Courtesy translation

Transcription

1 Organizational Model pursuant to Legislative Decree 231/2001 INTERCOS S.p.A. Approved at the meeting of the Board of Directors held on November 20, 2012 update and revision approved at the meeting of the Board of Directors on March 31, 2014 update and revision approved at the meeting of the Board of Directors on April 10, 2015 update and revision approved at the meeting of the Board of Directors on September 8,

2 Index General Part Definitions... 4 Structure of the document Legislative Decree 231 dated June 8, Characteristics and nature of the entity s liability Categories of offenses identified by the Decree (as subsequently modified) Conditions for the attribution of liability to the entity The Decree s guidelines on the characteristics of the organizational Model Offenses committed outside the Italian territory Sanctions Changes to the entity s corporate form or identity Intercos S.p.A.: the Company The purpose of the Model The Model and the Code of Conduct Method of construction of the Intercos Model Modifying and updating the Model The Model of Intercos and its subsidiaries The offenses that are relevant for Intercos Addressees of the Model The Supervisory Body

3 10.1. Purpose and duties Requisites and composition Requisites for appointment Appointment, revocation, replacement, forfeiture and resignation Activities and powers Information flow to and from the Supervisory Board Services provided by third parties Disciplinary system General principles Disciplinary measures Communication to and education of Company personnel Special Part Omitted 3

4 Definitions The Company or Intercos: Intercos S.p.A., whose registered office is at Generale Armando Diaz 1, Milan. The Group: companies directly or indirectly controlled by Intercos S.p.A. Decree: Legislative Decree 231 dated June 8, 2001 as subsequently modified or integrated. Sensitive activities: the activities of the Company in which there is a risk, or potential risk, that offenses identified in the Decree will be committed. PA: the Public Administration. Confindustria Guidelines: the document issued by Confindustria (approved on March 7, 2002 and updated on March 31, 2014) which provides guidance on the construction of organizational Models for the purposes of the Decree. The Model: the organizational Model adopted by the Company for the purposes of Legislative Decree 231/2001. The Code of Conduct: the Code of Conduct adopted by the Company. Supervisory Body: the body provided for in article 6 of the Decree, charged with the duty of overseeing the functioning of and compliance with the Organizational Model and its updating. Key executives: persons appointed to represent, administer or direct the Company or one of its units with functional and financial autonomy, and persons who, also only de facto, manage or control the Company. Subordinates: persons in positions subject to the management and supervision of the above persons. Consultants: persons who, in virtue of their professional competence, provide intellectual services to the Company on the basis of a mandate or other form of engagement for professional services. Employees: persons who are directly employed by labor contract with the Company or are in a similar relationship with the Company including employment through an agency. Partners: the counterparties, both individuals and entities, in contracts with the Company by which the Company undertakes any form of contractually regulated collaboration. CCNL: the national collective labor contract applicable to the Company which is currently in force. TUF or Unified Finance Law: Legislative Decree 58 dated February 24, 1998 as subsequently modified or integrated. 4

5 Instruments for implementation of the Model: Company statute, organization chart, scheme of powers and authorities, job descriptions, policies, procedures, organizational dispositions and all the Company s other regulations, deliberations and directives. 5

6 Structure of the document This document is composed of a General Part and a Special Part (omitted) composed of fourteen special sections. The purpose of the General Part is to describe the regulations contained in Legislative Decree 231/2001, to indicate to the extent they are relevant for the Decree the specific laws applicable to the Company, to describe the offenses that are relevant for the Company, to identify the Addressees of the Model, to indicate the operating principles of the Supervisory Body, to define a disciplinary system directed at violations of the Model and to indicate the obligations to communicate with and educate the Company s personnel. The purpose of each Special Part is to list the offenses considered within each family of offense to which each Special Part refers and to indicate the so-called sensitive activities the activities which the Company considers to be at risk for the commission of an offense on the basis of the risk assessments performed pursuant to the Decree, the general principles of conduct, the control protocols established over such risk and offenses, the information flows to the Supervisory Body and an appendix of the laws specifying the predicate offenses. The Code of Conduct, which defines the Company s principles and norms of conduct, is also an integral part of the Model. These deliberations and documents are available, in the form and manner prescribed for their divulgation, within the Company and on the corporate intranet. 6

