Organisation, Management and Control Model pursuant to Italian Legislative Decree no. 231 of 8 June 2001 GENERAL PART

Transcription

1 Organisation, Management and Control Model pursuant to Italian Legislative Decree no. 231 of 8 June 2001 GENERAL PART

2 ENAV S.p.A. Organisation, Management and Control Model pursuant to Italian Legislative Decree no. 231 of 8 June 2001 GENERAL PART Approved by the Board of Directors on 16 March 2017

3 CONTENTS DEFINITIONS... 3 FOREWORD ITALIAN LEGISLATIVE DECREE NO. 231/ THE GOVERNANCE MODEL AND ORGANISATIONAL STRUCTURE OF THE COMPANY ADOPTION OF THE ORGANISATION MODEL BY ENAV ACTIVITY CARRIED OUT FOR THE CONSTRUCTION, UPDATING AND MANAGEMENT OF THE ORGANISATION MODEL SUPERVISORY BODY INFORMATION FLOWS TO THE SUPERVISORY BODY TRAINING, INFORMATION AND SUPERVISION DISCIPLINARY SYSTEM OTHER PROTECTION MEASURES IN CASE OF FAILURE TO COMPLY WITH THE REQUIREMENTS OF THE ORGANISATION MODEL PERIODIC CHECKS APPLICATION PROGRAMME AND METHODS FOR UPDATING THE ORGANISATION MODEL THE ENAV GROUP

4 DEFINITIONS The following definitions refer to all parts of the Organisation Model, except for any additional definition contained in each special part. Sensitive activities: business areas of the Company in which the risk of committing Offences stands out more concretely. National Collective Labour Agreements: the National Collective Labour Agreements (C.C.N.L., Contratti Collettivi Nazionali di Lavoro) applied by the Company. Code of Ethics: the code of ethics adopted by the Company and approved by the Board of Directors of ENAV S.p.A. External Collaborators: all external collaborators considered as a whole, namely Consultants, Partners and Suppliers. Consultants: subjects acting in the name and/or on behalf of the Company in accordance with a contract of mandate or other professional service contract. Recipients: the corporate figures, including the members of the Board of Directors, the members of the Board of Statutory Auditors, Employees (i.e. all those who are related to the Company by a subordinate employment contract, including Executives), Auditors, Consultants, commercial and financial Partners, External Collaborators on various bases of the Company, as well as, in general, all those who have relations with it for any reason (e.g. suppliers and customers), and, in particular, all those who carry out activities at risk of offence. Manager in charge of the preparation of corporate accounting documents: the Corporate Officer referred to in Article 154 bis of the Consolidated Finance Act (introduced by Article 14 of Italian Law no. 262 of 28 December 2005), if set up, or, failing that, the Board of Directors of the Company or other subject possibly identified by the aforesaid Body. Employees: subjects with a subordinate employment contract with the Group, including executives. Decree of the Prime Minister: Decree of the Prime Minister of the Italian Republic. Italian Legislative Decree No. 231/2001 or Decree: Italian legislative decree no. 231 of 8 June 2001 as subsequently amended and supplemented. Legal entities: legal entities, companies, consortia, associations without legal personality, etc. Corporate Officers: directors, auditors, liquidators, executives and employees of the Group. Suppliers: suppliers of non-professional goods and services of the Group who do not fall into the definition of Partners and Operators of the Air Traffic Control Sector. Public servants: pursuant to Article 358 of the Italian Penal Code, «those who provide a 3

5 public service for any reason qualify as public servants. Public service is defined as an activity regulated as a public function, but characterised by the lack of its typical powers, and with the exclusion of the carrying-out of simple tasks and the performance of merely material work». Guidelines: the Guidelines adopted by Confindustria for the preparation of organisation, management and control models pursuant to Article 6, paragraph 3, of Italian Legislative Decree no. 231/2001. Organisation Model: organisation, management and control model pursuant to and for the purposes of Italian Legislative Decree no. 231/2001. All the measures in place, useful for limiting risks of offence, as rules and procedures, controls on personnel and processes, training activities aimed at prevention, control environment are ascribed to the Organisation Model. Organisational Service Order: organisational order whose purpose is to formalise and communicate the changes in the organisational structure of the Company. Supervisory Body: body set up pursuant to and for the purposes of Italian Legislative Decree no. 231/2001, in compliance with the provisions of the Guidelines for the construction of organisation, management and control models issued by Confindustria and implemented by ENAV. Public Administration or P.A.: the Public Administration broadly speaking, and therefore: the State (including government agencies, local authorities, sectoral entities, such as government bodies, regulatory authorities, Regions, Provinces, Municipalities, districts) and/or all public entities and subjects (and in cases determined by law, private subjects that carry out in any case a public function such as dealers, public law bodies, awarding authorities, mixed companies), who carry out activities aimed at the pursuit of public interests. This definition also includes the Public Administration of Foreign Countries and of the European Union. In particular, with reference to Offences against Public Administration, reference is made to public officers and to public servants. Partners: the contractual counterparts with which the Company reaches any form of contractually regulated collaboration (temporary consortium, joint ventures, consortia, licence, agency, collaboration in general), if intended to cooperate with the Group as part of Sensitive activities. Public Officers: pursuant to Article 357 of the Italian penal code «those holding a public legislative, judicial or administrative office are public officers. For the same purposes, the administrative office regulated by public law and by official decrees and characterised by the formation and manifestation of the will of the public administration or by its carrying-out through authoritative or certifying powers is public». Offences: the offences covered by the regulations established by Italian Legislative Decree no. 231/2001 on the administrative liability of entities. Company: ENAV S.p.A. ICRMS: the Internal Control and Risk Management System. Consolidated Finance Act: Italian Legislative Decree No. 58 of 24 February 1998 as subsequently amended and supplemented. 4

