Whistleblower Policy

1.1 Board Commitment

The Board of Directors of Orisium Pty Limited ("Orisium", "the Company", or "we") is committed to fostering a culture of ethical behaviour, corporate compliance, and good corporate governance. The Board recognises that an essential element of good governance is ensuring that individuals who become aware of wrongdoing within the organisation feel safe to speak up without fear of reprisal.

The Board encourages the reporting of any instances of suspected unethical, illegal, fraudulent, or undesirable conduct involving the Company. The Board is committed to ensuring that any person who makes a disclosure in accordance with this Policy will be treated fairly and will not be subjected to any detriment as a result of having made the disclosure.

1.2 Purpose of this Policy

This Whistleblower Policy ("Policy") has been adopted by the Board to:

• Encourage the reporting of matters that may cause harm to individuals or financial loss to the Company or damage to the Company's reputation;
• Enable the Company to identify wrongdoing that may not otherwise be uncovered;
• Provide a framework for disclosures to be made and investigations to be conducted in a manner that protects the confidentiality of the discloser and ensures fair treatment of all parties;
• Provide protections for those who make disclosures in accordance with this Policy;
• Ensure compliance with the Company's legal obligations; and
• Demonstrate the Company's commitment to ethical business conduct and good corporate governance.

1.3 Legislative Framework

This Policy has been developed in accordance with, and must be read in conjunction with, the following legislative requirements:

• Corporations Act 2001 (Cth), Part 9.4AAA: This Part establishes the whistleblower protection regime for corporations regulated under the Corporations Act. It sets out the requirements for who can be a whistleblower, what disclosures are protected, who can receive disclosures, and the protections available to whistleblowers;
• Section 1317AI: Requires public companies, large proprietary companies, and corporate trustees of registrable superannuation entities to have a whistleblower policy that contains certain prescribed information;
• Corporations Regulations 2001: Sets out additional requirements regarding the content of whistleblower policies and the manner in which disclosures must be handled;
• Taxation Administration Act 1953: Contains complementary whistleblower protections for disclosures concerning breaches of taxation laws; and
• ASX Corporate Governance Council Principles and Recommendations:Recommendation 3.3 provides that a listed entity should have and disclose a whistleblower policy or a summary of it.

2.1 Definition of Eligible Whistleblower

An "Eligible Whistleblower" is a person who is, or has been, any of the following in relation to the Company:

• An officer or employee of the Company (including current and former officers and employees);
• An individual who supplies services or goods to the Company, whether paid or unpaid (including current and former contractors, consultants, service providers, and their employees);
• An employee of a person who supplies services or goods to the Company, whether paid or unpaid;
• An individual who is an associate of the Company within the meaning of section 11 of the Corporations Act 2001 (Cth);
• A spouse, relative, or dependant of any of the above individuals; and
• A spouse, relative, or dependant of a spouse of any of the above individuals.

2.2 Categories of Eligible Whistleblowers

For the avoidance of doubt, the following categories of persons may qualify as Eligible Whistleblowers under this Policy:

3.1 Definition of Disclosable Matter

A "Disclosable Matter" is information that the discloser has reasonable grounds to suspect concerns misconduct, or an improper state of affairs or circumstances, in relation to the Company or a related body corporate of the Company.

A disclosure will qualify for protection under this Policy if:

• The discloser is an Eligible Whistleblower;
• The disclosure is made to an Eligible Recipient (as defined in Section 4 of this Policy);
• The discloser has reasonable grounds to suspect that the information concerns a Disclosable Matter; and
• The disclosure is not solely a personal work-related grievance (unless certain exceptions apply, as set out below).

