Principle

NOQD-111/EN

1 (6)

For internal use

Version 2
Corporate Risk Management

20 Dec 2010

Distribution

Management System Documents, Neste Oil Portal

Reviewed by, Date:

NEB, Matti Hautakangas, Juhani Laitinen,

Jorma Haavisto, 17 Jan 2011
Approved by, Date

Matti Lievonen, 24 Jan 2011

Replaces

Fraud Management Principle, Version 1.0, 26.05.2008

FRAUD MANAGEMENT PRINCIPLE

Table of Contents
1 CHANGES......................................................................................................................................... 2
2 PURPOSE OF THE PRINCIPLE.......................................................................................................2
3 SCOPE AND VALIDITY..................................................................................................................... 2
4 DEFINITIONS.................................................................................................................................... 2
4.1 Fraud........................................................................................................................................... 2
4.2 Selecting suppliers, procurement and service providers.............................................................3
4.3 Receiving a gift............................................................................................................................ 3
5 FRAUD PREVENTION...................................................................................................................... 3
5.1 Control environment elements....................................................................................................3
5.2 Fraud risk identification and assessment.....................................................................................3
5.3 Communication and training........................................................................................................4
5.4 Monitoring................................................................................................................................... 4
6 FRAUD DETECTION......................................................................................................................... 4
6.1 Mechanisms for seeking advice and reporting misconduct.........................................................4
6.2 Auditing and monitoring............................................................................................................... 4
7 FRAUD RESPONSE......................................................................................................................... 4
8 RESPONSIBILITIES.......................................................................................................................... 5
8.1 Maintenance of Fraud Management Principle.............................................................................5
8.2 Fraud management..................................................................................................................... 5
8.3 Fraud response........................................................................................................................... 5
9 REPORTING..................................................................................................................................... 5
10 RELATED DOCUMENTS................................................................................................................ 5

Archive:

Neste Oil Central Archive

Retention period:

Permanent

Fraud_suspicion.doc

Appendices:

1. Fraud suspicion form, updated 19.5.2014 Risto Espo

2. Portal link to electronic form:

http://digiumenterprise.com/answer/?sid=697887&chk=PE3UZW8N

Neste Oil Corporation

Group Functions

Business ID
Domicile

www.nesteoil.com

NesteOil 2007

FI1852302-9
Espoo

Principle

NOQD-111/EN

For internal use

Version 2
Corporate Risk Management

20 Dec 2010

1 CHANGES
The principle has been updated to correspond to the new organization structure. At the
same time, some minor adjustments have been made.
Fraud Suspicion form has been updated due to person changes. Updates in related
documents.
2 PURPOSE OF THE PRINCIPLE
Neste Oils objective is to operate in compliance with applicable laws and regulations,
guard company reputation and credibility, and promote consistent organizational
behavior. Our company values form a basis for this. Illegal, fraudulent or dishonest
activities are not allowed.
This principle outlines the guidelines for fraud prevention, detection of fraud and fraud
risk assessment. Procedures related to fraud investigations, reporting and resolutions
after the investigations are included. The purpose of the principle is to raise awareness
of fraud and fraud risk management.
3 SCOPE AND VALIDITY
This principle is applied at the whole Neste Oil group, subsidiaries included. This
principle applies to any fraud or suspected fraud, involving employees as well as
consultants, vendors, contractors, external agencies and /or any other parties in
business relationship with Neste Oil group.
This principle, approved by the President and CEO, is valid until revised.
4 DEFINITIONS
4.1 Fraud
Fraud is considered to be any dishonest or deceptive activity or misuse of Neste Oil
assets, systems or position intended to result in direct or indirect benefit for the person
involved or associates of that person.
Some examples refer to, but are not limited to the following:
o

Fraudulent financial reporting (e.g. fraudulent reporting of turnover, overvaluation

of assets, undervaluation of liabilities, accelerated revenue)

Misappropriation of assets (e.g. embezzlement of cash, pay roll fraud, theft of

company assets, procurement fraud, royalty fraud)

Revenue or assets gained by fraudulent or illegal acts (e.g. over-billing

customers, deceptive sales practices)

Expenses or liabilities avoided by fraudulent or illegal acts (e.g. tax fraud, abuse
of wage and working hours reporting)

Expenses or liabilities incurred from fraudulent or illegal acts (e.g. commercial or

public bribery, kickbacks, corruption)

Other misconduct (e.g. conflicts of interest, insider trading, disclosure of Neste

Oils business secrets, theft of competitor trade secrets, antitrust practices, cartel
activities, falsifying compliance data provided to regulators).