6 FOREWORD The introduction in our system of entities being given a sense of administrative and criminal liability met the long-sensed requirement to counter corporate crime, which can also be seen due to the organisational and functional complexities of the entrepreneurial structures, more and more characterised by the need to delegate actions and decisions also to the nodes of the structure far from the top management. Italian Legislative Decree no. 231 of 8 June 2001, implementing the delegation referred to in Article 11 of Italian Law no. 300 of 29 September 2000, introduced a special liability system of the company in the Italian legal system. On the other hand, Article 6, paragraph 1, letter a) of this Decree establishes that the company is not administratively punishable if it proves that the Governing Body adopted and effectively implemented, before committing the offence, organisation and management models fit for preventing offences such as those occurred. ENAV S.p.A. (hereinafter also referred to as ENAV or the Company ), in line with the provisions of the Decree and of its own corporate policy/ethics, in addition to adopting a Code of Ethics to regulate the proper carrying-out of its activities, adopted on 27 May 2004 its own Organisation and management model pursuant to Italian Legislative Decree no. 231 of 8 June 2001 (hereinafter also referred to as Model or Organisation Model ), functional to the prevention of the risk of committing offences significant for the purposes of the Decree itself (cf. Annexe A List of 231 offences ). Therefore, the Board of Directors of ENAV constantly updated the Model (both as a supplement and as an amendment) in order to make it a valid tool for preventing illegal behaviour and raise the awareness of all the recipients in taking-on proper and transparent behaviour. The contents of the Organisation Model adopted by ENAV are consistent with the provisions of the guidelines, developed on the matter by trade associations; the Model represents a further step towards rigour, transparency and sense of responsibility in internal relations and with the outside world, by ensuring at the same time the stakeholders an efficient and correct management. The Company's Organisation Model is part of a broader Corporate Governance system, i.e. the set of rules, processes and mechanisms concerning corporate governance, supervision of control processes and management of relations with internal and external stakeholders. The Internal Control and Risk Management System (ICRMS) is an essential element of corporate governance: it consists of a set of rules, procedures and organisational structures allowing the identification, measurement, management and monitoring of the main risks oriented towards the achievement of the following goals in compliance with company strategies: effectiveness and efficiency of business processes; preservation of the company's assets; reliability and integrity of information; compliance of the operations with law, regulatory and contractual provisions, as well as with policies, plans, regulations and internal procedures. The ICRMS is integrated in the more general organisational and corporate governance 5

7 structures adopted by the Company and takes into account the reference models, the recommendations of the Corporate governance code for listed companies and the best practices existing in this matter at national and international level. With resolution passed on 17 February 2016, the Board of Directors of ENAV complied with the recommendations of the Corporate governance code for listed companies prepared by the Corporate Governance Committee promoted by Borsa Italiana S.p.A, effective as from the start date of trading, i.e. from 26 July Having regard to the above, ENAV undertook, by adopting procedures, policies, resolutions and additional prescribed actions, an adjustment and transition process of its corporate governance structure from the original model - typical of a company wholly controlled by the State to a structure in line with the recommendations (principles, application criteria and comments) contained in the Corporate governance code for listed companies promoted by Borsa Italiana or with the reference provisions (also of a regulatory nature) for listed companies, including in particular Italian Legislative Decree no. 58 of 24 February 1998, (hereinafter also referred to as Consolidated Finance Act ) and CONSOB resolution no of 14 May 1999 (hereinafter also referred to as CONSOB Issuer Regulation ). In this context, the Board of Directors of ENAV, among other things, approved the Guidelines of the Internal Control and Risk Management System (ICRMS) of ENAV and of the entities forming the group referring to it, to which reference is made for the relevant principles of reference, implementation criteria, roles and responsibilities. The Organisation Model adopted by ENAV S.p.A. pursuant to Decree 231 is part and parcel of the Internal Control and Risk Management System of the Company. 6