7 General Part 7

8 1. Legislative Decree 231 dated June 8, Characteristics and nature of the entity s liability In adopting the international anti-corruption regulations, Legislative Decree 231 (the Decree ) dated June 8, 2001 introduces and legislates administrative liability for offenses committed by collective entities which, until 2001, could only be expected to pay, on a joint basis, the fines, penalties and administrative sanctions imposed on its legal representatives, directors and employees. This new form of liability of entities is of a mixed nature and has the peculiarity that the liability is a conjunction of aspects of the system of criminal law sanctions with those under administrative law. In fact the Decree provides for an entity to be punished with an administrative sanction since it is responsible for an administrative offense, but the system of sanctions is based on criminal proceedings: the competent judicial authority for the offense is the Public Prosecutor and it is the criminal court judge who imposes the sanction. The administrative liability of the entity is distinct from and independent of the responsibility of the individual person who commits the offense and it exists even if the perpetrator of the offense has not been identified or if the offense has been extinguished other than by amnesty. The liability of the entity is always additional to and may never replace the liability of the individual person who perpetrated the offense. The Decree s field of application is very broad and covers all entities having legal identity, companies, associations including those without separate legal identity, public enterprises and private operators of a public service. The legislation is not applicable to the State, territorial public bodies, public bodies not conducting an enterprise and bodies which perform significant constitutional functions (for example, political parties or trade unions). The legislation does not make any reference to entities which are not resident in Italy. However, on this matter an order of the Milan Court Preliminary Investigation Judge (order dated June 13, 2007; see also Milan Preliminary Investigation Judge order dated April 27, 2004 and Milan Court order dated October 28, 2004) ratified the jurisdiction of the Italian judge over offenses committed in Italy by foreign entities, applying the principle of territoriality Categories of offenses identified by the Decree (as subsequently modified) The entity can be held liable only for those offenses the so-called predicate offenses which are specified in the Decree or in legislation which came into effect prior to the commission of the acts constituting the offense. 8

9 At the date of approval of the present document, the predicate offenses belong to the following categories of offenses: offenses involving relationships with the Public Administration (articles 24 and 25); information technology (IT) offenses and illegal use of data (article 24-bis); organized crime offenses (article 24-ter); offenses involving forgery of money, of public credit instruments, of revenue stamps and of identification instruments or marks (article 25-bis); offenses against industry and trade (article 25-bis.1); corporate offenses (article 25-ter); offenses committed for the purposes of terrorism and subversion of the democratic order (article 25-quater); practices of mutilation of female genital organs (article 25-quater.1); offenses against individuals (article 25-quinquies); market abuse offenses (article 25-sexies); manslaughter and serious and very grave injury as a result of violation of workplace health and safety regulations (article 25-septies); offenses involving handling of stolen goods, money laundering and utilization of funds, assets or other resources deriving from unlawful activities as well as self-money laundering (article 25- octies); violation of intellectual property rights (article 25-novies); offenses of inducing others not to make statements or to make false statements to the judicial authorities (article 25-decies); environmental offenses (article 25-undecies); employment of citizens of foreign countries with residence irregularities (article 25-duodecies); 9

10 transnational offenses (article 10, Law 146 dated March 16, 2006) 1. The applicability and relevance of each offense to the Company are discussed in paragraph 7 of this General Part Conditions for the attribution of liability to the entity In addition to the commission of one of the predicate offenses, Decree 231 imposes other conditions for the entity to be punishable. These further criteria for the attribution of liability to the entity can be divided into objective and subjective criteria. The first objective criterion is that the offense is perpetrated by a person tied to the entity by a qualified relationship. In this connection distinction is made between: key executives, that is to say persons appointed to represent, administer or direct the entity, for example as legal representative, member of the board of directors, general manager of an 1 The list of offenses originally contained in the Decree has since been extended. In fact there have been the following extensions: Legislative Decree 350 dated September 25, 2001, which introduced article 25-bis «Forgery of money, of public credit instruments and of revenue stamps», subsequently modified into «Forgery of money, of public credit instruments, of revenue stamps and of identification instruments or marks» by Law 99 dated July 23, 2009; Legislative Decree 61 dated April 11, 2002, which introduced article 25-ter «Corporate offenses»; Law 7 dated January 14, 2003 which introduced article 25-quater «Offenses committed for the purposes of terrorism and subversion of the democratic order»; Law 228 dated August 11, 2003 which introduced article 25-quinquies «Offenses against individuals»; Law 62 dated April 18, 2005 which introduced article 25-sexies «Market abuse offenses»; Law 7 dated January 9, 2006 which introduced article 25-quater.1 «Practices of mutilation of female genital organs»; Law 146 dated March 16, 2006 which established the liability of entities for transnational offenses; Law 123 dated August 3, 2007 which introduced article 25-septies «Manslaughter and serious and very grave injury as a result of violation of accident prevention and workplace hygiene and health regulations», subsequently modified into «Manslaughter and serious and very grave injury as a result of violation of workplace health and safety regulations» by Legislative Decree 81 dated April 9, 2008; Legislative Decree 231 dated November 21, 2007 which introduced article 25-octies «Offenses involving handling of stolen goods, money laundering and utilization of funds, assets or other resources deriving from unlawful activities», subsequently modified in «Offenses involving handling of stolen goods, money laundering and utilization of funds, assets or other resources deriving from unlawful activities as well as self-money laundering» from Law 196 dated December 15, 2014; Law 48 dated March 18, 2008 which introduced article 24-bis «Information technology (IT) offenses and illegal use of data»; Law 94 dated July 15, 2009 which introduced article 24-ter «Organized crime offenses»; Law 99 dated July 23, 2009 already cited which introduced article 25-bis.1 «Offenses against industry and trade» and article 25-novies «Violation of intellectual property rights»; Law 116 dated August 3, 2009 which introduced article 25-novies (later renumbered article 25-decies by Legislative Decree 121 dated July 7, 2011) «Offenses of inducing others not to make statements or to make false statements to the judicial authorities»; Legislative Decree 121 dated July 7, 2011 already cited which introduced article 25-undecies «Environmental offenses»; Legislative Decree 209 dated July 16, 2012 which introduced art. 25-duodecies «Employment of citizens of foreign countries with residence irregularities». 10

