Compliance / GRI 2-24 /

Anti-Corruption / GRI 205-1, 205-3 /

KPO pays special attention to the issue of anti-corruption. The KPO Anti-Bribery and Corruption and Anti-Money Laundering Manual (hereinafter referred to as the Manual) is based on the Code of Conduct and Business Principles and define KPO requirements for compliance with national and international laws prohibiting bribery and corruption. The manual is mandatory for all KPO Staff, including seconded employees of Parent Companies, full-time employees and employees of sending parties (recruitment agencies). / GRI 2-24 (a-ii, a-iii) / Management defines work processes related to gifts and hospitality and helps staff assess potential corruption risks. Particular attention is paid to:

• Contracting,
• Gifts and hospitality,
• Funding social investment,
• Interaction with government agencies,
• Conflict of interest.

The KPO General Director, directors or managers identify key legal and ethical compliance risks in the relevant directorates/departments, as well as assess and monitor risks. / GRI 2-24 (a-i) /

The Risk Assessment “Exposure to major breach of the Code of Conduct and of the Ethics and Compliance policies and procedures” includes an assessment of all KPO activities for risks related to corruption.

To mitigate the corruption risks, the following rules and processes have been established:

• Due Diligence is applied before entering into a contract or any binding agreement with a counterparty (please, read more in Suppliers’ ethical due-diligence).
• Bribery and any facilitation payments (including accepting a bribe, giving a bribe, commercial bribery, mediation in bribery and commercial bribery) are prohibited.
• Strict rules and restrictions have been established for such business processes as charity and sponsorship, with mandatory recording of expenses and preliminary review of all participants in the process.
• Any payments (direct or indirect) at the expense of the Сompany’s funds to political parties, political organisations or their representatives are prohibited. / GRI 415-1 /
• The basic principles for giving and receiving gifts and hospitality, thresholds, levels of agreement and approval have been established, and an appropriate register is maintained.
• Principles and rules have been established for reporting a conflict of interest (actual, potential and perceived). All cases of a conflict of interest are recorded in the respective register, and measures are taken to resolve it by the responsible business unit (Please, read more in Conflict of Interest).
• Trainings are held on a regular basis and employees’ awareness of anti-corruption and other ethical requirements are checked (please, read more in Compliance awareness training). / GRI 2-24 (a-iv) /
• Processes for reporting violations of the Company’s internal documents and applicable laws have been regulated, procedures have been established for investigating and liability for violations of the Company’s internal rules.

Conflict of interest / GRI 2-15 /

Conflicts of Interest in KPO are regulated by the Code of Conduct, the Anti-Bribery and Corruption and Anti-Money Laundering Manual. The latter Manual is designed to provide guidance to KPO’s various hiring managers and the Legal Directorate to assist them in managing apparent, potential or actual conflicts of interest. The Committee of Operators oversees the management of such conflicts by conducting compliance audits. Conflicts of interest may arise if KPO employees have Immediate Family Members who are KPO employees, government officials, contractors, suppliers, competitors and KPO business partners. Such cases are handled and managed within the Company.

Legal Compliance Department reminds all employees of the need to declare a conflict of interest on a regular basis. Every eligible candidate shall sign Conflict of Interest Declaration prior to employment.

General Director and Legal Compliance Department ensure overall employee awareness on significance of conflicts of interest and about the need to follow all compliance standards and requirements via corporate mail.

Compliance awareness training / GRI 205-2 /

All KPO employees receive regular trainings on various compliance topics.

In 2024, the Compliance Department conducted 24 in-person sessions on the Anti-Corruption and Bribery course for employees who work at high risk of committing compliance violations. 332 employees attended this course, including the KPO Directors Committee.

In addition, Compliance Department conducted face-to-face training on Trade Compliance for the relevant personnel. A total of 16 sessions were held, attended by 274 employees.

Besides, each KPO employee is required to certify on an annual basis that he or she has read and understood the Business Principles, the Code of Conduct, the Anti-Bribery and Corruption and Anti-Money Laundering Manual and sign the Annual Ethics and Compliance Declaration. As per the 2024 year-end results, 91 % of employees, including seconded employees of Parent Companies, full-time employees signed the Annual Ethics and Compliance Declaration.

All compliance policies and procedures are available to each employee on the KPO Intranet. The KPO Business Principles and the Code of Conduct are available to all stakeholders on the KPO intranet.

Suppliers’ ethical due-diligence / GRI 2-23, 205-1, 205-2, 414-1 /

KPO is committed to achieving and maintaining the highest standards of corporate governance, particularly in respect of compliance with ethical and legal requirements. KPO’s success is based on all its business partners, who play an important and valued role in our continuing business success, sharing that commitment.

KPO conducts an Ethical Due Diligence assessment of business partners to determine the risks associated with each potential business partner and to identify appropriate mitigation measures for those aspects that may pose a risk. / GRI 2-24 /

Еach potential business partner receives a questionnaire asking information about its ownership, management and conduct of business including its ethical business practices. As part of its due diligence, KPO also uses open-source information to corroborate information received from partners and to verify feedback on business practices and reputation in the marketplace. KPO uses an international compliance database, the Kazakhstani database of legal entities, and open national databases, including tax and court databases, as well as independent international experts. Then, a risk assessment is performed to determine the acceptability of the business partner and, if relevant, mitigation measures to be applied to any residual risks./ GRI 2-24, 2-25 /

Moreover, KPO requires its business partners to comply with applicable Kazakh and international laws combatting corruption and bribery through obligations incorporated in KPO’s standard contracts.