8 1. ITALIAN LEGISLATIVE DECREE NO. 231/ Administrative liability of legal entities, companies and associations With Italian Legislative Decree no. 231 of 8 June 2001, concerning Regulations dealing with the administrative liability of legal entities, companies and associations also without legal personality, in pursuance of Article 11 of Italian law no. 300 of 29 September 2000 (hereinafter referred to as Italian Legislative Decree No. 231/2001 or Decree ), effective as from 4 July, the Italian legislation concerning the liability of legal entities was adapted to International Agreements signed by Italy some time ago 1. This Decree introduced in our regulations an administrative liability system of legal entities that is added to the liability of the natural person who physically committed the unlawful acts, and that aims at involving, in their punishment, the Legal Entities in whose interest or advantage these offences were committed. In particular, with a view to subjectively extend the Decree, it must be specified that the recipients of its prescriptions are «legal entities with legal personality, companies and associations also without legal personality». The description is completed by the negative indication of the non-recipients of the prescriptions referred to in the Decree, namely «the State, Local public authorities, other non-economic public authorities, as well as legal entities carrying out constitutional functions». Therefore, the number of recipients is very wide and it is not always easy to locate the dividing line, especially with regard to Legal entities operating in the public sector. Therefore, the Decree introduced an administrative liability system - which can be mainly related to criminal liability - of legal entities only for white-collar crimes or administrative offences envisaged therein, committed, in their interest or to their benefit, by: natural persons entrusted with the representation, administration or management of the legal entities or of their business unit with financial and functional autonomy, as well as persons who actually manage and control the legal entities (known as top managers) (Article 5, paragraph 1, let. a), Italian Legislative Decree No. 231/2001); natural persons submitted to the management or supervision of one of the subjects indicated above (known as subordinates) (Article 5, paragraph 1, let. b, Italian Legislative Decree no. 231/2001). If the perpetrator of the offence is a top manager, a presumption of liability is established in view of the fact that this natural person expresses, represents and implements the management policy of the legal entity 2. 1 Cf., in particular, the Convention of Brussels of 26 July 1995 on the protection of the European Communities' financial interests, the Convention of Brussels of 26 May 1997 on combating bribery of foreign public officials of the European Community and of the Member States and the OECD Convention of 17 December 1997 on combating bribery of foreign public officials in international business transactions. 2 The Illustrative Report of Italian Legislative Decree No. 231/2001 emphasises in this regard: «it is assumed (according to an empirically based presumption) that, in case of offence committed by the top management, the subjective requirement of liability of the legal entity [i.e. the so-called organisational fault of the legal entity] is met, since the top management expresses and represents the policy of the legal entity; if this does not happen, the company must prove its non-involvement, and this can only be done by proving the existence of a number of concurrent requirements». 7

9 In this case, the company is not liable, pursuant to Article 6, paragraph 1, Italian Legislative Decree no. 231/2001, if it proves that: a) the governing body adopted and effectively implemented, before committing the crime, organisation and management models fit for preventing offences such as those occurred; b) the task of supervising the operation, effectiveness and compliance of the models as well as arranging for their update was entrusted to an internal body with independent powers of initiative and control; c) the natural persons committed the offence by avoiding fraudulently the organisation and management models; d) there has been no omitted or insufficient supervision by the Body referred to in letter b) above. However, there is no presumption of liability of the legal entity if the perpetrator of the offence is one of the subjects indicated above (known as subordinates) because, in that case, the unlawful act of the subordinate implies the liability of the legal entity only if it turns out that the non-compliance with the management and/or supervisory requirements made it possible to commit it. Any liability of the company is in any case excluded if the company, before committing the crime, adopted and effectively implemented an organisation, management and control model fit for preventing offences such as the one occurred. The liability of the legal entity is in addition to and does not replace the liability of the natural person who actually committed the unlawful act, which is therefore regulated by common criminal law. The extension of the liability aims at involving in the repression of certain criminal offences the assets of the legal entities (and, ultimately, the economic interests of the shareholders) that benefited from the commission of the offence or if the offence was committed in their interest. In fact, until the entry into force of the Decree, the principle of the personality of the criminal liability referred to in Article 27, paragraph 1, Italian Constitution, left the legal entities free from the consequences of penalties, other than any compensation for damages, if and in that existing. The Decree aimed to build a model of liability of the legal entity in accordance with the principles to safeguard the individual's civil rights and liberties (but with a preventive action) by envisaging the company's liability in tort; the latter is called on to organise its structures and activities in such a way as to ensure appropriate conditions for protecting the penally protected interests. The Decree applies both in relation to offences committed in Italy and in relation to those committed abroad, provided that the legal entity has its corporate headquarter in the territory of the Italian State and the State of the place where the offence was committed does not start proceedings directly against it. As mentioned, the liability of the legal entities referred to in Italian Legislative Decree No. 231/2001 arises only in cases where the unlawful behaviour is carried out in the interest or to the benefit of the legal entity: therefore, not only when the unlawful behaviour determined an asset benefit or not for the legal entity, but also in the case in which, albeit in the absence of such a concrete result, the unlawful act is justified by the interest of the legal entity. 8