Neste Oil Corporation

Group Functions

Business ID
Domicile

www.nesteoil.com

NesteOil 2007

FI1852302-9
Espoo

2 (6)

Principle

NOQD-111/EN

3 (6)

For internal use

Version 2
Corporate Risk Management

20 Dec 2010

4.2 Selecting suppliers, procurement and service providers

In evaluating potential suppliers, procurement and service providers, Neste Oil shall
adapt the spirit of the Finnish acts and decrees as well as of EU Conventions related to
certain procedures for the award of public works, supply and service contracts, as
mentioned below. Hence, companies, or any person having powers of representation,
having been convicted of certain offences, and are specified in a criminal record, for one
or more of the reasons listed below, shall be excluded.
o

Participation in a criminal organization

Bribery

Tax fraud

Money laundering

4.3 Receiving a gift

If a Neste Oil employee receives a gift or a benefit regarded as a gift, worth more than
100 , from a vendor, supplier, customer or a business partner, the employee shall
inform his/her own manager thereof. A gift or a benefit has to be in a reasonable and
relevant proportion with the quality and extent of the business. By receiving a gift or a
benefit it shall not come across or give an appearance that it could have an effect on the
business arrangement or agreement.
5 FRAUD PREVENTION
Fraud prevention involves actions taken to discourage the commission of fraud as well
as limit fraud exposure when it occurs.
The main control elements of fraud prevention are:
5.1 Control environment elements
o

Code of Conduct

Other company policies, principles and instructions as well as internal

procedures, as described in section 10 below

Effectively implemented whistle-blowing systems and corporate culture that

supports them, as described in section 6

Oversight by the Board of Directors, Audit Committee, Neste Executive Board

and management in the business areas and common functions as well as
internal audit

Investigation of reported issues and remediation of confirmed violations

Tools embedded into human resources processes including training, hiring,

performance evaluation, promotion, ethics and compliance, corporate values and
procedures for disciplinary action

5.2 Fraud risk identification and assessment

o

When assessing fraud-related risks the business area and common function
management has to identify the possible fraud risks concerning Neste Oil, e.g.
by employees, business partners, suppliers, customers, competitors or
professional criminals

