How to Use the Supplier Self-Assessment Tool

Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program

Introduction
This tool is designed to help companies evaluate their ethics programs, in order to identify strengths and opportunities for improvement. Completion of this self-assessment is not required and
does not need to be shared with Lockheed Martin.
The standards for an effective ethics program referenced in this tool are by no means an exhaustive list of the laws, regulations or best practices related to ethics, compliance and anti-corruption
programs around the world. Work with your Legal Counsel and/or management to determine which laws and regulations apply to your organization.

Disclaimer
Lockheed Martin Corporation has prepared the information contained in this document for general information purposes only. This information is not intended to provide guidance or advice on
ethics and business conduct, and we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, or suitability of this information for any
purpose. The information is not contractual direction or interpretation, and it does not affect your contractual obligations under subcontracts or purchase orders received from LMC. You are solely
responsible for determining the content and scale of your ethics and business conduct program.

Instructions
1. Start on the SELF-ASSESSMENT CHECKLIST tab.
Column A lists the twelve elements of an effective ethics program. Each cell contains a hyperlink, marked with " »", to a one page infographic guide on that element.
The questions in Column B are designed to help you identify possible gaps in your program.
You can use Column C to make notes about the current state of your ethics program, planned improvements, etc. These notes are for your own reference, and Lockheed Martin does not
need to see any of your responses.
Column D summarizes Lockheed Martin's practices related to each program element. Some of the cells, marked with " »", link to Lockheed Martin resources.

2. Answer the questions about each element of an effective ethics program in Column B of the SELF-ASSESSMENT CHECKLIST and make any notes in Column C, in order to document which elements
of an effective ethics program you already have, and whether you may need to adjust or add elements for a more effective program.

3. Refer to the STANDARDS tabs for a comparison of the guidance provided as of April 2018 by different organizations on the elements of an effective ethics and/or anti-corruption program. The
SELF-ASSESSMENT CHECKLIST is based on the standards shown in these tabs.
The standards are divided into three tabs: Legal, Industry and International Organizations.
• The standards listed in the Legal tab may be required for your company (i.e. U.S. Federal Acquisition Regulation) and/or could be used to evaluate the effectiveness of your ethics program
in the event of an incident of serious misconduct, for sentencing purposes (i.e. U.S. Federal Sentencing Guidelines, U.K. Bribery Act Guidance).
• The standards in the Industry tab were developed by aerospace and defense industry groups (i.e. DII for U.S. firms and IFBEC for international firms).
• The standards in the International Organizations tab were developed for reference by firms in any industry.

It is up to your organization to determine which standards are most relevant. You can choose to 'Hide' columns that are not applicable to your organization.
Please remember that this is not an exhaustive list of all the standards related to ethics and compliance.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 How to Use the Supplier Self-Assessment Tool
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
4. Review the full text of each standard using the URL provided on the STANDARDS tabs.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Supplier Self-Assessment Tool
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program

Program Element Self-Assessment Questions Supplier Notes Lockheed Martin Practices and Resources
» Company Values Does your company have a values statement? » Lockheed Martin's core values are Do What's Right, Respect Others, Peform with Excellence.

» Program Structure & Oversight

Who is responsible for ethics in your organization? Lockheed Martin's Senior Vice President of Internal Audit, Ethics and Sustainability manages the activities of our Ethics
What resources does this person or team have? Who team, reports directly to our CEO, and gives quarterly briefings to our Board of Directors. Lockheed Martin's Ethics
has direct oversight of or accountability for that person organization is an independent department within the Corporation with its own budget and full-time staff.
or team?

» Risk Assessment How often does your company conduct an assessment » The risk areas identified by Lockheed Martin are addressed in our Code of Ethics and Business Conduct, Setting the Standard, and
of its ethics and compliance risks?
» Policies & Procedures Do your company's policies and procedures address the » Most of Lockheed Martin's policies and procedures are considered proprietary information, but we publish documents related to
topics identified by your risk assessment?

» Code of Conduct Does your company have a code of conduct or other » Lockheed Martin's Code of Ethics and Business Conduct, Setting the Standard, details the high expectations we set for employee
written expectations for employee behavior? Is it
available to all employees and others who act on behalf
of the company?

» Training How often does your company train employees on their » Lockheed Martin requires all employees to participate in our annual Voicing Our Values Ethics Awareness Training and to comple
ethics and compliance responsibilities? Does the
training address the topics identified by your risk
assessment?

» Communications Does your company communicate with employees » Lockheed Martin uses a wide variety of methods to communicate with employees and external audiences. For example, we prod
about ethics and compliance, in addition to training? Do
these communications address the topics identified by
your risk assessment?

» Leadership Commitment How do your company's leaders demonstrate their Lockheed Martin's President, CEO and Chairman introduces our annual Ethics Awareness Training module, as well as our
support for ethics? Code of Ethics and Business Conduct. She also frequently refers to ethics in internal and external presentations.

» Inquiry & Reporting Mechanisms

Does your company have a way for employees and » Lockheed Martin's How the Ethics Process Works brochure informs employees and other stakeholders how they can ask a questi
external stakeholders to ask a question or report
potential misconduct without fear of retaliation?

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Supplier Self-Assessment Tool
Updated April 2018
» Investigations & DisclosuresHow does your company identify and investigate
Lockheed Martin Ethics Supplier Mentoring Program
» Lockheed Martin's How the Ethics Process Works provides an overview of what reporting parties can expect after they report pot
alleged misconduct? Do you have a process in place to
ensure compliance with any mandatory disclosure
obligations?

Discipline & Incentives How does your company discipline employees who At Lockheed Martin, if an investigation of alleged misconduct is substantiated, an employee may be subject to discipline, up
violate laws, regulations or company policies? How to and including termination from employment. Employee performance evaluations include discussion of whether
does your company incentivize ethical behavior? employees model the Corporation’s core values. Employees can also receive small tokens of appreciation or verbal
recognition from their leadership for specific actions that demonstrate their commitment to ethical behavior.

