TODINI COSTRUZIONI GENERALI S.P.A. Salini Group. Descriptive Document of the ORGANISATIONAL MODEL FEBRUARY 2013

Transcription

1 Descriptive Document of the ORGANISATIONAL MODEL Organisation, Management and Control Model pursuant to Legislative Decree 231/2001 Salini Group FEBRUARY 2013 Version 05 of 25/02/2013

2

3 TABLE OF CONTENTS GENERAL PART DESCRIPTION OF THE REGULATORY FRAMEWORK INTRODUCTION TYPE OF CRIME PENALTY SYSTEM CRIMES COMMITTED ABROAD ORGANISATION, MANAGEMENT AND CONTROL MODELS CODES OF CONDUCT PREPARED BY THE REPRESENTATIVE ASSOCIATIONS OF THE ORGANISATIONS ELEMENTS OF THE GOVERNANCE MODEL AND THE GENERAL ORGANISATIONAL STRUCTURE GOVERNANCE MODEL OF TODINI ORGANISATIONAL STRUCTURE OF TODINI ORGANISATION, MANAGEMENT AND CONTROL MODEL OF THE TODINI ORGANISATION, MANAGEMENT AND CONTROL MODEL EXTENSION OF THE MODEL IN THE SCOPE OF THE GROUP, JOINT VENTURES, ATI [TEMPORARY CONSORTIUMS], ETC SUPERVISION AUTHORITY PURSUANT TO LEGISLATIVE DECREE 231/ SUPERVISION AUTHORITY IDENTIFICATION OF THE SUPERVISION AUTHORITY IN TODINI DUTIES AND POWERS OF THE SUPERVISION AUTHORITY OBLIGATIONS OF INFORMATION TO THE SUPERVISION AUTHORITY INFORMATION FLOW Sending notifications Collection and preservation of the information Reporting of the Supervision Authority to the company bodies DISCIPLINARY SYSTEM FUNCTION OF THE DISCIPLINARY SYSTEM MEASURES AGAINST SUBORDINATE WORKERS Violations of the Model and relative penalties MEASURES AGAINST DIRECTORS MEASURES AGAINST AUDITORS MEASURES AGAINST COMMERCIAL PARTNERS, AGENTS, CONSULTANTS AND COLLABORATORS TRAINING AND COMMUNICATION PLAN INTRODUCTION EMPLOYEES AND MEMBERS OF THE COMPANY BODIES OTHER RECIPIENTS TRAINING ACTIVITY ADOPTION OF THE MODEL CRITERIA FOR UPDATING AND ADAPTING THE MODEL VERIFICATION AND CONTROLS ON THE MODEL UPDATE AND ADAPTATION

4 SPECIAL PART INTRODUCTION GENERAL STANDARDS OF CONTROL CRIMES AGAINST THE PUBLIC ADMINISTRATION CRIMES AGAINST THE PUBLIC ADMINISTRATION LISTED IN ARTICLES 24 AND 25 OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO THE CRIMES AGAINST THE PUBLIC ADMINISTRATION SYSTEM OF CONTROLS COMPUTER CRIMES AND ILLEGAL PROCESSING OF DATA COMPUTER CRIMES AND ILLEGAL PROCESSING OF DATA LISTED BY ARTICLE 24-BIS OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO COMPUTER CRIMES AND ILLEGAL DATA PROCESSING GENERAL PRINCIPLES OF BEHAVIOUR OFFENCES BY ORGANISED CRIME OFFENCES BY ORGANISED CRIME LISTED IN ARTICLE 24-TER OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCES TO OFFENCES BY ORGANISED CRIME GENERAL PRINCIPLES OF BEHAVIOUR CRIMES OF FALSIFICATION OF MONEY, LEGAL TENDER, REVENUE STAMPS AND RELATING TO DISTINCTIVE SIGNS CRIMES OF FALSIFICATION OF MONEY, LEGAL TENDER AND REVENUE STAMPS REFERRED TO BY ARTICLE 25-BIS OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO CRIMES OF FALSIFICATION OF MONEY, LEGAL TENDER AND OFFICIAL STAMPS GENERAL PRINCIPLES OF BEHAVIOUR CRIMES AGAINST TRADE AND INDUSTRY CRIMES AGAINST TRADE AND INDUSTRY REFERRED TO BY ARTICLE 25-BIS 1 OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO CRIMES AGAINST INDUSTRY AND TRADE GENERAL PRINCIPLES OF BEHAVIOUR CORPORATE CRIMES CORPORATE CRIMES REFERRED TO BY ARTICLE 25-TER OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO CORPORATE CRIMES GENERAL PRINCIPLES OF BEHAVIOUR CRIMES OF TERRORISM OR SUBVERSION OF DEMOCRACY 76

