Business Ethics and Code of Conduct

Business Ethics and Code of Conduct

Business ethics is the way MEGA turns values into daily conduct. As a healthcare and wellness company, we recognize that trust must be protected in every decision, every business relationship and every interaction with employees, customers, suppliers, healthcare professionals, regulators, shareholders and communities.

MEGA conducts business with high levels of integrity and aims to provide a secure workplace for employees in and beyond its physical workplaces. We follow the laws of the territories where we operate and the transnational laws that are binding upon the Company through contractual relationships.

The Business Ethics and Code of Conduct provides the foundation for responsible conduct across MEGA. It guides how we act with transparency, honesty, fairness, respect and accountability, and helps ensure that business growth is achieved without compromising ethics, compliance or trust.

Business Ethics and Code of Conduct at a Glance

MEGA’s Business Ethics and Code of Conduct is supported by clear policy coverage, employee acknowledgement, training and awareness programs, reporting channels, non-retaliation protection and incident monitoring.

  • Code applies to
Directors, Executives, Management and employees of the Company, Subsidiaries, Associates and Joint Ventures
  • Code availability
Hosted on MEGA’s official website in English and Thai
  • Local language support
Code translated into local languages in Myanmar, Cambodia and Vietnam
  • New employee requirement
New employees are required to read and acknowledge the Code
  • Annual training
Management and employees attend annual training on business ethics and related topics
  • Anti-corruption training in 2025
Approximately
200hours
  • Whistleblowing channels
Audit Committee and whistleblowing email channels
  • Whistleblowing cases confirmed with Audit Committee in 2025
1case, closed
  • Significant violations of Business Ethics and Code of Conduct
None
  • Human Rights violation cases
None
  • Bribery allegations
None

Challenges and Opportunities

Business ethics expectations are rising across industries, especially in healthcare where trust, product responsibility, marketing conduct, regulatory compliance, customer safety and stakeholder confidence are closely connected.

Companies are expected to show not only that policies exist, but also that they are communicated, implemented, monitored and supported by safe reporting channels.

For MEGA, the challenge is to maintain consistent ethical conduct across diverse markets, business units, suppliers, customer relationships and healthcare professional interactions. Different countries, regulations, cultures and business practices can create different risk situations, including bribery, conflicts of interest, improper marketing conduct, misuse of confidential information, discrimination, harassment and other misconduct.

The opportunity is to make ethics practical and visible. When people understand the Code, know how to apply it, feel safe to raise concerns and see that reported matters are handled fairly, MEGA strengthens trust, protects its reputation and supports long-term business resilience.

Ethical risks can arise across markets, functions and business relationships.

Strengthen Code awareness, policy communication and responsible conduct expectations.

Healthcare-related interactions require careful controls.

Apply the Marketing Code of Conduct and Anti-Bribery Policy to guide interactions with healthcare professionals, hospitals and other relevant parties.

Employees and affected persons need safe channels to report concerns.

Maintain whistleblowing channels, non-retaliation protection, investigation procedures and Audit Committee reporting.

Conflicts of interest and confidential information can affect trust.

Require disclosure of conflict situations and protect confidential, internal and customer information.

Bullying, harassment and discrimination can weaken workplace trust.

Apply Human Rights Policy, Anti-Discrimination and Anti-Harassment Policy, Whistle Blower Policy and Non-retaliation Policy.

Policies may not work if people do not understand them.

Provide onboarding, annual training, online learning, country-level training and clear reporting guidance.

Why Business Ethics and Code of Conduct Matters to MEGA

MEGA’s business is connected to human health. This makes ethical conduct especially important because our decisions can influence product quality, customer trust, employee well-being, supplier relationships, healthcare professional engagement and confidence among regulators and shareholders.

The Business Ethics and Code of Conduct matters because it gives people across MEGA a common standard for responsible conduct. It helps employees understand how to act, how to make decisions, how to protect confidential information, how to manage conflicts of interest, how to treat people fairly, and how to raise concerns when something does not feel right.

Ethical conduct also supports business resilience. A company that acts with integrity is better able to prevent misconduct, protect its reputation, build long-term partnerships, manage risk and create sustainable value.

Our Business Ethics and Code of Conduct Approach

MEGA’s approach begins with a clear Code. The Business Ethics and Code of Conduct is the foundation document for MEGA’s governance policy suite and serves as a guide for responsible conduct across the Company.

Compliance with the Code is mandatory for Directors, Executives, Management and employees of the Company, Subsidiaries, Associates and Joint Ventures, including those on deputation in or out of the Company. The Code also connects to employees in the value chain where MEGA has laid down the Supplier Code of Conduct.

