Skip to content

Simpaisa Group - Policy Suite

POLICY 1: COMPLAINTS HANDLING POLICY

SIMPAISA GROUP

COMPLAINTS HANDLING POLICY

Field Detail
Document Reference SGP-GOV-004
Version 1.0
Status Active
Owner Chief Operating Officer (COO)
Approver Board of Directors
Effective Date 1 April 2026
Next Review Date 1 April 2027
Classification Internal

Document Control

Revision History

Version Date Author Changes
0.1 January 2026 COO Office Initial draft
0.2 February 2026 COO Office, Legal, Compliance Internal review and revision
0.3 March 2026 Compliance Regulatory alignment review (DFSA, FCA, SBP)
1.0 April 2026 COO Board-approved final version

Distribution

This policy is distributed to all employees, contractors, and third-party partners. It is available on the internal policy management system and accessible to all personnel. The policy is also published in summary form on Simpaisa customer-facing platforms to ensure transparency for complainants.

  • Code of Conduct and Ethics (SGP-GOV-005)
  • Whistleblowing Policy (SGP-GOV-002)
  • Data Governance Policy (SGP-CDO-001)
  • Operational Resilience Policy (SGP-OPS-001)
  • Outsourcing and Third-Party Management Policy (SGP-OPS-002)
  • DFSA Conduct of Business Module (COB)
  • FCA DISP Rules (Dispute Resolution: Complaints)
  • SBP Consumer Protection Framework

1. Purpose and Scope

1.1 Purpose

This Complaints Handling Policy ("Policy") establishes Simpaisa Group's ("Simpaisa" or "the Group") framework for receiving, recording, triaging, investigating, resolving, and reporting complaints from merchants, end-users, and business partners across all jurisdictions in which the Group operates.

Simpaisa is committed to treating all complainants fairly, resolving complaints promptly and transparently, and using complaint data as a driver of continuous service improvement. This Policy reflects the Group's obligations under applicable regulatory frameworks and its own standard of customer-centricity.

This Policy satisfies requirements arising from:

  • The Dubai Financial Services Authority (DFSA) Conduct of Business Module (COB), including complaints handling obligations applicable to the Group's Category 3D licence application and ongoing regulated activities in the DIFC;
  • The Financial Conduct Authority (FCA) Dispute Resolution: Complaints (DISP) rules applicable to the Group's UK regulated entity;
  • The State Bank of Pakistan (SBP) Consumer Protection Framework and Complaints Resolution Mechanism applicable to operations in Pakistan;
  • The Monetary Authority of Singapore (MAS) Guidelines on Fair Dealing applicable to the Singapore HoldCo and relevant subsidiaries;
  • ISO 10002:2018 (Quality Management - Customer Satisfaction - Guidelines for Complaints Handling).

1.2 Scope

This Policy applies to:

  • All legal entities within the Simpaisa Group, including the Singapore HoldCo (Simpaisa Holdings Pte Ltd) and all nine subsidiary entities;
  • All employees, contractors, and secondees who receive, handle, or contribute to the resolution of complaints on behalf of any Simpaisa entity;
  • All third-party service providers and outsourcing partners who handle complaints or customer interactions on behalf of Simpaisa;
  • All channels through which complaints may be received, including digital, telephonic, written, and in-person channels;
  • All categories of complainant: merchants, end-users (retail customers), and business partners.

This Policy applies regardless of the jurisdiction in which a complaint originates, provided it relates to a product or service offered by any Simpaisa entity.

2. Definitions

Term Definition
Complaint Any expression of dissatisfaction, whether or not resolved to the complainant's satisfaction at first contact, made by or on behalf of a merchant, end-user, or partner, relating to the provision of a Simpaisa product, service, or the conduct of a Simpaisa employee or representative.
Complainant The individual, business, or entity submitting a complaint. Includes merchants, end-users, business partners, and authorised representatives acting on their behalf.
End-User A retail customer of Simpaisa or any of its subsidiary entities, typically using remittance, payment, or wallet products.
Merchant A business entity that has contracted with Simpaisa or any subsidiary to accept payments or access payment infrastructure.
Partner A financial institution, correspondent bank, aggregator, distributor, or other business counterparty with whom Simpaisa has a contractual relationship.
Acknowledgement A communication sent to the complainant confirming receipt of their complaint and providing a reference number and expected resolution timeline.
Resolution A final written response to the complainant that either upholds the complaint (with explanation of redress offered), partially upholds it, or rejects it (with reasons and signposting to further recourse).
Redress The remedy offered to a complainant whose complaint is upheld, which may include financial compensation, fee refunds, transaction reversals, service credits, or a formal apology.
Escalation The referral of a complaint to a higher tier of management or to an external authority due to severity, complexity, regulatory implications, or complainant dissatisfaction.
Root Cause Analysis (RCA) A structured investigation process to identify the underlying cause of a complaint or cluster of complaints, as distinct from the immediate presenting issue.
Systemic Issue A complaint trend or pattern indicating a recurring failure in a process, product, system, or third-party service, rather than an isolated incident.
DFSA Dubai Financial Services Authority.
FCA Financial Conduct Authority (United Kingdom).
SBP State Bank of Pakistan.
MAS Monetary Authority of Singapore.

3. Policy Statements

3.1 Commitment to Complainants

3.1.1 Simpaisa treats the submission of a complaint as a legitimate and valued act. The Group shall never penalise, disadvantage, or discourage any person from making a complaint.

3.1.2 All complainants shall be treated with respect, courtesy, and impartiality, irrespective of the nature of their complaint, their relationship with the Group, or the outcome of any previous complaints.

3.1.3 The Group shall communicate clearly with complainants throughout the handling process, providing updates where resolution is delayed and explaining outcomes in plain, accessible language.

3.1.4 Where a complaint is upheld, Simpaisa shall offer appropriate and proportionate redress without undue delay.

3.1.5 The complaints process shall be accessible and free of charge to complainants. No fees shall be imposed at any stage of the complaints process.

3.1.6 Simpaisa shall maintain accessibility for vulnerable complainants, including those with limited digital literacy, language barriers, or special communication needs. Alternative channels and assisted completion options shall be available on request.

3.2 Complaint Intake and Multi-Channel Access

3.2.1 Simpaisa shall maintain multiple accessible channels for complaint submission to ensure that all categories of complainant can engage with the process regardless of their technical capability or geographic location.

