VARONIS ANTI BRIBERY & CORRUPTION COMPLIANCE POLICY

(A) Main Principles

The Company is committed to the mitigation of bribery and corruption, as follows:

  1. The Company has zero tolerance for bribery and corruption, and the Company dedicates resources to compliance with applicable ABC laws in every jurisdiction where the Company does business.
  2. The Company prohibits bribery and corrupt activity, regardless of form, by all Personnel and Business Partners acting on its behalf. This includes directly or indirectly offering, giving, requesting or receiving undue benefits or anything of value as a bribe or kickback to or from third parties (including both Government Officials and private sector parties). For sake of clarity, the Company prohibits the use of facilitation (grease) payments as a form of corrupt activity.1
  3. The Company adopts a risk-based approach to the prevention of bribery and corruption, and implements, manages, and enforces the foregoing principles through its Program, which is updated from time-to-time in accordance with the Company’s exposure to bribery and corruption. The purpose of the Program is to establish procedures for mitigating bribery and corruption risk, such as ABC training procedures for Personnel and certain Business Partners.
  4. The Company prohibits Personnel and Business Partners from giving or receiving lavish or unreasonable gifts, business hospitality, travel expenses, or any similar type of benefit (especially when it reasonably can be seen as a bribe) to or from any third party. In this regard, the Company requires all such Personnel and Business Partners (if and as applicable) to comply with its Guidelines on Gifts and Business Hospitality, which are set forth below.
  5. The Company’s books and records must be kept in a manner that accurately reflect and provide reasonable detail of all transactions and payments.
  6. The Company will bring this Policy to the attention of all Personnel and Business Partners.
  7. The Company will consider, on a case to case basis, whether to engage in a business relationships with any person or entity where it is known or there is reasonable cause to believe that such person or entity has or likely will act in contravention to this Policy.

(B) Governance and ABC Compliance

  1. The Company is committed to high legal and ethical standards and emphasizes compliance with applicable ABC laws. In order to set an appropriate tone of compliance from the leadership of the Company, the Policy and Program are implemented, managed, and enforced by the Compliance Officer with support from other Company’s departments.
  2. The General Counsel shall operate as the Compliance Officer and may be replaced by the Company’s CEO. The Compliance Officer shall oversee the implementation, management and enforcement of the Policy and Program.
  3. The Compliance Officer will report Red Flags to the Audit Committee in his or her discretion, as appropriate, on an ad hoc basis. The Compliance Officer’s powers and duties include conducting internal investigations and handling Red Flags or actual violations of the Policy; providing information regarding the Policy, Program, ABC laws and best practices for risk mitigation upon request; and issuing further guidance or instructions for the implementation of the Policy or Program. The Program sets forth a full list of powers and duties imposed on the Compliance Officer (currently at Section E(1)).
  4. Other Company’s departments, such as the Legal, Human Resource and Finance Departments, will support the Compliance Officer in carrying out his/her duties under the Policy and Program (including ABC training and accounting compliance), in accordance with the powers and duties set forth in the Program from time-to-time.

(C) Guidelines on Gifts and Business Hospitality

  1. Introdcution
    1. All Personnel must adhere to the following guidelines regarding giving or accepting gifts and business hospitality. The Compliance Officer or individual’s managers should be consulted in case of doubt regarding whether giving or accepting gifts or business hospitality is reasonable.
    2. In general, business courtesies such as gifts, meals, and entertainment are allowed, provided that they are of modest value, reasonable in scope, and not given or received in expectation of, or as an award for, obtaining or retaining business, as a means of inducing a breach of trust, impartiality on the part of the recipient or as creating any conflict of interest.
    3. The Compliance Officer may approve or publish variations of the value thresholds set forth below for different geographic locations (such as different cities and countries).
    4. It is hereby clarified that the Company may have additional policies and procedures governing the subject matters described in this Section C. Personnel are expected to fully comply with all such relevant policies and procedures.
  2. Gifts

    3. Gifts of Nominal Value

    1. Gifts of nominal value may be given or received without prior authorization in all cases. Examples of such gifts include Company swag, notebooks, pens, keychains, and table-top accessories.

    Gifts of Real Value

    1. Gifts of real value may be given to or received from a private sector party, in accordance with the following authorizations:
      • Gifts above a value of USD 250 require prior written approval from the Legal Department and the relevant management.