11 autonomous division of the entity as well as persons who, also only de facto, manage the Company. These are the persons who in effect have autonomous power to take decisions in the name of and on behalf of the entity. Also to be considered part of this category of person are all those to whom the directors have granted powers to manage and direct the entity and its branches; subordinates, being all those persons in positions which are subject to management and supervision by the key executives. This category includes employees and collaborators and those persons who while not being part of the Company s personnel have duties which fall under the direction and supervision of key executives. The third parties in this category, in addition to collaborators, are sales promoters and consultants who act in the name of the entity under a contract for services. Finally, those assignments or contractual relationships with parties who are not part of the entity s personnel are also included if such parties act in the name of and on behalf of the entity. A further objective condition is that the offense is perpetrated in the interest or to the advantage of the entity; it is sufficient for one of these two conditions to be satisfied: interest is defined as present when the perpetrator of the offense acted with the intent to favor the entity, without regard to whether or not such objective is actually achieved; advantage is defined as present when the entity has derived or could have derived a positive outcome, in economic or other terms, from the commission of the offense. According to the Cassation Court (criminal sentence no dated December 20, 2005), the concepts of interest and advantage are not to be considered as one and the same but dissociated since there is a clear distinction between what might be considered a possible expected gain in consequence of the unlawful act and an advantage clearly enjoyed thanks to the effects of the offense. In this direction the Milan Court has also pronounced (order dated December 20, 2004) to the effect that the mere directing of criminal behavior in the pursuit of a given utility is sufficient, regardless of the effective outcome of the behavior. The entity is responsible not only when it has drawn immediate financial advantage from the commission of the offense but also when, even in the absence of such advantage, the act is motivated by the interests of the entity. The improvement of its market position and the concealment of a critical financial situation, for example, are instances which involve the interests of the entity but which are without any immediate economic advantage. It is also important to note that where the offense is committed by qualifying persons of an entity belonging to a group, the concept of interest may be extended so as to implicate the parent company. The Milan Court (order dated December 20, 2004) affirmed that the defining characteristic of group interest lies in the fact that the interest is not that of one member of the group exclusively but that 11

12 common to all the components of the group. For this reason it is considered that liability for an unlawful act by a subsidiary company can be also attributed to the parent company, on condition that the individual person who perpetrated the offense alone or with others belonged functionally to the subsidiary company. The subjective conditions for attribution of liability to an entity relate to the preventive measures which the entity has put in place to avoid the commission in the course of its business operations of one of the offenses identified by the Decree. The Decree in fact provides for the exoneration from liability of the entity solely if it demonstrates: that the entity s governing body has, prior to the commission of the offense, adopted and implemented effectively an organizational Model suitable for the prevention of offenses of the type which has been committed; the duty of overseeing the functioning of and the compliance with the Model and its update has been entrusted to an internal body with autonomous powers of initiative and control; there was no omission or insufficiency of control on the part of the aforesaid body. For the entity to be exonerated from liability, all the conditions set out above must be satisfied. Although the Model serves as a ground for exoneration from liability both in the case of a predicate offense committed by a key executive and of an offense committed by a subordinate, the Decree provides that the mechanism concerning the burden of proof is much more severe for the entity in the case of an offense committed by a key executive. In fact in this latter case the entity is required to demonstrate that the person acted in such a way as to elude the Model with fraudulent intent; the Decree therefore requires a stronger proof of extraneousness since the entity must also show that there has been fraudulent conduct by the key executive. Conversely, with regard to alleged offenses committed by subordinates, the entity may be held liable only where it is established that the commission of the offense was made possible by the failure to observe the duties of management or oversight, such failure being excluded if, prior to the commission of the offense, the entity had equipped itself with an organizational Model suitable for the prevention of offenses of the type committed. It is a matter, in this case, of genuine organizational reprehensibility: failure to direct the activities and conduct of persons at risk of committing a predicate offense. 12

