Strengthening Compliance - Zelestra’s ISO 37001 Anti-Bribery Milestone 

We are proud to share that Zelestra achieved ISO 37001 certification for its Anti-Bribery Management System. This important milestone recognizes the strength and maturity of our ethics and compliance framework and confirms that our approach to preventing, detecting and addressing bribery and corruption meets the highest international standards. 

Beyond the certification itself, ISO 37001 validates that Zelestra operates a structured, risk-based and independently audited system, designed to ensure zero tolerance for unethical behavior and continuous improvement in integrity, transparency and responsible business conduct across all geographies and throughout the value chain. 

Compliance Governance and Oversight  

Zelestra’s ethical and compliance culture is driven from the highest levels of the organization, reflecting a strong commitment to integrity, transparency, and alignment with international standards and best practices. Clear responsibilities and risk definitions underpin our culture, ensuring accountability across all levels. In line with this commitment, our Board of Directors approved the establishment of an independent compliance function that reports directly to the Board, reinforcing oversight and ensuring robust regulatory adherence. 

Building on this foundation, at Zelestra we are reinforcing our compliance framework by developing a coordinated and collaborative structure with the compliance bodies of our Business Units. This initiative is intended to uphold the highest ethical standards in the prevention of criminal offenses and the fight against fraud. We focus on key areas such as the coordination of risk analyses related to criminal activity, corruption, and fraud. We also prioritize the oversight and implementation of control measures, as well as the promotion of targeted training initiatives. 

Code of Ethics and Conduct 

Zelestra’s Code of Ethics and Conduct defines the principles, values and behavioural standards that guide the actions of employees and third parties. It establishes clear expectations regarding acceptable behavior, explicitly addresses conflicts of interest, and requires the identification, disclosure and appropriate management of any actual, potential or perceived conflicts. 

The Code is the cornerstone of the compliance framework and is complemented by corporate policies, standards and operating procedures with cross-cutting applicability. Compliance is mandatory for all employees, members of governing bodies and entities under Zelestra’s effective control. Employees are required to formally acknowledge and sign off on the Code of Ethics and Conduct and related compliance policies on a regular basis. 

Bribery, Corruption and Fraud Prevention 

Integrity is a core focus of Zelestra’s Compliance function and a central pillar of its ISO 37001-certified system. Zelestra applies a zero-tolerance approach to all forms of bribery and corruption, public or private, and explicitly prohibits facilitation payments, regardless of local practices or customs. 

These commitments are set out in the Corruption and Fraud Prevention Policy and translated into day-to-day practice through detailed operating guidelines covering acceptable behavior, record keeping, approval procedures, segregation of duties and ethical decision-making. 

Zelestra has implemented a robust internal control system, including financial and non-financial controls, to ensure accurate record keeping and full traceability of transactions. This includes a clearly defined pay-to-pay process, approval thresholds, dual authorization where applicable, and enhanced controls over payments, particularly in higher-risk contexts. 

Due Diligence and Third-Party Management 

In line with ISO 37001 requirements, Zelestra applies a mandatory, risk-based due diligence process for third parties, including suppliers, contractors, agents and business partners. Where appropriate, this due diligence is performed by independent third-party providers, ensuring objectivity and robustness. 

Zelestra also conducts due diligence checks for employees and candidates, proportionate to role and risk exposure, both at onboarding and throughout the employment relationship, complemented by ongoing monitoring. 

Gifts, Hospitality and Conflicts of Interest 

At Zelestra, specific procedures govern gifts, hospitality and donations establishing clear thresholds, prior approval requirements and documentation obligations. Together with the conflict-of-interest procedure, these measures are designed to deter non-compliance and reduce exposure to unethical opportunities, ensuring that personal interests do not improperly influence business decisions. 

Crime Prevention, Detection and Incident Management 

Also, Zelestra promotes a preventive culture based on zero tolerance for illegal acts and the consistent application of ethical and responsible behavior across all levels of the organization. The Crime Prevention Policy reinforces this commitment through permanent surveillance and detection measures, effective communication and awareness mechanisms, and a strong culture of compliance. 

Ethics Line 

All employees and members of the administrative bodies of Zelestra must maintain strict observance of the current legal regulations applicable to the jurisdiction where they carry out their activity and their conduct must be governed by integrity, diligence, professionalism, responsibility, efficiency, good faith and honesty. Thus, everyone has the responsibility to inform and cooperate to prevent breaches of this duty to respect the regulations that are applicable in each case. 

The Zelestra Ethics Line is available to employees, suppliers, and other stakeholders, providing a secure and confidential channel to report concerns. Reports can be submitted anonymously, and all communications are handled with strict confidentiality. Complaints are managed by the Compliance department, which retains full responsibility for overseeing the process—except in cases involving harassment or discrimination, which are referred to the designated representative of the Zelestra Investigating Commission for such matters. At Zelestra we maintain a zero-tolerance policy for retaliation. No adverse action will be taken against any individual who, in good faith, reports a suspected breach or seeks guidance regarding the Code of Conduct, internal policies, or applicable laws and regulations. 

Stakeholders are made aware of the Ethics Line through our corporate website and the contractual documents governing commercial relationships. Internally, at Zelestra we actively promote the use of this channel via compliance training, internal communications, and its policies and procedures, reinforcing a culture of transparency and integrity across the organization. 

Human Rights 

Within the framework of our model of ethics and compliance, the defense of Human Rights is clearly outlined. We rely on our internal mechanisms and especially on the Human Rights Policy, to ensure that we do not participate in any form of violation of these throughout our value chain, also including commitments in this area in our Code of Ethics and Conduct and in our Code of Ethics and Conduct for Suppliers.  

Training, Awareness and Continuous Improvement 

Zelestra’s compliance and ethics framework would not be sustainable without continuous training and awareness-raising, which are essential to embedding ethical principles into day-to-day decision-making. Zelestra provides regular and mandatory training on business ethics, anti-bribery and corruption, fraud prevention, money laundering, conflicts of interest, whistleblowing mechanisms and the internal regulatory framework. Training is delivered both in person and virtually and is tailored to role and risk profile, reinforcing a strong and consistent ethical culture across the organization.