GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011

Version 7.1

FIRSTGROUP PLC
GROUP ANTI-BRIBERY POLICY
VERSION 7.1

Original date of issue May 2011

Filename Group anti-bribery policy.docx
Date of last review July 2018

Author Christy Baker

Business Owner Group Legal (Christy Baker)
Authorised by FirstGroup plc board

Definitions

“Group” means FirstGroup plc and its group companies.

“Bribe” or “bribery” includes any corrupt or improper business dealings, all of which are covered by this policy.
The “Programme” means the Global Anti-Bribery Awareness Programme set out at section 15 below.

1. Policy statement

1.1 It is the Group’s policy to conduct all of our business in an honest and ethical manner. We take a zero-
tolerance approach to bribery and corruption and are committed to acting professionally, fairly and with
integrity in all our business dealings and relationships wherever we operate, and implementing and
enforcing effective systems to counter bribery and corruption.

1.2 We will uphold all laws relevant to countering bribery and corruption in all the jurisdictions in which we
operate, including where relevant the US Foreign and Corrupt Practices Act. In any event, as a UK-
domiciled group committed to best practice, we take the view that we should seek to comply with the UK
Bribery Act 2010 in respect of our conduct across the business, regardless of location.

2. About this policy

2.1 The purpose of this policy is to:

(a) set out our responsibilities, and of those working for us, in observing and upholding our position
on bribery and corruption; and

(b) provide information and guidance to those working for us on how to recognise and deal with
bribery and corruption issues.

2.2 Under the UK Bribery Act, it is a criminal offence to offer, promise, give, request, or accept a bribe.
Individuals found guilty can be punished by up to ten years' imprisonment and/or a fine. As an employer
if we fail to prevent bribery we can face an unlimited fine, exclusion from bidding for public contracts, and
damage to our reputation. We therefore take our legal responsibilities very seriously.

2.3 This policy should be read in conjunction with the Group Gifts and Hospitality Policy.

2.4 Any employee who breaches this policy will face disciplinary action, which could result in dismissal for
gross misconduct. Any non-employee who breaches this policy may have their contract terminated with
immediate effect.

1
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

3. Who does this policy apply to?

3.1 This policy applies to anyone working for us or on our behalf in any capacity, including employees at all
levels, directors, officers, agency workers, seconded workers, volunteers, interns, agents, contractors,
external consultants, third-party representatives and business partners

3.2 This policy will apply at all times to all Group businesses, and individuals performing services on their
behalf, regardless of where those businesses/individuals are located or where the activity takes place.

3.3 This policy does not form part of any employee's contract of employment and may be amended at any
time.

4. Who is responsible for ensuring compliance?

4.1 The FirstGroup plc board of directors has overall responsibility for ensuring this policy complies with our
legal and ethical obligations, and that all those under our control comply with it. Compliance with the policy
is monitored at senior executive level through reporting to the FirstGroup plc Audit Committee.

4.2 The anti-bribery steering committee has primary and day-to-day responsibility for implementing this
policy, monitoring its use and effectiveness, dealing with any queries about it, and auditing internal control
systems and procedures to ensure they are effective in countering bribery and corruption.

4.3 Managing directors and function heads (as appropriate) are individually responsible for implementing this
policy at a local level and ensuring that their direct reports comply with it. If you are a manager, please
refer to section 12 which sets out your responsibilities in more detail.

5. Your responsibilities

5.1 You must ensure that you read, understand and comply with this policy.

5.2 The prevention, detection and reporting of bribery and other forms of corruption are the responsibility of
all those working for us or under our control. You are required to avoid any activity that might lead to, or
suggest, a breach of this policy.

5.3 You must report any concerns as soon as possible if you believe or suspect that a conflict with this policy
has occurred, or may occur in the future. For example, if a customer or potential customer offers you
something to gain a business advantage with us, or indicates to you that a gift or payment is required to
secure their business. Some further "red flags" that may indicate bribery or corruption are set out at Annex
5.

6. What is bribery?

6.1 The UK Bribery Act 2010 creates a corporate offence of failure to prevent bribery, and requires us to
implement ’adequate procedures’ to prevent bribery. For the purposes of this policy, bribery occurs where
any person performing services on the Group’s behalf (including its employees, directors, agents,
representatives or subsidiaries) offers, pays, seeks or accepts a payment, gift, favour, or a financial or
other advantage from another, in order to:

(a) gain any commercial, contractual or regulatory advantage for the Group (or any subsidiary) in a
way which is unethical, or

(b) gain any personal advantage, financial or otherwise, for the individual or anyone connected with
the individual, or

(c) induce the improper performance of any function that is of a public nature, connected with a
business, performed by a body or performed by a person in the course of their employment.

