Purpose
This Board Policy is developed in accordance with FCA Regulations regarding the establishment of a confidential and anonymous “Whistleblower Program” for the reporting of complaints or tips, including, but not limited to, a suspected violation of including but not limited to:
- law, including but not limited to, fraud and corruption;
- FCA Regulation;
- SunStream Policy;
- SunStream operational security policy or security standard;
- Internal control;
- Accounting practice; and
- Audit practices.
The Whistleblower Program will also encompass, but not be limited to, reporting of complaints or tips about suspected activity, including but not limited or related to:
- Unethical activity;
- Dishonest activity;
- Fraudulent activity;
- Misconduct;
- SunStream security risk; and
- SunStream operational deficiency.
(Collectively all “Suspected Violations” and individually a “Suspected Violation”) by SunStream Directors, officers, employees, agents (collectively referred to as “SunStream Insiders” and individually a “SunStream Insider”) or other person.
Objective
This Policy is established to ensure compliance with the FCA Regulations regarding maintenance and support of a Whistleblower Program for SunStream Insiders and other persons to anonymously and confidentially report complaints or tips about Suspected Violations involving SunStream (individually each tip or complaint a “Whistleblower Report”). It is the desire of SunStream management to ensure SunStream Insiders are aware of their responsibility to report any Suspected Violations and that SunStream management will not tolerate any activity or behavior defined as a Suspected Violation.
Administration
The Board Audit Committee shall assume responsibility for the administration of all activities related to the Whistleblower Program and any Whistleblower Report, including but not limited to:
- Utilizing an independent third party to provide a Whistleblower Report hotline;
- Communicating the Whistleblower Report hotline contact information to SunStream Insiders; and
- Confirming the Whistleblower Report hotline contact information is available on the SunStream’s internal and external website.
The Board Audit Committee Chair, Board Chair, SunStream’s President and CEO and SunStream’s Chief Financial Officer will receive Whistleblower Reports, except in the event any one of those individuals has a conflict in, or with, a Whistleblower Report, and in such a case, the conflicted individual will not receive the Whistleblower Report. SunStream’s President and CEO and SunStream’s Chief Financial Officer shall internally or externally assign Whistleblower Reports for appropriate review and follow up. In the event SunStream’s President and CEO and SunStream’s Chief Financial Officer have a conflict in, or with a Suspected Violation, the Board shall select an independent internal or external designee with the expertise to handle the Whistleblower Report matter consistent with this and other Policies. The party assigned a Whistleblower Report will:
- Promptly review, and as appropriate, investigate the Whistleblower Report;
- As needed, utilize external expertise and resources to adequately review, and as appropriate, investigate the Whistleblower Report;
- Document the review and any findings;
- Provide the Board Audit Committee with the documented review and any findings, except when an Audit Committee member or Director has a conflict in a Whistleblower Report, and in such a case, provide to the Board Chair.
Policy
SunStream employees and Directors shall be responsible to ensure that SunStream business is conducted with the highest ethical standards and consistent with Policies and FCA regulations and to report any Suspected Violations pursuant to this Policy. SunStream’s employees and Directors are encouraged to report any Suspected Violations: (1) through the SunStream management structure; (2) to SunStream’s President and CEO; (3) to SunStream’s Standard of Conduct Officer (“SOCO”); or (4) via the Whistleblower Report hotline.
Anti-Retaliation
There shall be no retaliation against a SunStream employee or Director who, in good faith, makes a Whistleblower Report. SunStream’s employees and Directors are prohibited from retaliating, including but not limited to, demotion, suspension or termination, discrimination, and harassment against any SunStream employee or Director who on a good faith basis makes a Whistleblower Report. Any SunStream employee or Director who has been determined to have retaliated is subject to disciplinary action up to and including termination, in the case of a SunStream employee, or by appropriate sanctions including but not limited to removal from the Board, in the case of a Director.
Responsibilities
SunStream management is responsible to:
- Establish adequate internal controls to ensure compliance with this Policy and FCA’s Regulations regarding Suspected Violations and Whistleblower Program.
- Assist SunStream employees and Directors in meeting the requirements of FCA Regulations relating to Suspected Violations, Whistleblower Program, and this Policy.
- Coordinate with the SOCO on Whistleblower Reports involving SunStream Insiders, pursuant to FCA Regulations.
- Provide periodic training for employees and Directors which may include formal training, education awareness materials, and review of this Policy and Whistleblower Program.
- Periodically test the Whistleblower Report hotline.
Retention
Retention of Whistleblower Reports and any related document(s), shall be maintained for a period of 6 years and thereafter destroyed.
Retained Authorities
Any authorities not delegated herein shall be retained by the Board.
Exceptions
Any exceptions to this policy shall require approval of the Board.
Reporting
SunStream management shall, at least quarterly, report to the Board Audit Committee all Whistleblower Reports in such a format as SunStream management determines appropriate. If such a Whistleblower Report involves a SunStream Director, reporting may not be provided to such Director. Material issues regarding this Policy shall be reported promptly to either the Board Chair or to the Board Audit Committee in such format as SunStream management determines appropriate.
Review
This Policy shall be reviewed at least annually by the Board and amended as necessary.
Related Documents
FCA’s July 9, 2015 Informational Memorandum
FCA Regulation: § 618.8430
FCA’s BL-073, Criminal Referral Guidance
Board Policies:
3.35 Dishonest and Fraudulent Activities
7.15 Standards of Conduct for Directors and Employees
8.05 Criminal Referral Program
History
Adopted: March 19, 2020
Last Revised: March 3, 2023
Approved: March 3, 2023