Linkedin

The Compliance Program of the Ecopetrol Business Group

May 26, 2023

The Compliance Program of the Ecopetrol Business Group that is regularly updated, based on ethical verifications, the annual risk cycle, outcomes of the commitment to transparency, current regulations and good practices, includes aspects such as:

  • Specifics objectives of the Program
  • Components of the Program: Continuous improvement, prevention, detection and response
  • Tone at the top – Responsibilities
  • Ethics principles and guidelines
  • Activities of the Program
  • Internal handbooks, guidelines and procedures
  • Guidelines for human talent management
  • Internal and external assurance
  • Collective initiatives
  • Assessments of the effectiveness and achievements of the Program
  • Training and communications results.
  • Applicable law and regulations for the Program
  • Mechanism for advice and concerns about ethics

It is leaded by the Board and Directors and the Corporate Compliance Vice-presidency which is an independent area that reports to the Audit and Risk Committee of the Board of Directors. This Vice-presidency is integrated by the Ethics and Compliance Office, the Assurance of risks and internal Controls Office and the Disciplinary Control Office. It also has a Control Entities Attention Group, a Communication and Training Team and a Monitoring Team. The groups companies that consolidate in the financial statements have compliance structures with a leading Compliance Officer that has a dotted line -functional- report to the Corporate Compliance Vice-presidency.

Click here for downloading the Compliance Program of the Ecopetrol Business Group

 

Compliance Programme Standards and Benchmarks

  • Foreign Corrupt Practices Act (FCPA), or the rules and regulations promulgated thereunder.
  • SOX Act.
  • COSO ERM2013, Guidelines 2017.
  • Control objectives for COBIT information and technology.
  • Basic Legal Circular of the Superintendency of Finance.
  • Basic Legal Circular of the Superintendency of Societies.
  • External Circular 0092016 of the Superintendency of Health.
  • Law 610of2002. Law- Fiscal Responsibility Process
  • Law 734 of 2002.Disciplinary Code Act or the rule that modifies it.
  • Law 1118 of 2006.Legal Nature of Ecopetrol.
  • Law 1474 of 2011Anti-Corruption Statute.
  • Law 1712 of 2014. Transparency and the right to access public information.
  • Law 1778 of2016.Anti-Bribery Act.
  • Regulations of the Financial Analysis Unit- UIAF.
  • Principle 10 of the UN Global Compact.
  • United Nations Convention against Corruption.
  • Inter-American Convention against Corruption of the Organization of American States (OAS).
  • Good Practice Guidance on Internal Controls, Ethics and Compliance, Annex II, recommended by the Organization for Economic Co-operation and Development (OECD) Council on Combating Bribery of Foreign Public Officials in International Business Transactions (based on the 1997 Convention).
  • Guide for Companies in Colombia by the Transparency Secretariat of the Vice- Presidency of the Republic.
  • Recommendations for the implementation of an anti-corruption ethics and compliance program for UNODC Companies.
  • DOJ Compliance Program Guidelines.
  • FATF Recommendations.
  • Benchmarks for compliance programs defined in the Parenting Against Corruption initiative - PACI. World Economic Forum.
  • Business Principles for Countering Bribery - Transparency International.
  • ISO-31000 standard for risk management.
  • The guidelines set out in the ISO technical standards 37001 on Anti-Bribery Management System, and 37301 on Compliance Management Systems.
  • Values of the Public Employee DAFP (2020).
  • Code of Best Corporate Practices - Country Code.
  • Reference Asia-Pacific Economic Cooperation APEC Code of Business Conduct.
  • Regarding ICC Rules to combat corruption, they are considered but are not mandatory.
  • Reference The UK Bribery Act 2010.

 

Internal and external assurance of the Compliance Program

Corporate Internal Control Management provides assurance on controls that mitigate process risks (including bribery, corruption, fraud and ML/TF/PT) through management testing, which is performed by an independent audit firm. Likewise, the Corporate Ethics and Compliance Management carries out permanent monitoring of areas and activities of special risk. The Statutory Auditor performs independent verification procedures on compliance and ethics, as well as on controls to prevent financial fraud in Ecopetrol and the BG companies.

Assessments of the effectiveness and achievements of the Compliance Program

As internal assurance mechanisms, the Corporate Compliance Vice-Presidency is responsible for reviewing the controls that mitigate process risks (including those of compliance), through tests, which are performed annually by an independent auditing firm. Likewise, permanent monitoring is carried out in areas and activities of special risk and assurance and advisory practices are implemented.

As part of the assurance to comply with sections 404 and 302 of the SOX Act, an audit firm (¨Big Four¨) is periodically hired to review the design and operating effectiveness of controls under SOX and compliance scope (including those associated with: corruption, fraud, bribery, ML/FT/ FPWMD) for Ecopetrol and main companies of the Group. According to the results issued in 2022 by the firm Deloitte & Touche, no material weakness or significant deficiencies have been identified.

In addition, the firm Ernst & Young – independent registered public accounting firm – performs auditing procedures, issuing an opinion report on the reasonableness of the financial statements and evaluation on the internal control system. Entity-level controls are audited within its exercise – including those related to ethics and compliance. As of December 31, 2022, the external/statutory auditor´s opinion indicated that Ecopetrol S.A. maintained, in all material respects, effective internal control over financial reporting, based on the COSO criteria, and reported no significant deficiencies, or material weaknesses. The process ended on March 29, 2023

In 2022 Icontec carried out a process of renewal of the certifications of the: ISO 9001: 2015, ISO 14001: 2015 and ISO 45001: 2018, in which the risk management system was evaluated, finding it adequate and without nonconformities.

Ecopetrol’ s anti-corruption policies and procedures were evaluated by the United Nations Global Compact initiative, obtaining a rating of 100%.

In the Dow Jones Sustainability Index (DJSI), the score in Business Ethics reached the highest possible score of 100 points. We scored 90 points in Risk and Crisis Management.

In the Business Integrity Route of the Transparency Secretariat of the Presidency of the Republic, we have obtained 100% in all criteria in the self-assessment of our integrity and compliance program. In addition, we have been invited to participate as mentors to other companies to share our best practices.

Ecopetrol was rated at the optimum level (maximum) in Transparency for Colombia's Corporate Management of Corruption Risks measurement initiative.

Sustainalytics scored Ecopetrol with 2.1 points -low risk- (1.0 being the best score), in the component related to bribery and corruption risk management.

In the MSCI's ESG rating report, we obtained the maximum score in the components regarding the compliance program, and they recognize that we have robust policies in relation to our peers.

People Voice, an independent third party, assessed the knowledge and commitment of workers to apply the company's ethical principles and guidelines. obtaining a favorable participation that has been increasing year after year (2017: 94.3%, 2018 96.9%, 2019: 98.9%, 2020: 99.24%, 2021: 99.42%, 2022: 99.62%). Among the total number of workers surveyed, more than 99% affirm that they have taken the Ethics and Compliance Course, comply with the Code and other internal regulations, are committed to acting in an ethical and transparent manner, and will not carry out or tolerate acts that violate said Code.

Complementary Content
${loading}