Corporate Governance Practices | Company Code Of Conduct

Home

We have established sound corporate governance practices that encourage and mandate accountability and transparency in our decision-making.

Business Ethics and Conduct

Our Code of Business Ethics and Conduct (CoBEC) applies to every person in the organization and is intrinsic to the conduct of our business.

Policies and Programs

We have well-articulated policies and guidelines on the following areas of compliance:

Anti-bribery and Fair Dealing
Client Gifting and Entertainment
Fair Treatment, Respect and Dignity at the workplace
Speak Up
Supplier Code of Conduct

It is mandatory for all employees to provide an annual sign off on CoBEC and the anti-bribery policy, which includes a declaration and undertaking to adhere to the code.

CoBEC also covers:

Reporting, accounting and financial records
Conflict of Interest
Anti-money laundering
Insider trading

Employees who join the organization are expected to complete the training program within 30 days of their joining date. In addition, the senior employees are expected to provide disclosures on a bi-annual basis for assuring that there is no conflict of interest in their personal or professional capacity.

Certain employees also go through additional face-to-face training on the regulatory requirements for avoiding bribery and corruption in business.

At WNS, regular training and certification to reinforce ethical principles and improve compliance with the law are mandatory for all employees.

Whistleblower Mechanism

It is our policy to treat complaints seriously and to resolve them expeditiously. Employees are given the opportunity to submit for review by the company confidential and anonymous complaints on issues regarding fraud, violations of laws and regulations, and non-compliance and violation of the company’s CoBEC.

All complaints are reviewed under the direction of the Audit Committee and oversight by the company’s General Counsel, the Chief Risk Officer or such other persons as they determine to be appropriate.

Vendors, customers, business partners and other parties external to the company are also given the opportunity to submit complaints.

The company provides multiple avenues for employees and other stakeholders to raise their concerns with management, including a 24x7 Ethics hotline, which operates across the globe with services available in all international languages.

Third-party Risk Management

All third parties (suppliers, customers, sub-contractors and service providers) doing business with WNS need to comply with the WNS Supplier Code of Conduct and Anti-bribery provisions. WNS also conducts background checks for certain vendors.

Compliance Framework

The compliance program at WNS is dynamic and evolving, and keeps pace with the latest developments. Compliance policies are reviewed periodically and necessary changes are made to meet regulatory expectations and manage the stakeholder requirements towards operational excellence.

Our clients’ business operations are also subject to numerous regulations in the jurisdictions in which they operate or that are applicable to their industry. They may contractually require that we perform our services in compliance with regulations applicable to them or in a manner that will enable them to comply with such regulations.

Risk Management

The risk management processes at WNS are centered around four key risk management programs, including:

Enterprise Risk Management: The ‘apex’ risk management program for managing strategic and operational risks at the group level, across business units, enabling units and geographies
Information Security: To manage risks pertaining to the confidentiality, integrity and availability of client and WNS information
Business Continuity and Infrastructure Risk Management: To prevent, monitor and mitigate the risk of disruption of critical business processes and infrastructure
Business Process Risk Management and Audit: To identify operational risks within business processes, recommend mitigating controls and verify continued operating effectiveness of controls

We have set up a Risk Management & Audit team which is a centralized function, with members across various geographies in which WNS operates. The role of this team is to conduct various risk management and assurance activities across the company. The team is independent of other business and enabling units, as depicted below:

Digital Security and Customer Privacy

Information security compliance and data protection are an integral part of our service offering. We are committed to providing continual assurance to our clients and other stakeholders through the implementation of a robust internal information security framework and by demonstrating compliance with globally accepted industry standards.

We have achieved ISO 27001 information security certification and are ‘Payment Card Industry Data Security Standard (PCI DSS)’ certified under the category of ‘Level 1 Service Provider’ for all client processes that either ‘store’, ‘process’ or ‘transmit’ cardholder information. We undergo enterprise-wide SSAE 18 / ISAE 3402 SOC 1 and SOC 2 Type 2 audits for our general control environment. We also ensure compliance with various region-specific data privacy and anti-spam laws as well.

Along with their sign-off on CoBEC and an information security handbook, our employees must complete a computer-based information Security Awareness Program (iSAP). We also offer our employees cyber security scenario-based training and conduct evaluation on handling advanced threats.

We have a dedicated Information Security team which is led by the 'Chief Information Security Officer’. The team periodically shares the compliance status with the Risk Committee. The Risk Committee, which provides oversight of the information security program, comprises top management personnel including the Leadership Group and is chaired by our Group CEO.

