Financial Crime Policy: Anti-Bribery, Corruption and Fraud

1.1 Policy Statement

The EirGrid Financial Crime Policy brings together our existing Anti‑Bribery and Corruption (ABC) and Anti‑Fraud requirements into a single, consolidated standard. It outlines EirGrid’s commitment to conducting its activities with integrity, transparency, and accountability, and to promoting ethical business practices across all operations.

EirGrid seeks to prevent and deter all forms of financial crime, including bribery, corruption, and fraud as defined under the Criminal Justice (Corruption Offences) Act 2018 and the Criminal Justice (Theft and Fraud Offences) Act 2001, as well as related risks such as modern slavery. Financial‑crime considerations are embedded within EirGrid’s Enterprise Risk Management (ERM) framework. The organisation encourages a culture of responsible conduct, supports the secure reporting of concerns, and takes appropriate action where misconduct is identified. 

1.2 Purpose

This policy establishes the controls required to prevent, detect and respond to financial crime risks across our activities, projects, and third‑party relationships. It is a core component of EirGrid’s governance and resilience framework, integrating with our Codes of Conduct and Protected Disclosures policy. 

The purpose of this policy is to:

Sets out the responsibilities and behaviours we expect to ensure compliance with relevant legislation and our ethical standards. 

Enables the recognition and reporting of suspicions or concerns relating to financial crime, so they can be investigated, and corrective actions taken to protect EirGrid’s assets, reputation and integrity. 

Explains how our organisational governance maintains effective accountability and oversight for financial crime risk and compliance. 

1.3 What is Financial Crime?

Fraud: It is a dishonest act intended to cause unfair or unlawful loss to another or gain for oneself, including deception, forgery, or embezzlement. 

Bribery and Corruption: Incentives or benefits that are offered, promised, or given to secure any commercial, contractual, regulatory, or personal gain, or the abuse of power to influence an action. This can include the improper offering, giving or receiving of gifts, hospitality or endorsements, as well as facilitation payments and kickbacks.

Market abuse: Disclosing confidential, price-sensitive information to a third party outside the normal exercise of employment or professional duties.

Money laundering and financing terrorism: Transforming the proceeds of crime into legitimate money or assets. Terrorist activity may be facilitated or sponsored by the proceeds of money laundering or from other fraudulent activities and may include bypassing sanctions or other controls. 

Sanctions: Legally binding restrictive measures targeting specific individuals, entities, sectors, or countries, such as asset freezes, financial prohibitions, trade restrictions, and travel bans; by the United Nations, European Union, United Kingdom, United States, and other countries imposing trade and financial restrictions known as sanctions.

Tax evasion: Illegal practice of not paying or under-payment of taxes; not reporting income, or reporting expenses not legally owed, through deliberate and dishonest conduct. 

Modern Slavery: Deprivation of a person’s liberty by another to exploit them for personal or commercial gain, whether through slavery, servitude, forced and compulsory labour, and human trafficking

1.4 Who must comply with this Policy?

This policy applies to all persons working for any EirGrid¹ company or on its behalf in any capacity, including employees at all levels, Board Members, agency workers, seconded workers, volunteers, interns, agents, contractors, external consultants, third-party representatives and business partners, sponsors, or any other person associated with EirGrid, wherever located. Throughout this Policy document, the terms employee / employees / staff may be read to include all of the above persons. 

This policy is not a component of any employee's employment contract or the terms of engagement between EirGrid and its contractors and agents, and we reserve the right to modify it at any time. Nevertheless, adherence to this policy, along with other designated policies, will be a contractual obligation for EirGrid employees, as well as for EirGrid 's contractors and agents.

All consultants, intermediaries, subcontractors, distributors, partners, agents or other third parties engaged by the Group must ensure that they comply with the rules set out in this policy. Both individuals and EirGrid Group Companies can be held legally accountable for the actions of such third parties. 

There are no geographical boundaries for the commission of a wrongdoing. Consequently, if the wrongdoing is committed abroad i.e. outside Ireland and Northern Ireland, this Policy still applies irrespective if the wrongdoing would be regarded as an offence in that country.