» Program Assessment & Evaluation

How does your company evaluate the effectiveness of Lockheed Martin leverages the activities of our Internal Audit organization to assess compliance with internal policies. A
your ethics program? How often are policies, biannual employee survey helps assess the Corporation's ethical culture and employee perceptions of the ethics program.
procedures, risk assessments, training and the code of Ethics Program Assessments, or internal peer reviews of the implementation of our ethics program in different business
conduct reviewed and updated? areas, help us evaluate the effectiveness of our Ethics program.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
US Federal Acquisition Regulation Clause 52.203-13 Contractor US Federal Sentencing Guidelines for Organizations §8B2.1.
Program Element Code of Business Ethics and Conduct Effective Compliance and Ethics Program Resource Guide to the US Foreign Corrupt Practices Act UK Bribery Act Guidance
Document URL https://www.acquisition.gov/far/html/52_200_206.html https://www.ussc.gov/guidelines/organizational-guidelines https://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf http://www.justice.gov.uk/downloads/legislation/bribery-act-2010-guidance.pdf

Notes FAR Clause 52.203-13 requires certain elements of an effective ethics program The U.S. Federal Sentencing Guidelines for Organizations provide elements of an In addtion to the Federal Sentencing Guidelines, the U.S. Department of Justice The UK Ministry of Justice Guidance provides six principles and associated
for organizations involved in U.S. federal government contracts or subcontracts "effective compliance and ethics program," which the Department of Justice will and U.S. Securities and Exchange Commission "Guide to the FCPA" provides the procedures that should be considered in determining whether an organization
that have a value in excess of $5.5 million and a performance period of more consider in determining penalties for violations of the US Foreign Corrupt "Hallmarks of an Effective Compliance Program," which the agencies assess had "adequate procedures" in the context of a violation of UK Bribery Act 2010.
than 120 days. Practices Act. when considering enforcement and penalty actions.

Company Values
Program Structure & (c) (2) (ii) At a minimum, the Contractor’s internal control system shall provide
Oversight for the following:
(A) Assignment of responsibility at a sufficiently high level and adequate
resources to ensure effectiveness of the business ethics awareness and
compliance program and internal control system.
(B) Reasonable efforts not to include an individual as a principal, whom due
diligence would have exposed as having engaged in conduct that is in conflict
with the Contractor’s code of business ethics and conduct.
(2) (A) The organization's governing authority shall be knowledgeable about the
content and operation of the compliance and ethics program and shall exercise
reasonable oversight with respect to the implementation and effectiveness of
the compliance and ethics program.
(B) High-level personnel of the organization shall ensure that the organization
has an effective compliance and ethics program, as described in this guideline.
Specific individual(s) within high-level personnel shall be assigned overall
responsibility for the compliance and ethics program.
(C) Specific individual(s) within the organization shall be delegated day-to-day
operational responsibility for the compliance and ethics program. Individual(s)
with operational responsibility shall report periodically to high-level personnel
and, as appropriate, to the governing authority, or an appropriate subgroup of
the governing authority, on the effectiveness of the compliance and ethics
program. To carry out such operational responsibility, such individual(s) shall be
given adequate resources, appropriate authority, and direct access to the
governing authority or an appropriate subgroup of the governing authority.
(3) The organization shall use reasonable efforts not to include within the
substantial authority personnel of the organization any individual whom the
organization knew, or should have known through the exercise of due diligence,
has engaged in illegal activities or other conduct inconsistent with an effective
compliance and ethics program.
In appraising a compliance program, DOJ and SEC also consider whether a
company has assigned responsibility for the oversight and implementation of a
company’s compliance program to one or more specific senior executives within
an organization. Those individuals must have appropriate authority within the
organization, adequate autonomy from management, and sufficient resources to
ensure that the company’s compliance program is implemented effectively.
Adequate autonomy generally includes direct access to an organization’s
governing authority, such as the board of directors and committees of the board
of directors (e.g., the audit committee). Depending on the size and structure of
an organization, it may be appropriate for day-to-day operational responsibility
to be delegated to other specific individuals within a company. DOJ and SEC
recognize that the reporting structure will depend on the size and complexity of
an organization. Moreover, the amount of resources devoted to compliance will
depend on the company’s size, complexity, industry, geographical reach, and
risks associated with the business. In assessing whether a company has
reasonable internal controls, DOJ and SEC typically consider whether the
company devoted adequate staffing and resources to the compliance program
given the size, structure, and risk profile of the business.

Risk Assessment Assessment of risk is fundamental to developing a strong compliance program,
and is another factor DOJ and SEC evaluate when assessing a company’s
compliance program. One-size-fits-all compliance programs are generally ill-
conceived and ineffective because resources inevitably are spread too thin, with
too much focus on lowrisk markets and transactions to the detriment of high-
risk areas. Devoting a disproportionate amount of time policing modest
entertainment and gift-giving instead of focusing on large government bids,
questionable payments to third-party consultants, or excessive discounts to
resellers and distributors may indicate that a company’s compliance program is
ineffective. A $50 million contract with a government agency in a high-risk
country warrants greater scrutiny than modest and routine gifts and
entertainment.
The commercial organisation assesses the nature and extent of its exposure to
potential external and internal risks of bribery on its behalf by persons
associated with it. The assessment is periodic, informed and documented.
• Commonly encountered external risks can be categorised into five broad
groups – country, sectoral, transaction, business opportunity and business
partnership.
The commercial organisation applies due diligence procedures, taking a
proportionate and risk based approach, in respect of persons who perform or
will perform services for or on behalf of the organisation, in order to mitigate
identified bribery risks.

