CONTENTS

1. Italian Legislative Decree No. 231/2001
   1. General principles of the administrative liability of entities
   2. The prerequisites for the administrative liability of entities
      1. Active parties of the alleged offence and their link with the entity
      2. Interest or advantage of the entity
      3. The predicate offences of the administrative liability of entities
   3. The conditions for exemption from administrative liability of entities
      1. Administrative liability of the entity and predicate offences committed by persons in senior positions
      2. Administrative liability of the entity and predicate offences committed by persons subject to the supervision of others
   4. Practical application of Italian Legislative Decree No. 231/01
      1. The “exempting fulfilments” for the administrative liability of entities
      2. The Confindustria Guidelines
      3. The up-dating of the Confindustria Guidelines
   5. The administrative sanctions applicable to the entities
2. The governance model and the organisational structure
   1. The Company
   2. The corporate structure
   3. The Company's governance instruments
   4. The internal control system
3. The Company’s Organisation and Management Model
   1. Objectives and function of the Model
   2. Intended audience of the Model
   3. Structure of the Model: General Section and Special Section
   4. Criteria for up-dating the Model
4. Supervisory Body
   1. The requisites of the Supervisory Body
   2. Supervisory Body Reporting to the corporate bodies
   3. Disclosure to the supervisory body
5. Disciplinary and sanctions system
   1. General principles
   2. Sanctionable conduct: key categories
   3. Parties
   4. Violations of the Model and related sanctions
   5. Measures taken against employees, executives, directors, and other members of the intended audience
6. Selection and training of the staff
   1. Training and divulgation of the Model
   2. Members of the corporate bodies, employees, executives and middle management
   3. Other members of the intended audience

 

 

1 Italian Legislative Decree No. 231/2001

 

1.1 General principles of the administrative liability of entities

Italian Legislative Decree No. 231 dated 8 June 2001 (hereinafter also referred to as “It. Leg. Decree 231/2001” or the “Decree”), issued in execution of the authorisation contained in Article 11 of Italian Law No. 300 dated 29 September 2000, introduced into the Italian legal system the liability of entities for administrative offences dependent on crime.

In particular, the Decree envisages that entities with corporate status, companies and associations, including those without corporate status, are liable in the event that their senior executives, managers or those working under their direction or supervision commit certain types of offences, precisely identified, in the interests or to the advantage of the entity itself.

The purpose of the legislation is to make entities aware of the need to have an internal organisation capable of preventing the commission of offences by their senior management or persons under their control. It should be noted that the administrative liability of the entity does not replace the criminal liability of the natural person who materially committed the so-called predicate offence, but is in addition to it.

The types of offence to which the regulations in question apply can, for ease of illustration, be classified in the following categories:

• offences committed in dealings with Public Administration Authorities and involving bribery and corruption (Articles 24 and 25);
• cyber crimes and illegal processing of data (Art. 24 bis);
• organised crime offences (Art. 24 ter);
• extortion, bribery and corruption (Art. 25);
• offences involving counterfeiting of coins, bank notes, revenue stamps, and distinguishing instruments or marks (Art. 25 bis);
• crimes against industry and commerce (Art. 25 bis 1);
• corporate offences (Art. 25 ter);
• crimes for purposes of terrorism or subversion (Art. 25 quater);
• female genital organ mutilation practices (Art. 25 quater 1);
• crimes against the individual (Art. 25 quinquies);
• market abuse (Art. 25 sexies);
• offences committed in violation of accident prevention norms and those concerning the protection of health and safety in the workplace (Art. 25 septies);
• receiving stolen goods, money laundering and use of illegally obtained money, goods or benefits, as well as self-laundering (Art. 25 octies);
• copyright infringement offences (Art. 25 novies);
• incitement not to testify or to bear false witness before the legal authorities (Art. 25 decies);
• environmental crimes (Art. 25 undecies);

• employment of foreign citizens not authorised to work in the country (Art. 25 duodecies);
• racism and xenophobia offences (Art. 25 terdecies);
• fraud in sporting competitions, unlawful gaming or betting and gambling by means of prohibited devices (Art. 25 quaterdecies);
• tax-related offences (Art. 25 quinquiesdecies);
• smuggling offences (Art. 25 sexiesdecies);
• cross-border offences (Arts. 3 and 10 of Italian Law No. 146 dated 16 March 2006).

The complete list of liable offences that may, under the Decree, give rise to the administrative liability of the entity and the details of the categories of offences that may be committed in the operational context of the Company.

 

1.2 The prerequisites for the administrative liability of entities

 

1.2.1 Active parties of the alleged offence and their link with the entity

Article 5.1 of the Decree indicates the natural persons whose criminal conduct gives rise to the administrative liability of the entities, by virtue of the theory of so-called guilt by association. In accordance with said Article in fact, the entity is responsible for the offences committed in its interests or to its advantage:

a) by individuals who cover representative, administrative or management roles within the entity or one of its organisational units, endowed with financial and functioning autonomy, as well as by individuals who carry out, even de facto, the management and control;

b) by individuals subject to the management or supervision of one of the parties as per letter a). With reference to the parties identified under a), it should be pointed out that, for the legislator, it is not necessary that the senior position be held “formally”, but it is sufficient that the functions carried out, even “de facto”, are actually management and control functions (as indicated in the Ministerial Report to the Decree, in fact, both must be exercised).

 

1.2.2 Interest or advantage of the entity

As mentioned above, the natural persons from whose criminal conduct administrative liability may arise must have committed the so-called predicate offence in the interest or to the advantage of the entity. The interest of the entity always presupposes an ex ante verification of the criminal conduct committed by the natural person, whereas the “advantage” always requires an ex post verification and may be obtained by the entity even when the natural person has not acted in its interest. The terms "interest" and "advantage" refer to legally different concepts and each has a specific and autonomous relevance, since it may well be the case, for example, that conduct that might initially appear to be of interest to the entity, then in fact, ex post, does not bring the hoped-for advantage. Conversely, the entity is not liable if the persons indicated under 1.2.1 have acted exclusively in their own interest or in the interest of third parties: in this case, in fact, it would be a matter of a somewhat “fortuitous” advantage, as such not attributable to the will of the entity.

In the event that the natural person has committed the so-called predicate offence in the "predominant" interest of themselves or of third parties and the entity has not gained any advantage or has gained a minimal advantage, there will still be liability and the application pursuant to and for the purposes of Article 12.1, letter a) of the Decree of the monetary fine reduced by half and in any case not exceeding Euro 103,291.38.

 

1.2.3 The predicate offences of the administrative liability of entities

The administrative liability of the entity can only be established in relation to those criminal offences expressly identified as a prerequisite for the administrative liability of the entity by Italian Legislative Decree No. 231/2001 and/or Italian Law No. 146/2006.

It should be noted that the entity cannot be held liable for an offence if its administrative liability, in relation to that offence, and the relevant sanctions are not expressly envisaged by a law that came into force before the offence was committed (so-called principle of legality).

 

1.3 The conditions for exemption from administrative liability of entities

 

1.3.1 Administrative liability of the entity and predicate offences committed by persons in senior positions

Articles 6 and 7 of the Decree discipline the conditions for exemption from administrative liability of Entities.

On the basis of the provisions of It. Leg. Decree No 231/2001 – Art. 6.1, letters a), b), c) and d) – the entity may be exonerated from liability resulting from the commission of offences by the persons qualified under Article 5 of It. Leg. Decree No. 231/2001, if it proves that:

a) the governing body has adopted and efficiently implemented organisation and management models, suitable for preventing offences of the kind that occurred, before said offence was committed;

b) the task of overseeing the functioning, efficacy and observance of the organisation, management and control model (hereinafter “Model”) and seeing to the review of the same, has been entrusted to a body of the entity endowed with independent powers of initiative and control;

c) the natural persons who committed the offences fraudulently avoided the organisation, management and control models;

d) there has been no omission of or insufficient supervision by the Supervisory Body (hereinafter also “SB”) as per letter b.