      Examples of such gifts include wine, jewelry, and holiday gift baskets (i.e., not of a nominal value).

    2. With respect to receiving gifts of real value, if the value is unclear or if the recipient is not in a position to turn down the gift (for example, if turning down a gift would be culturally offensive or not practical), then the gift should be accepted and immediately reported to the Compliance Officer. The Compliance Officer may take action regarding the gift, including permitting the recipient to keep the gift or requiring the recipient to return or dispose of the gift.
    3. Gifts of real value may never be given to or accepted from Government Officials.

    Lavish Gifts

    1. Irrespective of the value, lavish or unreasonable gifts that reasonably appear or may be taken as a bribe may never be given or accepted by any Personnel. If the recipient is not in a position to turn down the gift, then the gift should be accepted and immediately reported to the Compliance Officer. The Compliance Officer may take action regarding the gift, including permitting the recipient to keep the gift or requiring the recipient to return or dispose of the gift.

    General Principles of Gift Giving

    1. The following principles apply to the giving of gifts in all cases:
      • Gifts that may not be given directly also may not be given indirectly through a third party.
      • Gifts must always be given openly.
      • Gift cards from retailers are expectable up to a value of USD 60. Gift card above such threshold including as part of corporate related raffles or under other circumstances must be approved by the Compliance Officer and/or the Legal Department.
      • Gifts may never be given to spouses, family members or companions of the intended recipient.
      • Gifts should not be given with such frequency that they may be perceived as a bribe. Moreover, care should be taken to assess the relative value of a gift, given accepted practices and cultural norms of the country in which the gift is given.
  3. Business Hospitality

    4. Overview

    1. It is customary to offer or be offered business-related hospitality by potential or actual customers, suppliers, Business Partners, or other third parties. Business hospitality often includes invitations to dine in restaurants or hotels, attend sporting events, and play rounds of golf. Moreover, in certain countries, it is customary to offer reasonable travel expenses and accommodations when inviting another party to attend a product presentation or demonstration. Despite these customs, national laws relating to the prevention of bribery and corruption often impose strict financial limitations on the provision of such business hospitality with respect to Government Officials, and many national laws impose such limitations with respect to private individuals and entities as well.

    Offering Business Hospitality

    1. The Company permits offering business hospitality to a private sector party (non-government entities), provided that:
      • Prior written approval is required from the Compliance Officer or Legal Department if the cost per head exceeds USD 250. However, the Compliance Officer, under appropriate circumstances, may approve such expenses after the fact on a case-by-case basis if presented after the expenses was incurred. For example, in the event of spontaneous meals (for example, if a meeting runs over lunch or dinner time), the cost of the meal may be covered without prior approval, provided it was not lavish, and a written explanation of expenses incurred must be submitted with formal receipts supporting the expense for reimbursement.
      • Business hospitality is never offered if it may be taken as a bribe, regardless of the cost per head.
      • Business hospitality may only be offered to spouses, family members or companions of the intended recipient with prior approval from the Compliance Officer and/or the Legal Department.
      • Government Officials are never offered more than basic and reasonable business hospitality (for example, a meeting where basic refreshments are served) and the Compliance Officer is notified of such business hospitality in advance.
      • Travel expenses (such as flights, accommodations, incidental expenses related to visa applications and in-country transport, etc.) are generally prohibited. However, the Compliance Officer may approve such expenses prospectively and, on a case-by-case basis, and solely if presented in advance prior to the expense being incurred.
      • Business hospitality that may not be provided directly, also may not be provided indirectly through a third party.
    2. Notwithstanding the above, officers of the Company and other senior Personnel identified by the Compliance Officer may offer business hospitality without the prior approval from the Compliance Officer, as long as the business hospitality offered is reasonable and not lavish considering the circumstances, and that it is customary and provided for legitimate and lawful business purposes.

