Ethics and Compliance

In early 2022, AMD created the Chief Compliance Officer (CCO) role to oversee the Ethics and Compliance Program; the role is responsible for implementing and operationalizing the WWSBC and related policies and procedures. These policies govern employee conduct to facilitate our consistent compliance with laws and regulations including U.S. Foreign Corrupt Practices Act, export control regulations, privacy regulations, and conflict of interest principles. The CCO provides the AMD Board of Directors with quarterly activity reports on activities of the Ethics and Compliance Program.

Business Conduct Training

All employees are required to complete the WWSBC training when hired and every three years thereafter. The training is an online ethics and compliance course focused on anti-corruption, import/export compliance, insider trading, conflicts of interest, antitrust, and the prevention of workplace harassment, which includes sexual harassment and sex discrimination, among other topics. On average, approximately 92% of our employees were current on their WWSBC training in 2023.

During 2023, AMD successfully piloted a new adaptive, competency based WWSBC training course that is expected to be rolled out to all employees in 2024 and assigned annually thereafter. The new platform uses predictive insights and behavioral intelligence to deliver personalized learning experiences, scenario-based training, practice, analysis, and reinforcements to all AMD employees. It also provides the Ethics team with advanced analytics on employees’ performance to identify gaps that can be addressed with targeted training and awareness initiatives. 

To further mitigate risks, we provide specific groups with additional training on relevant topics, including anti-corruption, export compliance, and contracting. In 2023, we hosted a Compliance Awareness Week to elevate global awareness of our company’s ethics and compliance policies and resources, and we updated our new intranet compliance hub with executive videos, blogs, policies, trainings, and other useful resources.

On an annual basis, our General Counsel communicates to the entire company the importance of complying with the WWSBC and conducting our business with integrity. In addition, we survey our leadership teams – Corporate Vice President positions and above, including our Chair and CEO — twice a year about possible conflicts of interest and related party transactions.  

Grievance Mechanism

We maintain a secure and trusted process for reporting misconduct and encouraging employees to use the process for raising concerns and asking questions. AMD Aware is a multilingual web portal and telephone service that accepts reports, including anonymous reports, about suspected illegal activity or violations of the WWSBC, as permitted by law. AMD Aware is available to all AMD employees and third parties worldwide 24 hours a day, seven days a week. To encourage use of AMD Aware and our reporting process, we inform employees and other stakeholders of our non-retaliation policy with respect to good faith reports of non-compliance and ethics concerns or violations.

All incidents reported via AMD Aware  are investigated by responsible teams within AMD, including representatives from the AMD Ethics and Compliance team and the Internal Audit and Employment Law teams, when applicable. Significant incidents and investigations are reported to the Board Audit and Finance Committee, including any corrective actions taken as a result of the investigations. Repeated concerns are addressed through senior management discussions, employee communications, training, process and controls improvements, and individual corrective action measures, where appropriate.

Competition Law and Anti-Bribery Compliance 

Antitrust laws are designed to protect consumers and competitors against predatory and unfair business practices and to promote and preserve competition. AMD is committed to a policy and practice of vigorous and ethical competition while complying with all applicable antitrust, competition and related laws in all countries, states, or localities where the company conducts business. AMD has a stand-alone global policy to identify and educate our employees about key antitrust law and concepts. Our Global Antitrust Compliance Policy identifies the primary competition laws in the largest jurisdictions in which AMD operates, summarizes key antitrust policies, outlines the consequences of non-compliance, and instructs employees on how to report conduct suspected to be in violation of competition laws. 

AMD does not tolerate the giving or receiving of bribes, kickbacks, or other improper payments in connection with our business. In addition to the WWSBC, AMD has a standalone global policy to help employees and key personnel identify and appropriately address anti-corruption risks when conducting company business. Our Global Anti-Bribery and Anti-Corruption Policy describes prohibitions and required processes related to specific areas of risk, such as gifts, meals, and entertainment, and our company’s policy prohibiting facilitation payments.

The policy includes expansive definitions of “government official” and “government entity,” together with special considerations for transactions involving them. The Ethics and Compliance team reviews, and approves when applicable, employee questions and disclosures related to gifts, meals, and entertainment, including those related to foreign government officials. Additionally, the policy states the company’s position on engaging with third parties or intermediaries to work for AMD. 