13 1.4. The Decree s guidelines on the characteristics of the organizational Model The Decree limits itself to the definition of a number of general principles relating to the organizational Model without providing details of its specific characteristics. The Model is effective as a basis for exonerating the entity from liability only if: it is effective, in other words if it is reasonably suitable to prevent the offense or the offenses committed; it is actually implemented, in other words if the contents of the Model are operative in the Company s procedures and system of internal control. With regard to the effectiveness of the Model, the Decree sets the following minimum content: it must identify the areas of the entity s activity in which offenses could be committed; it must provide for specific procedures (protocols) regulating the entity s processes for making decisions and for executing the actions decided in relation to the offenses which are to be prevented; it must establish modes of handling financial resources which are suitable for the prevention of the commission of offenses; it must introduce a disciplinary system which is suitable for the imposition of sanctions for failure to comply with the measures indicated in the Model; it must provide for information flows to the Supervisory Body; with regard to the nature and dimension of the organization and to the type of activity of the entity, it must establish measures to ensure that activities are conducted in observance of the law and that situations of risk are eliminated promptly. The Decree establishes that the Model must be the object of periodic verification and of update both in the case of significant violations of its prescriptions and in the case of significant changes in the entity s organization or activities or in the regulatory environment, in particular when new predicate offenses are introduced Offenses committed outside the Italian territory In virtue of article 4 of the Decree the entity may be held liable in Italy for predicate offenses committed outside the territory of the Italian State. 13

14 The Decree, however, makes this possibility subject to meeting the following conditions which are additional to those described earlier: meeting the general conditions set out in articles 7, 8, 9 and 10 of the Italian Criminal Code for an offense committed outside the territory to be actionable in Italy; location of the entity s principal offices in the territory of the Italian State; absence of action against the entity by the State in which the offense was committed Sanctions The system of sanctions in the Decree 231 legislation includes four types of sanction which can be imposed on the entity in the event that it is found liable under the Decree: pecuniary sanctions: these are always imposed where the judge finds that the entity is liable. It is computed using a system based on quotas which are determined by the judge in number and amount: the number of quotas, to be applied within a minimum and a maximum that varies with the type of offense, depends on the gravity of the offense, on the degree of liability of the entity and on the actions taken to prevent the offense or to attenuate its effects or to prevent the commission of further offenses; the amount of the individual quota is established, in a range from Euro 258 to a maximum of Euro 1,549 by reference to the economic conditions and assets of the entity. disqualifying sanctions: disqualifying sanctions are bans imposed in addition to the pecuniary sanctions only if expressly prescribed for the offense for which the entity has been found liable and only in instances where one of the following conditions is met: the entity has derived from the offense a significant profit and the offense was committed by a key executive, or by a subordinate person where the commission of the offense was made possible by the presence of serious organizational weaknesses: there has been repetition of the offenses. The disqualifying sanctions are: disqualification from the exercise of the entity s activity; suspension or revocation of authorizations, licenses or concessions functional to the perpetration of the offense; ban on entering into contracts with the Public Administration, other than those for receiving a public service; 14

15 exclusion from benefits, loans, funding and subsidies and the possible revocation of those previously granted; ban on publicizing goods or services. Unusual in being applicable with definitive effect, the disqualifying sanctions are temporary in nature with a duration ranging from three months to two years and are directed at the specific activity of the entity to which the offense relates. They can be imposed also as a precautionary measure, prior to sentencing, at the request of the Public Prosecutor in the presence of strong evidence of the liability of the entity and proven specific elements indicating a real danger of the commission of further offenses of the same nature as that being tried by the court. confiscation: the sentence establishing liability is always accompanied by the confiscation of the proceeds or profits from the offense or of assets or other utility of equivalent value; the profit from the offense has been defined by the United Sessions of the Cassation Court (see sentence no dated March 27, 2008) as the economic advantage directly and immediately caused by the offense, and actually determined net of the effective utility enjoyed by the damaged party in any contractual relationship with the entity; the United Sessions also specified that from such definition must be excluded any form of business performance parameter with the consequence that the profit cannot be identified with the net income realized by the entity (except in the case, provided for in the legislation, of the entity being placed under the administration of an external commissioner). For the Naples Court (order dated July 26, 2007) also the absence of a financial loss arising from costs that would have been payable must be considered to fall within the concept. publication of the sentence establishing liability: this can be imposed when the entity receives a disqualifying sanction; it consists in the publication of the sentence once, in extract or in its entirety, in one or more of the daily newspapers indicated by the judge in the sentence and by exhibition at the offices of the local authority in which the entity has its principal place of business; such publication is at the expense of the entity. The administrative sanctions imposed on the entity become statute barred on the completion of a five years period from the date on which the offense was committed. The definitive sentence establishing the entity s liability is entered in the national register of administrative sanctions inflicted for offenses. 15