3.2.2 The following complaint intake channels shall be operational at all times:

Channel Details
Email A dedicated complaints email address published on all Simpaisa entity websites and within product documentation
Customer Portal A structured complaint submission form accessible via the Simpaisa web portal, with field validation and automated reference number issuance
In-App A complaint submission feature embedded within the Simpaisa mobile application, accessible from the account settings and transaction detail screens
Telephone A dedicated complaints telephone line, staffed during published business hours, with voicemail capture outside hours and callback commitment within one business day
Written Postal or in-person submission to any Simpaisa registered office, with an acknowledged receipt process

3.2.3 All channels shall collect, at minimum: the complainant's full name and contact details, their relationship to Simpaisa (end-user, merchant, or partner), a description of the complaint, the date(s) of the event(s) giving rise to the complaint, and any supporting documentation the complainant wishes to provide.

3.2.4 Upon receipt of a complaint through any channel, the receiving team shall log the complaint in the Group's central complaints management system within two business hours of receipt during business hours, or by 10:00 on the next business day for complaints received outside business hours.

3.2.5 Every complaint shall be assigned a unique reference number, which shall be communicated to the complainant in the acknowledgement. This reference number shall be used for all subsequent correspondence relating to that complaint.

4. Triage and Classification

4.1 Severity Framework

All complaints shall be triaged and assigned a severity classification upon initial logging. The classification shall determine the applicable SLA, the escalation path, and the level of management involvement in resolution.

Severity Label Definition Examples
S1 Critical Complaints involving potential regulatory breach, significant financial harm, suspected fraud, systemic failure, or immediate reputational risk to the Group or its regulated entities. Funds lost or unrecoverable; suspected AML/fraud incident; regulatory deadline breach; media-threatening complaint; complaint involving a vulnerable or at-risk individual.
S2 High Complaints involving significant customer detriment, transaction disputes above material thresholds, or service failures affecting multiple customers. Failed remittance not returned within SLA; account frozen without notice; repeated service failure for the same customer; merchant payment disruption affecting business operations.
S3 Medium Complaints involving individual service failures, delays, or conduct issues that have caused inconvenience or moderate financial impact. Delayed transaction; incorrect fee applied; poor customer service conduct; inaccurate communication from a Simpaisa representative.
S4 Low Complaints involving minor service issues, general dissatisfaction, or requests for information that have been mis-routed to the complaints channel. General dissatisfaction with product features; minor UI complaint; mis-routed query.

4.2 Triage Process

4.2.1 Initial triage shall be performed by the Complaints Handling team within two business hours of complaint logging for S1 and S2 complaints, and within one business day for S3 and S4 complaints.

4.2.2 Triage shall consider: the nature and severity of the harm alleged; the financial amount at risk; whether the complaint implicates a regulatory obligation; whether the complainant is potentially vulnerable; and whether the complaint may indicate a systemic issue.

4.2.3 The severity classification may be revised upward at any point during the handling process if new information warrants it. Downward revision requires Complaints Manager approval and must be documented with rationale.

4.2.4 S1 complaints shall be flagged immediately to the Chief Operating Officer, the Head of Compliance, and the relevant entity's Managing Director. Where the S1 complaint carries regulatory reporting implications, the Head of Compliance shall assess the reporting obligation within four hours of classification.

5. Service Level Agreements

5.1 SLA Definitions

The following SLAs apply from the point of complaint receipt (not logging) to the dispatch of a resolution communication to the complainant. SLAs are expressed in calendar hours or business days as indicated.

Severity Acknowledgement Resolution Target Maximum Extension
S1 - Critical Within 1 hour Within 4 calendar hours None - escalation to Board if unresolved
S2 - High Within 4 business hours Within 24 calendar hours Up to 72 hours with written notice to complainant
S3 - Medium Within 1 business day Within 5 business days Up to 10 business days with written notice to complainant
S4 - Low Within 2 business days Within 10 business days Up to 15 business days with written notice to complainant

5.2 SLA Obligations

5.2.1 Acknowledgements shall be issued through the same channel as the original complaint submission, supplemented by email where the primary channel does not support written acknowledgement.

5.2.2 Where resolution cannot be achieved within the target SLA, the Complaints Handler shall:

(a) notify the complainant in writing of the delay, providing an updated expected resolution date;

(b) explain the reason for the delay without disclosing information that may prejudice the investigation;

(c) obtain Complaints Manager approval for any extension; and

(d) record the extension, the reason, and the approval in the central complaints management system.

5.2.3 SLA performance shall be tracked in real time by the Complaints Management team and reported weekly to the COO. Any SLA breach shall be recorded as an operational incident under the Group's Incident Management framework.

5.2.4 Where applicable regulatory frameworks impose shorter mandatory timescales (for example, DFSA or FCA rules on specific complaint categories), the shorter regulatory deadline shall prevail.

6. Investigation and Resolution

6.1 Investigation Principles

6.1.1 All complaints shall be investigated thoroughly, impartially, and in a timely manner by a Complaints Handler who has had no prior involvement in the matter giving rise to the complaint.

6.1.2 The Complaints Handler shall gather all relevant information, including: transaction records; communication logs; system event data; third-party correspondence; and any documentation provided by the complainant.

6.1.3 Where relevant information is held by a third party (for example, a correspondent bank or technology provider), the Complaints Handler shall make a formal request for that information and record the date and outcome of the request.

6.1.4 Complainants shall be given a reasonable opportunity to provide additional information or clarification. The Complaints Handler shall not close a complaint as unresolved solely due to a complainant's failure to respond within the SLA period without first making at least two documented contact attempts through separate channels.

6.2 Resolution Outcomes

6.2.1 Upon conclusion of the investigation, the Complaints Handler shall determine one of the following outcomes:

Outcome Description
Upheld The complaint is found to be valid. The Group accepts responsibility and offers appropriate redress.
Partially Upheld Some elements of the complaint are found to be valid and redress is offered accordingly. Other elements are not upheld, with reasons provided.
Not Upheld The investigation does not support the complainant's account or the complaint falls outside Simpaisa's responsibility. Clear reasons are provided.
Referred The complaint is referred to a third party (for example, a correspondent bank) who bears responsibility for the matter. Simpaisa facilitates the referral and maintains oversight.

6.2.2 The resolution communication shall be written in plain language, clearly state the outcome and the reasons for it, describe any redress offered and the mechanism for delivery, and signpost the complainant to any applicable external dispute resolution or regulatory escalation options.

6.2.3 Where financial redress is offered, payment shall be made within five business days of the complainant's acceptance unless a longer period is agreed in writing.

