Whistleblower Policy

OATLY GROUP AB: POLICIES AND PROCEDURES FOR REPORTING SERIOUS VIOLATIONS

September 27, 2024

whistleblower.oatly.com


Policy Statement

At Oatly, we encourage our colleagues, suppliers, and business partners to “speak up” to report any suspected wrongdoing or breaches of the law or internal policy. If you feel that we are failing to meet our ethical standards or whether actions you observe conflict with the principles discussed in the Code of conduct, ‘Speak up!’. If you bring us your concerns, we will conduct an appropriate investigation and if it is determined that misconduct has occurred, we will address it. Serious wrongdoing or misconduct includes actions that may harm Oatly’s reputation, people, the environment or include fraud, bribery or corruption.

We hope that you feel comfortable bringing your concerns directly to your manager or Oatly Legal. Otherwise, you may contact our Whistleblower hotline. Reports can be made anonymously using the hotline, but please be aware that all complaints, anonymous or not, are treated confidentially and we have a strict non-retaliation policy to protect anyone who in good faith makes a report.

At Oatly arrangements are in place for the proportionate and independent investigation of matters reported through the whistleblower hotline and for follow-up action. Not all reports will result in a full investigation, however every allegation received will be thoroughly reviewed and given due consideration in making such determination.

What is a whistleblower hotline?

The whistleblower hotline or ethics reporting hotline is available for all Oatly employees, contractors, consultants, and business partners, to facilitate and    encourage reporting misconduct and serious wrongdoing within the organization. The ethics hotline is available 24 hours a day, 7 days a week, by telephone or via the webpage.

Why a whistleblower system?

  • At Oatly we value Transparency and trust. If you think something is wrong, we want to know so that we can do something about it.
  • Full and Fair Disclosure. Full and fair reporting of the Oatly’s financial condition is important for us to continue to meet our goals and objectives. Our customers, suppliers, and employees as well as our management team and Board of Directors as stated in our Code of Conduct expect integrity in the information we report in our books and records.


Are there any particular areas of concern to a public company? Yes:

  • Fraud against investors, securities fraud, mail or wire fraud, bank fraud or fraudulent statements made to the U.S. Securities and Exchange Commission (the “SEC”) or the investing public.
  • Violations of SEC rules and regulations or any other laws applicable to the Company’s financial accounting, maintenance of financial books and records, internal accounting controls and financial statement reviews or audits.
  • Fraud or deliberate error in the preparation, evaluation, review, or audit of any financial statement of the Company.
  • Significant deficiencies in or intentional noncompliance with the Company’s internal accounting controls.
  • Misrepresentations or false statements regarding a matter contained in the financial records, financial reports, or audit reports of the Company.

Deviation from the full and fair reporting of the Company’s financial condition.    

Can I report other non-financial concerns through the Whistleblower system?

  • Reportable matters include not only protected disclosures related to the integrity of our financial statements, but also a breach of Oatly's policies and procedures, or other behavior that harms or is likely to harm rightsholders across our value chain or impact the reputation or financial wellbeing of Oatly.


Who should I go to if I have something I wish to report?

You should first report to your line manager or the Oatly Legal department or the Legal department in your own company for those external to Oatly. If this is not an option or you do not feel comfortable, we offer different options through our external whistleblower system:

  • Web intake: Submit a report via an intake form at the whistleblower.oatly.com landing page. The form takes you through a process where you can choose an issue type and answer questions about the incident.
  • Call centers: Our provider allows anonymous reporting via telephone. The main number is +46 84 20 03 154 (you can see if other specific dialing options are available for your location at our whistleblower page). After submitting your report, you will receive a case number, which you can use to log in and see the progress of the investigation.


What sort of thing may I report?

