We cultivate a culture of accountability and in keeping with our Company Standards, it is expected
               that each of us demonstrates a sense of personal and collective responsibility for our actions.

               Our individual responsibilities include:

                   •  We must always meet legal requirements and regulatory obligations, and adhere to operating
                       procedures
                   •  We are alert to indications of fraud, money laundering and other financial crime
                   •  We report concerns or suspicions and act promptly using the procedures established by our
                       business unit
                   •  We comply with the physical security and health and safety rules applying to our business unit
                       We  ensure  all  work-related  data  and  information  is  used  appropriately  and  stored  or
                       communicated securely
                   •  We do not discuss our Company with the media without specific authorisation from  Phil Reddin.
               7.2 OUR BUSINESS: SOME EXAMPLE OF OUR BUSINESS STANDARDS

               7.2.1 Operating controls and procedures
               We always comply with operating and control procedures. Should there be a legitimate reason to
               deviate  from  these  procedures,  we  must  have  prior  permission  from  the  appropriate  senior
               management. Deviations which do not conform to our legal and regulatory obligations are never
               permitted.

               If we identify a weakness in controls or procedures, we must bring this to the attention of our line
               manager who is responsible to escalate this to the appropriate level.

               We must also report any breach of controls, procedures or processes that come to our attention. This
               can be done through your branch manager or by approaching Phil Reddin.

               7.2.2 Preventing fraud, money laundering and other financial crimes
               We must always be alert to indications of internal and external fraudulent activity, to potential money
               laundering  and  to  terrorist  financing,  and  must  report  any  concerns  or  suspicions  promptly.
               Completion of annual training on anti-money laundering procedures by all staff is mandatory.
               Key requirements include the identification of the customer and/or beneficial owner and retention of
               documentary  evidence.  In  addition  we  must  obtain  information  on  the  nature  of  the  business
               relationship  with  the  customer  as  well  as  conduct  on-going  monitoring  of  that  relationship  and
               transactions for any suspicious activity.

               7.2.3 Physical security, health and safety
               Those of us working in sensitive areas of the Company, such as branches, cash centres and data
               centres, should familiarise ourselves with and comply with the specific rules applying to our location.
               Strict rules apply for identification and access for all staff and visitors to all Company locations, which
               must be adhered to.

               Concerns about security threats should be escalated to your branch manager or to Phil Reddin.

               7.2.4 Information Management
               The relevant Data Protection provisions, including those related to usage, storage and access, must be
               complied with at all times when managing company information, whether that is business, customer






                                                                                             Page 61 of 83