Anti-Fraud Policy

GitLab’s Anti-Fraud Policy
  • Effective Date: October 3, 2022
  • Approved By: Robin Schulman, Chief Legal Officer, Head of Corporate Affairs, and Corporate Secretary

GitLab Inc. (collectively with its subsidiaries, “GitLab”, “we”, “our”) is committed to the highest standards of legal and ethical business conduct and has long operated its business consistent with written operating principles and policies that reinforce this commitment. In furtherance of those standards, this Anti-Fraud Policy (this “Policy”) applies to all officers, employees and direct and indirect contractors of GitLab and of its direct and indirect subsidiaries ("Team Members"). Compliance with this Policy is mandatory for every Team Member and member of GitLab’s Board of Directors ("Director"). In addition to this Policy, Team Members and Directors are subject to and must comply with other policies (including GitLab’s Code of Business Conduct and Ethics for Directors, Officers, Employees and Contractors (the “Code of Business Conduct and Ethics”) and programs of GitLab, as applicable. We expect each Team Member and Director to read and become familiar with this Policy. Violations of the law, our corporate policies, or this Policy may result in disciplinary action, including dismissal.

INTRODUCTION

This Policy outlines the principles to which we are committed in relation to preventing, reporting, and remediating fraud and corruption. As described in the Code of Business Conduct and Ethics, all Team Members are required to deal honestly, ethically and fairly with customers, partners, suppliers, competitors and other third parties. No Team Member or Director may knowingly, directly or indirectly, partake in, assist or otherwise be involved in any fraud.

OBJECTIVES

The primary objective of this Policy is to prevent fraud, help maintain GitLab’s culture of compliance, help maintain integrity in GitLab’s business dealings, establish procedures and protections that allow Team Members to act on suspected fraud or corruption with potentially adverse ramifications and to achieve GitLab’s legitimate business objectives.

DEFINITION

In the broadest sense, fraud can encompass any crime for gain that uses deception as its principal method of operation. More precisely, fraud is defined_as_knowingly misrepresenting the truth or concealing a material fact in order to induce another person to act to their detriment. Fraud may involve:

  • manipulation, falsification or alteration of accounting records or documents;
  • documents or statements (written or oral) that were not authorized or approved by the appropriate team members;
  • hiding, omitting or covering up impact of transactions, whether by not recording such impact, not maintaining appropriate records and documentation or not including relevant details in the applicable records or documents;
  • recording of transactions without substance;
  • misappropriation (theft) or willful destruction or loss of assets including cash;
  • deliberate misapplication of accounting or other regulations or policies;
  • bribery and corruption;
  • manipulation of information system applications and data for personal gain;
  • usurpation of corporate interests for personal gain;
  • payment or receipts of bribes, kickbacks or other inappropriate payments;
  • participation in sham or fraudulent transactions; and
  • disclosing confidential and proprietary information to outside parties.

There is no set monetary threshold that defines fraud. There is no need to be successful to be viewed as corrupt; the offering can be enough to amount to a criminal offense in certain jurisdictions. These principles apply equally in any country in which GitLab operates or carries on business.

TEAM MEMBER AND DIRECTOR RESPONSIBILITY & REPORTING

All Team Members and Directors, regardless of position or title, have a stewardship responsibility with regard to GitLab’s funds and other assets. Team Members and Directors are responsible for safeguarding GitLab’s resources and ensuring that those resources are used only for authorized purposes in accordance with GitLab’s rules, policies, and applicable laws.

  • When fraud is suspected, observed, or otherwise made known to a Team Member, the Team Member must immediately report the activity to their direct supervisor (who shall notify GitLab’s Chief Legal Officer (the “CLO”). In the event a Director is aware of or notified of suspected or observed fraud, the Director shall notify the CLO, Chair of the Audit Committee or outside counsel, as appropriate.
  • If the Team Member has reason to believe their direct supervisor may be involved in fraudulent activity, the Team Member is obligated to report the activity to the CLO.
  • The reporting Team Member shall refrain from discussing the matter with any Team Member unless directed to do so by the CLO.
  • You may report the matter confidentially by directly contacting your direct supervisor (who shall notify the CLO) or the CLO or confidentially and anonymously via EthicsPoint (as more fully described in the Code of Business Conduct and Ethics). EthicsPoint toll free numbers and other methods of reporting are available 24 hours a day, 7 days a week for use by Team Members:
    • Website: https://gitlab.ethicspoint.com/
    • Mobile intake site: https://gitlab.navexone.com/
    • USA Telephone: toll-free at 1-833-756-0853
    • All other countries: to view phone numbers, please see web intake site and select the country in which you are located from the drop-down menu. If your country is not listed, please select the “Make a Report” link at the top of the page to access the confidential reporting tool.
  • All Team Members shall cooperate fully with any investigation performed by GitLab (or its representatives including outside counsel) and/or law enforcement officials.

NON-RETALIATION POLICY

As every Team Member is free to raise concerns regarding any questionable practices without fear of harassment or retaliation, GitLab will not allow any retaliation against any Team Member who acts in good faith in reporting any violation of this Policy or against any person who is assisting in good faith in any investigation or process with respect to such a report. Any Team Member who participates in any such retaliation is subject to disciplinary action, including termination.

MANAGERIAL RESPONSIBILITY

Each Team Member who is a manager is responsible for detecting and preventing fraudulent activities in their respective work areas. Each Team Member who is a manager will be familiar with the types of activities that constitute fraud and be alert for any indication that improper or dishonest activity is or was in existence in their work area.

  • If a manager suspects fraud, or has received a report of fraud from a Team Member, they must immediately contact the CLO. The CLO shall promptly report to the Chair of the Audit Committee of GitLab’s Board of Directors and GitLab’s Internal Audit Team with respect to any conduct believed to be a violation of this Policy, and inform any other GitLab e-group member as appropriate.
  • Upon investigation, if the CLO determines that fraud exists, the CLO shall take immediate remedial action to halt the fraudulent activity. If criminal activity has occurred, the CLO may report the activity to appropriate law enforcement officials.
  • All management personnel shall cooperate fully with any investigation performed by GitLab (or its representatives including outside counsel) and/or law enforcement officials.
  • Following all incidents of fraud, and on at least an annual basis, GitLab’s Finance and Internal Audit Teams shall conduct a review of all internal controls, policies and procedures for the prevention and detection of fraud and, following consultation with the CLO and outside advisors and counsel as appropriate, implement new and/or modified controls when necessary.

CONFIDENTIALITY

All participants in a fraud investigation shall treat all information received confidentially. A person reporting suspected fraud may remain anonymous except as otherwise required by law. Investigation results will not be disclosed or discussed with anyone other than those who have a legitimate need to know. Any Team Member or Director contacted by the media with respect to a fraud investigation shall refer the media person to GitLab’s public relations team at press@gitlab.com.

INVESTIGATION AND DISCIPLINE

During an investigation of allegations of fraud or suspected fraud, the Team Member(s) suspected of such fraud may be placed on administrative leave pending the outcome of the investigation). Any Team Member who has committed fraud will be subject to disciplinary action up to and including dismissal. In all cases, GitLab reserves the right to refer the matter to appropriate law enforcement officials for independent review, investigation and/or prosecution.

ADMINISTRATION OF THIS POLICY

The CLO is responsible for the administration, revision, interpretation and application of this Policy. This Policy will be reviewed annually and, if necessary, revised.

Last modified November 26, 2024: Fix broken external links (bc83f2be)