1.5 Governance Context

This Policy reflects obligations arising under legislation including:

While financial crime laws in different countries generally reflect similar principles, there are differences, both in the laws themselves and in what is considered best practice in complying with those laws. If you are ever in doubt as to whether an action is appropriate or not, you should seek guidance from your Head of Function or EirGrid’s legal department.

1.6 Related Documents

The following policy documents are related to or impacted by the Policy:

EirGrid complies with public‑sector governance requirements and ethical obligations applicable to state bodies; this policy supports those obligations and the Board’s control and oversight responsibilities.

¹The terms “EirGrid” and “EirGrid Group” includes EirGrid plc and all its’ subsidiaries incorporated in the Republic of Ireland. SONI Ltd maintains its own Policy.

Financial crime includes fraud and deception, the misuse of power through bribery and corruption, and the deliberate evasion of tax obligations. Also, business transactions with sanction listed persons or countries and crimes that cause profound social harm, specifically modern slavery and human trafficking, other exploitative practices. 

Refer to Appendix 1 for examples of Financial Crime and Appendix 2 for an explanation of key words, abbreviations, acronyms or terms used in the Policy.

Our commitment to combating financial crime is fundamentally integrated into our Enterprise Risk Management (ERM) Framework. The ERM methodology ensures that efforts are not siloed but are embedded into our core business processes, including third-party due diligence, procurement, and financial reporting. By aligning accepted standards with the broader ERM strategy, we maintain a unified defence against ethical risks, protect our corporate reputation, and ensure continuous monitoring for emerging threats in the jurisdictions where we operate.

2.1 Fraud

Fraud is defined as any act where a person dishonestly, with the intent of making a gain or causing a loss, uses deception to induce another to act or refrain from acting. Examples of fraud include specific "red flags" such as expense abuse, payroll fraud (ghost employees), misuse of assets, phishing, ransomware, identity theft, "greenwashing", bid-rigging and collusion. And more examples of fraud ‘red flags' can be found in Appendix 3. 

The effective application of the Enterprise Risk Management Framework is one of the measures in place to prevent and/or detect fraud, specifically during:

• Risk Assessments – the exposure to fraud risk should be considered during all risk assessments; and

• Control Identification & Effectiveness –fraud detection/prevention controls should be specifically identified and assessed for operating effectiveness.

2.2 Anti-Bribery and Corruption

EirGrid prohibits, without exception, offering, promising, giving, requesting, agreeing to receive, or accepting any undue advantage—directly or indirectly, including through third parties—to improperly influence any act or decision or to gain an improper advantage. This prohibition applies to interactions with public officials and private parties alike, in Ireland and abroad. EirGrid is dedicated to upholding anti-bribery measures, fostering a culture of integrity, and guaranteeing that issues can be reported securely and examined fairly. 

2.3 Market Abuse

EirGrid prohibits all forms of market abuse, including insider trading and market manipulation, in line with the EU Regulation on Wholesale Energy Market Integrity and Transparency (REMIT). Market abuse includes using or sharing non‑public inside information or engaging in behaviour that gives false or misleading signals about supply, demand, or prices in wholesale energy markets.

Inside information must be handled confidentially and disclosed promptly where REMIT requires it, ensuring transparency and fair market conditions. EirGrid will monitor market behaviour and fully cooperate with CRU and ACER in any assessment or investigation of suspected market abuse, as part of the EU‑wide monitoring and enforcement framework.

Employees must escalate any potential market‑abuse concerns immediately, in accordance with the Raising a Concern section, for assessment and regulatory reporting where required.

2.4 Sanctions

It is EirGrid’s policy to comply with all applicable sanctions. Compliance with these laws is essential to the EirGrid Group's well-being and failure to comply could result in civil and criminal penalties, as well as damaging publicity. Business activities with or involving sanctioned persons or sanctioned countries, defined separately, could also conflict with obligations under the EirGrid Group's financing agreements.