By means of Italian Law No. 179 dated 30 November 2017, point 2-bis was added to Article 6 of Italian Legislative Decree No. 231/2001 with the aim of disciplining the reporting of unlawful conduct. In particular, it was envisaged, for the purposes of exemption, that the Models must provide for:

a) “one or more channels enabling the parties indicated in Article 5.1 letters a) and b) to submit, in order to protect the integrity of the entity, detailed reports of unlawful conduct, relevant in accordance with this decree and based on precise and concordant factual elements, or of violations of the entity's organisational and management model, of which they have become aware by reason of the functions performed; these channels guarantee the confidentiality of the identity of the whistle-blower in the handling of the report;

b) at least one alternative whistleblowing channel capable of guaranteeing, by computerised means, the confidentiality of the identity of the whistle-blower;

c) the prohibition of direct or indirect retaliatory or discriminatory acts against the whistle-blower for reasons directly or indirectly linked to the whistleblowing;

d) in the disciplinary system adopted pursuant to point 2, letter e), sanctions against those who violate the measures for the protection of the whistle-blower, as well as against those who make, with malice or gross negligence, reports that turn out to be unfounded”.

In relation to the extent of the delegated powers and the risk of offences being committed, the Organisation and management models must meet the following requirements:

a) identify any activities within the sphere of which the offences may be committed;

b) foresee specific protocols aimed at defining how the resolutions of the entity with regard to the offences to be prevented shall be defined and implemented;

c) identify procedures to manage financial resources suitable for preventing the offences being committed;

d) envisage reporting obligations for the body responsible for monitoring the functioning and observance of the models;

e) introduce a disciplinary system suitable for punishing failure to observe the measures indicated in the Model.

The Model is a set of rules and tools aimed at providing the entity with an effective organisational and management system, which is also suitable for identifying and preventing criminally relevant conduct on the part of those working on behalf of the company. The models may also be adopted, guaranteeing the above-mentioned requirements, on the basis of codes of conduct drawn up by the associations representing the entities, communicated to the Ministry of Justice pursuant to Article 6.3 of the Decree.

It should be noted, however, that the Decree outlines a different treatment for the entity depending on whether the predicate offence is committed:

a) by individuals who cover representative, administrative or management roles within said bodies or one of their organisational units, endowed with financial and functioning autonomy, or by natural persons who carry out, even de facto, the management and control of said entities;

b) by individuals subject to the management or supervision of one of the parties indicated above.

In the first hypothesis, the regulations as per the Decree envisage the so-called "reversal of the burden of proof" with regard to the adoption and effective implementation of a Model capable of preventing the commission of predicate offences. This means that, if an administrative offence is contested as a result of the commission of one or more predicate offences by a senior manager, it is the entity that has to provide proof ("does not answer for if it proves" the existence of everything required by the Decree).

 

1.3.2 Administrative liability of the entity and predicate offences committed by persons subject to the supervision of others

Article 7 of the Decree states that if the predicate offence was committed by the persons indicated in Article 5.1, letter b), the entity is liable if the commission of the said offence was made possible by the failure to comply with management or supervisory obligations.

The inobservance of the management and supervisory obligations is excluded if the entity, before the commission of the offence, adopted and efficiently implemented an organisation, management and control model suitable for preventing offences of the kind that occurred.

The model must envisage, in relation to the nature and size of the organisation as well as the type of activities carried out, appropriate measures to ensure that the activities are carried out in compliance with the law and to detect and eliminate risk situations in a timely manner.

The effective implementation of the model also requires:

a) a periodic check and possible amendment of the same when significant violations of the regulations are discovered or when changes take place in the organisation or the activities;

b) a disciplinary system suitable for sanctioning failure to observe the measures indicated in the model.

 

1.4 Practical application of Italian Legislative Decree No. 231/01

 

1.4.1 The “exempting fulfilments” for the administrative liability of entities

The Decree therefore envisages the adoption of a model that meets the following requirements as a fulfilment of the entity with exempting effect:

a) identify any activities within the sphere of which the offences may be committed;

b) foresee specific protocols aimed at defining how the resolutions of the entity with regard to the offences to be prevented shall be defined and implemented;

c) identify procedures to manage financial resources suitable for preventing the offences being committed;

d) envisage reporting obligations for the body responsible for monitoring the functioning and observance of the models;

e) introduce a disciplinary system suitable for punishing failure to observe the measures indicated in the organisational model.

 

1.4.2 The Confindustria Guidelines

As already highlighted, in accordance with Article 6 of the Decree, the models may also be adopted, guaranteeing the above-mentioned requirements, on the basis of codes of conduct drawn up by the associations representing the entities, communicated to the Ministry of Justice pursuant to Article 6.3 of the Decree. Confindustria, the main organisation representing manufacturing and service companies in Italy, which groups together, on a voluntary basis, around 150,000 companies of all sizes for a total of more than 5 million employees, aims, by Statute, to contribute, together with political institutions and national and international economic, social and cultural organisations, to the economic growth and social progress of the country.

It is also with this in mind, and to help member companies, that Confindustria has issued the “Guidelines for the drafting of organisation, management and control models pursuant to Italian Legislative Decree 231/2001”. The first version of the Guidelines, drawn up in 2002 by the Working Group on “Administrative liability of legal entities”, set up within the Confindustria Legal, Finance and Company Law Unit, was approved by the Ministry of Justice in June 2004. Following the numerous legislative measures that, in the meantime, have amended the regulations on the administrative liability of entities, extending their scope to additional types of offences, the Confindustria Working Group updated the Guidelines for the drafting of organisational models.

The first update of the Guidelines, dated March 2008, was approved by the Ministry of Justice on 2 April 2008, while the second update, dated March 2014, was approved by the Ministry of Justice on 21 July 2014.

The new Confindustria Guidelines for the drafting of organisational models adapt the previous texts to the legislative, jurisprudential and applicative practice changes that have occurred in the meantime, with the aim of providing indications as to the measures suitable for preventing the commission of the predicate offences covered by the Decree as of July 2014.

The Confindustria Guidelines for the drafting of organisational, management and control models provide associations and companies - whether or not affiliated to the Association - with methodological indications on how to prepare an organisational model suitable for preventing the commission of the offences indicated in the Decree.

The indications of this document, whose value is also recognised by the Decree, can be outlined according to the following basic points:

•    identification of the risk areas, aimed at verifying in which company area/sector it is possible to commit the offences envisaged in Italian Legislative Decree No. 231/2001;

•    identification of the ways in which offences may be committed;

•    performance of the risk assessment;

•    identification of control points aimed at mitigating the risk of offences;

•    gap analysis.

The most significant components of the control system conceived by Confindustria are:

• the Code of Ethics;
• the organisational system;
• the manual and IT procedures;
• the authorisation and signature powers;
• the control and management systems;
• informing and training employees.

The components of the control system must be oriented towards the following principles:

• that any operation be verifiable, documentable, consistent and appropriate;
• that a principle of separating functions (i.e. no one can manage a whole process independently) shall apply;
• documentation of the controls;
• provision of an adequate system of sanctions for violation of the procedures envisaged by the Model;
• identification of the requirements of the Supervisory Board, which can be summarised as follows:
• autonomy and independence;
• professionalism;
• continuity of action;
• information obligations of the Supervisory Body and identification of the criteria for the selection of that body.