All employees, officers, directors, contractors, and business partners performing work for, with or on behalf of AMD are required to comply with the WWSBC, including our Global Antitrust Compliance Policy and Global Anti-Bribery and Anti-Corruption Policy. 

Training

Antitrust and anti-corruption training are key components of our WWSBC course for all employees. The course requires employees to certify that they are conducting business in accordance with the WWSBC, which outlines procedures for relevant employees, including sales representatives, regarding appropriate interaction with competitors to avoid perceived collusion. Topics addressed in the training range from pricing practices and bundling of products to conduct restraining markets. Additional in-person antitrust and anti-corruption training is conducted for employees working in high-exposure roles. 

Control Procedures and Risk Assessments 

The Internal Audit function at AMD conducts audits of control procedures aimed at preventing anti-competitive practices. A portion of the annual audit plan is dedicated to overseeing third parties to ensure their adherence to the ethical and competitive standards outlined in our WWSBC. Additionally, the risk of anti-competitive business practices is considered as part of the annual enterprise risk assessment conducted in partnership with other relevant business units. Where applicable, this risk is addressed through various management programs, training initiatives, or further evaluation via independent audits.

The Law Department reviews contracts and programs for compliance with antitrust laws and provides compliance training to sales and customer-facing roles. In addition, AMD has a financial reporting program that audits a substantial number of our company's financial reporting controls, including entity-level controls that are intended to address the ethics and management of AMD.

Privacy 

AMD has implemented systems, processes, and procedures to protect the personal information of AMD employees, job applicants, temporary workers, contingent workers, contractors, users, and business partners worldwide. AMD maintains a full suite of policies and processes that govern how we process personal information, comply with privacy laws, and enter into privacy agreements, when applicable, with third parties and service providers.

The Privacy team, which is part of the Ethics and Compliance Program and reports to the CCO, oversees and coordinates privacy-related activities across diverse business functions responsible for handling various aspects of privacy. Regional counsel in major regions like the European Union and Asia-Pacific support the Privacy team on local privacy requirements.

Employees and other personnel have access to a detailed employee privacy notice posted on the AMD intranet about privacy practices governing employee personal data, and when applicable, they can access bilingual and local privacy notices. Our website Privacy Policy, directly accessible via a link on the footer of the AMD homepage, provides details about privacy practices governing the personal data of users, customers, and various third parties. There is also a direct link to our Cookies Policy on the footer of the AMD homepage; this policy explains our use of cookies and similar technologies, such as web beacons and pixels, local shared objects or pixels (collectively “Cookies”), and how users can control the use of Cookies on websites owned and operated by or on behalf of AMD and its affiliates and subsidiaries. 

Training

Increasing employee awareness of important aspects of privacy was a primary goal of a series of training sessions conducted during our 2023 AMD Compliance Week. In addition to a privacy overview training applicable to all employees, we held specific training sessions for various business functions like Engineering, Human Resources, Marketing, and Sales. We have also updated our new intranet privacy hub with blogs, news, policies, trainings, and other useful privacy resources for AMD employees.

Risk Assessment

When we enter into written agreements with service providers that process personal data of our employees, customers, or other partners, we incorporate relevant privacy and/or security language, such as data processing agreement, and we conduct privacy risk assessments from time-to-time, as required under applicable data protection laws. 

The Privacy team is implementing a new Privacy Automation Program to automate Records of Processing Activities (RoPA) and Data Mapping. The team is also conducting Privacy Program Evaluation and maturity assessments of the privacy program and benchmarks against peers periodically and for specific high-risk areas when necessary. An AMD IT risk assessment is performed periodically, which includes assessment of domains in cybersecurity.

The Privacy team also collaborates with AMD Information Security team and the Procurement team to evaluate prospective cloud providers before onboarding them. We align these evaluations to the Cloud Security Alliance Cloud Control Matrix, which is considered the de facto standard for cloud security and privacy. The Privacy team also works closely with the AMD Information Security team to prevent, address, and remediate any potential or known security incidents, including taking necessary measures to inform relevant affected data subjects, such as employees and data protection authorities, in accordance with applicable data protection laws.