Sanctions compliance is the process of ensuring that an entity does not deal with listed persons by directly or indirectly providing "funds" or "economic resources" (including goods, services, or property) to any individual or entity on an official sanctions list or by exporting or importing goods to sanctioned regions (e.g., specific territories in Ukraine, Russia, or Belarus). Or bypass restrictions by engaging in activities intended to circumvent these controls, such as using intermediary shell companies.

2.5 Modern Slavery

The Board, the Chief Executive and the executive team are committed to upholding and respecting all aspects of human rights including ensuring that slavery and human trafficking is not taking place in our business or any of our supply chains. EirGrid plc’s Modern Slavery & Human Trafficking Statement summarises our approach to combatting modern slavery in our business and supply chains in accordance with the UK Modern Slavery Act 2015. 

EirGrid’s modern slavery approach, policies and codes include the following provisions and/or address the following issues:

• The business adheres to local, national, and international laws.

• Workers have the freedom to terminate their employment.

• Workers enjoy freedom of movement.

• There are freedom of association and the right to collective bargaining.

• Any threat of violence, harassment, and intimidation is prohibited.

• The use of worker-paid recruitment fees, including in the migrant worker’s country of origin, is prohibited.

• Workers are provided with free, comprehensive, and accurate information regarding their rights and the conditions of their recruitment and employment in writing, in a language they understand.

• Compulsory overtime is prohibited.

• Child labour is prohibited.

• Discrimination is prohibited.

• Confiscation of workers' original identification documents is prohibited.

• Access to remedy, compensation, and justice for survivors of modern slavery is provided.

• Workers are informed, in a form and language they understand, of hazards to which they may be exposed, including exposure to toxic chemicals and their effects.

For the policies and practices to have the desired effect, it is supported through effective communications and where appropriate, training, resourcing, and collaboration of effort by appropriately skilled employees.

The aforementioned is contained in EirGrid’s internal operating policies and are relevant to modern slavery. For guidance or support to adhere to the obligations above, employees can contact Governance, Risk and Compliance for guidance. Also refer to the Employee Code of Conduct, recruitment, and procurement practices.

3.1 Prohibited & Restricted Conduct

EirGrid is opposed to Financial Crime in all forms. The following practices are prohibited, strictly prohibited or subject to defined restrictions to ensure compliance with legal, regulatory, ethical, and organisational standards. Definitions for restricted and strictly prohibited practices can be found in Appendix 2. 

(i) Bribery and Improper Influence               

Strictly Prohibited      

Employees must never:

This applies to all interactions with both public officials and private‑sector individuals.

(ii) Facilitation Payments

Strictly Prohibited        

EirGrid prohibits all facilitation payments - small, unofficial payments made to secure or expedite routine governmental or administrative actions.

This prohibition applies:

Facilitation Payments in Life-Safety Situations: The only exception is where a person faces an immediate threat to life, safety, or liberty. Such incidents must be reported to the Executive Committee and Head of Governance, Risk & Compliance as soon as practicable.

(iii) Gifts, Hospitality, Entertainment and Travel

Restricted

EirGrid recognises that modest and appropriate gifts or hospitality may be part of legitimate business engagement. However, they can create risks if not properly controlled.

Strict rules apply for gifts, hospitality, entertainment or travel must never be offered or accepted if they:

Refer to the Hospitality, Gifts & Entertainment Policy for further details including thresholds, approvals and reporting.

(iv) Political Contributions               

Prohibited        

To avoid any perception of political influence:

(v) Charitable Donations, Sponsorships and Community Contributions 

Restricted        

EirGrid supports legitimate charitable and community activities. However, such contributions must not be used to improperly influence decisions. Restricted unless approved; contributions must:

Be aligned with EirGrid’s corporate social responsibility strategy.

(vii) Employment, Internships and Procurement‑Related Favouritism               

Strictly Prohibited               

Employees must not offer or accept:

All recruitment, procurement, and engagement decisions must follow transparent, merit‑based processes.

(viii) Conflict of Interest Mismanagement 

Prohibited               

Conflicts of interest (actual, potential, or perceived) must be:

Examples include financial interests in suppliers, close personal relationships in procurement chains, outside employment, or advisory roles that intersect with EirGrid’s operations.