2
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Examples:

Offering a bribe

You offer a potential customer tickets to a major sporting event, but only if they agree to award
us a contract.

This would be an offence as you are making the offer in order to gain a commercial and
contractual advantage. The business may also be found to have committed the corporate
offence because the offer has been made to obtain business for First. It is also likely to be an
offence for the potential customer to accept your offer.

Receiving a bribe

A supplier gives your cousin a job, but makes it clear that in return they expect you to use your
influence within First to ensure we continue to do business with them.

It is an offence for a supplier to make such an offer. It would be an offence for you to accept
the offer as you would be doing so to gain a personal advantage.

Bribing a foreign (non-UK) official

You arrange for the business to pay an additional "facilitation" payment to a foreign (non-UK)
official to speed up an administrative process.

The UK offence of bribing a foreign public official is committed as soon as the offer is made.
This is because it is made to gain a business advantage for us. First may also be found to
have committed the corporate offence. It may also be an offence for the official to accept the
offer.

6.2 An offence may still be committed even where a payment or gift is made in a foreign country which
habitually ignores or turns a blind eye to bribery, unless there are very clear exemptions under local law.
Specific advice should be sought via the Group Legal Director (Europe & Rest of World) or FGA General
Counsel (North, South & Central America) in these circumstances.

7. What you must not do

7.1 It is not acceptable for you (or someone on your behalf) to:

(a) give, promise to give, or offer, a payment, gift or hospitality with the expectation or hope that a
business advantage will be received, or to reward a business advantage already given;

(b) give or accept a gift or hospitality during any commercial negotiations or tender or bid/RFP
process, if this could be perceived as intended or likely to influence the outcome;

(c) accept a payment, gift or hospitality from a third party that you know or suspect is offered with
the expectation that it will provide a business advantage for them or anyone else in return;

(d) accept hospitality from a third party that is unduly lavish or extravagant in nature or amount
under the circumstances;

(e) threaten, or retaliate against, another individual who has refused to commit a bribery offence or
who has raised concerns under this policy; or

(f) engage in any other activity that might lead to a breach of this policy.

8. Facilitation payments and kickbacks

8.1 We do not make, and will not accept, facilitation payments or kickbacks of any kind.

3
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

8.2 Facilitation payments and kickbacks, also known as "back-handers" or "grease payments", are typically
small, unofficial payments made to secure or expedite a routine or necessary action (for example by a
government official). They are not common in the UK or North America, but are common in some other
jurisdictions in which we operate.

8.3 You must avoid any activity that might lead to a facilitation payment or kickback being made or accepted
by us or on our behalf, or that might suggest that such a payment will be made or accepted. If you are
asked to make a payment on our behalf, you should always be mindful of what the payment is for and
whether the amount requested is proportionate to the goods or services provided. You should always ask
for a receipt which details the reason for the payment. If you have any suspicions, concerns or queries
regarding a payment, you should raise these with Group Legal or FGA Legal.

8.4 The only exception to paying a facilitation payment is where your or another person’s personal safety is
in danger. If a facilitation payment is made in such circumstances, it must be reported as soon as possible
to Group Legal or FGA Legal.

9. Particular areas of concern

9.1 While it is important that you actively monitor all activities, the Group has identified three particular areas
which are likely to be of potential concern.

Financial incentives

9.2 Unless permitted or approved under the Group Gifts and Hospitality Policy (e.g. legitimate charitable
donations), you are not permitted to pay or receive financial incentives to procure or retain business for
the Group, or as an inducement for third parties to perform functions improperly.

Middleman arrangements

9.3 Entering into any arrangement where a third party acts as relationship middleman or introducer/facilitator
carries a risk of constituting a bribery offence, especially when such introductions are to non-UK officials.

9.4 If you intend to enter into any such arrangement, you must seek approval in advance, in accordance with
the Third Party Facilitation Procedure outlined at section 14 below. If at any time you suspect that the
conduct of a relationship middleman may fall within section 9.3 above, you must notify Group/FGA Legal
immediately – do not inform, or change your behaviour towards, the relationship middleman unless
advised to do so by Group/FGA Legal.