5 7.1 CRIMES OF TERRORISM OR SUBVERSION OF DEMOCRACY REFERRED TO BY ARTICLE 25-QUATER OF LEGISLATIVE DECREE 231/ Crimes of terrorism or subversion of democracy set out in the Penal Code Crimes of terrorism or subversion of democracy set out in special criminal laws Crimes of terrorism or subversion of democracy set forth by the New York Convention ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI WITH REFERENCE TO CRIMES OF TERRORISM OR SUBVERSION OF DEMOCRACY GENERAL PRINCIPLES OF BEHAVIOUR PRACTICE OF FEMALE GENITAL MUTILATION CRIMES OF THE PRACTICE OF FEMALE GENITAL MUTILATION LISTED IN ARTICLE 25- QUATER 1 OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI WITH REFERENCE TO THE PRACTICE OF FEMALE GENITAL MUTILATION CRIMES AGAINST INDIVIDUAL PERSONALITY CRIMES AGAINST INDIVIDUAL PERSONALITY REFERRED TO BY ARTICLE 25-QUINQUIES OF LEGISLATIVE DECREE 231/ Crimes for the purpose of repressing human trafficking Crimes for the purpose of repressing paedophilia ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO OFFENCES AGAINST INDIVIDUAL PERSONALITY CRIMES OF MARKET ABUSE CRIMES OF MARKET ABUSE REFERRED TO BY ARTICLE 25-SEXIES OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO CRIMES OF MARKET ABUSE TRANSNATIONAL CRIMES LAW 146 OF 16 MARCH The individual specific cases of crime presumed by the organisation s administrative responsibility ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO TRANSNATIONAL CRIMES GENERAL PRINCIPLES OF BEHAVIOUR CRIMES AGAINST OCCUPATIONAL HEALTH AND SAFETY CRIMES AGAINST OCCUPATIONAL HEALTH AND SAFETY REFERRED TO BY ARTICLE 25- SEPTIES OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI WITH REFERENCE TO CRIMES AGAINST OCCUPATIONAL HEALTH AND SAFETY SYSTEM OF CONTROLS CRIMES OF RECEIVING, LAUNDERING AND USE OF ILLEGALLY OBTAINED MONEY, ASSETS OR PROFIT CRIMES REFERRED TO BY ARTICLE 25-OCTIES OF LEGISLATIVE DECREE 231/

6 13.2 ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO CRIMES OF RECEIVING, LAUNDERING AND USE OF ILLEGALLY OBTAINED MONEY, ASSETS OR PROFIT GENERAL PRINCIPLES OF BEHAVIOUR CRIMES CONCERNING A VIOLATION OF COPYRIGHT CRIMES REFERRED TO BY ARTICLE 25-NOVIES OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI WITH REFERENCE TO CRIMES CONCERNING A VIOLATION OF COPYRIGHT CRIME OF INDUCEMENT NOT TO GIVE STATEMENTS OR TO GIVE FALSE STATEMENTS TO JUDICIARY AUTHORITIES CRIMES REFERRED TO BY ARTICLE 25-NOVIES OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI WITH REFERENCE TO INDUCEMENT NOT TO GIVE STATEMENTS OR TO GIVE FALSE STATEMENTS TO JUDICIARY AUTHORITIES GENERAL PRINCIPLES OF BEHAVIOUR CRIMES AGAINST THE ENVIRONMENT CRIMES AGAINST THE ENVIRONMENT REFERRED TO BY ARTICLE 25-UNDECIES OF LEGISLATIVE DECREE 231/ ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI, WITH REFERENCE TO THE CRIMES AGAINST THE ENVIRONMENT SYSTEM OF CONTROLS HIRING OF THIRD COUNTRY CITIZENS WITH IRREGULAR RESIDENCY PERMIT HIRING OF THIRD COUNTRY CITIZENS WITH IRREGULAR RESIDENCY PERMIT (ARTICLE 25-DUODECIES OF LEGISLATIVE DECREE 231/2001) ACTIVITIES IDENTIFIED AS SENSITIVE FOR THE PURPOSES OF LEGISLATIVE DECREE 231/2001 IN TODINI WITH REFERENCE TO CRIMES HIRING OF THIRD COUNTRY CITIZENS WITH IRREGULAR RESIDENCY PERMIT SYSTEM OF CONTROL

7 GENERAL PART

8

9 1. DESCRIPTION OF THE REGULATORY FRAMEWORK 1.1 Introduction In September 2000, the Italian Legislator delegated the Government to adopt a legislative decree to discipline the responsibility of organisations including legal persons and companies. This discipline was introduced into our system with the enactment of Legislative Decree 231 of 8 June 2001 (hereinafter "Legislative Decree 231/2001") which ratified the introduction of the "administrative" responsibility of associations (companies, consortiums, other entities with and without legal status, associations) dependent on the commission or the attempted commission of certain types of offence ("liable offences") by a representative of the organisation in its interest or to its benefit. In particular, the company is responsible for the crimes committed in its interest or to its benefit: by "persons who hold positions of representation, administration or management in the organisation or in one of its departments provided with financial and operating autonomy as well as by persons who exercise, in fact, the management and control of the actual organisation" (the "senior management" or "key" individuals listed above; Article 5, paragraph 1, letter a) of Legislative Decree 231/2001); by persons under the management or supervision of one of the key individuals (individuals subordinate to the management or supervision of another person; Article 5, paragraph 1, letter b) of Legislative Decree 231/2001). The responsibility anticipated by Legislative Decree 231/2001, even though formally called "administrative" by the legislation, has according to the prevailing interpretation a fundamentally criminal nature since: it derives from the commission of a crime; it is verified by the criminal judge during the criminal proceedings introduced against the perpetrator of the crime; it carries the application of particularly harsh penalties (up to definitive ban on operating the business, for specific types of liable offences, in the most serious cases). Document approved by the Board of Directors on 27 March