3.2 Types of Disclosable Matters

Disclosable Matters include, but are not limited to, information that the discloser has reasonable grounds to suspect concerns:

• Misconduct or an improper state of affairs or circumstances: This includes any conduct that is dishonest, fraudulent, corrupt, illegal, or unethical, or that involves improper or questionable business practices;
• Breach of legislation: This includes conduct that constitutes an offence against, or a contravention of, any provision of the Corporations Act 2001 (Cth), the Australian Securities and Investments Commission Act 2001 (Cth), the Banking Act 1959 (Cth), the Financial Sector (Collection of Data) Act 2001 (Cth), the Insurance Act 1973 (Cth), the Life Insurance Act 1995 (Cth), the National Consumer Credit Protection Act 2009 (Cth), the Superannuation Industry (Supervision) Act 1993 (Cth), or an instrument made under any of these Acts;
• Conduct representing a danger to the public: This includes conduct that represents a danger to the public or the financial system, whether or not it constitutes a contravention of any law;
• Matters prescribed by regulation: This includes any other matters prescribed by the Corporations Regulations 2001 or any other regulations made for the purposes of Part 9.4AAA of the Corporations Act;
• Taxation law matters: This includes conduct that the discloser considers is not, or may not be, consistent with the Company's taxation obligations, or conduct that constitutes an offence against a taxation law (within the meaning of the Taxation Administration Act 1953 (Cth)); and
• Other serious matters: This includes any other conduct that a reasonable person would consider to be serious wrongdoing, including bribery, corruption, modern slavery, environmental breaches, harassment, bullying, discrimination, or any conduct that poses a significant risk to public health or safety.

3.3 Personal Work-Related Grievances

A disclosure that relates solely to a "personal work-related grievance" does not qualify for protection under Part 9.4AAA of the Corporations Act. A personal work-related grievance is a grievance about any matter in relation to the discloser's employment, or former employment, having implications for the discloser personally and that does not have significant implications for the Company, or relate to conduct that constitutes a Disclosable Matter as described above.

Examples of personal work-related grievances include:

• An interpersonal conflict between the discloser and another employee;
• A decision relating to the engagement, transfer, or promotion of the discloser;
• A decision relating to the terms and conditions of engagement of the discloser; and
• A decision to discipline or terminate the engagement of the discloser.

However, a personal work-related grievance may still qualify for protection if:

• It includes information about misconduct or a Disclosable Matter;
• The Company has breached employment or other laws in relation to the grievance;
• The grievance includes information about conduct that constitutes a danger to the public; or
• The disclosure is made to a legal practitioner for the purpose of obtaining legal advice or legal representation in relation to the operation of the whistleblower provisions in the Corporations Act.

4.1 Eligible Recipients

For a disclosure to qualify for protection under Part 9.4AAA of the Corporations Act, it must be made to an "Eligible Recipient". The following persons are Eligible Recipients in relation to the Company:

• Officers of the Company: This includes all directors of the Company (whether executive or non-executive), the Company Secretary, the Chief Executive Officer, the Chief Financial Officer, the Chief Operating Officer, the Chief Technology Officer, and any other person who makes or participates in making decisions that affect the whole or a substantial part of the business of the Company;
• Senior Managers: This includes persons who have managerial or supervisory responsibilities within the Company, including heads of business units, department managers, and other senior staff as designated by the Company from time to time;
• Internal Auditor: This includes any person who performs an internal audit function for the Company, whether as an employee or as an external service provider;
• External Auditor: This includes any person who performs external audit functions for the Company, being a registered company auditor or a member of an audit firm that is the auditor of the Company;
• Actuary: This includes any person who performs actuarial functions for the Company, if applicable;
• Authorised Whistleblower Officers: This includes any person who is authorised by the Company to receive disclosures under this Policy, as notified to personnel from time to time; and
• A person authorised by the Company to receive whistleblower disclosures:The Company has authorised the Whistleblower Protection Coordinator (as defined in Section 10 of this Policy) to receive disclosures under this Policy.

4.2 Disclosures to Regulatory Bodies

Disclosures may also be made directly to the following regulatory bodies and will qualify for protection under the relevant legislation:

• Australian Securities and Investments Commission (ASIC): Disclosures concerning contraventions of the Corporations Act, ASIC Act, or other legislation administered by ASIC;
• Australian Prudential Regulation Authority (APRA): Disclosures concerning matters regulated by APRA, including matters relating to prudential standards and financial stability;
• Australian Federal Police (AFP): Disclosures concerning matters that may constitute an offence against Commonwealth law; and
• Commissioner of Taxation: Disclosures concerning matters that may constitute a breach of taxation laws.

4.3 Disclosures to Legal Practitioners

Disclosures may be made to a legal practitioner for the purpose of obtaining legal advice or legal representation in relation to the operation of the whistleblower provisions in the Corporations Act. Such disclosures are protected regardless of the content of the disclosure and regardless of whether the information concerns a Disclosable Matter or a personal work-related grievance.

