Whistleblower Policy

1. Purpose of this Policy

Finder emphasises the importance of being 'Straight Up' and upholding high standards of conduct and ethical behaviour. We are also committed to creating and maintaining a supportive environment where our Crew feel safe to speak up on matters that concern them.

We not only encourage our Crew to speak up, we expect it.

Acting consistent with our values obliges you to report any concerns about any suspected or actual illegal, fraudulent, unethical or other undesirable conduct or wrongdoing. It also obliges us to respond appropriately, transparently and predictably. This requires more than simply acknowledging concerns; it demands that we adequately support and protect those that raise and report concerns.

Our Whistleblower Policy (Policy) publicly confirms our commitment to being 'straight up' so that you, and any member of our Crew, can raise and report concerns freely and without fear of retaliation or adverse consequences.

Our Policy explains how we will support you so that you:

• are encouraged to report Misconduct (see 3.2);
• know how to identify and report Misconduct;
• know how you will be protected; and
• know how Finder will respond to your report.

Finder will seek to ensure that its crew members are informed about and understand this Policy. Each crew member will be able to access this Policy on our internal system. Training will also be provided to those crew members who have been authorised to receive whistleblowing reports or otherwise have a role under this Policy.

This Policy will also be available on Finder's website.

2. Roles and review

Finder's Whistleblower Protection Officer is (REDACTED). Their details are set out in section 3.3 below.

The Whistleblower Protection Officer (WPO) has responsibility for:

• the day-to-day oversight of the processes and procedures of this Policy, and its effectiveness;
• protecting and safeguarding reports made under this Policy;
• ensuring the integrity of the processes provided for in this Policy;
• the privacy, security and confidentiality of personal and other information received in a report and any investigation;
• arranging for training, education and communications about this Policy;
• periodically reviewing and updating this Policy;
• implementing any amendments to this Policy; and
• the other responsibilities elsewhere assigned under this Policy.

The policy will be reviewed annually by Legal and Compliance.

3. Making a whistleblower report

Prior to making a report under this Policy, we encourage you to raise your concerns with Finder (Your Manager, Legal or People & Culture) or record the matter in our internal Incidents Register.

Where you don't reasonably believe that formally escalating the matter would be beneficial (or where you are reasonably apprehensive about the likely consequences of reporting), you may make a report as a Whistleblower under this Policy.

A Whistleblower is a person who reports Misconduct in the manner described in this Policy. To be protected as a Whistleblower under this Policy, you must:

• be one of the persons set out in section 3.1;
• report information regarding Misconduct as defined in section 3.2; and
• report that information to one of the Disclosure Recipients mentioned in section 3.3.

3.1 Who can make a whistleblower report?

The Corporations Act 2001 (Cth) (the Act) specifies the types of people within and outside a company who can make a report of Misconduct that qualifies for protection under the Act.

You may make a report under this Policy if you are, or have been, in any of the following roles with respect to all entities within the Finder Group:

• employee;
• director;
• officer;
• contractor (including employee of contractor);
• supplier (including employee of supplier);
• associate;
• consultant; and
• relative, dependant, spouse, or dependent of a spouse of any of the people above.

3.2 What conduct should be reported under this Policy?

Whistleblower reports should be made under this Policy if you objectively have reasonable grounds to suspect that a Finder director, executive, manager, team member, contractor, supplier, tenderer or other person who has business dealings with Finder has engaged, or attempted to engage, in conduct (Misconduct) which:

• is dishonest, fraudulent or corrupt;
• is unethical or in breach of Finder's policies (such as unauthorised access and usage of confidential information, improper or misleading accounting practices or breaches of Finder's Code of Conduct);
• is an illegal activity (such as theft, violence or threatened, violence harassment or intimidation and criminal damage against property);
• fails to comply with, or is a breach of, any legislation relating to Finder's operations or activities, including the Corporations Act 2001 (Cth) and the National Consumer Credit Protection Act 2009 (Cth);
• poses a serious risk to the health and safety of any person at the workplace;
• represents a serious risk to public health, public safety or the environment;
• involves behaviour that is oppressive, discriminatory or grossly negligent;
• may cause loss to Finder or be otherwise detrimental to the interests of Finder; or
• involves any other kind of misconduct or an improper state of affairs or circumstances.

What matters should not be reported under this Policy?