10 The responsibility of the organisation is independent from that of the individual who perpetrated the violation and the relative penalty applied to the organisation is combined with that of the natural person as a consequence of the violation. The administrative responsibility of the company is, however, excluded if the company has, among other things, adopted and effectively implemented, before the commission of the crimes, organisation, management and control models suitable to prevent the crimes; these models can be adopted based on codes of conduct (guidelines) prepared by the associations representing the companies and notified to the Ministry of Justice. The administrative responsibility of the company is in any case excluded if the key individuals and/or their subordinates operate in their own exclusive interest or on behalf of third parties. 1.2 Type of crime The crimes for which the organisation can be considered responsible pursuant to Legislative Decree 231/2001 if committed in its interest or to its benefit by qualified individuals pursuant to Article 5, paragraph 1 of the Decree can be divided, for the sake of convenience, into the following categories: crimes against the public administration (such as bribery, corruption for official deeds, corruption for acts opposed to the official deeds, corruption for judiciary acts, corruption of individual in charge of public function, incitement to corruption, referenced in the Article 25 of Legislative Decree 231/2001, embezzlement of the State, or other public entity, illegal taking of public funding, public grants, other kind of Disbursement by the State, or other public entity, or by European Community, fraud against the State, or other public entity or European Community, and computer fraud against the State, referenced in Articles 24 and 25 of Legislative Decree 231/2001); Computer/cyber crimes (such as making false claims or statements in a public computer document or having evidential effect; unauthorised access to computer or telecommunication systems; unauthorised possession and circulation of access codes to computer or telecommunication systems; circulation of equipment, devices or computer programs intended to damage or shut down a computer or telecommunication system; wire-tapping, illegal 4

11 obstacles or interruptions of computer or electronic communications; forgery, obstacles or illegal interruption of IT communications; installation of devices aimed at intercept, prevent or interrupt IT communications; damage of information, computer or computer and telecommunication data and programs, used by Public entities or with public utility; damage of IT Systems and damage of Public IT Systems, and Information fraud of the individuals who provide certification services of electronic signatures, referenced in the Article 24-bis of Legislative Decree 231/2001); offences by organized crime (such as criminal conspiracy, also aimed at committing crimes of slavery or servitude, at slave trade, at slave and individuals purchase and transfer and crimes related to illegal immigration, referenced in the Article of Legislative Decree 286/1998, Mafia-type association, Mafia-political electoral trading; association aimed at the illegal trafficking of narcotic or psychotropic drugs; kidnapping for extortion; illegal manufacture, introduction, sale, transfer, possession and carrying of weapons or parts of them in a public place whether concealed or not, explosives, illegal weapons as well as common hunting weapons referenced in the Article 24-ter of Legislative Decree 231/2001); crimes of falsification of money (such as counterfeiting of money; spending and introduction into the State, in collaboration, of false currencies, alteration of currencies; spending and introduction into the State, without collaboration, of false money; spending of false money received in good faith; falsification of official stamps, introduction into the State, purchase, possession or putting into circulation falsified revenue stamps; counterfeiting of watermarked paper used for the production of legal tender or official stamps; production or possession of watermarks or instruments used for the falsification of money, official stamps or watermarked paper; use of counterfeit or altered official stamps; counterfeiting, alteration or use of distinctive marks or signs or of patents, models and drawings; introduction into the State and sale of products with false marks) referenced in the Article 25-bis of Legislative Decree 231/2001); crimes against trade and industry (such as disruption of the freedom of trade and industry, illegal competition by threat or violence, fraud against national industries and in the exercise of trade; sale of food products which are not genuine; sale of industrial products with false marks; manufacture and trade of goods made by usurping intellectual property; counterfeiting of geographic indications and denomination of origin of food products listed in the Article 25- bis1 of Legislative Decree 231/2001); 5