Neste Oil Corporation

Group Functions

Business ID
Domicile

www.nesteoil.com

NesteOil 2007

FI1852302-9
Espoo

Principle

NOQD-111/EN

For internal use

Version 2
Corporate Risk Management
o

20 Dec 2010

Adequate segregation of duties

5.3 Communication and training

o

Implementation of effective fraud-related information and communication

practices

Ongoing and periodic performance assessment is conducted for identifying

impact and use of IT technology for fraud deterrence

5.4 Monitoring

6 FRAUD DETECTION
Detective controls are designed to uncover fraud and misconduct when it occurs.
6.1 Mechanisms for seeking advice and reporting misconduct
Employees who discover or suspect fraudulent activity are provided with multiple
channels for reporting concerns about fraud or misconduct. This reporting can be
submitted verbally or in writing and the employees may choose to alert their own
managers, Corporate Security, Human Resources, Group Legal or Internal Audit.
A written notification can be submitted by using a whistle-blowing reporting system in the
Neste Oil Portal (tools Ethics On-line), by e-mail or by conventional mail using a
specific form enclosed herewith. This reporting can also be done anonymously. All the
reports shall be addressed further to the Head of Internal Audit.
All the reported matters are treated confidentially with relevant safeguards in place to
ensure maintenance of the confidentiality. In all instances, the rights and privacy of both
the reporting persons and the ones suspected are to be adequately protected and
assured.
6.2 Auditing and monitoring
Auditing and monitoring plans in Neste Oil shall be designed to encompass detection of
fraud and misconduct, including early warnings of fraud problems
7 FRAUD RESPONSE
Response controls are designed to take corrective action and remedy the harm caused
by fraud or misconduct.
When information related to actual or potential fraud and misconduct is uncovered, a
comprehensive and objective internal investigation is conducted. The purpose of an
investigation is to gather facts leading to credible assessment of the suspected violation,
leading to decision on a sound course of action.
In resolving fraud or misconduct incidents, penal proceedings in industrial relations
legislation valid in each respective country are used in connection with the employment
of perpetrator(s).
Investigation results and resolution of fraud incidents will not be disclosed to or
discussed with anyone else than those who have a legitimate need to know.
The penal proceedings concerning Neste Oil Oyj and its Finnish subsidiaries are
described in the following instruction Menettely rikkomustapauksissa Neste Oil
-konsernissa, 02.05.2006, (NOQD-29/FI).
Neste Oil Corporation
Group Functions

Business ID
Domicile

www.nesteoil.com

NesteOil 2007

FI1852302-9
Espoo

4 (6)

Principle

NOQD-111/EN

5 (6)

For internal use

Version 2
Corporate Risk Management

20 Dec 2010

8 RESPONSIBILITIES
8.1 Maintenance of Fraud Management Principle
The Chief Risk Officer is responsible for the maintenance of this principle.
8.2 Fraud management
The principal responsibility for fraud management rests with the President and CEO.
The Heads of business areas and common functions have responsibility for the fraud
prevention and management processes.
8.3 Fraud response
The owner of fraud management response process is the Head of Internal Audit. He/she
has the primary responsibility for organizing the investigation of all suspected fraudulent
acts as defined in this document.
The Head of Internal Audit is supported in the investigation by the Corporate Security.
Depending on the nature and scope of the suspected fraud or misconduct, the General
Counsel and appropriate business area or common function management will be
involved.
The Head of Internal Audit informs the President and CEO of the investigation results,
and decides about possible independent investigations.
The General Counsel decides about initiating possible legal actions.
The Head of Internal Audit shall also recommend procedures to attempt to prevent the
recurrence of any potential or suspected fraud or misconduct.
9 REPORTING
The Head of Internal Audit presents in his/her report to the Audit Committee the
occurred incidents.
A comprehensive status report is presented to the President and CEO and the Audit
Committee on a yearly basis.
The management of the business areas, common functions, subsidiaries and field
offices shall report the suspected and occurred incidents to the Head of Internal Audit
without delay.
10 RELATED DOCUMENTS
The person/s having authority and responsibility for the maintenance of the related
documents shall be aware of and refer to the stipulations described in this principle
concerning financial wrongdoings.
o

Code of Conduct, 06.09.2010, (NOQD-261/EN)

Competition Compliance Instruction, 28.09.2010, (NOQD-309/EN)

Guidelines Insiders, 01.01.2006, (NOQD-72/EN)

Internal Audit Charter

Information Security Instructions for Neste Oil employees, 19.02.2007, (NOQD-30/EN)

Credit and Counterparty Risk Management Principles, 25.08.2009, (NOQD-78/EN)

Neste Oil Corporation

Group Functions

Business ID
Domicile

www.nesteoil.com

NesteOil 2007

FI1852302-9
Espoo

Principle

NOQD-111/EN

For internal use

Version 2
Corporate Risk Management

20 Dec 2010

Procurement Principles, (NOQD-366)

Principles of company background checks 22.11.2006, (NOQD-51/EN)

Principles of individual background checks

Procedure in case of violations within the Neste Oil Corporation(NOQD-29/EN)

The working rules of Neste Oil Group, 08.03.2010 (NOQD-31/EN)

Protection and management of business secrets, 26.11.2010 (NOQD-314/EN)

Oil Products and Renewable fuels

o

Supply Compliance Principle(OPQ-13)

Neste Oil Corporation

Group Functions

Business ID
Domicile

www.nesteoil.com

NesteOil 2007

FI1852302-9
Espoo

6 (6)