10 However, there is no presumption of liability of the legal entity if the perpetrator of the offence or administrative offence acted in his/her own exclusive interest or in the interest of third parties. The penalties that can be imposed on the legal entity are both monetary and disqualifying penalties, including the following most serious ones: the suspension of licences and concessions, no contracting with the Public Administration, disqualification from carrying on the activity, exclusion from or withdrawal of loans or subsidies, no advertising of goods and services. Monetary penalties apply whenever the legal entity's liability is ascertained in relation to the commission, in its interest or benefit, of one of the offences envisaged by the Decree. The determination of the penalties that can be imposed pursuant to the Decree 231 is based on a quota system. In fact, for each offence, the law in the abstract determines a minimum and maximum number of quotas, on the model of statutory frameworks that characterise traditionally the penalty system. Article 10 of decree 231 merely envisages that the number of quotas can never be less than one hundred and more than one thousand, and that the amount of each quota can vary from a minimum of approximately EUR 258 to a maximum of approximately EUR Based on these coordinates, the judge, after ascertaining the liability of the legal entity, determined the monetary penalty applicable in this case. The determination of the number of quotas by the judge is commensurate with the seriousness of the offence, the level of liability of the legal entity, the activity carried out to repair the consequences of the offence committed and to prevent others. The amount of each quota is fixed on the basis of the economic and financial conditions of the legal entity, in order to ensure the effectiveness of the penalty. Whereas, the disqualifying penalties may apply only in relation to offences for which they are expressly envisaged by the Decree, when at least one of the following conditions occur: the legal entity obtained from the offence a profit of significant amount and the offence was committed by subjects holding top positions or by subjects submitted to the management and supervision of another person when the commission of the offence was determined or facilitated by serious organisational shortcomings; if the offences are repeated. The disqualification measures - where there are circumstantial evidences of liability of the legal entity and there are well-founded and specific elements that give substance to the risk of possibly committing offences of the same nature - can be applied, at the request of the Public Prosecutor, also as a precautionary measure, already during the investigation phase. The confiscation of the price or of the profit of the offence - laid down with conviction, as well as, in certain cases, the issuing of the conviction itself are added to these penalties. Moreover, upon the occurrence of specific conditions, the Judge - when applying a disqualification penalty that would result in the interruption of the activity of the legal entity - has the right to appoint a commissioner with the task of monitoring the continuation of the activity, for a period equal to the duration of the disqualification penalty that would have been applied. Moreover, Italian Legislative Decree No. 231/2001, outlines the content of the 9

11 organisation and management models, envisaging that they must meet - in relation to the extension of the delegated powers and to the risk of committing the crimes - the following requirements: identify the activities within which Offences can be committed; prepare specific protocols aimed at planning the training and implementation of the company's decisions in relation to the offences that need being prevented; identify the methods of management of financial resources appropriate to prevent offences from being committed; prescribe duties of disclosure vis-à-vis the body in charge of supervising the operation and compliance of the organisation model; introduce a disciplinary system capable of punishing the non-compliance with the measures set out in the organisation model. The organisation and management models can be adopted on the basis of codes of behaviour drawn up by the associations representing the legal entities, notified to the Ministry of Justice, who, in concert with the competent Ministries, may make observations on the adequacy of the models to prevent the offences within 30 days (Article 6, paragraph 3, Italian Legislative Decree No. 231/2001). In any case, it is advisable to specify that the determination of the liability of the company, assigned to the criminal judge, occurs (in addition to the ad hoc process, in which the legal entity is equalised to the accused natural person) by: checking the existence of the predicate offence of the liability of the company; the controls of suitability on adopted organisation models The adoption of the Organisation Model as a possible justification of the administrative liability As mentioned above, Article 6, paragraph 1, of the Decree, when introducing the aforesaid administrative liability system, envisages a specific form of exemption from such liability, if the Legal Entity proves that: a) the governing body of the Legal Entity adopted and effectively implemented, before committing the crime, organisation and management models fit for preventing offences such as those occurred; b) the task of supervising the operation and compliance of the models and arranging for their update has been entrusted to a Body of the Legal Entity with independent powers of initiative and control; c) the persons who committed the offence have fraudulently avoided the aforesaid organisation and management models; d) there has been no omitted or insufficient supervision by the body referred to in letter b) above). In this regard, it should be pointed out that, according to the common opinion expressed by the doctrine and case law as well as by the delegated legislator in the Ministerial 10