It is appropriate to highlight that:

1) non-compliance with specific points of the Guidelines does not in itself invalidate the validity of the Model;

2) the indications provided in the Guidelines require subsequent adaptation by the companies. In fact, each organisational model, in order to exert its preventive effectiveness, must be drawn up bearing in mind the specific characteristics of the company to which it applies. The offence risk of each company, in fact, is closely linked to its economic sector, to the organisational complexity - not just its size - of the company and to the geographical area in which it operates.

Following the entry into force of Italian Law No. 179 dated 30 November 2017, containing “Provisions for the protection of the whistle-blowers on offences or irregularities of which they have become aware in the context of a public or private employment relationship”, Confindustria published an Illustrative Note on the whistleblowing regulations, which illustrates the main contents of the reference legislation and provides application clarifications for entities endowed with a Model 231.

 

1.4.3 The up-dating of the Confindustria Guidelines

In June 2021, Confindustria published the updated Guidelines on the administrative liability of entities.

The document, which does not change the structure of the previous updates, provides an overview of the regulatory changes since 2014 and the developments in case law.

Among the issues addressed by the 2021 Guidelines, the following can be noted in particular:

• with regard to the peremptory nature of the list of predicate offences, the introduction of the offence of self-laundering (Article 648 ter.1 of the Italian Criminal Code) within the list of predicate offences would risk making the catalogue of predicate offences no longer a numerus clausus, but rather open. There are two opposing views on this point: the first limits liability solely to cases in which the basic offence of self-laundering is also one of the predicate offences expressly envisaged by the Decree, the other according to which liability would also be extended to further offences;
• with regard to the concepts of interest and advantage, the Guidelines refer to the most recent case law on the subject, according to which, in order to identify such criteria, reference would have to be made to the finalistic component of the conduct and to the saving of expenditure;
• with reference to disqualification sanctions, the Guidelines make a historical excursus of the same, emphasising their greater severity in light of the amendments introduced by Italian Law No. 3/2019 (also known as “Spazzacorrotti”).
• the Guidelines then promote the idea of integrated compliance, in order to improve the efficiency and effectiveness of controls and procedures. In this regard, a paragraph is inserted on the so-called Tax Control Framework, with which the Model must coordinate;
• still on the subject of compliance systems, the Guidelines introduce a new paragraph, entitled "Control systems for tax compliance purposes", suggesting the possible interaction between the Model and other control tools;
• the fifth chapter then deals with the liability of “Groups of companies”, specifying when liability may also be extended to any associated companies. This may occur where the holding company can be deemed to have received an effective advantage and an actual interest in the commission of the offence committed by the other company and where the party acting on behalf of the holding company concurs with the party who committed the offence on behalf of the subsidiary;
• in the latest version of the Guidelines, a paragraph was then introduced concerning the fulfilments aimed at increasing the transparency of information on the company's activities, as envisaged by Italian Legislative Decree No. 254/2016.

Public interest entities with certain characteristics will in fact have to draw up a declaration containing non-financial information that will then have to be compared with that which they declared in previous financial years.

This declaration, the correction and supervision of which is entrusted to the same party tasked with the official audit of the financial statements, will be published care of the Companies’ Register together with the management report.

Any violations will be verified and disciplined by Consob;

• with reference to the figure of the Supervisory Body, it is analysed from two standpoints. First of all, the importance of providing the same with an annual budget is noted and emphasised, so as to best enable it to perform the tasks assigned to it. Then, focusing on the independence of the Supervisory Body, the Guidelines state that the internal parties should preferably have no operational roles within the company.

Again with reference to the Supervisory Body, the Guidelines reiterate that which is expressed in the new Corporate Governance Code. In particular, if the Supervisory Body does not coincide with the audit body, the Board of Directors “must assess the appropriateness of appointing at least one non-executive director and/or a member of the audit body and/or the holder of the company's legal or audit functions to the body”. Although a Supervisory Body composed only of external members is admissible, coordination with the parties involved in the internal control and risk management system is recommended.

• Finally, noteworthy are the references to whistleblowing. The Guidelines emphasise the need for individual companies to regulate the entire procedure: starting with the ways in which whistleblowing reports are to be made, moving on to the ways in which they are to be handled, and ending with an appropriate division into stages and responsibilities. The introduction of an appropriate procedure is also recommended.

In conclusion, the use of IT platforms managed also by independent and specialised third parties and the activation of dedicated e-mail accounts are suggested. Nevertheless, the most suitable organisational option for the purpose of identifying the recipient of the whistleblowing can only be sought through an analysis of the company's size and organisational characteristics, of whether regulations concerning the specific sector of activity apply, and on the basis of any corporate groups of reference.

The Guidelines emphasise that this discipline may be subject to significant changes following the assimilation, next December, of Directive (EU) 2019/1937.

The Guidelines also recall the Guidelines adopted by the National Anti-Corruption Authority in the public sector in 2015.

 

1.5 The administrative sanctions applicable to the entities

The Decree disciplines four types of administrative sanctions applicable to entities for administrative offences dependent on crime:

1) monetary fines (and precautionary attachment), applicable to all offences;

2) disqualification sanctions, also applicable as a precautionary measure and, in any case, only in particularly serious cases lasting no less than three months and no more than two years, which, in turn, may consist of:

• disqualification from engaging in business activities;
• suspension or revocation of authorisations, licenses or permits instrumental to the commission of the offence;
• disqualification from contracting with the Public Administration Authorities, unless to obtain the services of a public service;
• exclusion from obtaining any concessions, funding, contributions or subsidies and possible revocation of those granted;
• prohibition from advertising goods or services;
• confiscation (and precautionary attachment);
• publication of the sentence (in the event of application of a disqualification sanction).

The rationale of the rules drawn up in the area of sanctions is clear: with the provision of monetary fines and disqualification sanctions, the intention is to pursue both the assets of the entity and its operations, while, with the introduction of the confiscation of profits, the intention is to tackle the unjust and unjustified enrichment of the entity through the commission of offences.

Monetary fines

The monetary fine is the fundamental sanction, applicable at all times and to all administrative offences dependent on crime. The monetary fine is applied in penalty units of no less than one hundred nor more than one thousand.

The judge decides the number of penalty units, taking into account the seriousness of the event, the degree of liability of the entity as well as the activities carried out to eliminate or mitigate the consequences of the event and prevent the commission of further offences.

The amount of a penalty unit ranges from a minimum of Euro 258.23 to a maximum of Euro 1,549.37 and is fixed on the basis of the economic and equity conditions of the entity, for the purpose of ensuring efficacy of the fine. Anyway, the amount of the penalty unit is always equal to Euro 103.29 if:

a) the perpetrator of the offence has committed the act in their own interests or in the interests of third parties and the entity has not gained an advantage or has gained a minimum advantage (Art.12.1, letter a) of the Decree);

b) the financial damage caused is particularly slight (Art. 12.1, letter b) of the Decree).

Furthermore, the monetary fine shall be reduced by one third to one half if, before the opening of the first instance hearing:

a) the entity has fully compensated the damage and has eliminated the damaging or hazardous consequences of the offence or has efficiently taken action in this sense in any event;

b) an organisation model suitable for preventing offences of the kind that occurred has been adopted and made operative.

Where both conditions are met, the fine shall be reduced from half to two-thirds. In any case, the monetary fine cannot be less than €10,329.14. In order to quantify the monetary value of the individual penalty unit, therefore, the criminal court must perform a "twofold operation": it must first determine the amount of the number of penalty units on the basis of the above-mentioned indexes of the seriousness of the offence, the degree of liability of the entity and the activities carried out to mitigate the consequences of the offence and, subsequently, determine the monetary value of the individual penalty unit taking into account the entity's economic and asset conditions, in order to ensure the effectiveness of the fine. In conclusion, two cases of reduction of the monetary fine are envisaged:

• the first concerning cases of particular slightness of the offence, in which the monetary fine to be imposed cannot be more than Euro 103,291.00 nor less than Euro 10,329.00;
• the second is dependent on the reparation or reinstatement of the offence committed.