Similarly, performing identical due diligence on all third party agents,

irrespective of risk factors, is often counterproductive, diverting attention and
resources away from those third parties that pose the most significant risks. DOJ
and SEC will give meaningful credit to a company that implements in good faith
a comprehensive, risk-based compliance program, even if that program does not
prevent an infraction in a low risk area because greater attention and resources
had been devoted to a higher risk area. Conversely, a company that fails to
prevent an FCPA violation on an economically significant, high-risk transaction
because it failed to perform a level of due diligence commensurate with the size
and risk of the transaction is likely to receive reduced credit based on the quality
and effectiveness of its compliance program.

As a company’s risk for FCPA violations increases, that business should consider
increasing its compliance procedures, including due diligence and periodic
internal audits. The degree of appropriate due diligence is fact-specific and
should vary based on industry, country, size, and nature of the transaction, and
the method and amount of third-party compensation. Factors to consider, for
instance, include risks presented by: the country and industry sector, the
business opportunity, potential business partners, level of involvement with
governments, amount of government regulation and oversight, and exposure to
customs and immigration in conducting business affairs. When assessing a
company’s
© 2018 Lockheed Martin Corporation. All Rights compliance program, DOJ and SEC take into account whether and to
Reserved.
PIRA #: CHQ201608006 what degree a company analyzes and addresses the particular risks it faces.
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018
Policies & Procedures
Lockheed Martin Ethics Supplier Mentoring Program
Whether a company has policies and procedures that outline responsibilities for A commercial organisation’s procedures to prevent bribery by persons
compliance within the company, detail proper internal controls, auditing associated with it are proportionate to the bribery risks it faces and to the
practices, and documentation policies, and set forth disciplinary procedures will nature, scale and complexity of the commercial organisation’s activities. They
also be considered by DOJ and SEC. These types of policies and procedures will are also clear, practical, accessible, effectively implemented and enforced.
depend on the size and nature of the business and the risks associated with the
business. Effective policies and procedures require an in-depth understanding of Note: The full text of UK Bribery Act Guidance provides indicative, not
the company’s business model, including its products and services, third-party exhaustive lists of topics that should be covered in bribery prevention policies
agents, customers, government interactions, and industry and geographic risks. and procedures.
Among the risks that a company may need to address include the nature and
extent of transactions with foreign governments, including payments to foreign
officials; use of third parties; gifts, travel, and entertainment expenses;
charitable and political donations; and facilitating and expediting payments. For
example, some companies with global operations have created web-based
approval processes to review and approve routine gifts, travel, and
entertainment involving foreign officials and private customers with clear
monetary limits and annual limitations. Many of these systems have built-in
flexibility so that senior management, or in-house legal counsel, can be apprised
of and, in appropriate circumstances, approve unique requests. These types of
systems can be a good way to conserve corporate resources while, if properly
implemented, preventing and detecting potential FCPA violations. Regardless of
the specific policies and procedures implemented, these standards should apply
to personnel at all levels of the company.

Code of Conduct (b) (1) (i) The Contractor shall have a written code of business ethics and conduct A company’s code of conduct is often the foundation upon which an effective
(b) (1) (ii) The Contractor shall make a copy of the code available to each compliance program is built. As DOJ has repeatedly noted in its charging
employee engaged in performance of the contract. documents, the most effective codes are clear, concise, and accessible to all
employees and to those conducting business on the company’s behalf. Indeed, it
would be difficult to effectively implement a compliance program if it was not
available in the local language so that employees in foreign subsidiaries can
access and understand it. When assessing a compliance program, DOJ and SEC
will review whether the company has taken steps to make certain that the code
of conduct remains current and effective and whether a company has
periodically reviewed and updated its code.
The commercial organisation seeks to ensure that its bribery prevention policies
and procedures are embedded and understood throughout the organisation
through internal and external communication, including training, that is
proportionate to the risks it faces.
Note: The full text of UK Bribery Act Guidance includes recommendations
related to Code of Conduct, Training, Communications, Leadership Commitment
and Inquiry & Reporting Mechanisms under “Principle 5 Communication
(including training).”

Training & Communications (c) (1) (i) This program shall include reasonable steps to communicate
periodically and in a practical manner the Contractor's standards and procedures
and other aspects of the Contractor's business ethics awareness and compliance
program and internal control system, by conducting effective training programs
and otherwise disseminating information appropriate to an individual's
respective roles and responsibilities.
(c) (1) (ii) The training conducted under this program shall be provided to the
Contractor's principals and employees, and as appropriate, the Contractor's
agents and subcontractors.
(4) (A) The organization shall take reasonable steps to communicate periodically
and in a practical manner its standards and procedures, and other aspects of the
compliance and ethics program, to the individuals referred to in subparagraph
(B) by conducting effective training programs and otherwise disseminating
information appropriate to such individuals' respective roles and responsibilities.
(B) The individuals referred to in subparagraph (A) are the members of the
governing authority, high-level personnel, substantial authority personnel, the
organization's employees, and, as appropriate, the organization's agents.
Compliance policies cannot work unless effectively communicated throughout a The commercial organisation seeks to ensure that its bribery prevention policies
company. Accordingly, DOJ and SEC will evaluate whether a company has taken and procedures are embedded and understood throughout the organisation
steps to ensure that relevant policies and procedures have been communicated through internal and external communication, including training, that is
throughout the organization, including through periodic training and certification proportionate to the risks it faces.
for all directors, officers, relevant employees, and, where appropriate, agents
and business partners. For example, many larger companies have implemented Note: The full text of UK Bribery Act Guidance includes recommendations
a mix of web-based and in-person training conducted at varying intervals. Such related to Code of Conduct, Training, Communications, Leadership Commitment
training typically covers company policies and procedures, instruction on and Inquiry & Reporting Mechanisms under “Principle 5 Communication
applicable laws, practical advice to address real-life scenarios, and case studies. (including training).”
Regardless of how a company chooses to conduct its training, however, the
information should be presented in a manner appropriate for the targeted
audience, including providing training and training materials in the local
language. For example, companies may want to consider providing different
types of training to their sales personnel and accounting personnel with
hypotheticals or sample situations that are similar to the situations they might
encounter. In addition to the existence and scope of a company’s training
program, a company should develop appropriate measures, depending on the
size and sophistication of the particular company, to provide guidance and
advice on complying with the company’s ethics and compliance program,
including when such advice is needed urgently. Such measures will help ensure
that the compliance program is understood and followed appropriately at all
levels of the company.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006