12 corporate crimes (such as false company communications, false company communications against the shareholders and the creditors, Obstruction of auditing; Fictitious creation of capital; Fictitious returning of transfers; Illegal distribution of the profits and reserves; Unlawful transactions involving shares or participating interests in the Parent Company; Operations in prejudice of creditors; Omitted communication of conflict of interest; Inappropriate distribution of company assets by the liquidators; Illicit influence on the Shareholders' Meeting; Stock manipulation; Obstruction of public oversight authorities in the discharge of their duties) listed in the Article25-ter of Legislative Decree 231/2001); crimes related to terrorism and the subversion of democracy referenced in the Penal Code and in the special laws (listed in Article 25-quater of Legislative Decree 231/2001); crimes of the practice of female genital mutilation (listed in the Article 25- quater.1 of Legislative Decree 231/2001); crimes against the individual (such as prostitution of minors, child pornography, Possession/distribution of pornographic material produced through the child sexual exploitation; Tourist initiatives aimed to the exploitation of child prostitution, trade in humans and their reduction or their being kept in slavery or servitude) listed in the Article 25-quinquies of Legislative Decree 231/2001); crimes of market abuse (abuse of privileged information and manipulation of the market, listed in Article 25-sexies of Legislative Decree 231/2001); transnational crimes listed in the Article 10 of Law 146 of 16 March 2006 of "ratification and implementation of the United Nations Convention against Transnational Organised Crime and the Protocols Thereto adopted by the General Assembly on 15 November 2000 and 31 May 2001"; Manslaughter and unintentional grave or very grave personal injuries committed with violation of the rules of occupational health and safety (listed in the Article 25-septies of Legislative Decree 231/2001); crimes of receiving, laundering and use of illegally obtained money, assets or profit (such as Receiving of stolen goods; Money laundering; Use of unlawfully gained money, goods or profit listed in the Article 25-octies of Legislative Decree 231/2001); Crimes concerning the violation of copyright (such as Making available to the public in a digital network system, through connection of any type, and without having the right to a work or part of a work of the protected invention 6

13 or illegal reproduction of software and media works destined for the television, cinematographic circuit) listed in the Article 25-novies of Legislative Decree 231/2001); Incitement not to give declarations or to give false declarations to the judicial authorities (listed in the Article 25-novies.11 of Legislative Decree 231/2001); Crimes against the Environment(such as Killing, destruction, capture, withdrawal, holding of protected wild animal or vegetation species; Destruction or deterioration of habitat within a protected site; Offences connected to industrial waste water discharge containing hazardous substances; Offences connected with waste management; Contamination of the soil, subsoil, surface or subterranean waters; Preparation or use of a false waste analysis certificate; Illegal waste trafficking; Activities organised for illegal waste trafficking, even high radioactivity waste; Falsification of a waste analysis certificate used in the area of a control system of the traceability of the same, use of a certificate or hard copy of the fraudulently altered SISTRI form; Violation of the limit values for emissions in operation of a plant; Crimes set out by Law 150 of 7 February 1992 on international marketing of endangered flora and fauna and holding of dangerous animals; Protection of the ozone; Pollution caused by ships, referenced in the Article 25-undecies of Legislative Decree 231/2001); Crimes of mistreatment and sexual abuse of people younger than eighteen years old referenced in the Lanzarote Convention (Law 172/2012 Ratification and execution of the European Council Convention for underage protection against mistreatment and sexual abuse) Crimes related to the employment of foreign citizens without residency permit (Article 25-duodecies of Legislative Decree 231/2001) related to the commission of crimes defined by the article 22, comma 12-bis of the Legislative Decree 22 July 1998, n Penalty System Legislative Decree 231/2001 provides, as a result of the commission or attempted commission of the crimes listed above, for the following penalties against the company: 1 This was introduced with Law 116 of 3 August 2009 and has the same numbering as Article 25- novies provided by Law 99 of 23 July 2009 on the subject of copyright violation; it is probably just a clerical error which we anticipate will be officially corrected. 7

14 pecuniary penalty up to a maximum of Euro 1,549, (and attachment as a precautionary measure); interdiction penalties (applicable also as precautionary measure) of not less than three months and not more than two years which, in turn, can consist of: interdiction to carry out the activity; suspension or revocation of the authorisations, licences or concessions used in the commission of the crime; ban on contracting with the public administration; exclusion from tax breaks, financings, contributions or subsidies and the possible revocation of those granted; ban on advertising goods or services; confiscation (and attachment as precautionary measure); publication of the sentence (in case of application of a disqualification penalty). The disqualification penalties apply just to the crimes for which they are expressly provided (crimes against the public administration, computer crimes and illegal processing of data, offences by organised crime, crimes against the public trust, crimes against industry and trade, crimes of terrorism and subversion of democracy, practices of female genital mutilation, crimes against the person, crimes committed with violation of the accident prevention rules and the protection of occupational health and safety, crimes of receiving, laundering and use of illegally obtained money, assets or profit, crimes relative to copyright violation, incitement not to give declarations or to give false declarations, some transnational crimes) and provided at least one of the following conditions is present: the company has gained from the commission of the crime a significant profit and the crime was committed by key individuals or individuals subordinate to the management of others when, in this last case, the commission of the crime was determined and facilitated by serious organisational shortcomings; in case of reiteration of the illegal activities. The penalties of disqualification from exercising the activity, the ban on contracting with the public authority and the ban on advertising goods or services can be applied definitively in the most serious case. In addition, there is the possibility of continuing the activity of the company (instead of the imposition of 8

