they provide.
8. Providing vague, false, misleading, or substantially incorrect information in any commercial or financial transaction.
9. Attempting to conceal dealings with government officials, political candidates, or political parties.
10. Refusal to comply with this Policy or certify their compliance with Anti-Corruption laws.
11. Refusal to allow Third Party Representatives to inspect their books and records to ensure compliance with Anti-Corruption laws.
12. Insistence on making or receiving payments via third-party checks, money orders, or other instruments with no apparent connection to them or their business.

Please contact kb4partners@knowbe4.com with any questions you have about this Policy.