Updated April 2018
Leadership Commitment
Inquiry & Reporting
Mechanisms
Investigations & Disclosures Refer to (b)(3)(i), (b)(3)(ii), (b)(3)(iii) and (c)(2)(ii)(F) of FAR Clause 52.203-13 for
exact wording of mandatory disclosure requirements.
Discipline & Incentives
(c) (2) (ii) At a minimum, the Contractor's internal control system shall provide
for the following:
(D) An internal reporting mechanism, such as a hotline, which allows for
anonymity or confidentiality, by which employees may report suspected
instances of improper conduct, and instructions that encourage employees to
make such reports.
(c) (2) (ii) At a minimum, the Contractor's internal control system shall provide
for the following:
(E) Disciplinary action for improper conduct or for failing to take reasonable
steps to prevent or detect improper conduct.
Guidance on the Elements of an Effective Ethics Program
Lockheed Martin Ethics Supplier Mentoring Program
Within a business organization, compliance begins with the board of directors The top-level management of a commercial organisation (be it a board of
and senior executives setting the proper tone for the rest of the company. directors, the owners or any other equivalent body or person) are committed to
Managers and employees take their cues from these corporate leaders. Thus, preventing bribery by persons associated with it. They foster a culture within the
DOJ and SEC consider the commitment of corporate leaders to a “culture of organisation in which bribery is never acceptable.
compliance” and look to see if this high-level commitment is also reinforced and • Internal and external communication of the commitment to zero tolerance to
implemented by middle managers and employees at all levels of a business. A bribery
well-designed compliance program that is not enforced in good faith, such as • Top-level involvement in bribery prevention
when corporate management explicitly or implicitly encourages employees to
engage in misconduct to achieve business objectives, will be ineffective. DOJ and
SEC have often encountered companies with compliance programs that are
strong on paper but that nevertheless have significant FCPA violations because
management has failed to effectively implement the program even in the face of
obvious signs of corruption. This may be the result of aggressive sales staff
preventing compliance personnel from doing their jobs effectively and of senior
management, more concerned with securing a valuable business opportunity
than enforcing a culture of compliance, siding with the sales team. The higher
the financial stakes of the transaction, the greater the temptation for
management to choose profit over compliance.
A strong ethical culture directly supports a strong compliance program. By
adhering to ethical standards, senior managers will inspire middle managers to
reinforce those standards. Compliant middle managers, in turn, will encourage
employees to strive to attain those standards throughout the organizational
structure.
In short, compliance with the FCPA and ethical rules must start at the top. DOJ
and SEC thus evaluate whether senior management has clearly articulated
company standards, communicated them in unambiguous terms, adhered to
(5) The organization shall take reasonable steps— An
themeffective compliance
scrupulously, program should
and disseminated include
them a mechanism
throughout for an
the organization. The commercial organisation seeks to ensure that its bribery prevention policies
(C) to have and publicize a system, which may include mechanisms that allow for organization’s employees and others to report suspected or actual misconduct and procedures are embedded and understood throughout the organisation
anonymity or confidentiality, whereby the organization's employees and agents or violations of the company’s policies on a confidential basis and without fear of through internal and external communication, including training, that is
may report or seek guidance regarding potential or actual criminal conduct retaliation. Companies may employ, for example, anonymous hotlines or proportionate to the risks it faces.
without fear of retaliation. ombudsmen.
Note: The full text of UK Bribery Act Guidance includes recommendations
related to Code of Conduct, Training, Communications, Leadership Commitment
and Inquiry & Reporting Mechanisms under “Principle 5 Communication
(including training).”
Moreover, once an allegation is made, companies should have in place an
efficient, reliable, and properly funded process for investigating the allegation
and documenting the company’s response, including any disciplinary or
remediation measures taken. Companies will want to consider taking “lessons
learned” from any reported violations and the outcome of any resulting
investigation to update their internal controls and compliance program and
focus future training on such issues, as appropriate.
(6) The organization's compliance and ethics program shall be promoted and In addition to evaluating the design and implementation of a compliance
enforced consistently throughout the organization through program throughout an organization, enforcement of that program is
(A) appropriate incentives to perform in accordance with the compliance and fundamental to its effectiveness. A compliance program should apply from the
ethics program board room to the supply room—no one should be beyond its reach. DOJ and
(B) appropriate disciplinary measures for engaging in criminal conduct and for SEC will thus consider whether, when enforcing a compliance program, a
failing to take reasonable steps to prevent or detect criminal conduct. company has appropriate and clear disciplinary procedures, whether those
procedures are applied reliably and promptly, and whether they are
commensurate with the violation. Many companies have found that publicizing
disciplinary actions internally, where appropriate under local law, can have an
important deterrent effect, demonstrating that unethical and unlawful actions
have swift and sure consequences.
DOJ and SEC recognize that positive incentives can also drive compliant
behavior. These incentives can take many forms such as personnel evaluations
and promotions, rewards for improving and developing a company’s compliance
program, and rewards for ethics and compliance leadership. Some organizations,
for example, have made adherence to compliance a significant metric for
management’s bonuses so that compliance becomes an integral part of
management’s everyday concern. Beyond financial incentives, some companies
have highlighted compliance within their organizations by recognizing
compliance professionals and internal audit staff. Others have made working in
the company’s compliance organization a way to advance an employee’s career.
SEC, for instance, has encouraged companies to embrace methods to incentivize
ethical and lawful behavior:
[M]ake integrity, ethics and compliance part of the promotion, compensation
and evaluation processes as well. For at the end of the day, the most effective
way to communicate that “doing the right thing” is a priority, is to reward it.
Conversely,
© 2018 Lockheed Martin Corporation. All Rights if employees are led to believe that, when it comes to compensation
Reserved.
PIRA #: CHQ201608006 and career advancement, all that counts is short-term profitability, and that
cutting ethical corners is an acceptable way of getting there, they’ll perform to
that measure. To cite an example from a different walk of life: a college football
coach can be told that the graduation rates of his players are what matters, but