6.2.4 Where a complaint is not upheld, the resolution letter shall inform the complainant of any applicable right to refer the matter to an external dispute resolution scheme (including, where applicable, the DFSA, FCA Financial Ombudsman Service, or SBP Consumer Protection Department) and shall provide the relevant contact details and applicable time limits.

7. Escalation Framework

7.1 Internal Escalation

7.1.1 The following escalation framework applies to complaints that cannot be resolved within the standard process or that meet defined escalation triggers:

Trigger Escalation Path
S1 classification at triage Immediate notification to COO, Head of Compliance, and relevant entity MD
SLA breach at any severity Complaints Manager notified; COO briefed for S1 and S2 breaches
Complainant requests escalation Complaint reviewed by Complaints Manager within one business day
Complaint involves a Board member, executive, or employee Referred to COO and General Counsel; the implicated individual is excluded from the handling process
Complaint implicates a potential regulatory violation Referred to Head of Compliance within four hours of identification
Systemic issue identified Referred to COO and relevant Head of Department; Root Cause Analysis initiated
Complainant threatens legal action Referred to General Counsel and COO
Complaint not resolved within maximum extension period Escalated to COO for personal review and resolution

7.1.2 The Board of Directors shall be notified of any S1 complaint within 24 hours of classification. The Board shall receive a summary of all S1 complaints in each Board meeting pack.

7.2 External Escalation

7.2.1 Simpaisa shall maintain current knowledge of the external dispute resolution and regulatory escalation options available in each jurisdiction and shall communicate these to complainants in all resolution correspondence.

7.2.2 The Group shall co-operate fully with any external dispute resolution scheme or regulatory authority to which a complaint is referred, and shall provide requested information and documentation within the timeframes specified by that authority.

7.2.3 The outcome of any external dispute resolution process shall be recorded in the central complaints management system and shall be reviewed to determine whether it gives rise to a systemic issue or a requirement to revise the Group's processes or policies.

8. Root Cause Analysis and Systemic Issue Identification

8.1 Root Cause Analysis

8.1.1 Root Cause Analysis (RCA) shall be conducted for:

(a) all S1 complaints;

(b) all S2 complaints not resolved within SLA;

(c) any complaint that involves potential regulatory breach;

(d) any cluster of three or more complaints within a rolling 30-day period that share a common cause, process, system, or third-party provider; and

(e) any complaint that reveals a previously unidentified vulnerability in the Group's operations, technology, or controls.

8.1.2 RCA shall be completed within ten business days of the complaint's resolution (or identification of a systemic cluster) and shall identify: the immediate cause; the contributory factors; the root cause; the control failure or gap; and the recommended corrective action.

8.1.3 RCA findings shall be documented in the central complaints management system and shared with the relevant Head of Department, the COO, and the Head of Compliance. Material findings shall be included in the quarterly complaints report to Executive Management.

8.2 Systemic Issue Management

8.2.1 The Complaints Management team shall review complaint data on a rolling basis to identify patterns, trends, and potential systemic issues. This review shall occur at minimum monthly.

8.2.2 Where a systemic issue is identified, the COO shall convene a cross-functional working group within five business days to agree a remediation plan, assign ownership, and set a completion date.

8.2.3 Remediation plans shall be tracked through the Group's operational risk management framework and reported to the Board Risk Committee until the issue is fully resolved and verified as closed.

8.2.4 Where a systemic issue has or may have caused detriment to customers who have not complained, the Group shall consider proactive outreach and remediation, in consultation with the Head of Compliance and, where required, the relevant regulator.

9. Regulatory Reporting

9.1 Reporting Obligations

9.1.1 The Group shall maintain accurate and complete records of all complaints sufficient to meet the reporting requirements of all applicable regulators. The Head of Compliance is responsible for ensuring that regulatory reporting obligations are identified, calendared, and fulfilled.

9.1.2 The following regulatory reporting commitments apply:

Regulator Entity Scope Reporting Frequency Content
DFSA DIFC-licensed entity (Simpaisa DIFC Ltd) As required under COB; periodic returns as specified by DFSA Complaint volumes by category, outcomes, SLA performance, material individual complaints
FCA UK-regulated entity Six-monthly complaint data report (DISP 1 Annex 1R); immediate notification of systemic issues Complaint volumes by product, outcomes, FOS referrals
SBP Pakistan entity Monthly complaints data to SBP Consumer Protection Department as per SBP framework Complaint volumes, resolution rates, pending complaints, RCA summaries
MAS Singapore HoldCo and relevant subsidiaries As required under applicable MAS guidelines; included in annual regulatory returns Summary complaint data; systemic issue notifications

9.1.3 Where a complaint or cluster of complaints meets the threshold for ad hoc regulatory notification (for example, a material service disruption or potential breach of conduct obligations), the Head of Compliance shall notify the relevant regulator within the timeframe specified by that regulator's rules, and shall brief the COO and CEO immediately.

9.1.4 All regulatory submissions relating to complaints shall be reviewed by the Head of Compliance and approved by the COO prior to submission. Material submissions shall be reviewed by the CEO.

9.2 Record Keeping

9.2.1 All complaints and associated records shall be retained for a minimum of:

  • Six years for complaints relating to regulated activities under DFSA and FCA oversight;
  • Five years for complaints relating to SBP-regulated activities;
  • Seven years for complaints involving potential litigation or regulatory investigation;
  • Three years for all other complaints.

9.2.2 Records shall include: the complaint log entry; all correspondence with the complainant; investigation notes and evidence gathered; the resolution outcome and rationale; any redress paid; and details of any RCA or systemic issue identification.

9.2.3 Complaint records shall be stored in the central complaints management system, which shall have appropriate access controls, audit trail functionality, and backup arrangements in accordance with the Group's Data Governance Policy (SGP-CDO-001).

10. Trend Analysis and Management Information

10.1 Management Reporting

10.1.1 The Complaints Management team shall produce the following regular management information:

Report Frequency Audience Content
Complaints Dashboard Weekly COO, Head of Compliance Open complaints by severity and entity; SLA performance; complaints received in period; escalations
Complaints Management Report Monthly Executive Management Volumes by category and entity; SLA performance; RCA summaries; systemic issues; regulatory reporting status
Complaints Trend Analysis Quarterly Executive Management, Board Risk Committee Trend analysis; root cause themes; remediation progress; comparative period analysis; jurisdictional breakdown
Annual Complaints Report Annually Board of Directors Full-year summary: volumes, outcomes, SLA performance, redress paid, regulatory submissions, systemic issues, lessons learned, and forward action plan

10.1.2 All management information shall be produced using data extracted directly from the central complaints management system. Manual adjustments shall be recorded and approved by the Complaints Manager.