(ix) Misuse of Confidential Commercial, or Insider Information

Strictly Prohibited       

It is prohibited to:

(x) Manipulation of Records, Documentation, and Financial Controls 

Strictly Prohibited               

Employees must not:

Accurate record‑keeping is essential for transparency and auditability.

(xi) Use of Third Parties, Intermediaries or Consultants for Improper Purposes    

Prohibited              

EirGrid prohibits the use of third parties to perform actions that would be prohibited if done directly. Examples include:

All third‑party engagements must pass due diligence and be subject to contract clauses prohibiting bribery.

(xii) Modern Slavery   

Strictly Prohibited

EirGrid strictly prohibits all forms of modern slavery, human trafficking, forced or compulsory labour, and servitude.

(xiii) Retaliation Against Individuals Who Raise Concerns

Strictly Prohibited        

EirGrid prohibits any form of retaliation - direct or indirect - against persons who:

Any retaliation will itself be treated as a serious breach.

(xiv) Any Attempt to Circumvent or Obstruct Investigations

Strictly Prohibited        

This includes:

3.2 Gifts, Hospitality, Expenses, and Promotional Activities

Not all payments or the provision of gifts and entertainment are bribes. EirGrid recognises the legitimate role of reasonable and proportionate hospitality and promotional expenditures to build relationships. However, all such benefits must not, and must not be perceived to, improperly influence business decisions. 

In particular, reasonable (relatively low value) bona fide gifts and hospitality are permissible if they are given or received in connection with EirGrid’s services. You may never receive a gift or hospitality from any third party as a reward for unlawful or improper action or giving something in return.

EirGrid’s Hospitality, Gifts & Entertainment Policy outlines the guidelines and regulations pertaining to these matters.

Donations and sponsorships must be transparent, pre-approved, recorded, and never made to influence an official action or decision. 

Whether a particular action or payment violates this Policy (and the law) may depend on the facts and circumstances in which it was done. While it is impractical to anticipate all of the possible scenarios that should raise red flags or corruption concerns, Appendix 3 presents a list of possible red flags which may raise concerns under various anti-bribery, anti-corruption, and modern slavery/human trafficking laws.

3.3 Modern Slavery Guidelines

Employees must adhere to the following guidelines:

Compliance

Oversight

Responsible business practices

Reporting

Safeguards

¹ILO Core Conventions (also known as Fundamental Conventions) are a set of 10 International Labour Organization treaties covering fundamental principles and rights at work, including freedom of association, collective bargaining, elimination of forced/child labour, discrimination, and safe working environments. They are legally binding upon ratification and form the basis of international labour standards, promoting social justice and dignity.

Our approach to risk management recognises that different activities carry different levels of exposure. Rather than applying a uniform model, we focus attention and resources on areas where financial‑crime risks are inherently higher, for example: high‑value procurement, complex third‑party engagements, or activities in jurisdictions where transparency challenges are more prevalent.

EirGrid’s risk‑based approach is supported by periodic assessments of financial‑crime risks, proportionate due diligence on third parties, and internal controls designed to highlight unusual or inconsistent activity at an early stage. While specialist teams provide guidance and oversight, all employees are expected to remain aware of the risks relevant to their roles and to follow established processes so that residual risks remain within EirGrid’s overall governance and ethical expectations.

4.1 Financial Crime Prevention Measures

Several preventative measures exist and are embedded within working practices throughout our operations.  Measures in place include:

Several preventative measures exist and are embedded within working practices throughout our operations.  Measures in place include:

4.2 Third Party Due Diligence

All employees must be vigilant in monitoring the activities of third parties on an ongoing basis. Over-stated, false, or inappropriately described payment requests, unusual or overly generous subcontracts, unusual or incomplete documentation and refusals or failures to provide requested documentation may be signs of bribes by third parties. 

We will not engage or retain any third party unless we are satisfied - through risk based due diligence - that they share our standards against Financial Crime. This includes:

4.3 Record Management

EirGrid maintains accurate, complete and timely records that fairly reflect transactions. We prohibit off book accounts and misleading records. Finance and operational controls (segregation of duties, delegated authority, verification, supporting documentation) apply to both financial and non-financial processes (e.g., permits, land access, community funds).