Updated April 2018
Program Assessment & (c) (2) (ii) At a minimum, the Contractor's internal control system shall provide
Evaluation for the following:
(C) Periodic reviews of company business practices, procedures, policies, and
internal controls for compliance with the Contractor's code of business ethics
and conduct and the special requirements of Government contracting, including
– require enhancements. Consequently, DOJ and SEC evaluate whether companies
(1) Monitoring and auditing to detect criminal conduct;
(2) Periodic evaluation of the effectiveness of the business ethics awareness and
compliance program and internal control system, especially if criminal conduct
has been detected; and
(3) Periodic assessment of the risk of criminal conduct, with appropriate steps to
design, implement, or modify the business ethics awareness and compliance
program and the internal control system as necessary to reduce the risk of
criminal conduct identified through this process.
Guidance on the Elements of an Effective Ethics Program
Lockheed Martin Ethics Supplier Mentoring
(5) The organization shall take reasonable steps—
Program
Finally, a good compliance program should constantly evolve. A company’s The commercial organisation monitors and reviews procedures designed to
(A) to ensure that the organization's compliance and ethics program is followed, business changes over time, as do the environments in which it operates, the prevent bribery by persons associated with it and makes improvements where
including monitoring and auditing to detect criminal conduct; nature of its customers, the laws that govern its actions, and the standards of its necessary.
(B) to evaluate periodically the effectiveness of the organization's compliance industry. In addition, compliance programs that do not just exist on paper but
and ethics program; are followed in practice will inevitably uncover compliance weaknesses and
(7) After criminal conduct has been detected, the organization shall take regularly review and improve their compliance programs and not allow them to
reasonable steps to respond appropriately to the criminal conduct and to become stale.
prevent further similar criminal conduct, including making any necessary
modifications to the organization's compliance and ethics program. According to one survey, 64% of general counsel whose companies are subject
to the FCPA say there is room for improvement in their FCPA training and
In implementing subsection (b), the organization shall periodically assess the risk compliance programs. An organization should take the time to review and test
of criminal conduct and shall take appropriate steps to design, implement, or its controls, and it should think critically about its potential weaknesses and risk
modify each requirement set forth in subsection (b) to reduce the risk of criminal areas. For example, some companies have undertaken employee surveys to
conduct identified through this process. measure their compliance culture and strength of internal controls, identify best
practices, and detect new risk areas. Other companies periodically test their
internal controls with targeted audits to make certain that controls on paper are
working in practice. DOJ and SEC will give meaningful credit to thoughtful efforts
to create a sustainable compliance program if a problem is later discovered.
Similarly, undertaking proactive evaluations before a problem strikes can lower
the applicable penalty range under the U.S. Sentencing Guidelines. Although the
nature and the frequency of proactive evaluations may vary depending on the
size and complexity of an organization, the idea behind such efforts is the same:
continuous improvement and sustainability.
© 2018 Lockheed Martin Corporation. All Rights Reserved.
PIRA #: CHQ201608006
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
DII Toolkit "Creating and Maintaining an Effective Ethics and Business Conduct
Program Element Program" IFBEC Global Principles of Business Ethics for the Aerospace and Defence Industry
Document URL https://www.dii.org/featured-tools http://ifbec.info/about/
Notes The Defense Industry Initiative (DII), which represents top U.S. defense contractors, developed Creating and The International Forum on Business Ethical Conduct (IFBEC) members, which represents top aerospace
Maintaining an Effective Ethics and Business Conduct Program, which provides a framework and the key and defense companies from around the world, developed the Global Principles of Business Ethics for the
elements required for creating and maintaining an effective business ethics and compliance program in Aerospace and Defence Industry to promote and foster the development of global, industry-wide ethical
companies involved with government contracting. DII's Small Business Toolkit provides more in-depth standards. IFBEC members commit to implementing programs and policies that align with the Global
guidance and resources, including policy templates and sample compliance training, to help companies can Principles.
design, implement, maintain and augment business ethics and compliance programs.

Company Values Your company values will be the foundation of your ethics and business conduct program.

Program Structure & Your company’s policies and procedures (and other command media) should include a written policy on
Oversight ethics and business conduct. This formalizes your company’s commitment to the highest ethical conduct in
all aspects of your business.

Risk Assessment Your company should conduct a comprehensive risk assessment by looking closely at your particular
business to determine areas of business and legal risk.

Policies & Procedures Your company’s policies and procedures (and other command media) should include a written policy on Note: The full text of IFBEC's Global Principles of Business Ethics for the Aerospace and Defence Industry
ethics and business conduct. This formalizes your company’s commitment to the highest ethical conduct in includes guidance on policy considerations related to corruption; use of advisors; conflicts of interest;
all aspects of your business. and proprietary information.