10.1.3 The Complaints Management team shall maintain a complaints heat map segmented by product, entity, channel, and complaint category. This heat map shall be reviewed monthly and shared with relevant Heads of Department.

10.2 Annual Complaints Report to Board

10.2.1 The COO shall present an Annual Complaints Report to the Board of Directors at the first Board meeting following the calendar year-end. The report shall include, at minimum:

(a) total complaints received, by entity, product category, and severity;

(b) complaint outcomes (upheld, partially upheld, not upheld, referred) as a percentage of total complaints;

(c) SLA performance against each severity tier, including the number and percentage of breaches;

(d) total redress paid, by category and entity;

(e) a summary of all S1 complaints and their individual outcomes;

(f) a summary of systemic issues identified, remediation undertaken, and outstanding actions;

(g) regulatory submissions made and any regulatory feedback received;

(h) external dispute resolution referrals and outcomes;

(i) key themes and lessons learned; and

(j) proposed improvements to the complaints handling framework for the coming year.

10.2.2 The Board shall formally review and acknowledge the Annual Complaints Report. The minutes of the meeting at which the report is considered shall record the Board's observations and any actions directed.

11. Fair Treatment of Complainants

11.1 Treating Complainants Fairly

11.1.1 Simpaisa's complaints process is underpinned by the principle of treating complainants fairly, consistent with the Group's broader Treating Customers Fairly commitments and applicable regulatory expectations.

11.1.2 Fair treatment of complainants means:

(a) complaints are assessed on their merits, without bias or prejudice toward the complainant based on their profile, product holding, or commercial value to the Group;

(b) the complainant is provided with clear, accurate, and timely information throughout the process;

(c) where the complaint is upheld, appropriate and proportionate redress is offered promptly;

(d) where the complaint is not upheld, the complainant is provided with a clear explanation and signposted to further recourse options;

(e) the complainant's right to refer the matter externally is respected and facilitated;

(f) no pressure is applied to a complainant to accept an offer of resolution or to withdraw a complaint.

11.1.3 Complaints handlers shall receive training on fair treatment principles, including how to identify and appropriately accommodate vulnerable complainants. Training requirements are set out in Section 14 of this Policy.

11.1.4 The Group shall monitor complaints outcomes for evidence of systemic unfairness, including outcomes that disproportionately disadvantage particular categories of complainant. Such patterns shall be escalated to the Head of Compliance immediately upon identification.

12. Governance and Ownership

12.1 Roles and Responsibilities

Role Responsibility
Board of Directors Approving this Policy; receiving the Annual Complaints Report; providing oversight of the complaints handling framework through the Board Risk Committee
Chief Operating Officer (COO) Policy Owner; overseeing the complaints handling framework; approving S1 complaint handling; approving regulatory submissions; presenting the Annual Complaints Report to the Board
Head of Compliance Ensuring regulatory compliance of the complaints handling framework; overseeing regulatory reporting; advising on escalations with regulatory implications
Complaints Manager Day-to-day management of the complaints handling function; SLA oversight; escalation approvals; management information production
Complaints Handlers Logging, triaging, investigating, and resolving complaints within SLA; conducting RCA as directed; maintaining records in the central complaints management system
Heads of Department Participating in systemic issue remediation; supporting investigation by providing relevant information and access
General Counsel Advising on complaints involving legal risk or threatened litigation
All Employees Recognising and correctly routing complaints received through non-standard channels; not obstructing or discouraging complaints

12.2 Policy Review

12.2.1 This Policy shall be reviewed annually by the COO and updated to reflect changes in regulatory requirements, the Group's operating model, or material lessons learned from complaints handling.

12.2.2 Material changes to the Policy shall be approved by the Board of Directors. Minor amendments (for example, updates to contact details or SLA extension procedures) may be approved by the COO, subject to notification to the Board at the next scheduled meeting.

12.2.3 This Policy shall also be reviewed following any significant regulatory finding, S1 complaint outcome, or external audit recommendation relating to complaints handling.

13. Training and Awareness

13.1 All employees who handle complaints, or who may receive complaints through non-standard channels, shall complete mandatory training on this Policy upon commencement and annually thereafter.

13.2 Complaints Handlers and the Complaints Manager shall receive specialist training on: regulatory complaints requirements applicable to each jurisdiction; fair treatment principles; vulnerable customer identification and accommodation; investigation techniques; and RCA methodology.

13.3 Training completion shall be recorded in the Group's learning management system. Non-completion shall be reported to the relevant Head of Department and, where persistent, to the COO.

This Policy is approved by the Board of Directors of Simpaisa Holdings Pte Ltd and applies across all nine entities of the Simpaisa Group with effect from 1 April 2026.

POLICY 2: CODE OF CONDUCT AND ETHICS

SIMPAISA GROUP

CODE OF CONDUCT AND ETHICS

Field Detail
Document Reference SGP-GOV-005
Version 1.0
Status Active
Owner Chief Executive Officer (CEO)
Approver Board of Directors
Effective Date 1 April 2026
Next Review Date 1 April 2027
Classification Internal

Document Control

Revision History

Version Date Author Changes
0.1 January 2026 CEO Office Initial draft
0.2 February 2026 CEO Office, Legal, HR, Compliance Internal review and revision
0.3 March 2026 Legal Jurisdiction review; Islamic workplace considerations
1.0 April 2026 CEO Board-approved final version

Distribution

This Code of Conduct and Ethics ("Code") applies to all persons covered under Section 2. It is published on the internal policy management system, the Group's intranet, and is provided to all new employees, contractors, and Board members upon commencement of their relationship with the Group. An acknowledgement of this Code is required under Section 15.

  • Whistleblowing Policy (SGP-GOV-002)
  • Complaints Handling Policy (SGP-GOV-004)
  • Data Governance Policy (SGP-CDO-001)
  • Information Security Policy
  • Anti-Money Laundering and Counter-Terrorist Financing Policy
  • Conflicts of Interest Policy
  • Gifts and Entertainment Policy
  • Human Resources policies (leave, disciplinary, grievance procedures)

1. Purpose

This Code of Conduct and Ethics ("Code") articulates the ethical principles, behavioural standards, and professional obligations that govern the conduct of all persons associated with Simpaisa Group ("Simpaisa" or "the Group"). It reflects the Group's commitment to building and sustaining an organisation characterised by integrity, transparency, accountability, and mutual respect - values that underpin everything Simpaisa does and the trust placed in it by customers, partners, regulators, and the communities it serves.