Client and Data Privacy During Remote Work

Safeguarding data with the highest standards of privacy controls, in line with our information security policies and client-defined guidelines, has remained our priority throughout our transition to remote work.

To that end, we developed a well-defined remote working security governance strategy that focuses on securing remote endpoints, the adoption of AI / ML based user behavior analysis to detect anomalies in user behavior and provide early alert, robust incident response methodology, and more.

To enhance visibility of threat vectors and actors taking advantage of the current crisis, we have leveraged third-party digital risk protection solutions. These provide real-time alerts and intelligence on new cyber threats, patterns and threat actors to give monitoring an outside-in perspective. The solutions include:

Curated threat intelligence integration with Security Information and Event Management
Credential leakage detection on dark web
Phishing and brand abuse detection, including monitoring of phishing forums
Monitoring public internet protocol, domain name system or application infrastructure
Data-driven dynamic measurement of our cybersecurity performance using a leading security rating platform

All our remote employees must confirm secure access and usage by signing off on “end user guidelines for remote working. We also limit the use of employees’ systems for required purposes, to maintain data privacy and confidentiality. Rigorous awareness campaigns, unique webinar series conducted by the InfoSec leadership, scenario-based training and simulated phishing testing are some of our other initiatives to enhance security and compliance in a virtual work environment.

Responsible Supply Chain and Supply Management Governance Framework

Responsible Sourcing is adopted as one of the key tenets of the ESG framework at WNS, which is visible in the goals of our Supply Management function. To this end, we have created the WNS Supplier Portal – an internally-developed, automated supplier management tool which was launched in 2020. The portal serves as a digital repository of over 3,000 vendors with integrated onboarding, risk assessment and disclosure management solutions.

The Supplier Portal is a meaningful step toward strengthening our KNOW YOUR BUSINESS PARTNER PROGRAM. It not only meets the regulatory requirements for anti-bribery and anti-money laundering laws but also empowers our suppliers with fair business practices toward vendor evaluation and selection, including equal opportunity, transparency and accountability.

It also allows suppliers to disclose their diversity status and sustainability initiatives to WNS’ Supplier Diversity Program at the time of their onboarding. As a digital repository of vendors, our portal allows third-party evaluation / validation and updating of the risk / diversity status of the vendors on a regular and ongoing basis.

Our Supplier Diversity Program (SDP) offers a competitive marketplace for deserving suppliers and promotes an environment of merit-based evaluation and selection by providing a level playing field for all the suppliers.

As part of this initiative, suppliers have the option to provide their diversity status if they fall in one or more of the following categories:

Small business (indigenous, localized businesses)
Under-represented business (owned and managed by disadvantaged communities)
Distanced business (located in remote or tribal areas, with little or no access to commercial markets)

WNS’ association with our business partners is based on both operational excellence and a solid governance framework. The alignment of our suppliers with WNS’ ethical and governance standards is protected by our compliance charter, which is outlined in our Supplier Code of Conduct . This document highlights the mutual commitment we have toward the responsibilities and obligations for sourcing responsibly.

Commitment to Compliance

WNS complies with all applicable laws, rules and regulations. These include laws covering bribery and kickbacks, copyrights, trademarks and trade secrets, information privacy, insider trading, illegal political contributions, anti-trust prohibitions, foreign corrupt practices (including the Foreign Corrupt Practices Act), offering or receiving gratuities, environmental hazards, employment discrimination or harassment, occupational health and safety, false or misleading financial information, or misuse of corporate assets.

WNS’ Statutory Compliance Module (SCM)

The Statutory Compliance Module (SCM) of the Company is a tool which covers a wide range of applicable global regulatory compliances, be it time based (occurring at pre-specified time intervals) or event based (occurring only subject to certain pre-specified events taking place). The areas of compliance are Finance, Admin / Facilities, HR / Labor and Statutory, which are assigned to the respective compliance owners across various locations where WNS has its operations / delivery centers.

The portal sends out reminder e-mails to the concerned compliance owner reminding them of the upcoming compliance requirements they are required to comply with. If such a compliance owner fails to attend to such compliances and mark their status (Complied / Not Complied / In-Progress) on the SCM Portal, the SCM Portal will escalate such failure to the appropriate personnel highlighting the issue. Each functional compliance owner signs the compliance certificate on a quarterly basis, with the WNS legal team acting as the administrator of the SCM. All compliances are verified and validated by a global consultancy firm, and the module is updated periodically to maintain currency.