All business partners are required to complete an Annual Compliance Certificate certifying their compliance during the preceding calendar year with the representations, warranties and commitments set forth in each KPO contract in Article, Ethics and Business Practices. / GRI 2-24 /

KPO is confident that the above activities have alerted its business partners to KPO’s high standards of ethical business. KPO cooperates with its business partners and along with business partners are obliged to comply with all applicable laws to prevent corruption and bribery.

Hotline and other compliance measures / GRI 2-25, 2-26, 3-3, SDG 16.10 /

To support the Company’s Ethics and Compliance Programme, KPO has a toll-free, anonymous and confidential Hotline.

The Hotline is an important tool for KPO’s employees, contractors and stakeholders to promote a fair and safe working environment. Hotline provides an avenue for employees and third parties (contractors, suppliers and any other interested parties) to report possible illegal, unethical or improper conduct, such as discrimination, sexual harassment, conflicts of interest, improper financial practices or bribery. The caller may report on the alleged misconduct either by telephone or by completing an online report form. Incoming reports are handled by an independent, third-party provider, which guarantees their confidentiality and anonymity. Further, reports are forwarded to certain KPO responsible persons, who ensure that they are professionally handled. KPO employees can also report concerns directly to the Legal Compliance Department, HR or their respective line managers.

In 2024, Legal Compliance Department received 113 new reports through the Hotline and directly. / GRI 2-16 / Most of the complaints were related to the workplace relationship matters, conflicts of interests and contractual matters. In 2024, 123 investigations were completed, including investigations on reports received in 2023. 41 % of the investigated reports were proved as partially or fully substantiated. All investigations were conducted in accordance with the KPO’s Compliance Investigation Procedure and/or Discipline Handling Procedure, depending on the nature of report.

The compliance investigation team duly investigates the received reports and, in case the allegations are substantiated, consequence management actions are identified and carried out. In 2024, 70 consequence management actions were recommended, of which 81 were completed and closed (this also includes actions recorded in 2023). The quality of investigations is ensured by the continuous maintenance and updating of the “Logbook of Complaints”, which helps to measure the performance of investigations and conduct trend and root cause analysis in case of unsatisfactory performance.

All consequence management activities are monitored and controlled in accordance with applicable KPO policies. KPO Ethics Advisory Board monitors and decides on the most significant investigations and consequence management processes. Once discussed, agreed upon and approved by the Ethics Advisory Board, consequence management activities become mandatory in the respective Directorates/departments. All these activities are recorded, tracked and monitored using a dedicated logbook (“Register of Activities”).

In October 2024, the Company held its ‘KPO Ethics Day’ dedicated to corporate ethical values ​​and raising the level of ethical leadership. This event was launched in 2023 with the purpose to create a communication platform for discussing latest issues related to ethics and compliance. Tthe event was attended by KPO management of the first and second levels, as well as representatives of the Operator – Shell and ENI and external stakeholders.

In 2024 the Company launched a new project – the Ethical Leadership Program aimed at driving awareness and engagement on corporate ethics and compliance principles across KPO.

Antitrust / GRI 206-1, 3-3 /

Antitrust laws protect free enterprise and fair competition. Supporting these principles is important to us, not only because it is the law, but because it is what we believe in.

The KPO Code of Conduct regulates the rules for all employees to combat illegal practices, including price fixing, market sharing, output limitation or bid-rigging, as well as anticompetitive or monopoly practices. KPO employees are prohibited from discussing with competitors, even in private, issues that may be perceived as a violation of antitrust laws, and even more so from entering into agreements with them on such issues.

In 2024, KPO has no any pending or completed legal actions related to unfair competitive behaviour and violation of antitrust laws.

Compliance with laws and regulations / GRI 2-27 /

KPO complies with all applicable laws and regulations of the countries in which it operates.

All members of the KPO Board of Directors and the Legal Directorate ensure that all compliance matters are resolved in accordance with the FPSA and the Joint Operating Agreement, all applicable RoK and international laws governing oil and gas companies, and KPO policies and procedures governing compliance processes.

In 2024, a total of eleven cases of administrative offences were in process, of which 4 (four) cases with State Institution “WKO Ecology Department” and State Institution “Atyrau Region Ecology Department”, 5 (five) cases by the order of Burlin District Police Department, 1 (one) case with State Institution “WKO Emergency Situation Department of RoK Ministry of Internal Affairs”, and 1 (one) case with SI “WKO State Architectural and Construction Supervision Authority”.

10 out 11 administrative offence cases mentioned relate to the period of 2024 (one case from 2023). During the reporting period, KPO was subjected to administrative fines in total amount 970,019,394 KZT: KPO has paid administrative fines related to one administrative offence cases for a total amount of 1,846,000 KZT, administrative fines 9,405,370 KZT have been cancelled based on KPO’s petitions and fines in total 958,768,024 KZT are currently under appeal.