Code of Conduct
The purpose of your company’s code of conduct is to set forth your company values and important business
conduct information for your employees. It is important that your code is a straightforward, brief,
understandable, and useful tool for your employees. Many companies choose a relatively general employee
code of conduct or handbook that provides brief descriptions of various company policies, with references
to the more expansive policies for more detailed information on topics relevant to their specific work
situations or issues.
Training Employee awareness can be achieved through something as formal as one hour of live ethics training each Companies that endorse these Global Principles commit to have comprehensive policies and integrity
year or through a variety of ethics awareness initiatives that can be presented to employees periodically on programmes, and to foster effective practices within their aerospace and defense business operations to
a more informal basis (such as incorporating ethics discussions into regular staff meetings, safety meetings implement these Global Principles which shall include:
or employee forums). promoting awareness and compliance with the integrity policies of the Company consistent with the
Global Principles through appropriate communication and training.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
Communications Communication of your company’s commitment to ethical conduct should include consistent messages Companies that endorse these Global Principles commit to have comprehensive policies and integrity
delivered in engaging and diverse manners (such as email, posters, company newsletters, company Intranet programmes, and to foster effective practices within their aerospace and defense business operations to
and other existing company communications). implement these Global Principles which shall include:
promoting awareness and compliance with the integrity policies of the Company consistent with the
Global Principles through appropriate communication and training.

Leadership Commitment The visible commitment of your company’s leadership at all levels is imperative to the success of your
program. Leaders set the tone and culture of an organization, including its attitude about ethics. It is
imperative that employees see that leaders are committed to the highest ethical standards.

Inquiry & Reporting It is important that your ethics and business conduct program includes a place for your employees, Companies that endorse these Global Principles commit to have comprehensive policies and integrity
Mechanisms suppliers, customers and others who do business with your company to ask questions or raise areas of programmes, and to foster effective practices within their aerospace and defense business operations to
concern. implement these Global Principles which shall include:
encouraging their employees, directors and officers to report all specific concerns that they may have
concerning compliance with the integrity policies of the Company consistent with the Global Principles
without fear of retaliation.

Investigations &
Disclosures
Discipline & Incentives Companies that endorse these Global Principles commit to have comprehensive policies and integrity
programmes, and to foster effective practices within their aerospace and defense business operations to
implement these Global Principles which shall include:
applying appropriate, proportionate and dissuasive sanctions for evidenced cases of non-compliance.

Program Assessment & Part of maintaining an effective Ethics and Business Conduct Program is conducting regular program
Evaluation assessments and evaluations. In addition to your company’s values and culture, there are various program
elements to be measured – for instance, your company’s code of conduct and related policies, inquiry and
reporting mechanisms, training and communication, and leadership actions. The design, implementation
and impact of these important program elements and activities should be evaluated.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
Program Element ICC Rules on Combating Corruption OECD Good Practice Guidance on Internal Controls, Ethics, and Transparency International Business Principles for Countering
Compliance Bribery
Document URL http://www.iccwbo.org/Advocacy-Codes-and-Rules/Document-centre/2011/ICC-Rules-on-Combating-Corruption/
https://www.oecd.org/daf/anti-bribery/44884389.pdf https://www.transparency.org/whatwedo/publication/business_principles_for_counteri

Notes The International Chamber of Commerce (ICC)'s Rules on Combating Corruption
provides a compliance model applicable to companies of all sizes. The self-
regulatory document is not legally binding, but it reflects key international legal
instruments, such as the OECD Anti-Bribery Convention and the UN Anti-
Corruption Convention.
The Organization for Economic Co-operation and Development (OECD)'s Good
Practice Guidance provides non-legally binding guidance to companies,
particularly small and medium enterprises in OECD member countries, on
developing effective internal controls, ethics, and compliance programmes or
measures for preventing and detecting foreign bribery.
Transparency International (TI)'s Business Principles provide a framework for
organizations interested in developing, benchmarking or strengthening their
anti-bribery programmes. TI-UK also publishes the Defence Companies Anti-
Corruption Index, which assesses the ethics and anti-corruption programs of
firms in the global defense industry using publicly available information.

Company Values 3.1 The enterprise should develop a Programme that clearly and in reasonable
detail, articulates values, policies and procedures to be used to prevent bribery
from occurring in all activities under its effective control.

Program Structure & a) expressing a strong, explicit and visible support and commitment to the
Oversight Corporate Compliance Programme by the Board of Directors or other body with
ultimate responsibility for the Enterprise and by the Enterprise’s senior
management (“tone at the top”);
c) mandating the Board of Directors or other body with ultimate responsibility
for the Enterprise, or the relevant committee thereof, to conduct periodical risk
assessments and independent reviews of compliance with these Rules and
recommending corrective measures or policies, as necessary. This can be done
as part of a broader system of corporate compliance reviews and/or risk
assessments;
oversight of ethics and compliance programmes or measures regarding foreign
bribery, including the authority to report matters directly to independent
monitoring bodies such as internal audit committees of boards of directors or of
supervisory boards, is the duty of one or more senior corporate officers, with an
adequate level of autonomy from management, resources, and authority;
The following section sets out the requirements that enterprises should meet at
a minimum when implementing the Programme.
6.1 Organisation and responsibilities
6.1.1 The Board of Directors or equivalent body should demonstrate visible and
active commitment to the implementation of the enterprise’s Programme.
6.1.2 The Chief Executive Officer is responsible for ensuring that the Programme
is carried out consistently with clear lines of authority.

d) making it the responsibility of individuals at all levels of the Enterprise to

comply with the Enterprise’s policy and to participate in the Corporate
Compliance Programme;

e) appointing one or more senior officers (full or part time) to oversee and
coordinate the Corporate Compliance Programme with an adequate level of
resources, authority and independence, reporting periodically to the Board of
Directors or other body with ultimate responsibility for the Enterprise, or to the
relevant committee thereof;

g) exercising appropriate due diligence, based on a structured risk management

approach, in the selection of its directors, officers and employees, as well as of
its Business Partners who present a risk of corruption or of circumvention of
these Rules;