16 1.7. Changes to the entity s corporate form or identity The Decree regulates the attribution of liability of the entity in the case of transformations, mergers, demergers and sales of business units. In the case of the transformation of an entity the liability remains for the offenses committed prior to the date when the transformation took effect. The new entity is therefore the recipient of the sanctions applicable to the original entity in respect of acts which occurred prior to the transformation. In the case of a merger the entity arising from the merger, including that from a merger of one company into another, is liable for the offenses for which the entities which participated in the merger were liable. If the merger occurred prior to the conclusion of the judgment determining the entity s liability, the judge must take into account the economic conditions of the original entity and not those of the entity which arises from the merger. In the case of a demerger, the demerged entity remains liable for the offenses committed prior to the date when the demerger took effect and the entities which are recipients or arise from the demerger are jointly and severally liable to pay the pecuniary sanctions inflicted on the demerged entity to a limit equal to the value of the net assets transferred to each single entity, except in the case of the entity to which has been transferred the business or part of the business in which the offense was committed; the disqualifying sanctions apply to the entity (or entities) in which the business in which the offense was committed remained or to which such business was transferred. If the demerger took place prior to the conclusion of the judgment determining the entity s liability, the judge must take into account the economic conditions of the original entity and not those of the entity which arises from the demerger. In the case of the sale or conferment of a business unit in which an offense has been committed, unless the transferor entity settles the pecuniary sanctions in advance, the transferor and the recipient entities are jointly and severally liable for the sanctions, up to the limit of the value of the business unit transferred and up to the limit of the pecuniary sanctions which are recorded in the obligatory accounting records or are due for offenses of which the recipient was anyhow aware. 2. Intercos S.p.A.: the Company The Company, head of the group of the same name, is one of the principal global operators in the creation, development and production of make-up products (lipstick, eye shadow, mascara, foundation, powders, eyeliner and lip pencils) for the main players in the international cosmetics industry. The Intercos Group operates through companies and factories located in Italy, the USA, Malaysia and China and also through 16

17 eight sales offices placed in the strategically more important markets (USA, France, Italy, the UK, Malaysia and China). The Company s system of corporate governance is composed of the following: Shareholders: a meeting of shareholders, in ordinary or extraordinary session, has the power to resolve on the matters which the law restricts to its competence. Board of Directors: the Board has all and every power for the ordinary and extraordinary administration of the Company, excluding only those restricted by law to the meeting of shareholders. Board of Statutory Auditors: the administration of the Company is overseen by a Board of Statutory Auditors composed of three regular members and two alternate members. Legal control of accounting: the legal control of accounting of the Company is performed by an audit firm registered with the Ministry of Justice. 3. The purpose of the Model With the adoption of the Model the Company intends to be fully compliant with the Decree and to improve and make as efficient as possible the existing systems of internal control and corporate governance. The principal objective of the Model is to create an organic and structured system of control principles and procedures designed to prevent, where possible and as far as is feasible in practice, the commission of the offenses identified in the Decree. The Model will constitute the foundation of the Company s system of governance and will implement the process of diffusion of a corporate culture characterized by correctness, transparency and legality. The Model also sets itself the following aims: provide adequate information to employees and to those who act under a mandate from the Company or who are bound to the Company in relationships which are relevant for the purposes of the Decree, with reference to the activities which involve the risk of commission of offenses; spread a corporate culture which is based on legality, since the Company condemns all conduct which does not comply with the law or with internal norms and in particular with the norms contained in its Model; spread a culture of control and of risk management; set up an effective and efficient organization of the Company s activities, with particular emphasis 17