However, Article 27 of the Decree sets an impassable limit to the amount of the fine, laying down that the entity may only be called upon to pay the monetary fine within the limits of the mutual fund or assets.

Disqualification sanctions

The disqualification sanctions shall apply together with the monetary fines, but only in relation to the predicate offences for which they are expressly envisaged. Their duration can be no less than three months and no longer than two years.

The disqualification sanctions envisaged by the Decree are:

a) disqualification from exercising an activity (entailing the suspension or revocation of authorisations, licences or concessions instrumental to the performance of the activity and applying only when the inflicting of other disqualification sanctions turns out to be inadequate);

b) suspension or revocation of authorisations, licenses or permits instrumental to the commission of the offence;

c) the ban on contracting with the Public Administration Authorities (this can also be limited to specific types of contract or specific administration authorities), unless to obtain the services of a public servant;

d) exclusion from obtaining any concessions, funding, contributions or subsidies and possible revocation of those already granted;

e) prohibition from advertising goods or services.

If necessary, the disqualification sanctions can be applied jointly. Their application, therefore, may, on the one hand, paralyse the performance of the entity's activities, and on the other, significantly affect it by limiting its legal capacity or by depriving it of financial resources. Since these sanctions are particularly onerous, the Decree states that they may only be applied if at least one of the following conditions is met:

a) the entity has gained a significant profit from the offence and the offence has been committed by parties in a senior position or by parties subject to the management of others when, in this case, the commission of the offence has been caused or facilitated by serious organisational shortfalls;

b) in the event of reiteration of the offences.

In any event, these sanctions do not apply if:

• the perpetrator of the offence has committed the act in their own interests or in the interests of third parties and the entity has not gained an advantage or has gained a minimum advantage;
• the financial damage caused is particularly slight.

They do not apply, moreover, when, prior to the declaration of the opening of the first instance proceedings, the following conditions “concur” (so-called reparation of the consequences of the offence):

1. the entity has fully compensated the damage and has eliminated the damaging or hazardous consequences of the offence or has efficiently taken action in this sense in any event;
2. the entity has eliminated the organisational shortfalls which led to the offence by means of the adoption and implementation of organisation models suitable for preventing offences of the kind that occurred;
3. the entity has made the profit generated available for the purposes of confiscation.

Publication of the conviction

The publication of the conviction can only be arranged when disqualification is applied vis-à-vis the entity.

The sentence is published once only, in full or in part, in one or more newspapers specified by the court, which, one can hypothesise, shall be “specialised” or “sector” publications, or it may be published by posting in the municipality where the company's head office is located, all of which at the full expense of the entity. This sanction has a merely afflictive nature and is intended to negatively affect the image of the entity.

Confiscation of the price or the profit from the offence

Upon conviction, the confiscation of the price or profit of the offence is always ordered vis-à-vis the entity, except for the part that can be returned to the injured party and without prejudice to the rights acquired by third parties in good faith. Where it is not possible to execute confiscation of the price or profit of the offence, such confiscation may relate to sums of money, goods or other benefits having a value equivalent to the price or profit of the offence (so-called confiscation by equivalent).

“Price” of the offence means the things, money or other benefits given or promised to determine or instigate the commission of the criminal conduct. “Profit” of the offence means the immediate economic consequence derived from the offence.

Confiscation by equivalent has recently become one of the most widely used tools to combat so-called profit crime. This sanction also has a direct criminal law origin.

 

 

2 The governance model and the organisational structure

 

2.1 The Company

SPAL Automotive s.r.l. with sole shareholder (hereinafter “SPAL Automotive” or also the “Company”), in order to increasingly ensure conditions of correctness and transparency in the conduct of corporate activities, deemed it compliant with its corporate policies to proceed with the adoption of the Model, in light of the provisions of the Decree.

The initiative undertaken by the Company to adopt the Model was adopted in the conviction that the adoption of such a Model, beyond the provisions of the Decree that indicate the Model as an optional and non-mandatory element, can be a valid tool for raising employee awareness.

SPAL Automotive's corporate purpose is the processing and moulding of plastic materials, electromechanical and electronic construction in general, mould construction and wholesale distribution of electronic and electromechanical material in general.

The Company may also carry out activities in the aforementioned sectors involving the study, research and development, maintenance, assistance, wholesale and retail marketing, import and export also on behalf of third parties, purchase, sale and attainment or licensing of trademarks, industrial patents, know-how and industrial property rights in general.

For the achievement of the corporate purpose, the company may perform all necessary acts, at the sole discretion of the management body.

SPAL Automotive has been enrolled care of the Reggio Emilia Companies’ Register under No. 01755790357, since 31 March 1998.

 

2.2 The corporate structure

To this end, the Company has adopted, applies and maintains a management and accounts audit system consisting of a Board of Directors and an Independent Auditing Firm.

The Company has also complied with the personal data protection requirements set out in EU Regulation 2016/679 (GDPR), as well as in Italian Legislative Decree No. 196/2003 (Privacy Code), as amended by Italian Legislative Decree No. 101/2018.

The governance system of SPAL Automotive is currently structured as follows:

1. General Meeting of the Shareholders: this is responsible for resolving on the matters reserved for it by law and the Articles of Association;
2. Board of Directors: it is vested with the widest powers for the ordinary and extraordinary business of the Company and may carry out all the acts which it deems appropriate for the implementation of the corporate purpose. The Board of Directors is made up of 6 (six) members;
3. the Board of Directors has also resolved on the appointment of two Managing Directors with sole signing authority and power of representation, who were granted all powers for the ordinary and extraordinary business of the Company;
4. Independent Auditing Firm: it carries out the accounts audit on the Company.

SPAL Automotive's organisational structure is characterised by a separation of duties, roles and responsibilities for each business area in order to ensure both a precise definition of functions and maximum efficiency in the implementation of activities.

The Company's organisational structure is currently structured as follows:

• Managing Directors and General Manager
• Group Business Development
• Group Human Resources Division
• Quality Division
• Group Administration and Finance Division
• Relationship & Commercial Relat. – Deputy Chairman
• Group Information Systems Division
• IT Security
• Plant Services
• Purchasing
• Production and Logistics Division
• Head of the Prevention and Protection Service
• Sales Division
• Process Engineering Division
• Product Engineering & Program Management Division
• Foreign Subsidiaries Controller

 

The other Company Units

The organisation chart identifies the areas, divisions and heads of the related units.

 

2.3 The Company's governance instruments

The Company has equipped itself with the following corporate governance instruments, in order to ensure the functioning of the organisation:

• Articles of Association;

• Code of Ethics;
• Quality management system in accordance with the ISO 9001:2015 and IATF 16949:2016 standards; TS16949 certification; Environmental management system according to the UNI EN ISO 14001:2015 standards and according to the 2000/53/CE directive relating to end-of-life vehicles (ELV), Company IT regulations according to ISO/IEC 27001 standards;
• Company organisation chart;
• System of authorisations and powers of attorney;
• Governance model in the privacy sphere.

Articles of Association: the Articles of Association adopted by SPAL Automotive and containing all the rules and regulations which discipline the relationships between the shareholders and the Company, in observance of the matters envisaged and disciplined by the Italian Civil Code.