EirGrid seeks to prevent financial crime by filing and maintaining clear and verifiable: 

Fraud, Anti-Bribery and Corruption relevant records (e.g., due diligence files, approvals, registers, training logs, investigations) must be retained according to EirGrid’s retention schedule and any statutory requirements and be readily retrievable for audit/regulatory review.

4.4 Risk Assessment

To manage the threat of financial crime, EirGrid adopts a proactive, risk-based approach focused on identifying, assessing, and mitigating vulnerabilities within our specific operations and supply chains. We assess and review operational risks associated with financial crime across our operations on a regular basis through the risk identification and assessment process as outlined in the Enterprise Risk Management Framework (ERMF). All employees and third parties are expected to support this approach by remaining vigilant, reporting concerns promptly and adhering to all internal policies and legal obligations. The ERMF ensures that emerging risks are identified early and that effective controls remain in place to protect EirGrid’s integrity.

4.5 Financial Crime Detection Measures

Furthermore, detection measures are embedded within our systems and working practices including:

All employees and contractors and/or third parties have a duty to report any suspected or actual incident of financial crime that they become aware of at the earliest possible opportunity. In the case of EirGrid employees, any such incident should be reported in the first instance:

In the case of contractors and/or third parties, such incidents should be reported to the relevant Head of Function or via EirGrid’s Protected Disclosures channel(s) or to the Governance Risk and Compliance (GRC) function.

Discovery of a potential financial crime incident

Required Actions (The "Dos")

Immediate Reporting: Notify the Head of Function, GRC or report using the Protected Disclosure Tool as soon as a concern arises.

Preservation of Evidence: Secure all relevant documentation, emails, and digital records in their original state.

Factual Accuracy: Provide a comprehensive account of all known facts and objective observations.

Prohibited Actions (The "Don’ts")

Do Not Investigate: Refrain from conducting your own enquiries, accessing restricted files, or "testing" systems.

Maintain Confidentiality: Do not discuss the matter with colleagues or external parties to avoid "tipping off" or compromising the case.

No Confrontation: Avoid contacting or confronting the individual(s) suspected of the activity, as this may jeopardize personal safety and legal proceedings.

5.1.1 Protection

EirGrid is committed to ensuring that all parties to whom this policy applies can raise a concern relating to financial crime or suspicions of financial crime without fear of victimisation and that the strictest confidence will be maintained. For further information you should consult the Protected Disclosure Policy.

5.1.2 Confidentiality 

EirGrid treats all information received confidentially. Investigation details will not be disclosed or discussed with anyone other than those who have a legitimate need to know. This is important to avoid damaging the reputations of persons suspected but subsequently found innocent of wrongful conduct and to protect EirGrid from civil liability.

5.3 Investigations Process

EirGrid commits to investigate all financial crime that are discovered or suspected. Every case of attempted or suspected financial crime will be investigated and dealt with appropriately without regard to the position held or length of service of the individual(s) concerned, or their relationship to EirGrid. 

The Head of Internal Audit has the primary responsibility for the co-ordination of investigation of all suspected financial crime acts, as defined in the policy. The Head of Internal Audit shall liaise with key stakeholders, as appropriate, including but not limited to: Head of Governance, Risk & Compliance, Head of Group Legal Services or relevant executive(s), in order to conduct an initial investigation. The investigation will be conducted by appropriately skilled person(s), in line with EirGrid’s Financial Crime Response Process. Post conclusion of the initial investigation the Head of Internal Audit will confirm next steps of the financial crime investigation to the Chief Risk Officer role holder. 

No person should attempt to conduct their own investigations. 

The Head of Governance, Risk & Compliance reports all incidents of financial crime on a quarterly basis to the Executive Risk & Compliance Committee and the Audit & Risk Committee. 