12 Report 3, in this case, there is a reversal of the burden of proof (of the legal entity) that, however, has recently undergone an important standstill or, if we prefer, re-examination by the Supreme Court of Appeals 4. In fact, according to the Court of Appeals, «by virtue of the mentioned identification with its top manager, the legal entity is liable for its own action, without involving the constitutional principle of prohibition of liability for the action of others (Article 27 Italian Const.). Nor does Italian legislative decree no. 231 outline a case of objective liability, envisaging, on the contrary, the need for the so-called organisational fault of the legal entity, i.e. not having prepared a series of preventive measures to prevent the commission of offences of the type committed; the confirmation of this organisation deficit allows to easily charge the legal entity of the offence carried out in its field of operations...precise channels [ed. by the Prosecution] that teleologically link the action of one [ed. natural person] to the interest of the other [ed. the legal entity] must be identified as well as the elements indicating the organisational fault of the legal entity, which make its liability autonomous ( )» (cf. Court of Cass., Pen. div. VI, judgement no of 16 July 2010). Therefore, the Court concluded as follows: «no reversal of the burden of proof is, therefore, recognisable in the regulations of the liability depending on offence of the legal entity, since the burden of proving that the offence has been committed by a person with one of the qualities referred to in Article 5 of Italian Legislative Decree no. 231 and the lacking internal regulation of the legal entity weigh in any case on the Prosecution. The latter has the fullest power to provide exonerating proof» (cf. mentioned Court of Cass. no /2010). Moreover, the mentioned Article 6, paragraph 2, of the Decree envisages that - in relation to the extension of the delegated powers and to the risk of committing the crimes - the organisation, management and control models must meet the following requirements: identify the activities within which the offences envisaged by the Decree can be committed; establish specific protocols aimed at planning the formation and implementation of the Legal Entity's decisions in relation to offences that must be prevented; identify methods of management of financial resources appropriate to prevent offences from being committed; envisage duties of disclosure vis-à-vis the body in charge of supervising the operation and compliance of the model; introduce a disciplinary system capable of punishing the non-compliance with the measures set out in the model. 3 Cf. The Illustrative Report: «it is assumed (according to an empirically based presumption) that, in case of offence committed by the top management, the subjective requirement of liability of the legal entity is met, since the top management expresses and represents the policy of the legal entity; if this does not happen, the company must prove its non-involvement, and this can only be done by proving the existence of a number of concurrent requirements». 4 Already influential Authors had pointed out the contrast of this presumption of liability with the constitutional principles referred to in Articles 3, 24 and, above all, 27 of our Fundamental Charter. In this regard, the recent intervention of the Supreme Board considered the constitutionality of Article 6 of Italian Legislative Decree no. 231 of 2001, by stating that «the regulations laid down by Italian Legislative Decree no. 231/01 on the liability of the offence of Legal entities does not enter into a collision course with the principles that the Fundamental Chart enunciates in Articles 3, 24 and 27, and therefore, the proposed issue of constitutionality is clearly and manifestly groundless» (cf. Court of Cass., Div. VI pen., judgement 16 July 2010, no ). 11

13 This Decree envisages that the organisation and management models can be adopted, guaranteeing the above requirements, on the basis of codes of behaviour drawn up by trade associations, notified to the Ministry of Justice that, in concert with the competent Ministries, may make observations on the adequacy of the Models to prevent the Offences within 30 days (mentioned Article 6, paragraph 3). Finally, it is envisaged that in small Legal Entities the task of supervision can be carried out directly by the governing body (mentioned Article 6, paragraph 5) Guidelines of Confindustria In implementation of the provisions of Article 6, paragraph 3, of the mentioned Decree, Confindustria, first among trade associations, defined its Guidelines for the construction of organisation, management and control models pursuant to Italian Legislative Decree No. 231/2001 (disseminated on 7 March 2002, supplemented on 3 October 2002 with annexe relating to the so-called corporate offences, and subsequently updated on 24 May 2004, 31 March 2008 and, finally, in March 2014), in which associated enterprises are provided with methodological indications on how to identify risk areas and structure organisation models. In particular, the Guidelines recommend companies to use risk assessment and risk management processes and provide the following steps for defining the model: the identification of risks; the preparation and/or implementation of a control system capable of preventing the above risk through the adoption of specific protocols. The most important components of the control system developed by Confindustria are: Code of Ethics; organisation system; manual and/or IT procedures; powers of authorisation and signature control and management systems; personnel communication and training. These components must be consistent with the following principles: verifiability, provable by documents, consistency and adequacy of each transaction; application of the principle of segregation of powers; documentary evidence of controls; provision of an adequate penalty system for the violation of the code of ethics and procedures envisaged by the model; autonomy, independence, supervisory body. professionalism and continuity of action of the the identification of the criteria for the selection of the Supervisory Body and the 12