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
Risk Assessment c) mandating the Board of Directors or other body with ultimate responsibility ethics and compliance programmes or measures designed to prevent and detect 3.2 The enterprise should design and improve its Programme based on
for the Enterprise, or the relevant committee thereof, to conduct periodical risk foreign bribery applicable, where appropriate and subject to contractual continuing risk assessment.
assessments and independent reviews of compliance with these Rules and arrangements, to third parties such as agents and other intermediaries, 4.1 The Programme should be tailored to reflect the enterprise’s particular
recommending corrective measures or policies, as necessary. This can be done consultants, representatives, distributors, contractors and suppliers, consortia, business risks, circumstances and culture, taking into account inherent risks such
as part of a broader system of corporate compliance reviews and/or risk and joint venture partners (hereinafter “business partners”), including, inter alia, as locations of the business, the business sector and organisational risks such as
assessments; the following essential elements: size of the enterprise and use of channels such as intermediaries.
i) properly documented risk-based due diligence pertaining to the hiring, as well 4.2 The enterprise should assign responsibilities for oversight and
as the appropriate and regular oversight of business partners; implementation of risk assessment.
ii) informing business partners of the company’s commitment to abiding by laws
on the prohibitions against foreign bribery, and of the company’s ethics and
compliance programme or measures for preventing and detecting such bribery;
and
iii) seeking a reciprocal commitment from business partners.

Policies & Procedures b) establishing a clearly articulated and visible policy reflecting these Rules and a clearly articulated and visible corporate policy prohibiting foreign bribery; Note: The full text of Transparency International's Business Principles for
binding for all directors, officers, employees and Third Parties and applying to all compliance with this prohibition and the related internal controls, ethics, and Countering Bribery includes guidance on policy considerations related to
controlled subsidiaries, foreign and domestic; compliance programmes or measures is the duty of individuals at all levels of the conflicts of interest; bribes; political contributions; charitable contributions and
d) making it the responsibility of individuals at all levels of the Enterprise to company; sponsorships; facilitation payments; gifts, hospitality and expenses; due
comply with the Enterprise’s policy and to participate in the Corporate ethics and compliance programmes or measures designed to prevent and detect diligence; mergers, acquisitions and investments; joint ventures and consortia;
Compliance Programme; foreign bribery, applicable to all directors, officers, and employees, and agents, lobbyists and intermediaries; contractors and suppliers; human
h) designing financial and accounting procedures for the maintenance of fair and applicable to all entities over which a company has effective control, including resources; and internal controls and record keeping.
accurate books and accounting records, to ensure that they cannot be used for subsidiaries, on, inter alia, the following areas:
the purpose of engaging in or hiding of corrupt practices; i) gifts;
i) establishing and maintaining proper systems of control and reporting ii) hospitality, entertainment and expenses;
procedures, including independent auditing; iii) customer travel;
iv) political contributions;
v) charitable donations and sponsorships;
vi) facilitation payments; and
vii) solicitation and extortion;
ethics and compliance programmes or measures designed to prevent and detect
foreign bribery applicable, where appropriate and subject to contractual
arrangements, to third parties such as agents and other intermediaries,
consultants, representatives, distributors, contractors and suppliers, consortia,
and joint venture partners (hereinafter “business partners”), including, inter alia,
Code of Conduct b) establishing a clearly articulated and visible policy reflecting these Rules and the following essential elements:
binding for all directors, officers, employees and Third Parties and applying to all i) properly documented risk-based due diligence pertaining to the hiring, as well
controlled subsidiaries, foreign and domestic; as the appropriate and regular oversight of business partners;
d) making it the responsibility of individuals at all levels of the Enterprise to ii) informing business partners of the company’s commitment to abiding by laws
comply with the Enterprise’s policy and to participate in the Corporate on the prohibitions against foreign bribery, and of the company’s ethics and
Compliance Programme; compliance programme or measures for preventing and detecting such bribery;
and
iii) seeking a reciprocal commitment from business partners.
a system of financial and accounting procedures, including a system of internal
controls, reasonably designed to ensure the maintenance of fair and accurate
books, records, and accounts, to ensure that they cannot be used for the
purpose of foreign bribery or hiding such bribery;