Reports regarding personal work-related grievances, such as grievances regarding your employment (or former employment) that has, or may have, implications for you personally will not be covered by this Policy. This includes:

• an interpersonal conflict between you and another Finder crew member;
• a decision relating to your engagement, promotion or transfer;
• a decision relating to the terms and conditions of your engagement; or
• a decision relating to the suspension or termination of your employment.

Personal work-related grievances should generally be raised with your Direct Manager, or People & Culture. However, in some cases personal work related grievances may be covered by this Policy if it involves:

• any conduct that would be considered victimisation because you have made or propose to make a report under this Policy; or
• a matter that would have significant implications for any entity within the Finder Group.

3.3 Who can I make a report to and how?

To a Disclosure Recipient

In order to ensure appropriate escalation and timely investigation, we ask that reports may be made, in person or via email, to any of our Disclosure Recipients listed below:

(Redacted in accordance with RG 270.139 of ASIC Regulatory Guide 270: Whistleblower policies)

Alternatively, you can also qualify for whistleblower protection if you make a report to any one of the following:

• an officer or senior manager within the Finder Group;
• an internal or external auditor (including a member of an audit team) conducting an audit on the Finder Group;
• ASIC, APRA or another Commonwealth body prescribed by regulation; or
• a legal practitioner for the purposes of obtaining legal advice or representation in relation to the operation of the whistleblower provisions.

By post

Reports may also be posted to c/- Level 10, 99 York Street Sydney NSW 2000 (marked Private & Confidential and to the attention of one of the Disclosure Recipients listed above).

'Public interest' or 'emergency' disclosures

In limited circumstances, you may also qualify for whistleblower protection when the report is made to a journalist or member of Parliament as a 'public interest disclosure' (the information is in the public interest) or 'emergency disclosure' (the information concerns a substantial and imminent danger to the health and safety of one or more persons)

It is important that you understand the criteria that must be met to make a protected public interest or emergency disclosure. In particular, the disclosure must have previously been made to ASIC, APRA or a prescribed body, and written notice must be provided to the body to which the disclosure was made. Also, in the case of a public interest disclosure, at least 90 days must have passed since the previous disclosure. You should seek independent legal advice if you are considering making a public interest disclosure or an emergency disclosure. (Note: the Finder Legal team cannot provide independent legal advice as the Legal team acts for Finder).

3.4 Can I make a report anonymously?

You can submit a report anonymously if you do not wish to disclose your identity. However, we suggest that you consider establishing ongoing communication with us so that you can help us investigate by answering follow-up questions or providing more information. You could do so:

• by anonymised email;
• by anonymous letter sent by mail, and preferably providing an untraceable return address.

Your anonymity will be protected. You can choose to remain anonymous while making a disclosure, over the course of the investigation and after the investigation is finalised. Accordingly, you can refuse to answer any questions that you feel could reveal your identity at any time, including during follow-up conversations.

4. Protecting and supporting Whistleblowers

We are committed to protecting and respecting the rights of anyone who makes a report under this Policy. We'll respect confidentiality, protect their anonymity and ensure that crew members who speak up are treated fairly, consistently and appropriately.

If you qualify for protection as a whistleblower, the law also provides a range of legal protections to you regardless of whether your report is submitted to us directly or made to external legal practitioners, regulatory and other external bodies.

4.1 Identity protection (confidentiality)

Where you make a report under this Policy, your identity as a whistleblower (and any information that could be used to work out your identity) will not be disclosed unless it is:

• done with your consent;
• made to any government authority or agency or any regulator which Finder reports to;
• made to a legal practitioner for the purposes of obtaining legal advice or representation; or
• required by law.

It is illegal to identify a whistleblower, or disclose information that could be used to identify a whistleblower, outside the above listed exceptions.

However, please note that confidentiality protects your identity but does not extend to other information contained in your report. Information in your report may be disclosed with, or without, your consent if:

• the information does not include your identity;
• Finder has taken all reasonable steps to reduce the risk that you will be identified from the information; and
• it is reasonably necessary for investigating the issues raised in the report.

Measures that we will take to protect the confidentiality of your identity include:

• all personal information or references to you witnessing an event will be redacted;
• you will be referred to in a gender-neutral context; and
• access to all information relating to your report will be limited to those directly involved in managing and investigating the report.