5.1 Reporting Channels

Eligible Whistleblowers may make disclosures through any of the following channels:

5.2 Anonymous Disclosures

Eligible Whistleblowers may make disclosures anonymously and are entitled to the protections available under this Policy and under the law even if they do not reveal their identity. Disclosers may also refuse to answer questions that they feel could reveal their identity.

However, it may be more difficult for the Company to investigate an anonymous disclosure if there is no ability to seek further information from the discloser. Anonymous disclosers are encouraged to provide an anonymous email address or other means by which they can be contacted for follow-up questions, and to provide as much detail as possible in their initial disclosure.

The Company will still investigate anonymous disclosures to the extent possible based on the information provided.

5.3 Information to Include in a Disclosure

To assist the Company in investigating a disclosure, disclosers are encouraged to provide as much of the following information as possible:

• The name of the person or persons involved in the alleged conduct (if known);
• A description of what happened, including specific details of the conduct;
• When and where the conduct occurred;
• Any evidence or documentation that supports the disclosure;
• The names of any witnesses to the conduct; and
• Whether the discloser has reported the matter previously and, if so, to whom.

5.4 Documentation

Disclosers are encouraged to keep a contemporaneous record of events, including dates, times, locations, persons present, and the substance of conversations. Such records can be invaluable in assisting with any investigation that may be undertaken.

Disclosers should be careful to retain any documents or other evidence that may be relevant to their disclosure. However, disclosers should not access documents or information that they would not normally have access to in the course of their duties, as this may expose them to legal liability or disciplinary action.

5.5 Emergency Disclosures

Under section 1317AAD of the Corporations Act, a disclosure qualifies as an "emergency disclosure" if the following conditions are met:

• The discloser has previously made a disclosure to ASIC, APRA, or another prescribed body;
• The discloser has reasonable grounds to believe that the information concerns a substantial and imminent danger to the health or safety of one or more persons or to the natural environment;
• The discloser gives written notice to the body to which the previous disclosure was made that includes sufficient information to identify the previous disclosure and states that the discloser intends to make an emergency disclosure; and
• The extent of the information disclosed in the emergency disclosure is no greater than is necessary to inform the recipient of the substantial and imminent danger.

An emergency disclosure may be made to a journalist or a member of Parliament (Commonwealth, State, or Territory). A discloser who makes an emergency disclosure is entitled to the protections available under Part 9.4AAA of the Corporations Act.

5.6 Public Interest Disclosures

Under section 1317AAD of the Corporations Act, a disclosure qualifies as a "public interest disclosure" if the following conditions are met:

• The discloser has previously made a disclosure to ASIC, APRA, or another prescribed body;
• At least 90 days have passed since the previous disclosure was made;
• The discloser does not have reasonable grounds to believe that action is being, or has been, taken in relation to their previous disclosure;
• The discloser has reasonable grounds to believe that making a further disclosure of the information is in the public interest;
• The discloser gives written notice to the body to which the previous disclosure was made that includes sufficient information to identify the previous disclosure and states that the discloser intends to make a public interest disclosure; and
• The extent of the information disclosed in the public interest disclosure is no greater than is necessary to inform the recipient of the misconduct or improper state of affairs or circumstances.

A public interest disclosure may be made to a journalist or a member of Parliament (Commonwealth, State, or Territory). A discloser who makes a public interest disclosure is entitled to the protections available under Part 9.4AAA of the Corporations Act.

6.1 Overview of Protections

The Corporations Act 2001 (Cth) provides significant protections for Eligible Whistleblowers who make disclosures that qualify for protection under Part 9.4AAA. These protections apply regardless of whether the disclosure is made internally to the Company or externally to a regulatory body or legal practitioner.

6.2 Identity Protection (Confidentiality)

The identity of a discloser (and any information that is likely to lead to the identification of the discloser) is protected under section 1317AAE of the Corporations Act. It is an offence to disclose this information except in limited circumstances as set out in Section 7 of this Policy. The Company is committed to protecting the identity of disclosers and will take all reasonable steps to ensure that the identity of disclosers is kept confidential.

