Uniques approach to Corporate Governance

Corporate governance for Unique is crucial for maintaining trust, compliance, and effective operations. Here are key elements of corporate governance specific to Unique:

1. Board of Directors: we have established a diverse and experienced board of directors that provides strategic guidance and oversight, ensuring representation from both financial and tech sectors (regular meeting documentation can be found in the Unique app).

2. Regulatory Compliance: we aim to stay on top of Swiss financial regulations and ensure strict compliance with all applicable laws, including FINMA (Swiss Financial Market Supervisory Authority) regulations. A report of all FINMA-related activities (esp handling of CID data, risk management approach) has been validated by an external auditor.

3. Data Protection: We adhere to Swiss data protection laws, including the Federal Act on Data Protection (FADP), and the GDPR for European clients, safeguarding sensitive financial and personal data. In addition, we have various technical measures in place (PAM, lockbox, IAM policy) to ensure the highest level of data protection.

4. Data classification: we have a data classification in place that is according to ISO 27001 standards:

   • C0 = public information/data

   • C1 = internal information/data

   • C2 = confidential information/data

   • C3 = secret information/data

5. Ethical Framework for AI: Develop and communicate a code of ethics for AI and conduct that all employees and stakeholders must adhere to, emphasizing integrity, transparency, and accountability.

6. Risk Management: Implement a robust risk management framework, following ISO 9001 principles, to identify, assess, and mitigate risks associated with technology, data security, and financial operations. Monthly risk review: we establish a monthly review for risk management (ISO 27001 and 9001). In addition, we engage in a bug bounty program to identify potential threats early on.

7. Financial Reporting: Maintain accurate and transparent financial reporting practices, following Swiss Generally Accepted Accounting Principles (Swiss GAAP) or International Financial Reporting Standards (IFRS).

8. Internal Audits: we perform regular internal audits as control mechanisms to prevent fraud, mismanagement, and data breaches, with a focus on segregation of duties and access controls.

9. Stakeholder Engagement: Foster open communication with shareholders, soliciting their input and addressing concerns through regular meetings and reports (e.g. Unique exchange)

10. Customer Data Protection: Prioritize customer data security and privacy, ensuring encryption, access controls, and secure data handling practices in line with regulatory requirements.

11. Cybersecurity Measures: Continuously invest in cybersecurity infrastructure, including intrusion detection, penetration testing, and incident response plans to safeguard against cyber threats.

12. Disaster Recovery and Business Continuity: Develop comprehensive disaster recovery and business continuity plans to ensure uninterrupted service delivery, especially during unforeseen events.

13. Transparency and Accountability: Publish annual reports and financial statements, disclosing relevant information to stakeholders and the public.

14. Compliance Training: Provide ongoing compliance training and awareness programs for employees to ensure a deep understanding of regulatory requirements.

15. External Audits: Engage external auditors and conduct regular independent audits of financial statements and internal controls to verify compliance and identify areas for improvement.

By incorporating these elements into their corporate governance framework, Unique is serving financial services in Switzerland and beyond can enhance trust, regulatory compliance, and overall operational excellence.