If you believe there has been a breach of confidentiality, you can a lodge a complaint with:

• Finder's Senior Counsel, Legal and Compliance; or
• a regulator, such as ASIC, APRA or the ATO.

4.2 Protection from retaliation or detrimental treatment

Finder will ensure that whistleblowers suffer no adverse consequences from identifying and reporting Misconduct. We have zero tolerance for any person causing, or threatening, detrimental treatment to any actual or suspected whistleblower and will take appropriate action (including but not limited to dismissal) for any contravention.

Detrimental treatment includes dismissal, demotion, alteration to an employee's position or duties to their disadvantage, personal injury (including psychological harm), harassment, intimidation, discrimination, damage to a person's property, damage to a person's reputation, damage to a person's business or financial position or other unfavourable treatment connected with making a report.

Measures that Finder will adopt to protect whistleblowers from detrimental treatment include:

• employee support services (e.g. EAP services) to help whistleblowers minimise stress, time or performance impacts, or any other challenges resulting from the report or its investigation;
• monitoring and managing the behaviour of other crew members;
• appropriate training for all managers to ensure that they are aware of their responsibilities to maintain the confidentiality of a report, address the risks of isolation or harassment, manage conflicts, and ensure fairness when managing the performance of, or taking other management action relating to, a whistleblower;
• offering each whistleblower a leave of absence or flexible workplace arrangements while a matter is investigated;
• any other actions for protecting whistleblowers from risk of detriment - e.g. reassigning them to another role at the same level, reassigning other staff involved in the matter, allowing whistleblowers to perform their duties from another location.

If you experience any detrimental treatment, or discover any potential detrimental treatment, as result of making a whistleblower report under this Policy, you should notify the WPO immediately.

You should also seek independent legal advice to discuss potential consequences, compensation and other remedies.

It's important to appreciate that not every response is 'detrimental treatment'. For example, this policy will not be contravened if we take:

• administrative action that is reasonable for the purpose of protecting you from detriment (e.g. where you have made a report about your immediate work area, we may move you to another location, or request that you work from home during the investigation, to prevent you from detriment); and
• Performance management actions to properly managing any unsatisfactory work performance (in line with Finder's performance management framework)

4.3 Protections from civil, criminal and administrative liability

If you make a whistleblower report in accordance with this Policy, you will also be generally protected from:

• civil liability (e.g. any legal action for breach of an employment contract, duty of confidentiality or any other contractual obligation);
• criminal liability (e.g. attempted prosecution for unlawfully releasing information)
• administrative liability (e.g. disciplinary action for making the disclosure).

However, the above protections do not grant immunity for any misconduct you have engaged in that is revealed in your whistleblower report.

5. How will Finder handle and investigate reports?

Whistleblower reports made under this Policy will be received and treated sensitively and seriously. In all cases:

• your identity will be protected (4.1) and not be disclosed to the person investigating the matter or to any other persons, unless reasonably necessary;
• all documents, reports and records relating to the investigations will be securely stored.

Except where it would be inappropriate to do so, any report made under this Policy will be managed by the following process:

1. any person mentioned in section 3.3 who receives a report must forward that report to the WPO at the earliest opportunity, removing any information which identifies or may identify the reporter prior to doing so (unless the reporter has provided their consent to disclose their identity);
2. the WPO must then determine whether the report falls within the scope of this Policy and, if so, whether an investigation is necessary or appropriate;
3. if the WPO determines that they are not the appropriate person to investigate the report, the WPO should determine who should be engaged, under the WPO's supervision, to investigate the report in a manner consistent with the law and this Policy. For clarity, no person directly involved in the subject of the report or the supervision of the Whistleblower can be engaged to investigate a report.
   1. Whether an investigation is necessary or appropriate depends on the nature and circumstances of the report. The objective of an investigation is to determine whether there is enough evidence to substantiate or refute the matters reported.
4. the Investigator is to use their best endeavours to conduct any investigation in a timely, confidential, thorough, objective and fair manner, ensuring that anyone who may be adversely affected or involved in the report is provided with an opportunity to respond to the allegation(s);
5. the Investigator will inform the WPO of the progress and outcome of the investigation, and where it is appropriate or possible, the person who made the report will also be informed (subject to privacy and confidentiality considerations of those against whom the allegations are made).