Corporate hospitality and political/charitable contributions

9.5 This policy does not prohibit the giving or accepting of reasonable and appropriate hospitality for legitimate
purposes such as building relationships, maintaining our image or reputation, or marketing our products
and services. However, a gift or hospitality will not be appropriate if it is unduly lavish or extravagant, or
could be seen as an inducement or reward for any preferential treatment (for example, during contractual
negotiations or a tender or bid/RFP process).

9.6 You are required to comply with the Group Gifts and Hospitality Policy when offering, providing or
receiving corporate gifts or hospitality, or making political/charitable contributions on behalf of the Group.

10. Record-keeping

10.1 We must keep accurate and transparent records. If you are responsible for keeping records, make sure
that they accurately reflect and are a fair presentation of the activities they record. This includes records
relating to gifts and hospitality, charitable and political contributions, risk assessments and pre-approval
documents.

4
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

11. Consequences of breach

11.1 The consequences of a breach of this policy are severe and could lead to criminal sanctions being applied
to both the Group and the individual(s) responsible, including potentially significant fines, as well as
imprisonment and/or director disqualification orders for individuals. In certain cases, we may also be
prohibited from bidding for future public authority contracts.

11.2 The Group therefore views any breach or attempted breach of this policy as gross misconduct and will
take appropriate disciplinary action up to and including dismissal.

11.3 You should be aware that knowing about a breach of the policy and failing to report it could also attract
criminal liability and internal disciplinary measures.

11.4 We may terminate our relationship with other individuals and organisations working on our behalf if they
breach this policy, and potentially disqualify them from working with the Group again in the future.

12. Management responsibilities

12.1 Managing directors and function heads (as appropriate) are responsible for ensuring that adequate
procedures are in place at a local level to assess the risks associated with the specific arrangements
which their businesses enter into. It is also necessary to regularly monitor, both at the outset and for their
duration, activities in areas where bribery may be more likely to occur (for example, middleman
arrangements or contacts with foreign officials). The appropriate level of monitoring / reporting in respect
of individual contracts or arrangements may vary depending on the nature, size and counterparty of the
contract.

12.2 Management of each operational business unit and Group function (as set out at Annex 1) is always
required to:

(a) undertake an annual bribery risk assessment by 1 June each year (based on the assessment
matrix, and accompanying notes, attached at Annex 2), and submit this to
ia.notification@firstgroup.com by 15 June each year; 1

(b) examine the outcomes of the bribery risk assessment and implement appropriate safeguards
and controls (document using the template attached at Annex 2);

(c) actively supervise employees;

(d) evaluate the risk associated with individual contracts or arrangements prior to entering into
them, and take action as appropriate;

(e) communicate our zero-tolerance approach to bribery and corruption to all suppliers, contractors
and business partners at the outset of our business relationship with them and as appropriate
thereafter; and

(f) ensure ongoing compliance with the third party facilitation procedures set out at section 14 and
with other related Group policies (e.g. Fraud, Travel & Expenses, and Gifts & Hospitality
policies).

13. Reporting & investigating potential breaches of the policy

13.1 If you are offered a bribe, or are asked to make one, or if you suspect that any bribery, corruption or other
breach of this policy has occurred or may occur, you must make a report as soon as possible to:

(a) your line manager; or

1 Assessment of performance will be further supported by audit carried out by Group Internal Audit.

5
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

(b) Group Security, Group Internal Audit or Group Legal/FGA Legal; or

(c) the Group anti-bribery steering committee, via bribery.steeringcom@firstgroup.com; or

(d) the Group’s confidential hotline (0808 234 5291 (UK) or 1-877-3CALLFG (North America)), or at
www.ethicsfirst.ethicspoint.com/.

13.2 Any report made in accordance with the guidelines set out in the Whistleblowing Policy will be treated
confidentially and without fear of reprisals or victimisation, even if the suspicions turn out to be
mistaken.

13.3 The individual to whom the suspicions are reported should, in conjunction with Group/FGA Legal, consider
the nature of the concerns. If appropriate, a more detailed investigation will be commissioned under the
guidance of the Group Legal Director or her/his nominee.

13.4 Staff must not disclose to persons/organisations under investigation that they are the subject of such an
investigation (unless it is necessary to do so for the purposes of the investigation itself) as this may affect
any subsequent criminal prosecution.