6.3 Protection from Detrimental Conduct

Persons who make qualifying disclosures are protected from detrimental conduct under section 1317AC of the Corporations Act. The Company, and any officer or employee of the Company, must not engage in conduct that causes detriment to a discloser because of a belief or suspicion that the discloser made, may have made, proposes to make, or could make a qualifying disclosure. Further details of this protection are set out in Section 8 of this Policy.

6.4 Compensation and Remedies

A discloser who suffers loss, damage, or injury as a result of a contravention of the victimisation provisions in Part 9.4AAA of the Corporations Act may seek compensation and other remedies through the courts. Available remedies include:

• Compensation: The court may order the Company to pay compensation for any loss, damage, or injury suffered by the discloser;
• Injunctions: The court may grant an injunction to prevent further detrimental conduct or to require specified action to be taken;
• Reinstatement: The court may order reinstatement of an employee who has been dismissed as a result of making a disclosure;
• Apology: The court may order the Company or any other person to make an apology to the discloser; and
• Other orders: The court may make any other order it considers appropriate in the circumstances.

6.5 Civil Immunity

Under section 1317AB of the Corporations Act, a discloser who makes a qualifying disclosure:

• Is not subject to any civil, criminal, or administrative liability (including disciplinary action) for making the disclosure;
• No contractual or other remedy may be enforced, and no contractual or other right may be exercised, against the discloser on the basis of the disclosure; and
• The information disclosed is not admissible as evidence against the discloser in criminal proceedings or in proceedings for the imposition of a penalty, other than proceedings in respect of the falsity of the information.

However, these immunities do not grant immunity for any misconduct the discloser may have engaged in that is revealed by the disclosure. The discloser may still be subject to civil or criminal liability, or disciplinary action, for their own conduct that is separate from the act of making the disclosure.

6.6 Victimisation Offences

Under section 1317AC of the Corporations Act, it is unlawful for a person to cause detriment to another person because of a belief or suspicion that the other person or a third person made, may have made, proposes to make, or could make a qualifying disclosure. A person who contravenes this provision commits an offence and is also liable for a civil penalty. Penalties for victimisation offences are set out in Section 12 of this Policy.

7.1 Identity Protection Obligations

Under section 1317AAE of the Corporations Act, it is an offence for a person to disclose the identity of a discloser, or information that is likely to lead to the identification of the discloser, unless one of the exceptions set out below applies. This prohibition applies to all persons who become aware of the discloser's identity, including officers, employees, contractors, and advisers of the Company.

The Company is committed to protecting the confidentiality of disclosers and will take all reasonable steps to ensure that:

• All personal information or reference to the discloser being a whistleblower is kept confidential;
• Files relating to disclosures are stored securely and are only accessible to authorised personnel;
• All documents and other materials relating to an investigation are stored securely;
• All personnel involved in an investigation are reminded of their confidentiality obligations; and
• Investigations are conducted in a manner that minimises the risk of inadvertent disclosure of the discloser's identity.

7.2 Exceptions to Confidentiality

The identity of a discloser (or information likely to lead to the identification of the discloser) may only be disclosed in the following circumstances:

• Consent: The discloser has given their consent to the disclosure of their identity;
• Disclosure to ASIC, APRA, or AFP: The disclosure is made to the Australian Securities and Investments Commission, the Australian Prudential Regulation Authority, or the Australian Federal Police;
• Legal advice: The disclosure is made to a legal practitioner for the purpose of obtaining legal advice or legal representation in relation to the operation of the whistleblower provisions;
• Court or tribunal: The disclosure is made to a court or tribunal in the course of legal proceedings; and
• Reasonably necessary: The disclosure is reasonably necessary for the purpose of investigating the matters raised in the disclosure, and all reasonable steps are taken to reduce the risk that the discloser will be identified as a result of the disclosure.

7.3 Penalties for Breach of Confidentiality

A person who contravenes the confidentiality provisions in section 1317AAE of the Corporations Act commits an offence and is also liable for a civil penalty. The penalties are as follows:

• Criminal penalty: Up to 6 months imprisonment, or a fine of up to 60 penalty units (currently $18,780 for an individual), or both; and
• Civil penalty: Up to $55,200 for an individual.