New employees are required to read and acknowledge the Code. The Code is hosted on MEGA’s official website in English and Thai and has been translated into local languages in Myanmar, Cambodia and Vietnam to support understanding across key markets.

Non-compliance with the Code may lead to disciplinary action, including termination of employment in accordance with the laws of the territory where the individual is employed. This makes the Code not only a statement of values, but also a practical standard for accountability.

Responsibilities of Employees and Leaders

Every employee has a role in protecting MEGA’s ethical culture. Employees are expected to understand the framework of the Code in general and the sections that apply to their job specifically. This means understanding the issues, the Company’s position and the policies that guide daily work.

Leaders have an additional responsibility to create a culture of compliance. Senior Managers are expected to help build an environment where people understand the Code, raise concerns when needed and see that those concerns are handled responsibly. Leaders also share responsibility for gathering feedback and taking remedial actions when concerns are raised.

This leadership responsibility is important because ethical conduct is not created by policies alone. It depends on how managers communicate expectations, handle questions, respond to concerns and support fair treatment in practice.

Responsible Business Dealings

MEGA expects business relationships to be conducted with transparency, integrity and fairness. This applies to suppliers, customers, healthcare professionals, government officers, regulators and other business partners.

In supplier relationships, MEGA aims to deal with suppliers in a fair manner and ensure that business is conducted at competitive prices and in a mutually rewarding way. Price, quality, environmental protection, technical and regulatory expertise, reliability and integrity are among the guiding factors for supplier enlistment.

In customer relationships, MEGA expects fair dealing and responsible conduct. Customer data, trade terms, commercial details and business strategies are proprietary information and must be treated as confidential. Employees must not disclose such information without approval or use it for personal benefit.

MEGA also expects employees to comply with competition laws of the territories where the Company operates, including fair pricing and trading practices.

Anti-Bribery and Responsible Marketing

MEGA follows a principled stance on bribery and marketing conduct. The Anti-Bribery Policy and Marketing Code of Conduct provide practical guidance for higher-risk interactions and help ensure integrity in business dealings.

The Anti-Bribery Policy covers procedures and limits for gifts, entertainment, donations, dealings with government officers, conduct with healthcare professionals and hospitals, employees with links to government, prohibition of political activities, prohibition of facilitation payments, accounting and reporting for gifts, audits and whistleblowing.

The Marketing Code of Conduct provides guidance on gifts to healthcare professionals, promotional aids, items of medical utility, samples, conduct and association with patient organizations, patient education and support, medical representatives, promotional materials, product-related claims, off-label claims, symposia and congresses.

Together, these policies help MEGA ensure that healthcare-related engagement is conducted responsibly and that business growth is supported by ethical and transparent relationships.

Responsible Healthcare Engagement Controls

Anti-Bribery Policy Marketing Code of Conduct
Gifts and entertainment Gifts to healthcare professionals
Donations Promotional aids and medical utility items
Government officer dealings Samples
Healthcare professional and hospital conduct Patient education and support
Facilitation payment prohibition Promotional materials
Accounting and reporting for gifts Product-related and off-label claims
Audits and whistleblowing Symposia and congresses

Conflict of Interest and Insider Information

Conflicts of interest can affect trust and decision-making. MEGA expects employees to disclose situations that result, or may result, in a conflict of interest. Employees are expected to disclose to their superiors any suppliers, customers or third parties doing business with the Company who are related to the employee.

MEGA strictly prohibits and discourages undisclosed conflicts of interest. Employees are expected to address such situations by disclosing the name of the party, the nature of the relationship and details of the contract with such party.

MEGA also maintains expectations on insider information. Directors, executives and employees must not disclose confidential or internal information for personal benefit or for the benefit of others, and must not trade securities of the Company by using confidential or internal information in a way that could cause damage to the Company.

Human Rights, Fair Treatment and Workplace Conduct

MEGA respects human rights and seeks to create an environment of equal opportunity. The Company strives to create relationships with suppliers and customers who promote human rights and provide equal opportunity to employees from different sections of society.

MEGA’s Human Rights Policy is aligned with internationally accepted principles, including the Universal Declaration of Human Rights, the United Nations Guiding Principles on Business and Human Rights, and fundamental conventions identified by the International Labour Organization.

The policy covers key expectations such as prohibition of child labor, forced labor and modern slavery; prohibition of sexual and other harassment; right to collective bargaining; environment, health and safety at the workplace; community engagement; workplace security; drug safety; data safety; non-retaliation and whistleblowing.