18 on decision-making and on the transparency and traceability of decisions, on the assignment of responsibility to the persons engaged in the making of decisions and in their implementation, on the imposition of controls, both before and after the decision, and on the management of information, both internally and externally; put into effect all the measures necessary to reduce as far as possible and as soon as possible the risk of commission of an offense, strengthening the controls in place to prevent unlawful conduct relevant for the purposes of the Decree. 4. The Model and the Code of Conduct Intercos adopted its Code of Conduct approved at the meeting of the Board of Directors held on November 20, 2012, as subsequently updated and amended which sets out and formalizes the ethical and social principles and values which must underlie the conduct in general of the Company itself and that of the Addressees of the Code of Conduct and which were in practice already being observed by the Company prior to the introduction of Decree 231. The Model presupposes compliance with the requirements of the Code of Conduct, constituting, with the Code, a body of norms having the aim of promoting an ethical and transparent corporate culture. The Company s Code of Conduct, in all its future formulations, is considered to be integrally assimilated herein and constitutes the essential foundation of the Model, whose provisions are integral with the provisions of the Code. 5. Method of construction of the Intercos Model The Intercos Model has been constructed by reference to the activities actually carried out by the Company and to the nature and dimensions of its organization. It is understood that the Model will be updated to reflect the future evolution of the Company and of the environment in which it operates. The Company made a preliminary analysis of its own business environment and, subsequently, an analysis of the areas of activity which presented potential risks of commission of the offenses identified in the Decree. A particular analysis was made of: the Company s history, the corporate context, the business sector in which it operates, the corporate organizational structure, the system of corporate governance used, the system of powers and authorities, the existing legal relationships with third parties, the operating 18

19 situation, the practices and procedures formalized and disseminated within the Company for the management of operations. For the purposes of constructing this document, in accordance with the dispositions of the Decree, with the Confindustria Guidelines and with the indications which can be derived from judgments of the courts, the Company proceeded with the following: identification, by discussion with the various heads of functions, of the processes and subprocesses or business activities in which the predicate offenses identified in the Decree could be committed; assessment of the risk that offenses could be committed (risk assessment) and of the internal controls suitable for the prevention of unlawful conduct; identification of the appropriate points of control, already present or to be implemented, in the Company s operating procedures and practices, suitable for the elimination or mitigation of the risk of the commission of the offenses identified in the Decree; review of the Company s systems of powers and authorities and attribution of responsibilities. The Company adopted its organizational Model for the first time by a resolution passed at the meeting of the Board of Directors held on November 20, Modifications of the Model may be made only by the Board of Directors. 6. Modifying and updating the Model The Model must always be modified or integrated promptly, by means of a resolution of the Board of Directors and also at the suggestion of the Supervisory Body, whenever: significant changes have occurred in the Company s regulatory environment, in its organization or its activities; there have been violations or elusions of the precepts contained in the Model which demonstrate the inefficacy of the Model as a means of preventing offenses. For this purpose the Supervisory Body receives information and specific notification from the HR & Organization Function on any modification of the Company s organizational structure, of its procedures and of its organizational or operational methods. 19

20 If modifications, such as clarifications or specifications in the text, become necessary which are of an exclusively formal nature, the Chairman and Chief Executive Officer of the Company may, after hearing the views of the Supervisory Body, proceed autonomously, referring the matter without delay to the Board of Directors. In any event circumstances which render necessary the modification or updating of the Model must be notified by the Supervisory Body to the Board of Directors in writing, so that the Board can pass the appropriate resolutions within its competence. The modifications to Company procedures necessary for the implementation of the Model are the responsibility of the functions affected. Where necessary the Chairman and Chief Executive Officer proceed to make the consequential updates to the Special Part of the Model; these modifications will be submitted for ratification at the next available meeting of the Board of Directors. The Supervisory Body is constantly informed about the update and about the implementation of the new operating procedures and may express its opinion on the modifications made. 7. The Model of Intercos and its subsidiaries The Company, through its own organizational structure, informs its subsidiaries of this Model and any subsequent modifications. Each Italian company of the Group undertakes to adopt through a resolution of the Board of Directors its own organizational Model, after having analyzed and identified the activities that carry the risk of the commission of an offense and the measures established to prevent such an event. All the Italian companies of the Group, in defining their own Model, follow the principles and contents set forth in this document, integrating it on the basis of specific factors concerning the nature, dimensions, type of activity or system of powers and authorities of the subsidiaries themselves. The Model adopted by the Italian companies of the Group is communicated to the Supervisory Board of Intercos, which reports to the Board of Directors in its report referred to in the following Clause Each subsequent modification of significance made to their Model is communicated by the Supervisory Bodies of the Italian companies of the Group to the Supervisory Board of Intercos. The foreign companies of the Group implement the principles communicated to them by Intercos through appropriate guidelines. 20