14 forecast of specific information flows from and to the Supervisory Body. With a note of 21 July 2014, the Ministry of Justice, in line with the provisions of Italian Legislative Decree No. 231/2001 (Article 6, par. 3), notified the final approval and the suitability of the new Guidelines of Confindustria for the construction of the organisation models updated on March The new version adapts the previous text of 2008 to the new legislations, case laws and practices that have occurred in the meantime, while maintaining the distinction between the General Part and the Special Part. In particular, the main amendments and additions to the General Part concern: the new chapter on the main lines of the liability depending on offence and the summary table of predicate offences; the disciplinary system and penalty mechanisms; the Supervisory Body, with a special reference to its composition; the phenomenon of groups of companies. The Special Part, dedicated to the analysis of predicate offences through special case studies, was thoroughly re-examined, aimed not only at dealing with the new cases of predicate offence, but also at introducing an easier-to use schematic method of analysis Organisation model and Code of Ethics The purpose of the Code of Ethics adopted by ENAV expresses the principles of "business ethics" that the Company recognises as its own and which must be observed by the Employees, Corporate Bodies, Consultants and Partners; as such, it can be considered as one of the components of the Model. However, the Organisation Model meets the requirement to prevent the commission of special types of offences (for facts that, apparently committed for the benefit of the company, can involve an administrative liability based on the provisions of Italian Legislative Decree No. 231/2001) and prepared specific rules of behaviour in compliance with the provisions contained in the said regulatory source. The effective and constant implementation of the chosen and adopted Model constitutes, as seen, the justification of the company for the purposes of the liability referred to in Italian Legislative Decree No. 231/2001. This being stated, with regard to the different function of the Organisation Model compared to the Code of Ethics, it is specified that this document was prepared in close connection with the principles, rules and procedures described in this document in order to create a consistent and efficient internal regulatory board. In particular, the Code of Ethics comprises the following essential elements: the principles of business ethics of the Company; the ethical rules for relations with all the stakeholders of the Company; ethical standards of behaviour; internal penalties in case of violation of the indicated rules; the impacts on the company organisation system and how to implement it. Each director, auditor, employee, External Collaborator and, more in general, all the Recipients of this Model, are required to comply with the rules contained in the Code of Ethics, in the exercise of their offices, carried out also to represent the Company with 13

15 third parties. Any third party who has an interest in interacting with the Company will be acquainted with the Code and must base its work and attitude, insofar as it concerns it, on the strict compliance with the code provisions. The Company undertakes to disseminate the Code of Ethics, update it on a regular basis, make available any possible instrument that favours its full application, carry out checks with regard to any notice of violation of the rules of the Code, assess the facts and consequently implement, in case of ascertained violation, appropriate disciplinary measures for employees, directors and different interlocutors where applicable. 14

16 2. THE GOVERNANCE MODEL AND ORGANISATIONAL STRUCTURE OF THE COMPANY 2.1. The Company ENAV is the Company to which the Italian State entrusted the air traffic management and control in Italy. The purpose of the Company is the carrying-out of air traffic control services, systems and activities of development, production, supply, sale and exportation of air navigation services in Italy and abroad and any related and complementary activity. In particular, merely by way of example, the Company: provides air traffic control, flight information, advisory and alarm, meteorology and climatology, aeronautical information, aeronautical telecommunications, radionavigation and radio-broadcasting services; promotes and implements initiatives of national interest in the systematic sectors of air navigation, air traffic control and safety of flight operations; sees to the study and research on navigation systems, the expansion of air traffic control systems also in correlation with the implementation of the general transport plan and of the general airport plan; sees to the training of own and third-party internal and external specialist aeronautical personnel, and to the issue of the corresponding qualifications for employees; produces the aeronautical cartography; sees to the technical management and the maintenance of the systems; operates in the field of terrestrial and satellite multimodal navigation, participating in European research and development programmes in the field. ENAV S.p.A., active since January 2001, is the result of the transformation of the economic public body ENAV - Ente Nazionale di Assistenza al Volo (National Air Traffic Control Agency) into a joint-stock company, occurred on the wake of similar reforms carried out in many European countries. ENAV, as economic public body, succeeded, in December 1996, to AAAVTAG (Azienda Autonoma di Assistenza al Volo per il Traffico Aereo Generale, General Air Traffic Control Independent Company), in turn succeeded, in January 1982, to the Commissariato per l Assistenza al Volo (flight-handling authority), set up three years before at the Ministry of Transport. This was possible in that the Commissariato per l Assistenza al Volo (flight-handling authority) had completed the task assigned to it at the time of its establishment: through the Telecommunications and Air Traffic Control Inspectorate (Ispettorato Telecomunicazioni e Assistenza al Volo, ITAV) it took over the management of the civil air traffic control services, so far managed by the Italian Air Force. In 2006, ENAV acquired 100% of Vitrociset Sistemi S.r.l., business unit demerged from Vitrociset S.p.A., company operating in the field of information technology, communications and logistics. Subsequently, in 2007, Vitrociset Sistemi S.r.l. was renamed Techno Sky S.r.l. 15