In addition, a breach of confidentiality by a Company employee may result in disciplinary action, up to and including termination of employment.

8.1 Definition of Detrimental Conduct

Under section 1317ADA of the Corporations Act, "detriment" includes, but is not limited to:

• Dismissal of an employee;
• Injury of an employee in his or her employment;
• Alteration of an employee's position or duties to his or her disadvantage;
• Discrimination between an employee and other employees of the same employer;
• Harassment or intimidation of a person;
• Harm or injury to a person, including psychological harm;
• Damage to a person's property;
• Damage to a person's reputation;
• Damage to a person's business or financial position; and
• Any other damage to a person.

8.2 Examples of Detrimental Conduct

Examples of conduct that may constitute detrimental conduct include, but are not limited to:

• Termination of employment or engagement;
• Demotion, transfer, or reassignment of duties;
• Denial of training opportunities, promotion, or career advancement;
• Reduction in pay or benefits;
• Ostracism, bullying, or harassment;
• Threats or intimidation;
• Discrimination of any kind; and
• Negative performance reviews or adverse references that are not based on legitimate performance concerns.

8.3 What Does Not Constitute Detriment

Conduct does not constitute detrimental conduct if:

• The conduct is based on lawful, reasonable, and legitimate management action taken in relation to the discloser;
• The conduct relates to performance management that commenced prior to the disclosure being made and is continued in good faith;
• The conduct is a lawful exercise of management discretion that would have occurred regardless of whether the disclosure was made;
• The conduct involves the application of the Company's policies and procedures that apply to all employees, where the application is not influenced by the disclosure; or
• The conduct is a lawful response to the discloser's own misconduct that is revealed by the investigation (noting that the act of making a disclosure itself cannot attract disciplinary action if it qualifies for protection).

The Company will document management decisions affecting disclosers to demonstrate that such decisions are not connected to the making of a disclosure and are based on legitimate business reasons.

8.4 Employer Obligations

The Company is committed to ensuring that disclosers are not subjected to any form of detrimental conduct as a result of making a disclosure. The Company will:

• Conduct a risk assessment to identify the potential for detrimental conduct and implement measures to minimise this risk;
• Implement strategies to protect the discloser from detriment, which may include moving the discloser to another team or location, granting leave, or other measures as appropriate;
• Monitor the discloser's wellbeing and check in regularly to ensure they are not experiencing any detriment;
• Investigate any allegations of detrimental conduct and take appropriate action against any person found to have engaged in such conduct; and
• Ensure that managers and supervisors are trained in their obligations to protect disclosers from detriment.

8.5 Remedies for Detrimental Conduct

If a discloser suffers detriment as a result of making a qualifying disclosure, they may seek the following remedies through the courts:

• Compensation: The court may order compensation for any loss, damage, or injury suffered, including compensation for pain and suffering, lost wages, and economic loss;
• Injunctions: The court may grant an injunction to prevent further detrimental conduct or to restrain particular conduct;
• Reinstatement: The court may order the reinstatement of an employee who has been dismissed as a result of making a disclosure;
• Apology: The court may order that an apology be made to the discloser; and
• Exemplary damages: In serious cases, the court may award exemplary or punitive damages.

9.1 Receipt and Acknowledgment

Upon receipt of a disclosure, the Eligible Recipient or the Whistleblower Protection Coordinator will:

• Acknowledge receipt of the disclosure within 5 business days (unless the disclosure was made anonymously and no contact details were provided);
• Assess whether the disclosure qualifies for protection under this Policy and the Corporations Act;
• Determine whether an investigation is required and, if so, the appropriate process for conducting the investigation;
• Appoint an investigator or investigation team, which may include internal personnel or external investigators as appropriate; and
• Ensure that the investigation is conducted in a manner that protects the confidentiality of the discloser.

9.2 Investigation Principles

All investigations will be conducted in accordance with the following principles:

• Independence: The investigation will be conducted by a person or persons who are independent of the matters under investigation and who have no conflict of interest;
• Confidentiality: The investigation will be conducted in a manner that protects the confidentiality of the discloser and any other persons involved;
• Fairness: The investigation will be conducted fairly and impartially, with all parties given an opportunity to respond to allegations made against them;
• Timeliness: The investigation will be conducted as quickly as reasonably practicable, having regard to the nature and complexity of the matters under investigation;
• Documentation: The investigation will be properly documented, including records of interviews, evidence gathered, and findings made; and
• Objectivity: The investigation will be conducted objectively, with findings based on evidence rather than assumptions or speculation.