Code of Ethics: SPAL Automotive has already adopted a Code of Ethics (Enclosure A), the ultimate purpose of which is to disseminate and make known to all employees, associates, professionals and, in general, to all those who have the right to be informed about, the values of the Company itself, with which they are required to comply. Honesty, integrity, respect for laws, regulations and codes of ethics constitute the founding values of the organisational culture and the activities performed by the Company.

The Model presupposes observance of the matters envisaged by the Code of Ethics, forming with it an integrated body of internal rules aimed at spreading a culture marked by ethics and corporate transparency.

The Company's Code of Ethics, also in all its future reformulations, is herein understood to be fully referred to and constitutes the essential foundation of the Model, the provisions of which are integrated with the matters envisaged in it.

Management systems and certification: certification of the management system adopted by SPAL Automotive, optimising its structure and equipping itself with efficient management, appropriate skills and suitable internal processes and tools.

Company organisational chart: this shows the current organisational structure and was conceived and developed in order to take into account the operational and dimensional specificities of the Company.

System of authorisations and powers of attorney: The Company has adopted a system of authorisations and powers of attorney characterised by elements of “security” for the purposes of preventing offences (traceability and highlighting of sensitive activities) that, at the same time, allows for the efficient management of the Company's activities. “Authorisation” is understood to mean the non-occasional transfer, within the Company, of responsibilities and powers from one party to another in a subordinate position. “Power of attorney” means the legal transaction whereby one party grants the other the power to represent them (i.e. to act in their name and on their behalf). The power of attorney, unlike an authorisation, ensures that the other party can negotiate and contract with the persons officially appointed to represent the company.

Governance model in privacy sphere: the Company has taken steps to establish the Privacy Compliance Model by means of the adoption and implementation of specific documents contained in the Privacy Management Model pursuant to EU Regulation No. 679/2016.

 

2.4 The internal control system

The Company has adopted an internal control system designed to monitor the typical risks of the corporate activities over time. The internal control system is a set of rules, procedures and organisational structures aimed at enabling the identification, measurement, management and monitoring of the main risks. The internal control and risk management system meets the need to ensure:

(i)    the effectiveness and efficiency of processes and operations;

(ii)    the quality and reliability of economic and financial information;

(iii)   compliance with laws and regulations, as well as with the Articles of Association, internal rules and procedures;

(iv)   the safeguarding of the value of the company's assets and capital;

(v)    the identification, prevention and management of financial and operational risks and fraud to the detriment of the Company.

The Company adopts legislative instruments based on the general principles of:

a) a clear description of the lines of reporting;

b) accountability, transparency and publication of the powers assigned (within the Company and vis-à-vis relevant third parties);

c) clear and formal delimitation of roles, with a complete description of the duties of each unit, of the related powers and responsibilities.

The internal procedures to be adopted must be characterised by the following elements:

-    separation, within each process, between the person who makes the decision (decision-making impetus), the person who executes that decision and the person entrusted with controlling the process (so-called “segregation of duties”);

-    written record of each relevant step in the process (so-called “traceability”);

-    suitable level of formalisation.

 

 

3 The Company’s Organisation and Management Model

 

3.1 Objectives and function of the Model

By adopting a Model in keeping with the provisions of the Decree, SPAL Automotive shows that it operates under conditions of correctness and transparency in the conduct of business and company activities.

The adoption of the Model represents a tool for raising awareness among all employees and all other parties closely involved in the SPAL Automotive corporate sphere (suppliers, customers, consultants, etc.) so that, in carrying out their activities, they behave correctly and in a straightforward manner so as to prevent the risk of offences existing.

In particular, by means of the adoption of the Model, the Company aims to:

• make all those who work in the name and on behalf of SPAL Automotive, and especially those who operate in the areas of activity found to be at risk of offences, aware that they may encounter, in the event of violations of the provisions set out in the Model, the commission of offences liable to criminal sanctions against them, and "administrative" sanctions that may be imposed on the Company;
• make the aforesaid persons aware that such unlawful conduct is strongly condemned by the Company, since it is always and in any case contrary not only to the provisions of the law, but also to the corporate culture and to the ethical principles adopted as its own guidelines in business activities;
• protect those who may report unlawful conduct or violations of the Model, ensuring that no retaliatory or discriminatory action is taken against the whistle-blower as a result of the whistleblowing;
• enable the Company to take timely action to prevent or counteract the commission of offences (listed in the special part of the Decree), or at least to significantly reduce the damage caused by them;
• encourage a significant leap forward in terms of transparency of corporate governance and SPAL Automotive's image.

It should be noted that, without prejudice to the objectives and purposes set out above, the Company is well aware that the assessment of the Model concerns its suitability to minimise and not to exclude per se the commission of one of the offences listed in the special section of the Decree by individual persons.

This is confirmed by the fact that the Decree in question expressly requires that the Model must be suitable not so much for preventing the offence actually committed, but rather the type of offence to which the one actually committed belongs.

 

3.2 Intended audience of the Model

The rules contained in the Model apply first and foremost to those who perform functions involving representation, administration or management of the Company as well as to those who exercise, also de facto, the management and control of the Company. The Model also applies to all the Company's employees, including seconded persons, who are required to comply, with the utmost correctness and diligence, with all the provisions and controls contained therein, as well as the relevant implementation procedures. The Model also applies, within the limits of the existing relationship, to those who, although not belonging to the Company, operate by mandate or on behalf of the same or are in any case linked to the Company by relevant legal relationships. Accordingly, in contracts or in existing dealings with suppliers of services/equipment/tools, disclosure is provided informing such persons that SPAL Automotive has adopted a Model and a Code of Ethics, while contracts and letters of appointment with professionals and external consultants expressly include a reference to the Code of Ethics and the General Section of the Model.

In particular, with reference to any partners, in Italy and abroad, with which the Company may operate, while respecting the autonomy of the individual legal entities, the Company shall promote the adoption of an internal control system capable of also preventing the predicate offences taking action, by means of the provision of specific disclosure to be sent to suppliers of services/equipment/tools, or via the insertion of a specific 231 clause in new contracts/letters of appointment entered into with external professionals and consultants, all of which to ensure that they align their conduct with the principles laid down in the Decree and enshrined in the Code of Ethics.

 

3.3 Structure of the Model: General Section and Special Section

The Model is divided into this “General Section”, which contains its fundamental principles, and a “Special Section”, subdivided into chapters, whose contents refer to the types of offences envisaged by the Decree and considered potentially verifiable within the Company.

Consistent with the structure envisaged by the Guidelines for drafting the Model, the General Section, after an introduction on the purpose and main contents of Italian Legislative Decree No. 231/2001, provides information on the Company's organisational structure, governance tools and internal control system. In this chapter, following the definition of the function and intended audience of the Model, the methods adopted by the Company to adapt and update it are indicated. The following will be dealt with in the continuation of the document:

• the roles, responsibilities and information flows of the Supervisory Body;
• the procedures for reporting unlawful conduct;
• the disciplinary and sanctions system;
• the criteria for selecting and training personnel, and the methods for disseminating the Model.

The Special Section deals with the Company's areas of activity in relation to the different types of offences envisaged by the Decree and by Italian Law No. 146/2006 that are considered potentially verifiable within the Company.

In the event that it becomes necessary to proceed with the issuance of further specific chapters of the Special Section, in relation to new types of offences that in the future may be included in the scope of the Decree, the Company’s Board of Directors is entrusted with the power to supplement this Model by means of a specific resolution, also upon notification and/or consultation with the Supervisory Body.

 

3.4 Criteria for up-dating the Model

The Supervisory Body recommends to the Board of Directors the appropriateness of updating the Model if new elements - regulatory or organisational and/or regarding the corporate structure - are such as to affect its effectiveness and efficacy.