17 In August 2015, the Company successfully completed the opening issue - with the private placement formula - of a bond admitted to listing at the Luxembourg Stock Exchange. On 16 May 2014, the Decree of the Prime Minister concerning Determining the methods of privatisation and the methods of disposal of the equity investment held by the Ministry of Economy and Finance in the Share Capital of ENAV S.p.A., envisaged the sale to private investors of a minority interest in Enav (up to 49%) through private competitive placement pursuant to the applicable law and/or an initial public offering (for further information, see Chapter 6, Paragraph of the Registration Document). During 2016, ENAV successfully completed the listing by means of a takeover bid, placing approximately 46.6% of the ordinary shares of the Company on the Electronic Stock Market organised and managed by Borsa Italiana S.p.A, and changing its status from single member company to listed instrument issuing company. As a result of this transaction, the MEF holds the statutory control stake of ENAV The governance system of ENAV Corporate Governance refers to the administration and control system of the Company as a set of rules and procedures to ensure the effective and efficient management of the company with the aim of creating value for shareholders in the medium to long term, taking into account the interests of other stakeholders. The corporate governance system of ENAV was defined by taking into account applicable general and special regulations, principles and recommendations contained in the Corporate governance code for listed companies by which it abides and best practices in this field. The governance model adopted by ENAV is "traditional", characterised by the dichotomy between the Board of Directors and the Board of Statutory Auditors; the external audit is entrusted to an Independent Auditing firm. The financial management of the Company is submitted to the control of the State Auditor's Department (Italian Law no. 259 of 21 March 1958), by means of a delegated Judge of State Auditor's Department, who attends the meetings of the Board of Directors and the Board of Statutory Auditors. The Shareholders' Meeting is responsible for making the most important decisions for the life of the company, including appointing and dismissing members of the Board of Directors and the Board of Statutory Auditors and their chairmen, as well as the independent auditing firm, by establishing their fees. Moreover, the Shareholders' Meeting approves the financial statements, decides formally the amendments to the articles of association and extraordinary transactions such as share capital increases, mergers and demergers. The Board of Directors consists of a number of members of not less than five and not more than nine. The shareholders' meeting sets the number of members within these limits. The Board of Directors meets every month to examine and decide formally on the results from operations, the final results, proposals related to the organisation model and to operations of strategic importance, as well as matters reserved for the Board by the law and by the articles of association. In compliance with the provisions of the Italian Civil Code, it delegated part of its management responsibilities to the Chief Executive Officer. At the end of the listing and adoption by the Company of the aforesaid Corporate governance code for listed companies, two Committees were set up with proposing and advisory functions, the Remuneration and Nomination Committee and the Control and Risk and Related Parties Committee. The roles of Chief Executive Officer and Chairman are clearly separate and they both represent the Company. Pursuant to the Articles of Association, the Board of Statutory Auditors consists of three standing auditors and two alternate auditors, who are appointed by the General 16

18 Shareholders' Meeting. It supervises compliance with the Italian Law and Articles of Association, the principles of correct administration and in particular the adequacy of the organisation, management and accounting structure adopted by the Company and its proper functioning The Internal Control and Risk Management System (ICRMS) of ENAV The ICRMS is integrated in the more general organisational and corporate governance structures adopted by the Company and takes into account the reference models, the recommendations of the Corporate governance code for listed companies and the best practices existing in this matter at national and international level. The ICRMS consists of a set of rules, procedures and organisational structures allowing the identification, measurement, management and monitoring of the main company risks within the ENAV Group. In particular, the ICRMS helps ensuring the preservation of the Company s assets, the efficiency and effectiveness of business processes, the reliability of financial information, the compliance with laws and regulations as well as with the articles of association and internal procedures. Therefore, the ICRMS plays a central role in business organisation, contributing to the making of informed decisions consistent with the risk appetite as well as to the dissemination of a proper knowledge of risks, legality and company values. In this context, the BoD of ENAV approved the Guidelines of the Internal Control and Risk Management System (ICRMS) of ENAV and of the entities forming the group referring to it. The Chief Executive Officer of the Company was appointed Director in charge of the ICRMS, with the task of overseeing the control and management system of risks and carries out the Guidelines by planning, implementing and managing the ICRMS, by constantly verifying its adequacy and effectiveness. The ICRMS is broken down in three separate internal control levels: first-level controls or line-controls (risk ownership), consisting of all the control activities that the individual Areas, Departments and Company functions carry out on their own processes in order to ensure the proper carrying-out of the transactions; second-level controls, entrusted to structures in charge for this purpose, autonomous and separate from the above-mentioned company Departments, with specific tasks and control responsibilities over different areas/types of risk. They monitor business risks, provide guidelines on their control systems and check their adequacy in order to ensure efficiency and effectiveness in the control and management operations of risks; third-level controls, carried out by the Internal Audit department, which provides independent and objective assurance on adequacy and actual efficacy of the first and second-level controls and, more in general, on the ICRMS. Therefore, its task is to check the structure and functionality of the ICRMS as a whole, also by monitoring the line controls as well as the second-level control activities of ENAV. Players of the ICRMS of ENAV The roles and responsibilities entrusted to the subjects involved on various bases in the ICRMS are shown below: Board of Directors: carries out a role of guidance and assessment of the adequacy of the ICRMS. Among other things: defines the guidelines of the ICRMS; determines the level of risk compatibility; assesses the adequacy of the ICRMS at 17

