Section 1. General
First National Financial Corporation (including, as applicable, its subsidiaries and affiliates the “Corporation”) is committed to maintaining the highest standards of integrity and honesty in its business conduct and financial reporting.
This commitment extends to maintaining accountability of our financial accounting, internal financial controls, and auditing processes (“financial matters”) and compliance with applicable legal and regulatory requirements relating
to our business in all material respects. The Whistleblower Policy and Procedures (the “Policy”) is a supplement to the guidelines and principles set out in the Corporation’s Code of Business Ethics and Conduct (the “Code”).
All our directors, officers and employees are expected to participate actively in seeking to maintain this standard.
Section 2. Purpose
The purpose of this Whistleblower Policy and Procedure (the “Policy”) is to provide directors, officers and employees with a process for confidentially reporting complaints or concerns regarding material financial matters, compliance with
legal and regulatory requirements and violations of our Code (each a “Misconduct”) while at the same time providing protection against retaliation for reports made in good faith, and to protect the reputation of the Corporation.
This Policy tells you exactly how and where to submit a complaint or concern, who deals with your complaint and how that complaint will be handled, processed, and documented. This Policy also describes the standards and principles that will
govern the processing of all complaints and concerns whether they are received from people within the Corporation or external parties.
Section 3. How to report violations
- The Corporation encourages employees to report actual or suspected Misconduct in a timely manner, including breaches of our Code. In most cases, your immediate supervisor is in the best position to address an area of concern. Alternatively,
the Misconduct may be reported directly to the Head of Human Resources via email or other means of communication. All reports of Misconduct received by a supervisor should be reported to the Head of Human Resources for recording and if necessary,
further investigation.
- Misconduct related to financial matters or compliance with legal and regulatory requirements should be directed to the Head of Risk Management and Internal Audit via email or other means of communication. This may be done on an anonymous basis.
- In certain circumstances, you may prefer to make a formal report regarding perceived or suspected Misconduct to a party outside of the Corporation. In such cases, you may communicate directly with the Chair of the Audit Committee, who is an independent
director, as follows:
- by calling a toll-free confidential whistleblower hotline at 1-844-253-9212 and leaving a message reporting your concerns. Access to these messages is limited to the Chair of the Audit Committee; or
- by submitting a written report marked Private and Confidential, delivered to:
Address:
First National Financial Corporation
16 York Street, Suite 1900
Toronto, Ontario
M5J 0E6
Attention:
Chair of the Audit Committee
Private and Confidential
Both reporting options may be exercised on an anonymous basis.
Section 4. Confidentiality
The Corporation, including all persons designated to handle complaints under this Policy, will seek to treat all communications as confidential to the fullest extent permitted under law and to the extent possible, consistent with the need to conduct an
adequate investigation, including limiting access to all information received from reports of Misconduct to those directly involved in the management and investigation of the reported or suspected Misconduct, and the disclosure of personal/identifying
information. We encourage you to identify yourself when making a complaint or communicating a concern as anonymity can limit the Corporation’s ability to complete a thorough investigation.
Section 5. Acting in good faith
Anyone filing a complaint under this Policy must be acting in good faith and have an honest belief that the complaint is well-founded, including a reasonable factual or other basis. Any complaints based on allegations that are without basis and
cannot be substantiated, or that are proven to be intentionally misleading or malicious will be viewed as a serious offense.
Section 6. Handling of reported violations
Once your concern has been communicated to the Head of Human Resources, the Head of Risk Management and Internal Audit or Audit Committee (each, a “Recipient”), the following procedures are intended to be followed.
Unless the report has been made anonymously, the Recipient should confirm receipt of your communication or complaint within five business days of receipt wherever practicable or where specifically requested. The Recipient may advise you when an investigation
(if any) has been completed, however the results or outcome of any investigation will not be disclosed, unless the Audit Committee determines otherwise or where notification is required pursuant to applicable laws.
- The Recipient should register your complaint in a log and open a file. Both should be confidential and secure.
- If the Recipient determines that your concern is covered by this Policy, he or she should conduct an independent and impartial investigation into any persons named in the report or alleged Misconduct and determine whether further action is required.
In conducting his or her investigation, the Recipient may enlist inside or outside legal, accounting, human resources or other advisors and may also refer the matter to the Audit Committee.
- The Recipient should comply with all rules, regulations, and legislation in conducting his or her investigation and should take all reasonable efforts to keep the complaint and investigation confidential, if requested or required. In certain
circumstances, the Corporation may be required to disclose matters relating to material infractions of financial matters or other matters in accordance with securities laws or stock exchange rules. In such cases the Recipient may be required to
make adequate disclosure in a timely and appropriate matter.
- All investigations should be conducted efficiently, taking into account the nature and complexity of the issues involved, and the Recipient may, if applicable, refer the investigation to an external third party for further review and investigation.
- Periodically, the Head of Risk Management and Internal Audit will report to the Audit Committee and the Corporation’s external auditors the aggregate number of complaints received (including complaints received by the Head of Human Resources),
investigations conducted and the outcome of those complaints and investigations. The Audit Committee may also discuss such complaints with the directors of the Corporation where appropriate.
- The Head of Risk Management and Internal Audit or the Head of Human Resources should promptly report to the Audit Committee any complaint that is well-founded and that may have material adverse consequences for the Corporation.
- The Chair of the Audit Committee will investigate all complaints received or escalated under this Policy and will provide a report to members of the Audit Committee. The Chair of the Audit Committee will determine whether a further review or
investigation is required and will be free, in his or her discretion, to consult with any director, officer or employee to discuss the complaint and to engage outside experts including auditors, legal counsel or other advisors to assist in the
investigation. The results of any further review or investigation will be reported to the Audit Committee.
Section 7. Complaints from third parties regarding financial matters
Securities laws require the Corporation to establish procedures for the receipt, retention, and treatment of complaints regarding financial matters. This may include complaints that are received from third parties. Accordingly, each Recipient should
forward all complaints or concerns regarding financial matters received from a third party (including the Corporation’s independent auditor) to the Audit Committee.
The Audit Committee should discuss such complaints at regularly scheduled meetings of the Audit Committee (unless they are unfounded or unless the materiality of the complaint requires earlier action).
Section 8. Protection from retaliation
The Corporation will protect from retaliation any director, officer or employee who raises issues or makes a complaint, in good faith, regarding actual or suspected Misconduct. Retaliation includes any form of penalty or adverse employment consequence,
including discharge, suspension, demotion or transfer, harassment, or discrimination. Any director, officer or employee who retaliates against someone who has reported a violation in good faith under this Policy will be subject to discipline
up to and including termination of employment. This Policy is intended to encourage and enable officers, directors and employees and others to raise serious concerns within the Corporation for proper resolution.
Section 9. Records retention
The Audit Committee shall retain for a period of seven (7) years all records relating to any allegations covered under this Policy, including the results of any investigations and copies of all reports.
The Directors may, from time to time, permit departures from the terms of this Policy, either prospectively or retrospectively. This Policy is not intended to give rise to civil liability on the part of the Corporation or its directors or officers
to shareholders, security holders, customers, suppliers, competitors, employees, or other persons, or to any other liability whatsoever on their part.
Section 10. Monitoring and review
The Corporation will review this Policy on an annual basis and reserves the right to vary, modify or amend the terms of this Policy at its absolute discretion.
This Whistleblower Policy for First National Financial Corporation was approved by the Directors on October 31, 2023, and may be amended at any time.