15 the penalty) by a commissioner appointed by the judge pursuant to and under the conditions listed in Article 15 of Legislative Decree 231/2001. In the hypotheses of an attempt to commit significant crimes relative to the administrative responsibility of the organisations, the pecuniary penalties (in terms of amount) and the disqualifications (in terms of time) are reduced from a third to a half. 1.4 Crimes committed abroad According to Article 4 of Legislative Decree 231/2001, the organisation may be called to answer in Italy for crimes (significant in terms of the administrative responsibility of the organisations) committed abroad. The assumptions on which the responsibility of the organisation is based for crimes committed abroad are: the crime must be committed abroad by an individual functionally connected to the organisation, in accordance with Article 5, paragraph 1 of Legislative Decree 231/2001; the organisation must have its head office in Italy; the organisation may only respond in the cases and under the conditions provided by Articles 7, 8, 9 and 10 of the Penal Code, regarding the applicability of Italian law for crimes committed abroad; if, in the cases and conditions cited in the aforementioned articles of the Penal Code exist, the State of the location where the act was committed does not start proceedings against the organisation. 1.5 Organisation, Management and Control Models A fundamental aspect of Legislative Decree 231/2001 is the attribution of an exempting value to the organisation, management and control models of the company adopted by organisations in order to prevent the occurrence of the liable offences by representatives (key staff and those subordinate to the direction and supervision of the former) of the organisation. In the case of a crime committed by an individual in senior management, in fact, the company is not liable if it proves that (Article 6, paragraph 1 of Legislative Decree 231/2001): 9

16 a) the managing body has adopted and effectively implemented, before the commission of the fact, models of organisation and management suitable for preventing crimes of the kind which occurred; b) the task of monitoring the operation and observance of the models and taking care of their updating is entrusted to a body of the company with autonomous powers of initiative and control; c) the persons committed the crime by fraudulently dodging the organisation and management models; d) supervision by the Supervision Authority was not omitted or insufficient. The company must therefore demonstrate its ignorance of the facts with which the key individual is charged by proving the existence of the aforementioned convergent requirements and, as a consequence, the circumstance that the commission of the crime does not stem from an "organisational fault" of the company, that is from not having arranged for suitable measures (adequate organisation, management and control models) in order to prevent the commission of the crimes significant for purposes of the administrative responsibility of the organisations. If, instead, it is a crime committed by individuals subordinate to the management and supervision of another person, the company is liable if the commission of the crime was made possible by the violation of the management or supervision obligations which the company is required to observe. In any case, the violation of the obligations of management and supervision is excluded if the company, before the crime was committed, adopted and effectively implemented an organisation, management and control model suitable to prevent crimes of the type which occurred. Article 7, paragraph 4 of Legislative Decree 231/2001 furthermore defines the requirements for an effective implementation of the organisational models: the periodic verification and possible modification of the model when significant violations are discovered in the regulations or when changes in the organisation and the business occur; a suitable disciplinary system to punish the lack of respect for the measures indicated in the model. 10

17 It will be the judicial authorities which must, in the hypothesis anticipated by the aforementioned Article 7, prove that an organisation, management and control model suitable to prevent crimes of the type that occurred was not adopted and effectively implemented. Legislative Decree 231/2001 outlines the contents of the organisation and management models, anticipating that, relative to the extension of power delegated and the risk of commission of the crimes, they must: identify the activities in the scope of which crimes could be committed; provide for specific protocols directed at scheduling the training and implementation of the decisions of the company relative to the crimes to be prevented; identify suitable methods for managing the financial resources in order to prevent the commission of the crimes; provide for obligations of information to the organisation in charge of supervising the operation and compliance with the models; introduce a disciplinary system which is suitable for punishing any failure to respect the measures indicated in the model. 1.6 Codes of Conduct prepared by the representative associations of the organisations In compliance with Article 6, paragraph 3 of Legislative Decree 231/2001, Confindustria was the first to issue a Code of Conduct for the development of the organisation, management and control models (Guidelines for the development of the organisation, management and control models pursuant to Legislative Decree 231/2001; hereinafter "Confindustria Guidelines") providing, among other things, the methodological directions for identifying the risk areas and the structure of the organisation, management and control model. In particular, the Confindustria Guidelines provide the following main suggestions: Identification of the areas at risk, aimed at verifying in which corporate area/department it is possible to carry out the crimes and the illegal administrative actions significant in terms of the administrative responsibility of the organisations. Preparation of a control system to prevent risks through the adoption of special procedures. 11

18 The following are elements of a preventive control system identified by Confindustria: with reference to malicious crimes: o Code of Ethics (or Code of Conduct) referring to the crimes in question; o organisational system; o manual and computer procedures; o powers of authorisation and signature; o management control system; o communication to the staff and their training; with reference to the crimes of manslaughter and unintentional personal injuries committed in violation of the rules on the protection of occupational health and safety: o Code of Ethics (or Code of Conduct) referring to the crimes in question; o organisational structure; o education and training; o communication and involvement; o operational management; o safety monitoring system. The elements of the control system must be prompted by the following principles: o verifiability, possibility of documenting it, coherence and congruity of every operation, transaction, action; o application of the principle of separation of the functions (no-one can manage autonomously an entire process); o documentation of the controls. Anticipation of an adequate penalty system for the violation of the rules of the Code of Ethics and the procedures provided for by the model. Identification of the requirements of the Supervision Authority, which can be summarised as follows: o autonomy and independence; o professionalism; o continuity of action. Obligations of information to and from the Supervision Authority. The National Builders' Association (ANCE) has prepared a Code of Conduct on the basis of which the members can adopt their own organisation, management and 12