Workplace Conduct and Human Rights Topics

No child labor, forced labor or modern slavery
No sexual or other harassment
Equal opportunity and fair treatment
Right to collective bargaining
Right to collective bargaining
Security at workplace
Data safety
Non-retaliation and whistleblowing

Data Protection and Confidentiality

Responsible conduct also includes protecting information. Customer data, trade terms, commercial details, business strategies, internal documents and other confidential information are treated as proprietary information.

Employees are expected to follow MEGA’s IT policies and ensure data secrecy and privacy of personal data. Confidential and internal information must not be disclosed or used for personal benefit, and employees are expected to maintain confidentiality even after leaving MEGA.

ESG in Action

Training and Awareness
Governance and Economic
18 June 2026
Training and Awareness
Read More
View All

Ethics Training and Awareness Map

Myanmar
Onboarding, basic compliance, healthcare professional training, anti-corruption / anti-bribery
Malaysia
Business Ethics and Code of Conduct, anti-corruption, insider trading, sustainability, Supplier Code of Ethics, personal data protection laws
Indonesia
Business Ethics and Code of Conduct, anti-corruption, insider trading, sustainability, Supplier Code of Ethics, personal data protection laws
Africa
Policy training programs
Cambodia
Policy training programs
Vietnam
Anti-corruption, business ethics, Supplier Code of Ethics, Marketing Code of Ethics and other policies

Handling Concerns and Protecting Reporters

MEGA supports the proper handling of concerns through its Business Ethics and Code of Conduct, Whistle Blower Policy, Non-retaliation Policy and investigation procedure. Employees and affected persons may raise concerns through secure and confidential reporting channels, and reported matters are handled through a defined process, including investigation and reporting to the Audit Committee within 30 days or within an agreed extension.

To ensure that concerns are handled properly, MEGA also provides training and guidance to managers and relevant responsible persons on how to receive, escalate and manage reports raised by employees or affected persons. This includes concerns relating to workplace conduct, discrimination, bullying, harassment, conflicts of interest, business ethics violations and other misconduct. The training emphasizes confidentiality, impartiality, protection against retaliation, appropriate escalation, documentation, investigation procedures and timely follow-up, so that reported concerns are handled in a fair, ethical and accountable manner.

This approach helps strengthen trust in MEGA’s reporting system. It also supports a workplace culture where employees and affected persons can raise concerns responsibly, while managers and relevant responsible persons understand their role in protecting confidentiality, preventing retaliation and escalating matters through the appropriate channels

Whistleblowing, Non-Retaliation and Remediation

MEGA provides channels for employees and affected persons to raise concerns. Reports may be submitted to the Audit Committee or through the whistleblowing channel. The Non-retaliation Policy protects individuals who report concerns in good faith. MEGA follows a standard operating procedure for investigation and reporting to the Audit Committee within 30 days, or within an extended period as agreed when additional time is required.

In 2025, one whistleblowing case was confirmed with the Audit Committee and closed. Details of the case are as follows: The year 2025 case in Kenya had alleged violation of business ethics based on available evidence. We requested the person to share the evidence so we can take action. But the whistleblower did not share any evidence and did not respond thereafter. The investigation Committee based on inquiry concluded there was no violation of Business Ethics and Code of Conduct.

Disclosed Target / Management Focus

MEGA’s business ethics focus areas are connected to Code implementation, training, reporting channels, anti-bribery controls, responsible marketing, conflict of interest, data protection and continuous improvement.

Code implementation

Continue communicating and applying the Business Ethics and Code of Conduct across Directors, Executives, Management, employees and relevant value chain relationships

New employee onboarding

Continue requiring new employees to read and acknowledge the Code

Annual training

Continue annual training on business ethics, Code of Conduct, anti-corruption, human rights, conflict of interest and information security awareness.

Anti-corruption and anti-bribery

Continue corruption risk assessment, controls, training and Anti-Bribery Policy implementation.

Responsible marketing

Continue applying the Marketing Code of Conduct to healthcare professional engagement, promotional materials, patient education and product-related claims.

Conflict of interest

Continue requiring disclosure of actual or potential conflict situations.

Whistleblowing and non-retaliation

Maintain reporting channels, non-retaliation protection, investigation procedures and Audit Committee reporting.

Concern handling

Continue communicating expectations on confidentiality, escalation, non-retaliation, documentation, investigation and follow-up.

Data protection and confidentiality

Continue reinforcing data secrecy, privacy of personal data and protection of confidential information.

Continuous improvement

Use policy review, training, incident tracking and corrective / preventive actions to strengthen ethical conduct.