    Receiving Gifts and/or Business Hospitality

    1. Business hospitality and/or gifts may never be offered or accepted (regardless of cost per head) if it may reasonably be understood as an attempt to influence decision making by the recipient on the basis of non-professional considerations.
    2. Personnel should update their managers and the Legal Department and/or the Compliance Officer, as appropriate, when gifts and/or business hospitality offered by third parties:
      • Appears unreasonable;
      • Raises concerns of, or could be seen or taken by others as, bribery and corruption; or
      • Could be seen as a violation of the Policy or applicable ABC laws.
  4. Expense Reports
    1. Personnel must record all expenses related to giving gifts and offering business hospitality in writing and submit them through the Company’s expense software with relevant itemized receipts, and in each territory, in accordance with the relevant territory specific rules and instructions (as outlined in the Expense Reimbursement Policy within the Company’s User Guidelines). Expense reports must be supported by formal receipts.
    2. If a gift or business hospitality expense report is disguised or falsified, the Compliance Officer and/or the Legal Department shall investigate the matter and the submitting Personnel, and any other individual and/or entity involved, may face any of the consequences described in Section D below.
  5. Donations and Scholarships
    1. The Company may give donations and scholarships to social charities that it so chooses, with prior approval of the Compliance Officer and/or any relevant departments, as determined by the Compliance Officer.
    2. All relevant receipts for such donations and/or scholarships must be provided to the Compliance Officer and/or any relevant departments as determined by the Compliance Officer, and recorded by the Financial Department.

(D) Consequences of Non-Compliance

  1. The violation of ABC laws can lead to criminal and civil liability for both the Company and the individuals who committed acts of bribery and corruption in practice and can result in harsh penalties such as fines and imprisonment. Moreover, committing acts of bribery or corruption can have grave and possibly irreversible negative consequences for the reputation of the Company.
  2. Personnel or Business Partners who engage in acts of unlawful bribery and corruption or who violate the Policy may face disciplinary measures and other consequences, including contract termination and refusal of future reengagement, in accordance with the Program and the terms of any applicable contract and ABC laws. The Company may share certain information with the relevant competent authorities in order to allow such authorities to investigate and/or take appropriate measures, as needed.

(E) Definitions

  1. “ABC” shall mean anti-bribery and corruption
  2. “Audit Committee” shall mean the Audit Committee of the Board.
  3. “Company” shall mean Varonis Systems, Inc. and all its subsidiaries or a branch may be established in due course.
  4. “Board” shall mean the board of directors of Varonis Systems, Inc.
  5. “Business Partner” includes all third parties with whom the Company has entered into, or contemplates entering into, a business relationship, including resellers, distributors, agents, finders, joint-venture partners, co-investors, representatives and other third parties who act on behalf of the Company, and who may interact with Government Officials or otherwise with potential clients, within the scope of their engagement with the Company. For the avoidance of doubt, this definition does not apply to Personnel and end users that uses the Company’s products, services or solutions.
  6. “Compliance Officer” shall mean the person to fill the position of Anti-Bribery and Corruption compliance officer. The General Counsel or any of his or her senior appointees shall act as the Compliance Officer unless other individual is appointed by the Company’s CEO.
  7. “Government Official” is defined broadly and includes: (1) any officer or employee (whether appointed or elected) of any government or any department, agency or instrumentality thereof (at a local or state level), who holds a legislative, administrative, judicial or executive position of any kind, including executive, officers, employees or agents of a government-owned or government-controlled entity, or subsidiary thereof (such as a state-owned bank or utility, a sovereign wealth fund or a public university), or of a public international or intergovernmental organization (such as the United Nations, the World Bank or the International Monetary Fund); (2) any political party official or employee, or candidate for political office; or (3) any person acting in an official capacity for or on behalf of any of the foregoing governments, entities or persons, including an individual who exercises a public function or a private consultant who also holds a position with, or acts on behalf of, such abovementioned governmental entities or organizations. This definition may be broader in different locations. Personnel should seek assistance from the Legal Department and/or Compliance Officer if there is any uncertainty whether someone may fall under this definition before provision of certain Business Hospitality or Gifts.
  8. “Independent Contractor” shall mean a person who provide services to the Company at a significant scope and/or duration.
  9. “Personnel” shall mean all directors, officers, employees at all levels (hired in both temporary and permanent roles) and Independent Contractors of the Company.
  10. “Policy” refers to this Varonis Systems Anti Bribery and Corruption Compliance Policy.
  11. “Program” refers to the Company’s Anti Bribery and Corruption Compliance Program to which this Policy is appended.
  12. “Varonis” and the “Company” shall mean Varonis Systems, Inc. and all its subsidiaries .

1 A facilitation payment is a payment made to or for the benefit of a Government Official for the purpose of expediting or ensuring the execution of an official act. It does not include official fees or rates that are published formally and charged under applicable law for expediting activity or as a required fee for execution of an official act.