19 least every year. It also identifies internally a director in charge of setting-up and maintaining an efficient ICRMS (the Director in charge of the ICRMS); a Control and Risk Committee. Control and Risk Committee: its task is to support, with adequate investigations, the assessments and decisions of the Board of Directors relating to the ICRMS, as well as those relating to the approval of regular financial reports. Director in charge of the ICRMS: carries out the identification of the main business risks; carries out the guidelines defined by the Board of Directors; makes proposals regarding the appointment, dismissal and remuneration of the Internal Audit department Manager to the Board of Directors, subject to the favourable opinion of the Control and Risk Committee and Related Parties and of the Board of Statutory Auditors. Board of Statutory Auditors: without prejudice to the tasks entrusted to it by law and by the Articles of Association, it supervises the observance of the laws, regulations and articles of association, the observance of the principles of correct administration and in particular the adequacy of the organisation, management and accounting structure adopted by the Company and its proper functioning, as well as the adequacy and functionality of the overall risk management and control system. Judge of State Auditor's Department: ENAV is subject to the control on the management of the financial statements and assets by the State Auditor's Department, which reports annually to the Parliament pursuant to Article 12 of Italian Law 21 March 1958 no. 259 with regard to management legality and regularity and on the functioning of internal controls. Supervisory Body pursuant to Italian Legislative Decree 231/2001: the body in charge of supervising the operation and compliance of the 231 Model and updating it. Management: the Management of ENAV is the main responsible for the process of internal control and risk management system (first-level control). Employees: all the employees of the Group, each according to their skills, must contribute to ensuring an effective operation of the Internal Control and Risk Management System. Figures with second-level controls of ENAV: the organisational control units in charge of these controls are autonomous and separate from the company departments that carry out first-level or line controls; they contribute to defining risk control and management policies. The second-level control figures include: Manager in charge of the preparation of corporate accounting documents; Risk Management department. Functions with third-level tasks of ENAV: The Internal Audit department reports hierarchically to the Board of Directors, through the Chairman of the Board of Directors who carries out the role of connection with it. The Internal Audit department Manager is in charge of checking the operation and adequacy of the internal control and risk management system. 18

20 3. ADOPTION OF THE ORGANISATION MODEL BY ENAV 3.1. The objectives pursued with the adoption and updating of the Organisation Model The Company considered it compliant with its corporate policies as well as with its institutional mandate to implement the Organisation and Management Model envisaged by Italian Legislative Decree No. 231/2001. This initiative was undertaken with the conviction that the adoption of this document may be a valid tool for raising the awareness of all those working in the name and on behalf of ENAV, so that they behave correctly and consistently when carrying out their activities such as to prevent the risk of committing the offences envisaged by the Decree. To this end, the Company adopted, with resolution of the Board of Directors of 27 May 2004, its own Organisation, management and control model, pursuant to Italian Legislative Decree no. 231/2001. Following to further and significant changes in the organisation, adopted by ENAV after the approval of the Model, and the introduction of new offences within the corpus of Italian Legislative Decree No. 231/2001, the Company, in line with the provisions of this Decree and of the relevant Guidelines issued by Confindustria, carried out constantly over the years the maintenance and updating of the Model in order to maintain in time the requirements of solidity, functionality and effectiveness. Since this document - and the organisation and management model that derives from it - is a deed issued by the Board of Directors - in compliance with the requirements of Article 6, paragraph 1, let. a) of Italian Legislative Decree No. 231/ the subsequent amendments and supplements pertain to it, except for amendments that directly result from company reorganisation measures and do not involve in any case radical changes in the structure of the Model. The qualifying principles of the Organisation Model of ENAV are: the identification of business processes and mapping of risk assets of the Company; the presence of the Supervisory Body (hereinafter referred to as BoD ) with financial autonomy and powers of initiative and control to ensure the operation, effectiveness and observance of the Organisation Model; verifying company behaviour and the documents for each significant transaction; the adoption of a disciplinary system capable of punishing non-compliance with requirements and procedures envisaged in the Organisation Model; dissemination to all business levels of rules of behaviour and procedures The function of the Organisation Model The Organisation Model establishes a structured system of ex ante and ex post control procedures and activities aimed at preventing and reducing the risk of committing the offences envisaged by Italian Legislative Decree no. 231/2001. In particular, the identification of the activities at risk of offence and their proceduralisation in an effective control system aims at: 19