21 8. The offenses that are relevant for Intercos Taking into account the structure and activities of the Company, the management team engaged in the assessment identified the following predicate offenses as relevant: offenses involving relationships with the Public Administration (articles 24 and 25); information technology offenses and illegal use of data (article 24-bis); organized crime offenses (article 24-ter); offenses involving forgery of money, of public credit instruments, of revenue stamps and of identification instruments or marks (article 25-bis); offenses against industry and trade (article 25-bis.1); corporate offenses (article 25-ter); market abuse offenses (article 25-sexies); manslaughter and serious and very grave injury as a result of violation of workplace health and safety regulations (article 25-septies); offenses involving handling of stolen goods, money laundering and utilization of funds, assets or other resources deriving from unlawful activities as well as self-money laundering (art. 25-octies); violation of intellectual property rights (article 25-novies); offenses of inducing others not to make statements or to make false statements to the judicial authorities (article 25-decies); environmental offenses (article 25-undecies); employment of citizens of foreign countries with residence irregularities (article 25-duodecies); transnational offenses (article 10, Law 146/2006). The following offenses were considered not to be relevant for the Company: offenses committed for the purposes of terrorism and subversion of the democratic order (article 25-quater), practices of mutilation of female genital organs (article 25-quater.1) and offenses against individuals (article 25-quinquies), since the Company does not carry out activities in which such offenses can be committed nor is it possible to configure an interest or advantage to the Company arising from their commission. The present document identifies in the Special Part, each special part associated with a family of offense relevant for Intercos, the activities of the Company identified as sensitive in virtue of the inherent risk of 21

22 commission of offenses of the categories herein listed and for each of the sensitive activities sets out the principles for prevention and the control measures. The Company undertakes to assess on a continuous basis the relevance of the Model for any other offenses, both those already contemplated by the Decree and those which may be included in the future. 9. Addressees of the Model The Intercos Model applies to: those who carry out, also de facto, the functions of management, administration, direction and control in the Company or in one of its autonomous organizational units; employees of the Company, including those who are performing their duties outside Italy; consultants and all who while not being employees work under a mandate from the Company or on behalf of the Company. The Chairman and Chief Executive Officer and the directors/heads of functions responsible for relationships with counterparties collaborate with the Supervisory Body to establish the identity of other categories of Addressees of the Model by reference to the legal relationship and the activity which the counterparties perform for the Company. All Addressees of the Model are required to observe scrupulously the dispositions contained therein and in the instruments for implementation of the Model. 10. The Supervisory Body Purpose and duties In compliance with the Decree, the Company has instituted a Supervisory Body which is autonomous, independent and competent in matters of risk management in the specific activities undertaken by the Company itself and in related legal matters. The Supervisory Body has the duty to supervise on a continuous basis: observance of the Model by the Addressees, as identified in the preceding paragraph; the efficacy of the Model in preventing the commission of the offenses contemplated by the Decree; 22

23 the implementation of the prescriptions of the Model in the context of the Company s operations; the updating of the Model, in situations where there is a necessity to modify the same as a result of changes in the enterprise s structure and organization, in the activities performed by the Company or in the reference legislative environment. The Supervisory Body equips itself with its own Regulations governing its operations, approving the contents and presenting them to the Board of Directors Requisites and composition Each member of the Supervisory Body must be selected exclusively on the basis of the following requisites: autonomy and independence: the autonomy and independence of the Supervisory Body, like those of its members, are key elements for the efficacy of the control activity. The concepts of autonomy and independence do not have a valid definition in absolute terms but must be used and inserted in the operational context in which they are to be applied. Since the role of the Supervisory Body is to check that in the Company s operations the controls are being applied, its position within the entity must be assured of autonomy with regard to any form of interference and influence from any component of the entity and in particular from operational management, above all considering that the function performed includes supervision of the activities of the vigilance over the entity s governing bodies. Consequently the Supervisory Body s place in the organizational structure of the entity is at the highest level of the hierarchy and in the performance of its duties it is responsible only to the Board of Directors. Also, to further safeguard the autonomy of the Supervisory Body, the Board of Directors places at its disposal company resources in the quantity and with the competences suited to the tasks assigned to them, and in its budgeting process approves an appropriate allocation of financial resources, as proposed by the Supervisory Body, to be placed at the latter s disposal for any expenditure necessary for the correct performance of its duties (for example specialist consultancies, travel, etc.). The autonomy and independence of the individual members of the Supervisory Body are determined by reference to the function performed and the duties attributed, identifying from whom and from what that individual member must be autonomous and independent in order to be able to carry out such duties. Consequently each member must be without a decision-making, operational or management role that compromises the autonomy and independence of the entire Supervisory 23