Serious wrongdoing or misconduct within the organization that could have a harmful effect on Oatly's business, the environment or you as an individual. For example:

  • Illegal activities,
  • Financial fraud (such as false accounting, auditing matters, non-compliance with internal control procedures, misappropriation of assets or fraud),
  • Bribery and corruption (such as conflicts of interest, bribes, sponsorship and donations, or gifts),
  • Violation of competition law (such as fixing prices, exchanging price-sensitive information, collaboration with competitors on tenders),
  • Serious threats to the environment or health and safety,
  • Grievances including adverse impact or failure to meet our due diligence obligations in sourcing or reporting including legitimate concerns on negative human rights or environmental impacts
  • Concerns relating to product safety, integrity, quality, authenticity and legality, and
  • Activities that otherwise should be considered serious, inappropriate behavior (such as use of child labor, human rights violations).

What sort of thing should not be reported through the helpline?

  • Incompetence of colleagues or employees
  • Dissatisfaction with pay, holiday or promotion
  • Disagreements with colleagues or minor violations
  • Complaints about equipment malfunctions
  • Minor safety in the workplace issues (wet floor)
  • Small grievances about office environment (e.g., bad coffee)
  • Complaints about breaches of smoking, alcohol or and dress codes

Concerns based on business or staff performance or customer service, where there is no suspicion of wrongdoing and where there are no legal or regulatory implications, can be dealt with directly by the business rather than under this policy. However, these matters should still be reported directly to your Local HR Representative (and not through the whistleblower system).

Escalation procedure

Each issue will be given due consideration so exact timelines for issue resolution cannot be stated, however any issue submitted will receive a response acknowledging receipt through the same channel that it was submitted within 24hours and a follow up advising on decision whether further investigation will be initiated will be sent out within 2 weeks. Periodic updates will be provided for matters that require a longer duration for resolution or investigation. If an individual remains dissatisfied with the provided solutions or the outcome of a determination, they may escalate the matter directly to the General Counsel, or the Audit Committee of the Board of Directors.

Audit Committee

Any person with an accounting Complaint can also report to the Audit Committee openly, confidentially, or anonymously.  Fraud and accounting allegations can be made orally or in writing to the members of the Audit Committee. Employees submitting this information need not provide their name or other personal information. If such information is provided, reasonable efforts will be used to conduct the investigation while protecting the privacy of any employee who makes a report. Accounting Complaints to the Audit Committee can be submitted in writing marked CONFIDENTIAL and mailed as follows:

Audit Committee 
Oatly Group AB 
Ångfärjekajen 8211 19 Malmö, Sweden 
Attention: Chief Financial Officer or  
Attention: General Counsel

May I remain anonymous?

Yes, you can choose anonymity upon submission of the report via External Whistleblower system provider website form. There are three choices available: 

  • Share your name & contact information: You are comfortable revealing your name and contact information to a limited group within Oatly (Legal &HR core team).  Information will remain confidential and not disseminated within organization.
  • Remain anonymous toward organization: You are comfortable revealing your name and contact information to the external Whistleblower system provider, but not to your organization. The external provider may contact you confidentially to gather additional information about the report yet will not reveal your identity at any time to your organization.
  • Remain completely anonymous: You do not want to disclose your name or contact information to your organization or to the External Whistleblower system provider. Your identity is completely protected on the Incident report.

When calling to report an incident, you can request to remain anonymous in the process. Your request for anonymity will be respected to the greatest extent possible provided that you:

  • Submit information in good faith.
  • Believe it to be correct.
  • Are not seeking personal or financial gain.

Deliberately making a false report is serious and, in some cases, can be a criminal offense.

How will the information I report be processed?

After submitting your report, the person who receives it will gather information about the case and take it to Oatly's CEO, General Counsel, Chief People & Transformation Officer or other suitable person in senior management (CFO, HR Director, COO etc.). Should the misconduct concern Oatly’s CEO, the matter will be directed to another suitable person  in senior management or the Audit Committee.

Reports will be investigated as quickly as possible and always with due consideration to the person submitting the report. This also applies in the case for non-whistleblower reports.

For complaints regarding accounting or financial impropriety, the General Counsel or the Audit Committee, as applicable, shall review complaint, and may investigate it himself or herself or themselves or may assign another employee, outside counsel, advisor, expert or third-party service provider to investigate or assist in investigating the complaint.