This Code is not an exhaustive statement of every obligation that may apply to a given individual. It sets the minimum behavioural standard expected of everyone in the Group and provides a framework for ethical decision-making. Where doubt exists about whether a course of action is consistent with this Code, the guiding question is: would this action reflect well on Simpaisa and the individual if it were known to the person's manager, the CEO, the Board, or a regulator? If the honest answer is no, the action should not be taken.

2. Scope and Application

2.1 Who This Code Applies To

This Code applies without exception to:

  • All employees of Simpaisa Group in all entities and all jurisdictions, whether full-time, part-time, fixed-term, or on probation;
  • All contractors, consultants, and freelancers engaged by any Simpaisa entity;
  • All secondees and agency workers performing work on behalf of any Simpaisa entity;
  • All members of the Board of Directors of Simpaisa Holdings Pte Ltd and of all subsidiary entity boards;
  • All senior advisers and observers engaged in a formal capacity with any Simpaisa entity.

For the avoidance of doubt, this Code applies across all nine entities of the Simpaisa Group, including but not limited to entities operating in Singapore, the United Arab Emirates (DIFC), Pakistan, Bangladesh, Nepal, Iraq, the United Kingdom, and Canada.

2.2 Third Parties

While this Code directly governs those listed in Section 2.1, Simpaisa expects its business partners, suppliers, and third-party service providers to operate to equivalent standards. Where the Group has material influence over a third party's conduct, it shall seek appropriate contractual commitments to ethical and professional behaviour.

2.3 Compliance with Local Law

This Code sets minimum standards. Where applicable local law or regulation imposes a higher or more specific obligation, that obligation prevails. Where local law or custom falls below the standards in this Code, this Code prevails. Individuals operating in any jurisdiction are responsible for understanding and complying with local legal requirements in addition to this Code.

3. Ethical Principles

Simpaisa's conduct is anchored in five core ethical principles. These principles are not aspirational slogans; they define the character of the organisation and the standard against which all conduct is measured.

3.1 Integrity

Simpaisa acts honestly in all circumstances. Integrity means doing the right thing even when no one is watching; it means that Simpaisa's word, its commitments, and its data can be trusted by customers, partners, regulators, and employees alike. Every person covered by this Code is expected to be truthful in all communications, accurate in all records and reports, and consistent in applying their values whether observed or unobserved.

Integrity expressly prohibits: falsifying records or reports; misrepresenting facts to colleagues, customers, partners, or regulators; concealing errors rather than disclosing them promptly; and making commitments the Group does not intend or expect to honour.

3.2 Transparency

Simpaisa communicates openly and clearly. Transparency means that customers understand what they are paying for, employees understand what is expected of them, and regulators can rely on the information Simpaisa provides. Transparency does not mean the indiscriminate disclosure of confidential or commercially sensitive information; it means that relevant information is shared promptly with those who need it and that concealment is never used to protect the Group at another's expense.

3.3 Fairness

Simpaisa treats all individuals - customers, employees, partners, and counterparties - equitably and without bias. Fairness means that decisions are made on merit, processes are applied consistently, and no individual or group is advantaged or disadvantaged on the basis of characteristics unrelated to the matter at hand. Simpaisa's commitment to fairness extends to fair pricing, fair treatment of complainants, fair performance assessment, and fair commercial dealing.

3.4 Accountability

Every person at Simpaisa is accountable for their own actions and for the quality of the work within their responsibility. Accountability means accepting ownership of decisions and their consequences, not deflecting responsibility when things go wrong, and being willing to explain and justify one's conduct. Accountability applies to all levels of the organisation: the CEO is accountable to the Board; the Board is accountable to shareholders and regulators; and every employee is accountable to their manager and ultimately to the customers whose trust Simpaisa holds.

3.5 Respect

Simpaisa is a diverse, international organisation operating across multiple cultures, religions, and communities. Respect means treating every person with dignity, courtesy, and consideration, regardless of their position, background, nationality, religion, gender, or any other characteristic. Respect is not passive tolerance; it is active recognition of the value each person brings to the Group and to the communities it serves.

4. Professional Conduct Standards

4.1 General Standards

4.1.1 All persons covered by this Code shall conduct themselves professionally in all interactions connected with Simpaisa, whether in the workplace, at external meetings, at industry events, or in any other context in which they represent or may be perceived to represent the Group.

4.1.2 Professional conduct includes: meeting commitments and deadlines; communicating clearly and respectfully; taking ownership of errors and working to correct them; treating colleagues' time and contributions with respect; and maintaining standards of personal conduct appropriate to the professional environment.

4.1.3 No person covered by this Code shall conduct themselves in a manner that brings or risks bringing Simpaisa, its regulated entities, or its regulators into disrepute.

4.2 Conflicts of Interest

4.2.1 All persons covered by this Code shall actively identify and manage conflicts of interest - situations where personal interests or obligations to a third party could influence, or could reasonably be perceived to influence, their exercise of judgment or duties on behalf of Simpaisa.

4.2.2 Any actual, potential, or perceived conflict of interest shall be disclosed promptly to the individual's line manager and to the Compliance function using the Group's conflicts register process.

4.2.3 A disclosed conflict of interest shall be managed in accordance with the Group's Conflicts of Interest Policy. Management options include recusal from the relevant decision, enhanced oversight, or, where the conflict is irreconcilable, removal from the relevant role or responsibility.

4.2.4 Board members shall disclose conflicts of interest in accordance with the Group's Board governance framework and applicable company law in the relevant jurisdiction.

4.3 Gifts and Entertainment

4.3.1 The giving or receiving of gifts, entertainment, or hospitality in connection with Simpaisa's business shall be conducted in accordance with the Group's Gifts and Entertainment Policy.

4.3.2 No person shall offer or accept any gift, entertainment, or benefit intended to improperly influence a business decision, a regulatory outcome, or any other act or omission. This prohibition applies regardless of the value of the benefit and regardless of local custom.

4.4 Anti-Bribery and Corruption

4.4.1 Simpaisa has zero tolerance for bribery and corruption in any form. No person covered by this Code shall offer, give, request, or receive any bribe, kickback, or improper inducement in connection with the Group's business.

4.4.2 This prohibition applies to interactions with private parties and public officials, whether domestic or foreign. It applies whether the act is direct or through an intermediary.