9.3 Fair Treatment of All Parties

The Company is committed to ensuring fair treatment of all parties involved in an investigation, including the discloser, any persons named in the disclosure, and any witnesses. This includes:

• Ensuring that all parties are treated with respect and dignity;
• Providing support to all parties as appropriate, including access to counselling and other support services;
• Ensuring that all parties are kept informed of the progress of the investigation, to the extent appropriate and consistent with confidentiality obligations; and
• Ensuring that any person named in a disclosure is given an opportunity to respond to allegations made against them before any adverse findings are made.

9.4 Outcome Notification

Upon completion of an investigation, the Company will:

• Notify the discloser of the outcome of the investigation, subject to confidentiality and privacy considerations;
• Take appropriate action in response to the findings of the investigation, which may include disciplinary action, policy changes, or referral to regulatory authorities; and
• Ensure that appropriate records are maintained of the investigation and its outcome.

9.5 Timeframes

While the timeframe for completing an investigation will depend on the nature and complexity of the matters under investigation, the Company aims to complete investigations within the following indicative timeframes:

• Acknowledgment of receipt: Within 5 business days;
• Initial assessment: Within 10 business days;
• Progress updates: At least every 4 weeks during the investigation; and
• Completion of investigation: Within 90 days, unless the complexity of the matter requires additional time.

10.1 Confidential Counselling

The Company recognises that making a disclosure can be a stressful experience. The Company will provide access to confidential counselling and support services for disclosers, including:

• Access to the Company's Employee Assistance Program (EAP), which provides confidential counselling services at no cost to employees;
• Referral to external counselling services if the discloser prefers; and
• Other support as may be appropriate in the circumstances, including flexible working arrangements and leave.

10.2 Whistleblower Protection Coordinator

The Company has appointed a Whistleblower Protection Coordinator whose responsibilities include:

• Receiving and assessing disclosures made under this Policy;
• Ensuring that disclosures are investigated appropriately;
• Ensuring that the confidentiality of disclosers is protected;
• Conducting risk assessments to identify potential detriment to disclosers and implementing measures to protect disclosers;
• Providing regular updates to disclosers on the progress of investigations;
• Arranging access to support services for disclosers; and
• Reporting to the Board on whistleblower matters, including the number and nature of disclosures received and the outcomes of investigations.

10.3 Ongoing Support Measures

The Company will provide ongoing support to disclosers throughout the investigation process and beyond. This may include:

• Regular check-ins with the discloser to monitor their wellbeing;
• Modifications to work arrangements if required, such as changes to reporting lines, team assignments, or work locations;
• Extended access to counselling and support services; and
• Any other reasonable support measures as may be appropriate in the circumstances.

10.4 Legal Referral

If a discloser wishes to obtain independent legal advice regarding their rights and protections under this Policy or under the Corporations Act, the Company may, in appropriate circumstances, assist with reasonable legal costs. The Company encourages disclosers to seek legal advice, particularly if they are concerned about potential detriment or have questions about the protections available to them.

11.1 Presumption of Innocence

The Company is committed to ensuring that any person who is named in a disclosure is treated fairly and with respect. A person who is the subject of a disclosure is presumed innocent unless and until the allegations against them are substantiated through an investigation. The Company will not take any adverse action against a person based solely on an allegation that has not been investigated and substantiated.

11.2 Right to be Informed

Subject to confidentiality requirements and the need to protect the integrity of the investigation, a person who is the subject of allegations made in a disclosure will be:

• Informed of the substance of the allegations at an appropriate time in the investigation process;
• Informed of their rights under this Policy and under the law; and
• Provided with access to support services, including the Employee Assistance Program.

11.3 Opportunity to Respond

Before any adverse findings are made against a person named in a disclosure, that person will be:

• Given a reasonable opportunity to respond to the allegations made against them;
• Informed of the evidence that has been gathered in relation to the allegations;
• Given an opportunity to provide their own evidence and to identify witnesses who may be able to provide relevant information; and
• Permitted to have a support person present during any interviews, where appropriate.