In particular, the Model may be updated if:

• violations of the provisions of the Model are discovered;
• changes occur in the internal structure of the Company;
• changes to the reference legislation are issued.

In particular, in order to ensure that the changes to the Model are made with the necessary promptness and effectiveness, without at the same time encountering any lack of coordination between the operational processes, the provisions contained in the Model and their dissemination, the Board of Directors has decided to delegate to the Managing Director the task of periodically making changes to the Model that relate to aspects of a descriptive nature, where necessary. It should be noted that the expression “descriptive aspects” refers to elements and information that derive from acts resolved by the Board of Directors (such as, for example, the redefinition of the organisation chart) or units with specific delegated powers (e.g. new procedures). It remains, in any case, the exclusive competence of the Board of Directors to decide on updates and/or adjustments to the Model due to the following factors:

-    intervention of regulatory changes on the subject of the administrative liability of entities;

-    identification of new sensitive activities, or changes to those previously identified, also possibly related to the launch of new activities;

-    commission of the offences referred to in Italian Legislative Decree No. 231/2001 by the intended audience of the Model's provisions or, more generally, significant violations of the Model;

-    detection of shortfalls and/or gaps in the provisions of the Model following audits on its effectiveness.

The SB retains, in any case, precise duties and powers with regard to the upkeep, development and promotion of the constant updating of the Model. Accordingly, it formulates observations and proposals, concerning the organisation and the control system, to the relevant structures or, in cases of particular importance, to the Board of Directors.

 

 

4 Supervisory Body

 

4.1 The requisites of the Supervisory Body

According to the provisions of the Decree, the entity may be exempted from liability resulting from the commission of offences by senior persons or persons subject to their supervision and management, if the management body - in addition to having adopted and effectively implemented an organisational model capable of preventing offences - has entrusted the task of supervising the functioning and observance of the model and of updating it to a body of the entity endowed with autonomous powers of initiative and control.

Entrusting the aforementioned tasks to a body endowed with autonomous powers of initiative and control, together with the correct and effective performance thereof, is therefore an indispensable prerequisite for exemption from liability envisaged by the Decree.

The main requirements of the Supervisory Body can be identified as follows:

• autonomy and independence: the body must be placed as a staff unit in as high a hierarchical position as possible and must report to the highest operational management. Moreover, the same body must not be assigned operational tasks which, by their nature, would jeopardise its objectivity of judgement. Lastly, it must be able to perform its function in the absence of any form of interference and conditioning by the entity, and, in particular, by company management;
• professionalism: the body must be equipped with the wealth of knowledge, tools and techniques needed to perform its activities effectively;
• continuity of action: for the effective and constant implementation of the organisational model, by means of periodic checks.

The Supervisory Body must be appointed pursuant to Article 6.1, letter b), preferably in collective form, composed of two external professionals with proven expertise and experience in legal matters - and, in particular, in the field of the administrative liability of entities -, effectively third parties with respect to the company.

The Supervisory Body will have to be established by means of resolutions of the Board of Directors.

It remains in office for three years, renewable also tacitly.

Upon expiry of the term, the members of the Supervisory Body remain in office until new appointments are resolved by the Board of Directors.

Termination of office due to expiry of the term takes effect from the time the new SB is formed.

The same causes of ineligibility and forfeiture that exist pursuant to Article 2399 of the Italian Civil Code apply to the Supervisory Body.

The SB can only be revoked by the Board of Directors for just cause. The revocation must be resolved after hearing the parties concerned.

In the event of the termination, revocation, demise, resignation or forfeiture of one of the members of the SB, the Board of Directors is obliged to promptly appoint a new member.

The members of the SB must not have been subject to criminal proceedings or convicted by means of sentence (even if not final) for one of the offences referred to in Italian Legislative Decree No. 231/2001.

The remuneration for the office of external member of the Supervisory Body, for the entire duration of the term of office, is established in the resolution of the Board of Directors that made the appointment. Appointment as a member of the Supervisory Body is conditional on the presence of the subjective eligibility requirements. The following causes of ineligibility and/or incompatibility are also envisaged, in addition to those that may be envisaged by applicable regulations:

-    conflicts of interest, even potential ones, with the company such as to jeopardise the independence required by the role and duties as a member of the Supervisory Body;

-    persons bound by relationships of kinship, marriage (or de facto cohabitation situations comparable to marriage)or affinity up to the fourth degree of kinship of the directors and auditors of the Company, of senior management, as well as directors of parent companies or subsidiaries;

-    direct or indirect ownership of shareholdings of such an extent as to allow them to exercise a significant influence over the Company;

-    persons with administrative functions, authorisations or executive appointments in the Company or in other group companies;

-    a conviction, even if not final, or a sentence for application of the punishment upon request (so-called plea bargaining) for the offences referred to in the Decree, or which, due to their particular seriousness, affect the moral and professional reliability of the person;

-    conviction, with sentence, even if not final, to a punishment entailing disqualification, even temporary, from public office, or temporary disqualification from the executive offices of legal persons and companies.

The above-mentioned reasons of incompatibility and/or ineligibility and the related self-certification must also be considered with reference to any external consultants involved in the activities and performance of the tasks of the members of the Supervisory Body. The termination of office is determined by resignation, forfeiture, revocation and, with regard to the members appointed by reason of the function they hold within the company, by the cessation of the holding of their office.

The resignation of the members of the SB may be exercised at any time and must be communicated to the Board of Directors in writing, together with the reasons leading to the same. The members of the Supervisory Body may only be removed due to just cause, by a special resolution of the Board of Directors. In this regard, just cause for removal shall mean, by way of example:

• disqualification or incapacitation, or a serious infirmity that renders the member of the Supervisory Body unable to perform his/her supervisory duties, or an infirmity that, in any case, entails his/her absence for a period exceeding six months;
• assignment to the member of the Supervisory Body of operational functions and responsibilities, or the occurrence of events, incompatible with the requirements of autonomy of initiative and control, independence and continuity of action, which are specific to the Supervisory Body;
• the loss of the subjective requirements of good standing, integrity, respectability and independence present at the time of appointment;
• the existence of one or more of the aforementioned causes of ineligibility and incompatibility;
• a serious breach of the specific duties of the Supervisory Board.

In such cases, the Board of Directors shall promptly appoint a new member of the Supervisory Body to replace the member removed. If, on the other hand, the revocation is exercised with regard to all the members of the Supervisory Body, the Board of Directors shall at the same time appoint a new Supervisory Body, in order to ensure continuity of action of the same.

The Supervisory Body shall perform the following activities:

1. oversee the observance of the Model's provisions, in relation to the different types of offences contemplated by the Decree and by the subsequent laws that extended its field of application, by defining a plan of activities also aimed at verifying the correspondence between what is abstractly envisaged by the Model and the conduct effectively maintained by the parties obliged to comply with it;

2. check the adequacy of the Model both with respect to the prevention of the commission of the offences referred to in Italian Legislative Decree No. 231/2001 and with reference to the ability to bring to light the occurrence of any unlawful conduct;

3. check the efficiency and effectiveness of the Model also in terms of compliance between the operating methods adopted in practice and the procedures formally envisaged by the Model itself;

4. check the maintenance over time of the requirements of efficiency and effectiveness of the Model;

5. carry out, also through the appointed units, periodic inspection and control activities, of a continuous and unannounced nature, in consideration of the various sectors of intervention or types of activity and their critical points in order to verify the efficiency and effectiveness of the Model;

6. report any need to update the Model, where it is found to be necessary in relation to changed business conditions, regulatory developments or alleged violations of its contents;

7. monitor the periodic updating of the system for identifying, mapping and classifying sensitive activities;

8. detect any behavioural deviations that may emerge from the analysis of information flows and from reports which the heads of the various units are obliged to make;

9. with reference to the reporting of offences, verify the adequacy of the information channels set up in application of the whistleblowing rules so that they are such as to ensure compliance with the reference legislation;

10. further the initiation of any disciplinary proceedings;

11. verify and assess, together with the units in charge, the suitability of the disciplinary system pursuant to and for the purposes of Italian Legislative Decree No. 231/2001, overseeing the observance of the prohibition of "direct or indirect retaliatory or discriminatory acts against the whistle-blower for reasons directly or indirectly linked to the whistle-blowing”;

12. further initiatives for the dissemination of knowledge and understanding of the Model, as well as for staff training and awareness-raising on compliance with the principles contained in the Model;

13. further communication and training activities on the contents of Italian Legislative Decree No. 231/2001, on the impacts of the legislation on the Company's activities and on the rules of conduct.