4.4.3 Facilitation payments are prohibited regardless of local custom, convention, or the amounts involved.

5. Confidentiality Obligations

5.1 Scope of Confidential Information

5.1.1 All persons covered by this Code shall maintain the confidentiality of all information relating to Simpaisa Group, its customers, partners, employees, and business operations that is not in the public domain or that has been shared on a confidential basis.

5.1.2 Confidential information includes, without limitation: customer personal data and transaction data; business strategies and plans; financial information; technology architecture and source code; pricing and commercial terms; regulatory submissions and correspondence; personal information about employees; and information shared by partners under non-disclosure or confidentiality agreements.

5.2 Obligations

5.2.1 Confidential information shall be used solely for the purposes of performing the individual's role at Simpaisa. It shall not be disclosed to any person outside the Group, or to persons within the Group who do not have a legitimate need for it, without the explicit authorisation of the relevant owner of that information.

5.2.2 Confidentiality obligations continue after the end of an individual's relationship with Simpaisa, for the periods specified in their employment contract, contractor agreement, or applicable law, and in any event for as long as the information remains confidential.

5.2.3 The loss, unauthorised access to, or unauthorised disclosure of confidential information shall be reported immediately to the Chief Digital Officer (CDO) and the Head of Information Security in accordance with the Group's Information Security Policy and applicable data breach notification requirements.

5.2.4 Confidentiality obligations do not prevent any person from making a protected disclosure in good faith under the Group's Whistleblowing Policy (SGP-GOV-002) or applicable whistleblowing legislation.

6. Anti-Discrimination and Equal Opportunity

6.1 Commitment

6.1.1 Simpaisa is committed to providing equal opportunity in employment and professional engagement. The Group does not discriminate, directly or indirectly, on the basis of: age; disability; gender; gender reassignment; marriage and civil partnership status; pregnancy and maternity; race, ethnicity, or national origin; religion or belief; sex; sexual orientation; or any other characteristic protected under applicable law in any jurisdiction in which the Group operates.

6.1.2 This commitment applies to all aspects of employment and engagement, including: recruitment and selection; terms and conditions of employment; training and development; performance assessment and promotion; disciplinary and grievance processes; and the termination of employment or engagement.

6.2 Obligations

6.2.1 No person covered by this Code shall discriminate against any other person on any of the grounds set out in Section 6.1, whether as an employer, manager, colleague, or in any other capacity.

6.2.2 Any person who believes they have been subjected to discrimination, or who witnesses discriminatory conduct, shall report it in accordance with Section 13 of this Code.

6.2.3 The Group shall take positive steps to promote equal opportunity and to remove barriers to participation for underrepresented groups. The COO and Head of Human Resources are jointly responsible for implementing the Group's equal opportunity commitments.

7. Anti-Harassment and Anti-Bullying

7.1 Definitions

Harassment is unwanted conduct related to a relevant protected characteristic (as listed in Section 6.1), or of a sexual nature, that has the purpose or effect of violating a person's dignity or creating an intimidating, hostile, degrading, humiliating, or offensive environment.

Bullying is persistent or repeated behaviour by an individual or group that is unreasonable, offensive, intimidating, or humiliating, and that undermines the target's confidence, dignity, or professional standing. Bullying does not require a connection to a protected characteristic.

7.2 Prohibitions

7.2.1 Harassment and bullying in any form are prohibited. This prohibition applies in all work-related contexts, including the workplace, work events, business travel, and any digital or written communication connected with Simpaisa.

7.2.2 Examples of prohibited conduct include, without limitation: sexual or gender-based comments, advances, or insinuations; derogatory remarks based on ethnicity, religion, nationality, or any other characteristic; persistent criticism designed to undermine rather than to develop; social exclusion; threats; and intimidation.

7.2.3 Simpaisa recognises that harassment and bullying can occur between peers, from a manager toward a direct report, and from a subordinate toward a manager. All are equally prohibited.

7.3 Reporting and Response

7.3.1 Any person who experiences or witnesses harassment or bullying shall report it using the channels described in Section 13 of this Code. The Group shall investigate all reports promptly, impartially, and with appropriate confidentiality.

7.3.2 Simpaisa shall take all reports seriously. Unfounded allegations made in bad faith will be addressed through the disciplinary process. Allegations made in good faith, even if ultimately unsubstantiated, shall not result in adverse treatment of the person making the report.

7.3.3 Retaliation against any person for making a good-faith report of harassment or bullying is itself a serious disciplinary matter.

8. Social Media and External Communications

8.1 Personal Social Media

8.1.1 Persons covered by this Code are free to maintain personal social media accounts and to express personal views. However, they must ensure that their personal social media activity does not:

(a) disclose Simpaisa's confidential information (see Section 5);

(b) make statements that could reasonably be attributed to Simpaisa and that the Group has not authorised;

(c) bring Simpaisa, its customers, its partners, or its colleagues into disrepute;

(d) constitute harassment, discrimination, or bullying of any person connected with Simpaisa; or

(e) breach any applicable regulatory obligation, including rules on financial promotions.

8.1.2 Where a personal social media post could reasonably be read as expressing a view on behalf of Simpaisa, the individual shall make clear that the views expressed are personal.

8.1.3 Current or former employees shall not post negative commentary about Simpaisa, its customers, its partners, or colleagues in any public forum, whether or not they are identified as a Simpaisa employee.

8.2 Official Communications

8.2.1 All public communications made on behalf of Simpaisa - including media statements, regulatory submissions, investor communications, marketing materials, and official social media posts - shall be accurate, approved through the relevant authorisation process, and consistent with the Group's communications policy.

8.2.2 Only persons expressly authorised to do so shall communicate on behalf of Simpaisa with the media, regulators, or investors. Requests for comment from journalists or analysts shall be directed to the CEO or their designated communications representative without response.

8.2.3 No person shall make a public statement on behalf of Simpaisa that they know or reasonably believe to be false or misleading.

9. Use of Company Assets and Information

9.1 Company Assets

9.1.1 All Simpaisa assets - including physical assets (devices, office equipment, facilities), information assets (systems, data, intellectual property), and financial assets - shall be used responsibly, for legitimate business purposes, and in accordance with applicable Group policies.

9.1.2 Personal use of company assets is permitted on an incidental basis provided it does not: impair the performance of the individual's duties; conflict with the Group's policies; create a security or compliance risk; or impose a material cost on the Group.

9.1.3 No person shall use Simpaisa's assets to conduct a personal business or a business that competes with or conflicts with Simpaisa's interests.