What happens next?

All reported concerns will be investigated. You can communicate with the case handler using your case reference number in case of anonymous report. Concerns that are substantiated will be followed by corrective and/or preventative actions.

Depending on the type of allegation, an external party, such as an auditor or similar, may be engaged for an independent review of the investigation.

You will be notified via the same channel the report was submitted a confirmation that we have received your report and a follow up message, when an investigator has started the process of reviewing your allegations, although the final outcome of an investigation may not always be publicly shared.

Communication between you and Oatly depends on the nature of the case and the clarity of the report. Oatly may ask for additional information from you.  Oatly will contact you through the same channel that the report was submitted, which may be email or the external reporting system’s anonymous chat to inform you of the progress of the case.

Data Privacy

All personal data collected through the Whistleblower system will be processed in accordance with the applicable data privacy regulations.

Processing and storage of personal information is done in consultation with the external Whistleblower system provider. All whistleblower cases will be handled with the greatest possible confidentiality. Personal data connected to reports will be deleted once the case is closed.

Once all personal data has been removed, the documentation about the case will be stored in a restricted folder in Oatly’s digital archive. Documentation about former whistleblowing cases will allow for future improvements.

Non-Retaliation

Oatly is committed to establishing a culture that promotes prevention, detection and resolution of instances of misconduct. This may include failure to conform to applicable laws, rules, regulations, or Oatly’s Code of Conduct, compliance policies and internal guidelines. To support this commitment, Oatly encourages its employees and associates to report known or suspected compliance violations, and has adopted a strict policy to prevent retaliation, retribution or harassment against anyone who reports in good faith known or suspected violations. Oatly has a zero-tolerance policy for retaliation. Anyone who retaliates against a whistleblower will face disciplinary action, up to and including termination.

  • No disciplinary action shall be taken against an individual for reporting in good faith, a known or suspected violation.
  • Retaliation retribution or harassment in response to a good faith report or in response to an individual’s participation in a compliance investigation is strictly prohibited.
  • Any employee or contractor of Oatly who commits or condones any form of retaliation, retribution, or harassment shall themselves be subject to disciplinary action up to an including termination.
  • Individuals cannot exempt themselves from the consequences of their own conduct by self-reporting, although if an employee does voluntarily self-report, their honesty will be taken into consideration when determining appropriate action.
  • If an individual believes that they are being subjected to disciplinary action or retaliation because of a report or participation in an investigation should immediately report this through the appropriate channels such the General Counsel or the whistleblower hotline.


Reporting

All issues that are deemed serious and substantiated, shall be reported to management at regularly intervals including, a preliminary, interim and final report with recommendations and remediation in accordance with Oatly’s Compliance Investigation Procedures making an objective and factual determination on what level of response is required. The investigator must have sufficient power to perform a review consistent with the scope of the allegation, including engaging an external support team if required.

In addition to using data minimization as much as possible, all reports will be handled confidentially, and personal data will be stored securely and deleted once the case is closed.

Retention of Records

All complaints and documents relating to such complaints made through the procedures outlined above shall be retained for at least five years from the date of the complaint, after which the information may be destroyed unless the information may be relevant to any pending or potential litigation, inquiry or investigation, in which case the information may not be destroyed and must be retained for the duration of that litigation, inquiry or investigation and thereafter as necessary.

Compliance with Law

This Policy is intended to meet the requirements of Rule 10A-3(b)(3) under the U.S. Securities Exchange Act of 1934, as amended.

Review

This Policy will be subject to periodic review. Any material changes to this Policy require approval by the Board of Directors. The CEO and General Counsel, acting together, may make immaterial and administrative changes to this Policy.

Related Policies, Codes and Procedures 
Code of Conduct
Business Conduct and Ethics Guidelines Anti-Bribery and Corruption Policy
Data Protection Policy

Note: Minor edits October 2024 to reflect references to reporting.