24 Body. In any case the requisites of autonomy and independence presuppose that the members avoid situations of even potential personal conflict of interests with regard to the Company. Further the members of the Supervisory Body must not: occupy an operational position within the organization of Intercos or of other Group companies; be the spouse of or be related within the fourth degree to the directors of Intercos or another Group company; be in any other situation of evident or potential conflict of interests. Professional competence: within its membership the Supervisory Body must have technical and professional skills which are adequate for the duties which it is required to perform. Accordingly it is necessary that the Supervisory Body includes subjects with appropriate professional skills in financial, legal and risk management matters. In particular the Supervisory Body should possess the specialist technical capacity to carry out both control and advisory activities. To ensure that the Supervisory Body has the professional skills useful or necessary for its activities and to guarantee its professional competence (in addition to its autonomy as already illustrated) it is allocated a specific expenditure budget to enable it to purchase from outside the Company, when it is necessary, the professional skills which integrate its own skills. In this way the Supervisory Body, using external professionals, can equip itself with the resources competent, for example, in legal matters, business organization, accounting, internal control, finance, workplace safety etc. Continuity of action: the Supervisory Body performs in a continuous manner the activities necessary to oversee the Model with adequate commitment and with the necessary powers to investigate. Continuity of action must not be interpreted as incessant activity, since such an interpretation would necessarily impose on the Supervisory Body a composition exclusively of persons drawn from within the entity, a circumstance which would lead to a diminution of the indispensable autonomy which must characterize the Supervisory Body itself. Continuity of action means that the Supervisory Body should not limit its activity to periodic meetings of its members but the activity should be organized in a plan for a constant monitoring and assessment of the entity s preventive control systems. In conformity with the criteria set out above, the Supervisory Body is composed of three members in collegial form, the majority being subjects who are not part of the Company s personnel. 24

25 In any case the Chairman of the Supervisory Body must be a person outside the Company Requisites for appointment Of each member of the Supervisory Body it is requested in advance that he/she is not in any of the conditions of ineligibility and/or incompatibility set out below: to have been subjected to preventive measures under the provisions of Legislative Decree 159 dated September 6, 2011 ( Anti-mafia Code and preventive measures and new dispositions concerning anti-mafia documentation according to articles 1 and 2 of Law 136 dated August 13, 2010 ); to be under investigation or to have been sentenced, also by a sentence that is not definitive or by a sentence issued under article 444 et seq. of the Code of Criminal Procedure, even with a conditional suspension of the sentence, excepting the cases of rehabilitation: one or more of the unlawful acts which are specifically provided for in Decree 231; for any crime with malicious intent; to be prohibited, banned, bankrupt or have been sentenced, also by a sentence that is not definitive, to a punishment which entails the ban, also on a temporary basis, from public office or the impossibility of exercising directive duties; to have been subjected to accessory administrative sanctions under article 187-quater of Legislative Decree 58 dated February 24, The applicability of a single one of the above conditions entails ineligibility for membership in the Supervisory Body Appointment, revocation, replacement, forfeiture and resignation The Board of Directors appoints the Supervisory Body, stating the grounds for the choice of each member after having verified the existence of the requisites set out in the preceding paragraphs, basing the decision not only on their curricula but also on the formal specific declarations obtained from the candidates. In addition the Board of Directors receives from each candidate the attestation of the absence of the grounds for ineligibility set out in the preceding paragraph. After the formal acceptance on the part of the subjects appointed, the appointment is notified to all levels of the Company by means of an internal communication. 25

26 The Supervisory Body remains in office for three financial years, the term ending on the date of the meeting of shareholders convened to approve the financial statements of the third and last year. Members of the Supervisory Body may be re-appointed. Revocation of the appointment as a member of the Supervisory Body may be effected only with a resolution of the Board of Directors and for one of the following reasons: loss of the requisites set out in the preceding paragraphs; non-compliance with the obligations inherent in the appointment given; absence of good faith and diligence in carrying out the duties of the appointment; failure to collaborate with the other members of the Supervisory Body; unjustified absence from more than two meetings of the Supervisory Body. Each member of the Supervisory Body is under an obligation to notify the Board of Directors by means of the Chairman of the Supervisory Body of the loss of the requisites set out in the preceding paragraphs. The Board of Directors revokes the appointment of the member of the Supervisory Body who is no longer fit for the office, giving adequate grounds, and proceeds immediately to appoint a replacement. Good cause for the forfeiture of the appointment before the end of its term is constituted by incapacity or impossibility to carry out the duties of the appointment for whatever reason, including the court s imposition of restrictive measures or a prison sentence. Each member of the Supervisory Body may resign from the appointment at any time in the mode established in the Supervisory Body s Regulations. In the event of forfeiture of the appointment or resignation on the part of one of the components of the Supervisory Body, the Board of Directors proceeds promptly to replace the member who has become unfit for office Activities and powers The Supervisory Body meets at least four times a year and at any time that a member makes a motivated request to the Chairman for the convening of a meeting. Further, it can delegate specific functions to the Chairman. Each meeting of the Supervisory Body is minuted. For the performance of the duties assigned to it the Supervisory Body is vested with powers of initiative and investigation over every activity of the Company and over personnel at all levels, reporting exclusively to the Board of Directors by means of its own Chairman. 26