14. Third Party Facilitation Procedures

14.1 Circumstances may arise where third parties performing services on the Group’s behalf could be
perceived as facilitating bribery. We have procedures in place to ensure that all such arrangements are
monitored and, where appropriate, approved in advance. Prior to entering into any arrangement which is
partly or wholly concerned with a third party making introductions or acting as relationship middleman or
facilitator, you must comply with the following due diligence procedure.

14.2 Before entering into any arrangements partially or wholly of the type referred to above, you must obtain
approval from your Divisional Managing Director or Head of Function, as appropriate, by using the Third
Party Arrangement Notification Form (attached to this policy as Annex 3). Divisional Managing Directors
and Heads of Function should seek guidance from Group/FGA Legal where they have any concerns about
the proposed arrangements.

14.3 After entering into the arrangement, you must monitor the status of the arrangement and immediately
notify your Divisional Managing Director or Head of Function in the event that the character of the
arrangement changes, including where it expires or is terminated.

14.4 Divisional Managing Directors and Heads of Function shall keep a copy of all documentation related to
the approval process, and make it available for review by Group Internal Audit on request.

15. Anti-Bribery Awareness Programme

15.1 In order to assist employees to detect and avoid actions or arrangements which could constitute bribery
or a similar offence, the Group has instigated a Global Anti-Bribery Awareness Programme. The
Programme will consist of:

(a) training to be delivered to each of the individuals falling within the categories listed in Annex 4,
and any other individuals who request the training;

(b) training to be updated and repeated on a regular basis (at least every three years);

(c) reporting and due diligence procedures set out in the policy and linked Group policies (including
the Group Gifts and Hospitality, Fraud, and Whistleblowing policies);

(d) making the policy and related policies available via the Employee Portal; and

(e) a steering committee with representatives from each of Group Legal, FGA Legal, Group Internal
Audit, Group Security, Group Human Resources, Group CR and Procurement – the steering

6
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

committee will meet at least once every quarter to assess whether the Group’s bribery
procedures remain adequate, particularly in the light of any new developments in this area.

16. Document History & Change Control

Review Period

16.1 This document will be reviewed by the Business Owner within twelve months after the issue date and at
least once every twelve months thereafter. It will be reviewed at other times as dictated by operational
needs and changes to the underlying legal and regulatory position.

Change Control

16.2 Requests for changes to this document must be sent to the Business Owner. All requests must provide
details of the required changes and the reasons for the changes being requested. All changes will be
noted in the table below by the Business Owner.

16.3 Material changes will be subject to the approval of the FirstGroup plc board prior to implementation.

16.4 The Business Owner will update the table at Annex 6 to show the dates of any reviews and/or changes
to this document.

7
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Annex 1 – Operational Business Units and Group & Shared Service Functions

Each of the following operational business units, Group functions and FGA shared service functions is required
to carry out an annual bribery risk assessment, in accordance with Annex 2.

All subsidiary companies and operations must be included in the assessment, except where they are required to
carry out their own risk assessment. Where elements of a Group or FGA shared service function (e.g. engineering,
finance, HR) are embedded in and/or report into an operational business unit, those elements should be included
in the operational risk assessment rather than the functional risk assessment.

Europe & Rest of World – North, South & Central Group functions FGA shared service
operational America – operational functions
UK Bus Board (incl central First Student (incl Group Corporate Engineering & Fleet
bus functions – e.g. comms, embedded functions – e.g. Communications &
finance, procurement, business development, Corporate
engineering) finance, HR) Responsibility
UK Bus – each individual First Transit (incl First Group Finance (incl Finance2
opco Vehicle Services, First FSS)
Transit de Panama, Transit
Management/call centers &
embedded functions – e.g.
business development,
finance, HR)
First Rail Support (incl First Greyhound (incl Greyhound Group HR HR & Labor Relations
Games Transport) Canada & embedded (incl Communications,
functions – e.g. business Payroll & Benefits)3
development, finance, HR)
UK Rail Exec (incl central Greyhound Mexico (incl Group Information Legal
rail functions & bid teams) embedded functions – e.g. Technology
business development,
finance, HR)
Great Western Railway (incl US Rail (incl embedded Group Insurance & Procurement
embedded functions – e.g. functions – e.g. business Risk (incl TCL)
HR, procurement, finance) development, finance, HR)
Hull Trains (incl embedded Group Internal Audit Risk Management
functions – e.g. HR,
procurement, finance)
South Western Railway (incl Group Legal (incl
embedded functions – e.g. Company Secretarial)
HR, procurement, finance)
TransPennine Express (incl Group Procurement
embedded functions – e.g.
HR, procurement, finance)
Tram Operations Group Property (incl
FGA Environment &
Real Estate)
International Group Reward &
Pensions
Group Safety
Group Security
Group Treasury & Tax
NB: For Group functions and FGA shared service functions, the head of function will be responsible for identifying
the appropriate senior individual to carry out the assessment. The head of function will also be responsible
for approving and submitting the completed assessment.