11.4 Confidentiality Protections for Persons Named

The identity of any person named in a disclosure will be kept confidential to the extent possible, consistent with the need to conduct a proper investigation. The Company will:

• Limit the number of persons who are informed of the investigation and the identity of persons named in disclosures;
• Ensure that all persons involved in an investigation are reminded of their confidentiality obligations;
• Take steps to protect the reputation of persons named in disclosures, particularly where allegations are not substantiated; and
• Ensure that investigation materials are stored securely and are only accessible to authorised personnel.

12.1 Breaching Confidentiality

Any person who discloses the identity of a discloser, or information likely to lead to the identification of a discloser, in contravention of section 1317AAE of the Corporations Act may be subject to:

• Criminal penalties of up to 6 months imprisonment, or a fine of up to 60 penalty units (currently $18,780 for an individual), or both;
• Civil penalties of up to $55,200 for an individual; and
• Disciplinary action by the Company, up to and including termination of employment.

12.2 Victimising Whistleblowers

Any person who causes detriment to another person because of a belief or suspicion that the other person made, may have made, proposes to make, or could make a qualifying disclosure, in contravention of section 1317AC of the Corporations Act, may be subject to:

• Criminal penalties for individuals: Up to 2 years imprisonment, or a fine of up to 240 penalty units (currently $75,120), or both;
• Civil penalties for individuals: Up to $1,050,000;
• Civil penalties for corporations: Up to $10,500,000; and
• Disciplinary action by the Company, up to and including termination of employment.

12.3 Making False Disclosures

A person who knowingly makes a false disclosure may be subject to disciplinary action by the Company, up to and including termination of employment. The protections available under the Corporations Act do not extend to disclosures that the discloser knows to be false or misleading. Additionally, a person who makes a false disclosure may be liable for defamation or other civil claims.

However, a discloser will not be penalised if they make a disclosure in good faith and it is later determined that the matters disclosed did not occur or could not be substantiated. The protection against detriment applies where a discloser has reasonable grounds to suspect the matters disclosed, even if those suspicions are ultimately found to be mistaken.

12.4 Summary of Penalties Under the Corporations Act

13.1 Access for All Personnel

This Policy will be made available to all officers and employees of the Company. A copy of this Policy will be:

• Provided to all new officers and employees as part of their induction;
• Made available on the Company's intranet;
• Communicated to all personnel when updates are made; and
• Made available to contractors and suppliers as appropriate.

13.2 Training Requirements

The Company is committed to ensuring that all personnel understand their rights and obligations under this Policy. Training will be provided as follows:

• Induction training: All new officers and employees will receive training on this Policy as part of their induction;
• Periodic refresher training: All personnel will receive periodic refresher training on this Policy, at least annually;
• Specialised training for Eligible Recipients: All persons who may receive disclosures under this Policy will receive specialised training on how to receive, handle, and respond to disclosures; and
• Manager training: All managers and supervisors will receive training on their obligations to protect disclosers from detriment and to maintain confidentiality.

13.3 Website Publication

In accordance with ASX Corporate Governance Council Recommendation 3.3, this Policy or a summary of it will be published on the Company's website at www.orisium.com. The Policy will be kept up to date and any material changes will be reflected on the website promptly.

14.1 Annual Review

This Policy will be reviewed at least annually by the Board, or more frequently if there are:

• Changes to the Corporations Act or other relevant legislation that affect the whistleblower protection regime;
• Updates to the ASX Corporate Governance Council Principles and Recommendations;
• Changes to best practice standards for whistleblower policies;
• Material changes to the Company's business or operations that affect the operation of this Policy; or
• Issues identified through the operation of this Policy that require policy amendments.

14.2 Board Oversight

The Board has ultimate responsibility for oversight of this Policy. The Board will:

• Approve this Policy and any amendments to it;
• Receive regular reports from the Whistleblower Protection Coordinator on the number and nature of disclosures received and the outcomes of investigations;
• Ensure that appropriate resources are allocated to the administration of this Policy;
• Monitor the effectiveness of this Policy in achieving its objectives; and
• Ensure that training on this Policy is provided to all relevant personnel.