9.1.4 All persons are responsible for the safekeeping of any Simpaisa asset in their possession. Loss or theft of any asset, particularly devices, access credentials, or documentation containing confidential information, shall be reported immediately to the Head of Information Security.

9.2 Information Systems

9.2.1 All persons shall comply with the Group's Information Security Policy in their use of Simpaisa's technology systems, including email, collaboration tools, cloud services, and code repositories.

9.2.2 Access credentials (usernames, passwords, and authentication tokens) are personal and shall not be shared with any other person under any circumstances. Requests to share access credentials, even from a senior colleague, shall be refused and reported to the Head of Information Security.

9.2.3 Persons covered by this Code shall not attempt to access systems, data, or information to which they have not been granted access rights, and shall not assist others in doing so.

9.3 Intellectual Property

9.3.1 All intellectual property created by an employee or contractor in the course of their work for Simpaisa belongs to the relevant Simpaisa entity, unless otherwise agreed in writing. This includes code, designs, written materials, processes, and inventions.

9.3.2 No person shall use Simpaisa's intellectual property for personal purposes or disclose it to third parties without authorisation.

10. Islamic Workplace Considerations

Simpaisa is an international, culturally diverse organisation. A significant proportion of the Group's employees, customers, and communities are Muslim. Simpaisa is committed to providing a workplace that respects Islamic practice and makes reasonable adjustments to support employees in observing their faith. The following provisions apply across the Group, with implementation adapted to local context and applicable employment law.

10.1 Prayer Facilities

10.1.1 Simpaisa shall provide appropriate prayer facilities at all office locations where there is a material Muslim employee population, or shall ensure that employees have reasonable access to nearby facilities. Prayer spaces shall be clean, private, and respectfully maintained.

10.1.2 Employees shall be permitted to take reasonable time for obligatory daily prayers (Salah). Managers shall accommodate prayer times in the scheduling of meetings and activities, particularly at prayer times that fall during the working day. Employees are not required to account individually for time taken for prayer, provided that their overall working hours and commitments are met.

10.2 Halal Catering

10.2.1 Where Simpaisa provides catering at its offices or at Group events, halal options shall be available and clearly labelled. At events where halal options cannot be guaranteed, employees shall be informed in advance.

10.2.2 No employee shall be placed in a position where their only available food option is not halal.

10.3 Ramadan

10.3.1 During the month of Ramadan, Simpaisa shall make reasonable adjustments for fasting employees, including:

(a) reduced working hours where this is permitted under local employment law and the needs of the business allow, or flexible arrangements for the start and end of the working day;

(b) consideration of meeting scheduling to avoid the most intensive work demand around Iftar (breaking of fast) and Suhoor (pre-dawn meal) times;

(c) sensitivity from managers regarding the physical demands of fasting, including avoidance of particularly intensive physical or mentally demanding tasks where reasonable alternatives exist; and

(d) facilitation of Tarawih prayer obligations for employees who observe them.

10.3.2 Managers shall approach Ramadan adjustments constructively and supportively. Employees shall agree arrangements with their manager in advance of Ramadan each year.

10.4 Eid Leave

10.4.1 Simpaisa recognises Eid al-Fitr and Eid al-Adha as significant religious observances. In jurisdictions where these days are not public holidays, Muslim employees may request paid leave for Eid observance. Such requests shall be accommodated wherever operationally possible.

10.4.2 In jurisdictions where Eid falls on a working day and is not a public holiday, managers shall treat Eid leave requests with priority and shall not unreasonably refuse them. Where operational requirements make it impossible to accommodate a request, an alternative day shall be agreed in lieu.

10.4.3 Employees are encouraged to submit Eid leave requests as early as practicable. The Group's HR function shall maintain guidance on the Eid leave process for each jurisdiction.

10.5 General Religious Accommodation

10.5.1 The provisions in Sections 10.1 to 10.4 reflect the Group's specific commitments to Muslim employees. Simpaisa is equally committed to accommodating the religious practices of employees of all faiths, where reasonable and in accordance with applicable law. Employees who require accommodations related to religious practice should speak with their line manager or the HR function.

11. Reporting Violations

11.1 Obligation to Speak Up

11.1.1 Every person covered by this Code has a responsibility to speak up when they observe, suspect, or are aware of conduct that may violate this Code, Simpaisa's policies, or applicable law. Silence in the face of known or suspected wrongdoing is itself inconsistent with Simpaisa's values.

11.1.2 Reporting a concern in good faith is always the right thing to do. Simpaisa shall never penalise a person for making a good-faith report, even if the report is ultimately unsubstantiated.

11.2 Reporting Channels

11.2.1 Concerns about potential violations of this Code may be reported through the following channels:

Channel Appropriate Use
Line manager Most concerns; the preferred first point of contact for matters that do not involve the line manager
Next-level manager or another senior manager Where the concern involves the line manager or where the reporter is uncomfortable reporting to the line manager
Human Resources Conduct matters, including harassment, bullying, and discrimination
Compliance function Regulatory, financial crime, and ethical concerns
Whistleblowing Policy (SGP-GOV-002) Serious concerns, including regulatory breaches, fraud, financial crime, health and safety violations, and matters the reporter wishes to raise confidentially or anonymously
CEO or Board Chair Matters involving senior executives, where other channels are unavailable or inappropriate

11.2.2 The Whistleblowing Policy (SGP-GOV-002) provides detailed guidance on the whistleblowing process, including the confidentiality protections, the scope of reportable concerns, and applicable legal protections for whistleblowers in each jurisdiction. All persons covered by this Code are encouraged to read that Policy.

11.2.3 Reports may be made anonymously where the reporting channel permits. Simpaisa shall investigate all reports in good faith regardless of whether the reporter has identified themselves.

11.3 Non-Retaliation

11.3.1 Retaliation against any person who makes a good-faith report under this Code or the Whistleblowing Policy is prohibited. Retaliation includes: dismissal; demotion; reduction in compensation; exclusion from opportunities; and any other adverse treatment connected with the making of a report.

11.3.2 Any person who believes they have been subjected to retaliation following a report should escalate immediately to the COO, CEO, or Board Chair, as appropriate.

11.3.3 Managers and senior leaders who engage in or permit retaliation shall be subject to the most serious disciplinary consequences, up to and including summary dismissal.

12. Consequences of Breach

12.1 Disciplinary Framework

12.1.1 Breaches of this Code are taken seriously. The severity of the consequences will depend on the nature and gravity of the breach, whether it was deliberate or negligent, whether it caused harm, the individual's conduct history, and any mitigating circumstances.