2 Only to the extent that the services provided are FGA-wide and not embedded in separate operational business units.
3 Only to the extent that the services provided are FGA-wide and not embedded in separate operational business units.

8
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Annex 2 – Bribery Risk Assessment & Controls

Business: …………………………………………………………… Location: ……………………………………………………………

Assessment Date: ………………………………………………… Date of Review: ……………………………………………………

Effectiveness of
Likelihood Impact Residual Risk
Areas Assessed business controls
(Low/Medium/High) (Low/Medium/High) (Low/Medium/High)
(Low/Medium/High)
Operational
Public authority contracts
Other customer contracts
Procurement contracts
Third party facilitation agreements
(e.g. middlemen, agents)
Facilitation payments & kickbacks
Acquisitions & disposals
Regulators (e.g. VOSA, HSE, ORR)
New ventures
Other contractual arrangements
(please specify)

Non-operational
Lobbying
Corporate gifts and hospitality
Charitable donations
Political contributions

Signature……….…..….……………Finance Director (or equivalent) Signature……………..……………Managing Director/Functional Head

Name…………………………………..… Name…………………………………..…

Date…………………………………..… Date…………………………………..…
9
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Notes to Bribery Risk Assessment

Note 1: When assessing the likely bribery risk associated with contractual arrangements, you should look at:

(i) the identity of the counterparties – are you aware of any previous convictions/accusations of bribery against them?

(ii) the location – where are the goods/services to be provided, and where are the counterparties, as well as their suppliers, located? (the
Transparency International Corruption Index (http://www.transparency.org/research/cpi/) provides a useful tool for establishing potential
levels of geographic risk)

(iii) the duration/nature/value of the contracts – are the agreements for short duration, non-essential products/services, low value? Each of these
may indicate a lower bribery risk

(iv) any other relevant factors.

Note 2: You are not expected to individually re-assess each arrangement you have entered into during the year, but to adopt an overall view, taking into
account any specific risks that have been highlighted by the due diligence process followed at the time of entering into the arrangements.

Note 3: When assessing the risks associated with public authority contracts, you should consider all local, regional, State or national public authority
contracts. You should include bidding processes as well as ongoing compliance with contracts where you have been successful.

Note 4: ‘New ventures’ means any actual or proposed new ventures which fall outside the existing scope of operations of that particular business unit (e.g.
new jurisdiction (country or state) and/or new type of business), but does not include a mere extension of that business unit’s existing operations to a
new location within an existing territory.

Note 5: ‘Other customer contracts’ means all customer contracts excluding public authority contracts (i.e. with commercial counterparties).

Note 6: When assessing the risks associated with corporate gifts & hospitality, you should take into account, and specify, any local controls or measures in
place that supplement the Group Gifts & Hospitality Policy.

Note 7: The completed document should be submitted to IA.Notification@firstgroup.com, with a copy held within the business or function (as appropriate).

10
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Annex 3 – Third Party Arrangement Notification Form

THIRD PARTY ARRANGEMENT NOTIFICATION

Any individual or entity entering into any arrangement which is partly or wholly concerned with any third party
or foreign official making introductions or acting as relationship middleman must complete this Third Party
Arrangement Notification and submit it to their Divisional MD or Functional Head prior to entering into that
arrangement.

Any relevant contracts or copies of discussions should be appended to this form.

PART A: TO BE COMPLETED BY RELEVANT INDIVIDUAL

Group Entity (e.g. name of Business Unit):

Brief summary of arrangement:

Counterparty:
Position/Title/Role of Counterparty:
Date of arrangement:
Nature of money or gift transferred:
Estimated / actual value of arrangement:
(Include maximum and minimum if possible)
Will the Counterparty act as a (formal or informal) Yes No
representative of First?
If ‘Yes’, please give details:

Submitted by (name/position):

Date of submission:
Please complete and send via email to your Divisional MD or Functional Head.

PART B: TO BE COMPLETED BY DIVISIONAL MD OR FUNCTIONAL HEAD

Date form received:

Comments (if applicable):

Approved/rejected by (name/position):
Date approved/rejected:
If rejected, has an explanation been given to the
Yes No N/A
employee concerned?