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
Training k) providing to their directors, officers, employees and Business Partners, as measures designed to ensure periodic communication, and documented training
appropriate, guidance and documented training in identifying corruption risks in for all levels of the company, on the company’s ethics and compliance
the daily business dealings of the Enterprise as well as leadership training; programme or measures regarding foreign bribery, as well as, where
appropriate, for subsidiaries;
f) issuing guidelines, as appropriate, to further elicit the behavior required and to measures designed to ensure periodic communication, and documented training
deter the behavior prohibited by the Enterprise’s policies and programme; for all levels of the company, on the company’s ethics and compliance
j) ensuring periodic internal and external communication regarding the programme or measures regarding foreign bribery, as well as, where
Enterprise’s anti-corruption policy; appropriate, for subsidiaries;
Leadership Commitment a) expressing a strong, explicit and visible support and commitment to the strong, explicit and visible support and commitment from senior management to
Corporate Compliance Programme by the Board of Directors or other body with the company's internal controls, ethics and compliance programmes or
ultimate responsibility for the Enterprise and by the Enterprise’s senior measures for preventing and detecting foreign bribery;
management (“tone at the top”);
Inquiry & Reporting m) offering channels to raise, in full confidentiality, concerns, seek advice or effective measures for:
Mechanisms report in good faith established or soundly suspected violations without fear of i) providing guidance and advice to directors, officers, employees, and, where
retaliation or of discriminatory or disciplinary action. Reporting may either be appropriate, business partners, on complying with the company's ethics and
compulsory or voluntary; it can be done on an anonymous or on a disclosed compliance programme or measures, including when they need urgent advice
basis. All bona fide reports should be investigated; on difficult situations in foreign jurisdictions;
ii) internal and where possible confidential reporting by, and protection of,
directors, officers, employees, and, where appropriate, business partners, not
willing to violate professional standards or ethics under instructions or pressure
from hierarchical superiors, as well as for directors, officers, employees, and,
where appropriate, business partners, willing to report breaches of the law or
professional standards or ethics occurring within the company, in good faith and
on reasonable grounds; and
iii) undertaking appropriate action in response to such reports;
© 2018 Lockheed Martin Corporation. All Rights Reserved.
PIRA #: CHQ201608006
The following section sets out the requirements that enterprises should meet at
a minimum when implementing the Programme.
6.4 Training
6.4.1 Directors, managers, employees and agents should receive appropriate
training on the Programme.
6.4.2 Where appropriate, contractors and suppliers should receive training on
the Programme.
The following section sets out the requirements that enterprises should meet at
a minimum when implementing the Programme.
6.6 Communication and reporting
6.6.1 The enterprise should establish effective internal and external
communication of the Programme.
6.6.2 The enterprise should publicly disclose information about its Programme,
including the management systems employed to ensure its implementation.
6.6.3 The enterprise should be open to receiving communications from and
engaging with stakeholders with respect to the Programme.
The following section sets out the requirements that enterprises should meet at
a minimum when implementing the Programme.
6.5 Raising concerns and seeking guidance
6.5.1 To be effective, the Programme should rely on employees and others to
raise concerns and violations as early as possible. To this end, the enterprise
should provide secure and accessible channels through which employees and
others should feel able to raise concerns and report violations
(“whistleblowing”) in confidence and without risk of reprisal.
6.5.2 These or other channels should be available for employees to seek advice
on the application of the Programme.
 Guidance on the Elements of an Effective Ethics Program
Updated April 2018 Lockheed Martin Ethics Supplier Mentoring Program
Investigations & m) offering channels to raise, in full confidentiality, concerns, seek advice or The following section sets out the requirements that enterprises should meet at
Disclosures report in good faith established or soundly suspected violations without fear of a minimum when implementing the Programme.
retaliation or of discriminatory or disciplinary action. Reporting may either be 6.6 Communication and reporting
compulsory or voluntary; it can be done on an anonymous or on a disclosed 6.6.4 The enterprise should consider additional public disclosure on payments to
basis. All bona fide reports should be investigated; governments on a country-by-country basis.
n) acting on reported or detected violations by taking appropriate corrective 6.6.5 In the spirit of greater organisational transparency and accountability to
action and disciplinary measures and considering making appropriate public stakeholders, the enterprise should consider disclosing its material holdings of
disclosure of the enforcement of the Enterprise’s policy; subsidiaries, affiliates, joint ventures and other related entities.
6.9 Cooperation with authorities
6.9.1 The enterprise should cooperate appropriately with relevant authorities in
connection with bribery and corruption investigations and prosecutions.

Discipline & Incentives f) issuing guidelines, as appropriate, to further elicit the behavior required and to appropriate measures to encourage and provide positive support for the
deter the behavior prohibited by the Enterprise’s policies and programme; observance of ethics and compliance programmes or measures against foreign
l) including the review of business ethics competencies in the appraisal and bribery, at all levels of the company;
promotion of management and measuring the achievement of targets not only appropriate disciplinary procedures to address, among other things, violations,
against financial indicators but also against the way the targets have been met at all levels of the company, of laws against foreign bribery, and the company’s
and specifically against the compliance with the Enterprise’s anti-corruption ethics and compliance programme or measures regarding foreign bribery;
policy;
n) acting on reported or detected violations by taking appropriate corrective
action and disciplinary measures and considering making appropriate public
disclosure of the enforcement of the Enterprise’s policy;

Program Assessment & c) mandating the Board of Directors or other body with ultimate responsibility
Evaluation for the Enterprise, or the relevant committee thereof, to conduct periodical risk
assessments and independent reviews of compliance with these Rules and
recommending corrective measures or policies, as necessary. This can be done
as part of a broader system of corporate compliance reviews and/or risk
assessments;
i) establishing and maintaining proper systems of control and reporting
procedures, including independent auditing;
o) considering the improvement of its Corporate Compliance Programme by
seeking external certification, verification or assurance;
periodic reviews of the ethics and compliance programmes or measures,
designed to evaluate and improve their effectiveness in preventing and
detecting foreign bribery, taking into account relevant developments in the field, 6.8 Monitoring and review
and evolving international and industry standards.
The following section sets out the requirements that enterprises should meet at
a minimum when implementing the Programme.
6.8.1 The enterprise should establish feedback mechanisms and other internal
processes supporting the continuous improvement of the Programme. Senior
management of the enterprise should monitor the Programme and periodically
review the Programme’s suitability, adequacy and effectiveness and implement
improvements as appropriate.
6.8.2 Senior management should periodically report the results of the
Programme reviews to the Audit Committee, Board or equivalent body.
6.8.3 The Audit Committee, the Board or equivalent body should make an
independent assessment of the adequacy of the Programme and disclose its
findings in the Annual Report to shareholders.
6.10 Independent assurance
6.10.1 Where appropriate, the enterprise should undergo voluntary
independent assurance on the design, implementation and/or effectiveness of
the Programme.
6.10.2 Where such independent assurance is conducted, the enterprise should
consider publicly disclosing that an external review has taken place, together
with the related assurance opinion.

© 2018 Lockheed Martin Corporation. All Rights Reserved.

PIRA #: CHQ201608006