19 control models (Code of Conduct for Construction Businesses pursuant to Article 6, paragraph 3, of Legislative Decree 231, 8 June 2001). In particular, the first part of the ANCE Code of Conduct defines and suggests general principles to be covered in the Code of Ethics, and the second part looks at the organisation, management and control models in more detail. In this context, ANCE identifies as the objectives of the model: the identification of the activities in the scope of which the crimes could be committed which are listed in Legislative Decree 231/2001; the provision of specific protocols directed at scheduling the training and implementation of the decisions of the organisation relative to the crimes to be prevented; the provision of an accurate, prompt and truthful system of information within the organisation; the provision of suitable methods for managing the financial resources in order to prevent the commission of the crimes; the provision of obligations of information to the organisation in charge of supervising the operation and compliance with the model; the provision of a disciplinary system which is suitable for punishing any failure to respect the measures indicated in the model. 2. ELEMENTS OF THE GOVERNANCE MODEL AND THE GENERAL ORGANISATIONAL STRUCTURE 2.1 Todini Costruzioni Generali S.p.A. Todini Costruzioni Generali S.p.A. (hereinafter also called Todini or the Company ) is a company established under Italian law which over fifty years of business has established itself in the national and international field of construction for its reliability and high professional standards, and especially for the capacity to design and realise large civil engineering projects in complex and different situations. Internationally, Todini is involved in the realisation of important integrated projects. From the financing to the construction, Todini handles the entire project, personally taking care of every phase and focusing on the result with speed and effectiveness. Since 2010, Todini has been part of the Salini Group. Specifically, the business is divided into three divisions: 13

20 - Construction: The principal purpose of the Company is building activity in any sector and in any form, the assumption of concession works, work under contract and/or concession both from public and private organisations of building, road, airport, hydraulic and hydroelectric, sea and railway projects and for the consolidation and defence of the territory, all of which is carried out in Italy or abroad both on behalf of third parties or for themselves. The Company may carry out their activity either directly or by assuming participations, also in stock, in businesses, associations (including temporary associations) of companies, in consortiums, in joint ventures and in initiatives with a similar or related purpose or in any case connected to their own. - Property Development: the Company can also carry out the sale, exchange, construction, leasing (including financial), and the administration of real estate assets, urban buildings and farmland. The Company can also assume participations in other companies whether they are similar or not, in consortiums and associations, as well as assume and handle their management; open current accounts as well as overdraft accounts and credit lines at banks, as well as release any type of guarantee and surety including mortgages, in both their own interest and for third parties, and in general perform any commercial, industrial and financial operation considered necessary for the achievement of the corporate goals. 2.2 Governance model of Todini The Company is administered by a Board of Directors composed of a minimum of five members and a maximum of nine members. The Board can appoint an Honorary Chairman, if they consider it appropriate, who can be chosen from among the members of the Board of Directors. The Board of Directors is vested with all the powers for the ordinary and extraordinary management of the Company, and notably they are granted all the rights to implement and achieve the corporate goals which are not by law or the articles of association absolutely reserved for the Shareholders' Meeting. 14

21 The Board of Directors can deliberate the delegation of their own assignments by determining the limits of the delegation in compliance in any case with Article 2381 of the Civil Code and the conferment of special tasks to individual directors. The recipient bodies of delegations report to the Board of Directors and the Board of Statutory Auditors, as provided by Article 2381, paragraph 5 of the Italian Civil Code. The Board of Statutory Auditors, appointed and operating in accordance with the law, has three standing members, one of which is the Chairman of the Board, and two alternate members. The Board of Statutory Auditors is entitled to the attributions of law. The accounting control can be carried out by the Board of Statutory Auditors and in this case all its members must be registered in the register of auditors held by the Ministry of Justice. Since the Company is required to prepare consolidated financial statements, the accounting control is carried out by an auditor or an auditing firm registered in the register of auditors held by the Ministry of Justice. 2.3 Organisational structure of Todini The organisational structure of the Company is as follows. The following Departments/Organisations report to the Chief Executive Officer: General Management Italy; General Management Overseas; Administration and Finance Department; Human Resources Department; Compliance/Internal Audit Department; Environmental Safety Quality Department; General Affairs Department; Operating Technical Control; External Relations; Tenders and Technical Services; Purchasing and Shipping Department; Installations and Machinery Department; License and Project Financing Department. 15