11
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Annex 4 – Categories of individuals to receive training

Each of the individuals falling within the categories listed below will be required to attend anti-bribery
training:

a) FirstGroup plc board members;

b) FirstGroup plc excom members and regular attendees;

c) FirstGroup plc excom members direct reports;

d) each operating company’s board members;

e) the heads and direct reports of all Group/FGA shared service functions;

f) all members of Group/FGA Finance (including FSS), Group Corporate Communications, Group
Internal Audit and UK/FGA Procurement;

g) all members of Marketing, Finance and Procurement teams (or equivalent) embedded in operational
or divisional business units;

h) any individual whose role gives them authority (direct or delegated) to approve any financial
payments on behalf of any Group company;

i) any individual whose role gives them authority (direct or delegated) to enter into, or recommend
entering into, contracts with third parties, or allocate or award any business, on behalf of any Group
company;

j) any individual involved in bidding for contracted services; and

k) any individual involved in bidding for, or providing, service provision outside the Group’s core
territories.

12
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Annex 5 – Potential risk scenarios: “red flags”

The following is a list of possible red flags that may arise during the course of you working for First and
which may raise concerns under various anti-bribery and anti-corruption laws. The list is not intended to be
exhaustive and is for illustrative purposes only.

References to a “third party” mean any third party (including a company, government entity or individual)
with which the Group does business or proposes to do business.

If you encounter any of these red flags, you must report it immediately in accordance with the reporting
procedures outlined at section 13 above:

a) you become aware that a third party engages in, or has been accused of engaging in, improper
business practices;

b) you learn that a third party has a reputation for paying bribes, or requiring that bribes are paid to
them, or has a reputation for having a “special relationship” with foreign government officials;

c) a third party insists on receiving a commission or fee payment before committing to sign up to a
contract with First, or carrying out a government function or process for First;

d) a third party requests payment in cash and/or refuses to sign a formal commission or fee agreement,
or to provide an invoice or receipt for a payment made;

e) a third party requests that payment is made to a country different from where the third party resides or
conducts business;

f) a third party requests an unexpected additional fee or commission to “facilitate” a service;

g) a third party demands lavish entertainment or gifts before commencing or continuing contractual
negotiations or provision of services;

h) you are offered an unusually generous gift or offered lavish hospitality by a third party;

i) a third party requests that a payment is made to “overlook” potential legal or ethical violations;

j) a third party requests that you provide employment or some other advantage to a friend or relative;

k) you receive an invoice from a third party that appears to be non-standard or customised;

l) you receive a request for a credit note or split invoices from a third party which do not appear to have
a legitimate commercial basis;

m) a third party insists on the use of side letters or refuses to put terms agreed in writing;

n) you notice that First has been invoiced for a commission or fee payment that appears large given the
service stated to have been provided; or

o) a third party requests or requires the use of an agent, intermediary, consultant, distributor or supplier
that is not typically used by or known to First.

13
 GROUP ANTI-BRIBERY POLICY Original Issue Date: May 2011
Version 7.1

Annex 6 – Table showing reviews and changes to the policy

Version Reason for change Date

1.0 Created June 2010
2.0 Formal review by EMB 19 April 2011
3.0 Issued 5 May 2011
4.0 Reviewed and amended – change control & ownership added, July 2012
amendments to risk assessment procedure
5.0 Amended – additional notes added to risk assessment form December 2012
5.1 Amended – dates for completion of risk assessments amended & First May 2013
Games Transport added to Annex 1
5.2 Reviewed and amended – Annex 6 (training categories) added & July 2013
section 11 amended accordingly
6.0 Reviewed and amended – dates for completion of risk assessments September 2014
amended, s.9.1 amended, Annex 1 updated to reflect operational
structure, Annex 2 amended to include ‘new ventures’ risk and Annex 5
(red flags) added
6.1 Reviewed and amended – various changes, including removal of February 2015
requirement for 6-month review of risk assessment, clarification of
reporting and investigating procedure, moving responsibility for TPAN
approval to MDs/Function Heads, removal of TPAN payment procedure
and consequential amendment to/removal of annexes.
7.0 Reviewed and amended – responsibility transferred to plc board, December 2015
various non-substantive changes to tone & style and Annex 6 added.
Approved by plc board and reissued. January 2016
7.1 Reviewed & amended – SWR & US Rail added to Annex 1 July 2018

14