The investigation steps include the following:

The key roles and responsibilities in relation to this Policy are as follows:

All Employees & Workers

Heads of Functions

Governance, Risk & Compliance

People and Capabilities

Board 

Executive Management Team

Internal Audit

EirGrid

6.2 Policy Violations

All credible allegations will be assessed and, where appropriate, investigated under our investigation procedures. Substantiated violations may result in disciplinary action up to and including dismissal, contract termination, and referrals to An Garda Síochána, the Director of Public Prosecutions, or other authorities. 

Enforcement 

Any individual who is under investigation for suspected or discovered wrongdoing may be suspended, pending the outcome of the investigation. 

Where the allegations are substantiated, disciplinary action, up to and including termination of employment may be taken.

Where the allegations are substantiated, any other party to whom this policy applies may have their contract with EirGrid terminated and/or appropriate action may be taken against the individual(s) concerned, and legal redress may be sought. 

EirGrid is obliged under statute to report suspected criminal activity to An Garda Síochána. Furthermore, in accordance with the Companies Act 2014, EirGrid acknowledges the statutory role of the Corporate Enforcement Authority (CEA) in investigating breaches of company law.

Implications of policy non-compliance

Any breach of this policy will be treated as serious misconduct and may result in disciplinary action, and EirGrid reserves the right to seek criminal prosecution and civil recovery of losses.

Non-compliance by EirGrid employees may be treated as a disciplinary matter. Non-compliance by any other party (e.g. broader definition of workers) to whom it applies, may result in a recommendation to terminate their contract with EirGrid or terminate the engagement of the individual(s), within that contracting entity, found to be in breach of the policy. 

In the case of either of the above, EirGrid may also take action to recover any losses incurred, which may include the issuing of civil and/or criminal proceedings against the employee / contractor and/or other individual or company concerned.

6.3 Training & Awareness

Consistent with the expectations set out in the Code of Practice for the Governance of State Bodies (2016), EirGrid aims to provide induction and periodic refresher training to help employees, management, and Board members understand and recognise key financial crime risks, including fraud, bribery, and sanctions. Training will be scaled to the needs of different roles and will support awareness of good governance and responsible conduct. EirGrid will seek to maintain appropriate records of training activity to support oversight and continuous improvement.

Refer again to section 6.1 on Roles and Responsibilities for further details. 

6.4 Policy Review

This Policy shall be reviewed by the Head of Governance, Risk & Compliance and approved by the EirGrid plc Board at least every two years or following significant legislative changes.

This policy has been updated in line with the EU Corporate Sustainability Reporting Directive (CSRD) and as such recognises the specific risk of Bribery and Corruption that certain functions within the organisation are exposed to. This policy defines these at-risk functions as any role or activity within the Organisation that, due to its responsibilities, decision‑making authority, or interactions with public officials or third parties, is exposed to an increased likelihood of improper influence, bribery, or corrupt practices.

Appendix 1: Financial Crime Examples

Bribery & Corruption

Any attempt to engage in any of the below activities or to conceal or destroy information relating to any of the above.

Employee 

Fraud

Employee 

Internal

External

Cybercrime

Internal

External

Procurement

Internal

External

Accounting

Internal

External

Financial Misstatement 

Internal

Appendix 2: Definitions & Abbreviations

Key Abbreviations

Essential Definitions

Appendix 3: Financial Crime Red Flags

Bribery & Corruption

A third-party(ies)

An employee(s)

Procedural & Emerging Red Flags

Modern Slavery/Human Trafficking

You become aware that a worker / contractor operating in our business or supply chains:

Fraud

Behavioural

Financial & Accounting

Procedural & Emerging Red Flags

Contemporary fraud also encompasses advanced digital and procedural evasion methods:

Appendix 4: Financial Crime Response Process

The investigation process is presented in the diagram below.

Appendix 5: Version History

Version

1.0

Details of Amendments

New EirGrid Financial Crime policy

Formed from subsuming Fraud Policy (v3) and Anti-Bribery & Corruption Policy (v1.1) 

Other material changes:

Author

GRC Function (AB; VC) 

Review

20 February 2026 ERCCo, 6 March 2026 ARCo

Approval

18 March 2026 EirGrid plc Board