12.1.2 Consequences of breach may include, on a graduated basis:

Level Consequence
Minor breach Verbal warning; mandatory refresher training
Moderate breach Written warning; mandatory training; potential adjustment of responsibilities
Serious breach Final written warning; suspension pending investigation; demotion; removal of authority
Gross misconduct Summary dismissal without notice or payment in lieu of notice

12.1.3 The following categories of conduct are considered gross misconduct and may result in summary dismissal:

(a) fraud, theft, or dishonesty of any kind;

(b) bribery or corruption;

(c) serious breach of confidentiality causing material harm;

(d) serious harassment or bullying;

(e) falsification of records, financial statements, or regulatory submissions;

(f) serious breach of information security obligations;

(g) material conflict of interest deliberately concealed;

(h) retaliation against a whistleblower;

(i) conduct that causes or risks causing a significant regulatory breach; and

(j) any other conduct that the Group reasonably concludes is fundamentally incompatible with continued employment.

12.1.4 The Group's disciplinary process shall be conducted in accordance with applicable employment law in the relevant jurisdiction and the Group's HR disciplinary procedures. All persons subject to disciplinary proceedings shall be afforded a fair process, including the right to representation where applicable law or Group policy provides for it.

12.1.5 Where a breach of this Code may also constitute a criminal offence or regulatory violation, Simpaisa reserves the right to report the matter to the relevant law enforcement agency or regulator, irrespective of the outcome of internal disciplinary proceedings.

12.2 Board Members and Senior Executives

12.2.1 Breaches of this Code by Board members shall be addressed by the Board Chair (or, where the breach involves the Chair, by the Senior Independent Director or equivalent). The Board shall determine appropriate consequences in accordance with the relevant entity's constitutional documents and applicable law.

12.2.2 Breaches by the CEO shall be addressed by the Board Chair and the Board. Breaches by other Executive Committee members shall be addressed by the CEO in consultation with the Board Chair, with Board oversight.

13. Annual Acknowledgement

13.1 Requirement

13.1.1 Every person covered by this Code shall acknowledge, in writing, that they have read, understood, and agree to comply with this Code:

(a) upon commencement of their employment, directorship, or engagement with Simpaisa; and

(b) annually thereafter, within 30 days of the commencement of each calendar year or upon each material revision of the Code.

13.1.2 Acknowledgement shall be completed through the Group's learning management system or, where an individual does not have system access, via a signed acknowledgement form submitted to the HR function.

13.1.3 Completion of annual acknowledgement is mandatory. Non-completion within the 30-day window shall be escalated to the individual's line manager and reported to the COO. Persistent non-compliance shall be addressed through the disciplinary process.

13.1.4 Records of all acknowledgements shall be maintained by the HR function for the duration of the individual's relationship with Simpaisa and for a minimum of six years thereafter.

14. Training Requirements

14.1 Mandatory Training

14.1.1 All persons covered by this Code shall complete mandatory ethics and conduct training:

(a) as part of their induction to Simpaisa, to be completed within the first 30 days of commencement; and

(b) annually, as part of the Group's mandatory training programme.

14.1.2 The mandatory training programme shall cover, at minimum: the contents of this Code; the Group's reporting and whistleblowing channels; anti-harassment and bullying obligations; information security and confidentiality; and anti-bribery and corruption.

14.2 Role-Specific Training

14.2.1 In addition to mandatory training, the following role-specific training requirements apply:

Role Category Additional Training
All people managers Managing conduct and performance; fair investigation processes; recognising and preventing harassment and bullying; supporting diverse teams
Compliance and legal staff Regulatory conduct obligations; whistleblowing framework; jurisdiction-specific requirements
Finance and Treasury staff Anti-bribery and corruption (enhanced); conflicts of interest in financial dealings
Technology staff Information security conduct obligations; responsible use of AI and data tools
Board members Director duties and conduct obligations; regulatory expectations of approved persons

14.2.2 Role-specific training shall be completed within 60 days of the individual assuming the relevant role and refreshed at minimum every two years, or immediately following a material change in regulatory requirements.

14.3 Training Records and Monitoring

14.3.1 All training completion shall be recorded in the Group's learning management system. The HR function shall produce monthly training completion reports and shall escalate persistent non-completion to the relevant Head of Department and the COO.

14.3.2 Training content shall be reviewed and updated annually by the HR function in consultation with Compliance and Legal, and following any material revision to this Code or to applicable regulatory requirements.

15. Governance and Policy Review

15.1 Roles and Responsibilities

Role Responsibility
Board of Directors Approving this Code; receiving annual reports on compliance and breaches; setting the tone from the top
Chief Executive Officer (CEO) Policy Owner; modelling the values of this Code in all conduct; ensuring the Code is embedded across the Group; approving material revisions for Board consideration
Chief Operating Officer (COO) Overseeing implementation; monitoring compliance; reporting to the CEO and Board on material breaches and trends
Head of Human Resources Administering annual acknowledgement; managing training programmes; managing disciplinary processes in accordance with this Code
Head of Compliance Advising on regulatory conduct obligations; managing whistleblowing disclosures with regulatory implications; reporting regulatory conduct issues to regulators as required
All Managers Modelling the standards in this Code; addressing conduct issues promptly; supporting team members who raise concerns
All Covered Persons Reading, acknowledging, and complying with this Code; raising concerns through appropriate channels

15.2 Annual Report to Board

15.2.1 The CEO shall present an annual report to the Board on conduct and ethics matters, covering:

(a) the number and nature of reported violations of this Code;

(b) disciplinary outcomes, presented in aggregate and anonymised form;

(c) whistleblowing disclosures and their outcomes;

(d) training completion rates;

(e) annual acknowledgement completion rates;

(f) any material regulatory findings relating to conduct; and

(g) proposed updates to the Code or training programme for the coming year.

15.3 Policy Review

15.3.1 This Code shall be reviewed annually by the CEO, in consultation with the COO, Head of HR, Head of Compliance, and General Counsel. The revised Code shall be submitted to the Board for approval.

15.3.2 Material revisions to this Code shall be communicated to all covered persons and shall trigger a fresh acknowledgement and training requirement within 60 days of the revision's effective date.

15.3.3 This Code shall also be reviewed following any significant regulatory finding, material conduct incident, or change in applicable law that affects the Group's conduct obligations.

This Code of Conduct and Ethics is approved by the Board of Directors of Simpaisa Holdings Pte Ltd and applies across all nine entities of the Simpaisa Group with effect from 1 April 2026.