In order to pursue its purposes, the Supervisory Body must:

•    examine any reports received and carry out the necessary and appropriate investigations;

•    promptly report to the management body, for the appropriate measures, any ascertained violations of the Model that may give rise to liability for the Company;

•    coordinate with the structure in charge of personnel training programmes;

•    update the list of information that must be transmitted to it or kept at its disposal;

•    report periodically to the Board of Directors on the implementation of the Model.

In order to perform their tasks, the members of the Supervisory Body have unrestricted access to all the Company's units and to corporate documents, without the need for any prior consent.

The Board of Directors shall ensure adequate communication to the departments of the tasks of the Supervisory Body and its powers. The SB has no management or decision-making powers concerning the performance of the Company's activities, organisational powers or powers to change the Company's structure, nor sanctioning powers. The SB, as well as the persons of which the Supervisory Body avails, for any reason whatsoever, are obliged to observe the obligation of confidentiality on all the information of which they have become aware in the performance of their duties. 

 

4.2 Supervisory Body Reporting to the corporate bodies

The Supervisory Body reports on the implementation of the Model, on the emergence of any critical aspects, and on the need for changes. Two distinct lines of reporting are envisaged:

• the first, on an ongoing basis, directly to the Managing Director, informing him/her, whenever he/she deems it appropriate, on significant circumstances and facts pertaining to his/her office.

The Supervisory Body immediately communicates the occurrence of extraordinary situations (e.g.: significant violations of the principles contained in the Model that have emerged further to its supervisory activities, legislative innovations concerning the administrative liability of entities, etc.) and reports received that are of an urgent nature;

• the second, on an annual periodic basis, to the Board of Directors, by means of the preparation of a written report, which must contain, as a minimum, the following information:

• a summary of the activities carried out during the year;
• any problems that have arisen with regard to the implementation methods for the procedures adopted to implement the Model;

• if not previously and specifically reported:

• the corrective actions to be adopted in order to ensure the efficacy and/or effectiveness of the Model, including those necessary to remedy the organisational or procedural shortcomings that have been ascertained and which are likely to expose the Company to the risk of offences relevant for the purpose of the Decree being committed, including a description of any new “sensitive” activities identified;
• always in compliance with the terms and methods indicated in the disciplinary system adopted by the Company pursuant to the Decree, an indication of the conduct ascertained and found not to be in line with the Model;
• an account of the reports received, including those directly encountered, concerning alleged violations of the provisions of this Model, of the prevention protocols and of the related implementation procedures and the outcome of the consequent checks carried out;
• disclosure on the possible commission of offences relevant for the purpose of the Decree;
• the disciplinary procedures and any sanctions applied by the Company, with reference to violations of the provisions of this Model, the prevention protocols and the related implementation procedures;
• an overall assessment of the functioning of the Model with any indications for additions, corrections or amendments;
• the reporting of any changes in the regulatory framework and/or significant changes in the internal structure of the Company that require an update of the Model;
• a statement of expenses incurred.

 

4.3 Disclosure to the supervisory body

The Supervisory Body is the recipient of any information, documentation and/or communication, including from third parties, pertaining to compliance with the Model.

The SB establishes, in its control activities, the documentation that, on a periodic basis, must necessarily be submitted for its attention.

More specifically, with regard to the general reporting activities to the Supervisory Body, it must concern, in a structured form, through the following reports prepared by the units identified in the procedures adopted by the Company, on a six-monthly basis:

• list of the violations of the IT security (“data breach”);
• disclosure report summarising the main activities carried out for the purposes of preventing and protecting against risks in the workplace (reports received, findings following inspections, recorded accidents and other incidents, minutes of the periodic meeting) and the effectiveness and adequacy of the SSL system and the management measures adopted;
• list of consultancy assignments entered into made by direct award;
• list of donations, contributions and gifts as well as entertaining expenses exceeding the “modest value” as qualified in the company documentation (beneficiary, amount, date of payment);
• list of recruitments, and related selection process, made outside the budget or by way of departure to the dedicated procedure;
• list of new company provisions (models, directives, regulations, procedures, organisation charts, authorisations, powers, etc.) relating to the sensitive activities indicated in the Model;
• list of pending court cases and arbitration proceedings.

By contrast, the following must be submitted when the following events occur:

• report by the Data Protection Officer (hereinafter “DPO”) on the personal data processing methods used by the Data Controller, also with regard to the profile of the security measures adopted and in keeping with the level of risk;
• results of inspections/audits by public bodies (Labour Inspectorate, Fire Brigade, INAIL, ASL, local authorities, Finance Police, etc.);
• list of settlement agreements in respect of disputes or legal action brought;
• orders and/or information from the judicial police or other authorities, from which it could be inferred that an investigation is underway, also launched against persons unknown, for the offences contemplated by Italian Legislative Decree No. 231/2001 and which may involve the Company;
• requests for legal assistance forwarded by the directors, the executives and/or by employees, should legal proceedings be launched against them and with specific regard to the offences as per Italian Legislative Decree No. 231/2001, subject to the express prohibition of the legal authorities;
• reports prepared by the heads of Compliance, Management Control or other company units within the sphere of their control activities and which could reveal circumstances, deeds, events or omissions with critical profiles with respect to observance of the norms and provisions of the Model;
• information relating to disciplinary proceedings carried out and any sanctions applied (including the proceedings against employees), or the dismissal of such proceedings with indication of the relevant grounds;
• outcomes of resolutions of corporate bodies that may entail changes in the functionality and structure of the Model (e.g. changes in the organisational structure, changes in governance and changes in business lines);
• any other deed or document with critical profiles with respect to compliance with the regulations of the Decree or the provisions of the Model;
• any other information which, albeit not included in the above list, is relevant for the purpose of correct and complete supervisory and up-dating activities on the Model.

If the news of the possible commission of offences or violations of the Model involves the Company's Board of Directors, the Supervisory Body alone shall be directly informed.

In conclusion, SPAL Automotive's SB must be informed by the administrative department of the system of authorisations and powers of attorney adopted by the Company.

Information flows must reach the SB by means of the methods effectively defined by it.

Reports, possibly also in anonymous form, concerning evidence or suspicion of violation(s) of the Model must be as detailed as possible. They may be sent in writing in hardcopy or by means of the use of a specially dedicated e-mail account.

The SB shall act in such a way as to guarantee whistle-blowers against any form of retaliation, discrimination or penalisation, also guaranteeing the confidentiality of the whistle-blower's identity, without prejudice to legal obligations and the protection of the rights of the Company or of persons accused wrongly or in bad faith.

The SB assesses the reports received and decides on the action to be undertaken, hearing, if necessary, the author of the report and/or the person responsible for the alleged breach.