22 The following departments report to General Management Italy: - Production Department Italy; - Sales Department Italy; The following departments report to General Management Overseas: - Production Departments Overseas; - Overseas Sales Departments; - Contract Department. 3. ORGANISATION, MANAGEMENT AND CONTROL MODEL OF 3.1 The Todini Organisation, Management and Control Model Todini has adopted its own organisation, management and control model (hereinafter the "Model") in conformity with the requirements provided by Legislative Decree 231/2001 and consistent with the legislative and regulatory reference context, with the principles already rooted in its culture of governance and with the recommendations included in the Confindustria Guidelines and the ANCE Code of Conduct. When preparing the Model, Todini also took into account the existing procedures and control systems already widely used in the company, where deemed suitable for use as measures of prevention of the crimes and control of the areas at risk. The principles and the content of the Model are intended for the members of the company bodies, management and employees of the Company. Moreover, the provisions and rules of conduct of the Model are intended for commercial partners, consultants, external collaborators and other individuals who have a relationship with the Company with reference to the activity performed for Todini. The components of the Model are listed below: the identification of the corporate activities in the context of which significant crimes could be committed in terms of the administrative responsibility of the organisation (mapping of sensitive areas); 16

23 the expectation of principles of control relative to the sensitive activities identified; Code of Ethics; a programme of periodic audits on the sensitive activities and on the relative control standards; an organisational system that clearly defines the hierarchy of the corporate positions and the responsibilities for the accomplishment of the activities; an authorisation system that attributes internal powers of authorisation and external signing powers consistent with the organisational system adopted; the operating procedures for the discipline of the principal corporate activities and, in particular, of the processes at risk and for the management of the financial resources; a control management system which promptly highlights the critical issues; a communication and training system for personnel and members of the company bodies, for a widespread and effective circulation of the corporate provisions and the relative implementation methods; a disciplinary system aimed at punishing the violation of the provisions included in the Model; the identification of a Supervision Authority, provided with independent powers of initiative and control, assigned the task of monitoring the operation and compliance of the Model; specific information obligations to the Supervision Authority regarding the principal corporate facts and in particular on the areas considered at risk; specific information obligations by the Supervision Authority to corporate senior management and company bodies; criteria for updating and adapting the Model. The Model was approved by the Todini Board of Directors, and is represented in the following documents: 1. Code of Ethics; 2. Mapping of sensitive areas; 3. Descriptive document of the Organisation, Management and Control Model pursuant to Legislative Decree 231/2001; 4. Protocols. In particular: 1. Code of Ethics: prepared in order to describe the principles of ethics and "corporate code of conduct" which the Company acknowledges as theirs 17

24 and based on which they intend therefore to shape, in compliance with the laws in effect, the performance of the activity and the pursuit of the corporate purpose. Furthermore, since the Code of Ethics refers to principles of conduct which are also suitable for preventing illegal behaviour pursuant to Legislative Decree 231/2001, it forms an integral part of the Organisational Model; 2. Mapping of sensitive areas: the document identifies the areas susceptible to the commission of crimes and, for every Company Department, the Key Officer/s, or the manager/s of the sensitive activities and the analysis of adequacy of the Internal Control System (ICS); 3. the Descriptive document of the Todini Organisation, Management and Control Model is composed of a General Part and fifteen Special Parts which include, respectively: a) in the General Part a description relative to: the legislative reference framework; the company (governance system and organisational structure of Todini); the identification and appointment of the Todini Supervision Authority, specifying the powers, duties and information flows that concern them; the operation of the disciplinary system and the relative sanctioning apparatus; the training and communication plan to be adopted in order to guarantee knowledge of the measures and provisions of the model; the criteria for updating and adapting the Model. b) in the Special Parts, a description relative to: the types of crime which determine the administrative responsibility of organisations; the sensitive processes/activities and relative principles of control for the crimes which the Company has decided to take into consideration due to the characteristics of their activity; 4. Protocols of control: these are prepared by the Department/Key Officer, which in accordance with what is anticipated by the guidelines of the trade associations (ANCE and Confindustria) constitute, in terms of the sensitive activities detected in the Risk & Control Assessment, the principles of 18

25 control to monitor the risks of commission of crime identified, and to be applied in a coordinated manner with the corporate procedures. 3.2 Extension of the Model in the scope of the Group, Joint Ventures, ATI [Temporary Consortiums], etc. Todini, in the execution of their characteristic activities, works independently and with partners, through offices in Italy and abroad, as well as through the establishment of joint ventures, consortiums, consortium companies, temporary consortiums and companies established under Italian and foreign law. Given this, Todini intends: for the Italian and foreign subsidiaries, to extend with the due adjustments and consistent with their respective management autonomy, the adoption of the Model; for joint ventures, consortiums, consortium companies, temporary consortiums and companies established under Italian and foreign law, in which Todini participates but the control and/or management of which are entrusted to third parties, to suggest and formally promote the need to adapt to the discipline pursuant to Legislative Decree 231/ SUPERVISION AUTHORITY PURSUANT TO LEGISLATIVE DECREE 231/ Supervision Authority A condition for exemption from the responsibility as provided by Legislative Decree 231/2001 is, among other things, entrusting to an internal body, provided with independent powers of initiative and control, the task of monitoring the operation and compliance of the models and of taking care to update them. In order to satisfy the functions established by the aforementioned rules, the Authority must meet the following requirements: 1. autonomy and independence: as also specified in the Guidelines, the position of the Authority in the Organisation "must guarantee the autonomy of the control initiative from any form of interference and/or influence by any component of the Organisation" (including the managing body). The Authority must therefore be added as a staff unit in a hierarchical position (the highest possible) reporting to senior corporate management. In addition, in order to guarantee its necessary autonomy of 19

26 initiative and independence, "it is indispensable that the Supervision Authority is not assigned operating duties which, by making it take part in decisions and operating activities, would undermine the objectivity of opinion at the time of the verifications on conduct and the Model". 2. professionalism: this requirement refers to the specialised technical skills that the Authority must have in order to be able to perform the activity which the regulation attributes to it. In particular, the members of the Authority must have, overall, specific knowledge relative to any technique necessary for performing the inspection, advisory skills in analysing control systems and legal systems (in particular in criminal law and corporate law), as clearly specified in the Guidelines. In fact, knowledge of the analysis and risk assessment techniques, flow-charting of procedures and processes, of the methods for identification of fraud, statistical sampling and structure and implementation methods of the crimes is essential. 3. continuity of action: in order to guarantee the effective implementation of the organisational Model, a structure dedicated exclusively and full-time to the supervisory activity is necessary. The Authority, therefore, is responsible for monitoring the model and for updating it on a continuous basis. In summary, the Supervision Authority must: be independent and in a position of impartiality relative to those who they must monitor; be in the highest hierarchical position possible; have autonomous powers of initiative and control; have financial autonomy by having its own budget; have no operational duties; have continuity of action; have requirements of professionalism; create a systematic channel of communication with the Board of Directors as a whole. 4.2 Identification of the Supervision Authority in Todini In compliance with what is established by Article 6, paragraph 1, letter b) of Legislative Decree 231/2001 and in light of the recommendations of the most representative trade organisations, primarily Confindustria and ANCE, Todini has 20

27 identified their Supervision Authority (hereinafter "Supervision Authority") as a multiple subject structure, composed of three individuals. The members of the Supervision Authority must possess the knowledge and experience necessary to ensure as a body an operational control and supervision, within the limits established by the Model, guaranteeing the effective application of the Model relative to all the corporate procedures being monitored. The Authority can, for particular problems, use as needed the cooperation of experts, who will be granted specific consulting authority by the Company. In compliance with the requirements of autonomy, independence, professionalism and continuity of action as explained above, the Supervision Authority is appointed by the Board of Directors, at the proposal of the Chief Executive Officer, and is composed of the following "mixed" components: a non-executive director; two external experts, provided with the necessary autonomy, independence and professionalism focused on the nature of the liable crimes. The Supervision Authority operates through the person in charge of Internal Audit of the Parent Company, identified as the Manager of the Internal Audit Department. The Supervision Authority is positioned at the top of the organisation structure, reporting directly to the Board of Directors on the results of the activity, any issues which have emerged and potential corrective measures and improvements. The general principles regarding the establishment, appointment and replacement of the Supervision Authority, as well as its operating rules, are provided in the Regulations of the Supervision Authority, which forms an integral part of the Model. Appointment as member of the Supervision Authority is conditioned by the existence of the subjective requirements of eligibility indicated here and listed in the Regulations of the Supervision Authority. In particular, the following reasons preventing the appointment must not exist: conflicts of interest, even potential, with the Company which could prejudice the independence required by the role and the duties of the Authority; 21

28 ownership, direct or indirect, of shares in organisations which would permit exercising control or a dominating influence on the Ordinary Shareholders' Meeting of the Company; public employment relationship at central or local administrations during the three years prior to the appointment as member of the Supervision Authority; conviction, even not final, in Italy or abroad, for crimes significant in terms of the administrative responsibility of the organisations or crimes which can be assimilated with them; conviction, even non res judicata, or a plea bargain, or a punishment which entails the ban, even temporary, on holding public office, or the temporary ban from the management offices of legal entities and businesses. If any one of the reasons of ineligibility should result against an individual nominated, he must immediately notify the other members of the Supervision Authority and will automatically forfeit the position. The termination of the actual powers of one or more of the members of the Supervision Authority, and the assignment of these powers to another individual, may only occur for just cause, also connected to the reorganisation of the Company, by a specific resolution of the Board of Directors and with the approval of the Board of Statutory Auditors. The following constitute reasons for termination for just cause: eligibility requirements are no longer met; serious negligence or non fulfilment in the performance of the duties connected to the position (for example, failure to carry out the activity in good faith and with the diligence that a prudent person would exercise; failure to cooperate with the other members of the Authority; failure to respond or delayed response to the Board of Directors relative to possible requests pertaining to the activity of supervision and control); failure to participate in two or more meetings, even non consecutive, without justification in the span of twelve consecutive months, as well as the lack of the requirements of integrity; the omitted or insufficient monitoring by the Authority, according to that provided by Article 6, paragraph 1, letter d) of Legislative Decree 231/2001, resulting from a final conviction issued against the Company pursuant to Legislative Decree 231/2001; 22