If the perpetrator of the offence should be either a member of the Board of Directors or the Chairman of the Board of Directors, the SB shall carry out a summary investigation and, after carrying out the necessary in-depth checks, shall take the most appropriate measures, taking care to inform either the other members of the Board of Directors or the Independent Auditing Firm.

The SB shall prepare a special database, in electronic or hardcopy form, in which all reports, information and notifications pursuant to this document shall be kept for a period of 10 years. This is subject to compliance with the provisions on the confidentiality of personal data and the rights guaranteed in favour of the data subjects.

The SB alone is allowed to access the database.

The Company, in compliance with the matters envisaged by the whistleblowing regulations, has set up the following reporting channels, in order to guarantee the confidentiality of the identity of the whistle-blower and with reference to reports also made by “third parties”:

-    the e-mail account odv231@SPAL.IT opened, by the Supervisory Body, on a domain owned by the Company, and published on the website;

-    ordinary mail with the indication "CONFIDENTIAL" on the envelope addressed to: Supervisory Body, c/o SPAL Automotive S.r.l. with sole shareholder - Via per Carpi 26/B - 42015 Correggio (RE), Italy.

The Supervisory Body assesses the reports received and determines any initiatives, hearing, if necessary, the author of the report and/or the person responsible for the alleged violation and/or any other person it deems useful, justifying any conclusions reached in writing. In particular, reports received via the above-mentioned channels are handled by the SB, which carries out an initial assessment of the report in order to:

• ascertain that it falls within the scope of the SB's responsibility;
• ascertain that it is sufficiently detailed so to be able to proceed to a more in-depth investigation. If the report has the above-mentioned characteristics, the SB starts the investigation, the assessment activities and any corrective measures, otherwise, it files the report, with a brief explanatory note. In particular:

• Investigative activities: the SB assesses, at its own discretion and under its own responsibility, the report in order to assess the need to carry out specific in-depth investigations to ascertain the facts reported therein. This need is determined on the basis of the following elements: (i) information provided with the report; (ii) current procedures in force relating to the facts reported; (iii) previous reports/checks on the same subject and already examined.
• Assessment activities: the SB initiates ad hoc checks (investigation activities), possibly in a confidential manner, depending on the subject matter of the report. Any investigation activity is carried out with the support of the competent units or external parties and in compliance with all applicable rules to protect both the whistle-blower and any persons involved in the checks. If the SB considers that it is not necessary to carry out further checks, it draws up a brief note explaining the analyses carried out and files the report.
• Corrective measures: if the investigation reveals the need for corrective action, the SB asks the competent units to implement it.

The Supervisory Body establishes a register of reports, containing details of the reports received, the persons responsible for them, and any sanctions imposed on them.

All information, whistleblowing, reports envisaged in the Model are kept by the Supervisory Body in a special archive (computerised or hardcopy-based).

 

 

5 Disciplinary and sanctions system

 

5.1 General principles

The effective implementation of the Model is also ensured by the provision and arrangement of an adequate disciplinary and sanction system for the violation of the rules of conduct imposed by the aforementioned Model for the purpose of preventing the offences referred to in the Decree (Article 6.2, letter e, Article 7.4, letter b), and, in general, of the internal procedures. The application of disciplinary sanctions is independent of the actual commission of an offence and, therefore, of the initiation and outcome of any criminal proceedings.

Disciplinary sanctions may therefore be applied by the Company to any violation of this Model and of the Code of Ethics, regardless of the commission of an offence and of the initiation and outcome of a criminal trial launched by the judicial authorities.

Violation of the individual provisions of this Model and the Code of Ethics always constitutes a disciplinary offence. In any case, the Supervisory Body must be informed of the proceedings for the imposition of disciplinary sanctions or any archiving.

The Company shall inform all the above-envisaged parties, as soon as their employment relationship arises, of the existence and content of this disciplinary system.

 

5.2 Sanctionable conduct: key categories

Actions carried out in violation of the Code of Ethics, the Model and the internal operating procedures, as well as failure to comply with any indications and instructions issued by the Supervisory Body, are punishable.

Sanctionable violations can be divided into four key categories according to an increasing order of seriousness:

• violations not related to sensitive activities;
• violations connected to sensitive activities;
• violations that can only constitute the fact (objective element) of one of the offences for which the administrative liability of corporate entities is envisaged;
• violations aimed at committing offences envisaged in the Decree or which, in any case, entail the possibility of assignment of administrative liability to the Company.

By way of example, the following constitute sanctionable conduct:

• failure to comply with procedures laid down in the Model and/or referred to therein;
• failure to comply with disclosure obligations imposed in the control system;
• the omission or untruthful documentation of transactions in compliance with the principle of transparency;
• the omission of controls by responsible parties;
• the unjustified failure to comply with disclosure obligations;
• the omission of controls on the dissemination of the Code of Ethics by responsible parties;
• the adoption of any act that circumvents the control systems;
• the adoption of conduct exposing the Company to the communication of the sanctions envisaged by Italian Legislative Decree No. 231/2001;
• violations of the measures for the protection of whistle-blowers and the making, with malice or gross negligence, of reports that turn out to be unfounded.

 

5.3 Parties

All employees, executives, directors and associates of the Company, as well as all those who have contractual dealings with the company, by virtue of specific contractual clauses, are subject to the sanctions and disciplinary system set out in this Model. If one or more seconded employees of a Group company work care of the Company, these parties are required to comply with the provisions of the Code of Ethics and this Model.

 

5.4 Violations of the Model and related sanctions

In accordance with current legislation and the principle of the typical nature of violations and sanctions, the Company has drawn up the rules of conduct contained in the Model and in the Code of Ethics, the violation of which constitutes a disciplinary offence, as well as the applicable sanctions, proportionate to the seriousness of the violations. With reference to the obligations of diligence, loyalty and correctness that must characterise the fulfilment of work services and the conduct to be adopted in the workplace, it is deemed appropriate to refer to the Code of Ethics, in which the possible violations committed by the employee and the corresponding sanctions that may be imposed are set out.

This is without prejudice to the right of the Company to claim compensation for damages resulting from the violation of the Model and the Code of Ethics, which shall be in proportion to:

1. the level of autonomy of the employee;

2. the seriousness of the consequences of the violation, i.e. to the possible implications in terms of Italian Legislative Decree No. 231/01;

3. the level of intentionality of the conduct;

4. the possible presence of previous disciplinary sanctions imposed.

The unit responsible for initiating and carrying out the disciplinary proceedings is the Group Human Resources Division, which must keep the Supervisory Body constantly informed of the progress of the proceedings, the justifications put forward, the outcome and any other information that may be of interest to the Supervisory Body.

 

5.5 Measures taken against employees, executives, directors, and other members of the intended audience

Employees

Employees must comply with the obligations established by Article 2104 of the Italian Civil Code, obligations of which this Model and the Code of Ethics are an integral part. For non-executive employees, the sanctions that can be imposed, in accordance with the provisions of Article 7 of Italian Law No. 300/1970 (the so-called Workers' Statute) and any applicable special regulations, are those envisaged by law, as well as by the sanctioning system of employment contracts.

In particular, also in accordance with the National Collective Labour Agreement (CCNL) for non-executive personnel, it is envisaged that:

• a verbal or written reprimand shall be inflicted on any worker who violates the internal procedures laid down in this Model (e.g. fails to observe the prescribed procedures, fails to provide the SB with the necessary information, etc.), or adopts, in the performance of activities in areas at risk, conduct that does not comply with the provisions of the Model itself and the Code of Ethics;
• a worker who repeatedly violates the internal procedures of the Model or adopts, in the performance of activities in areas at risk, conduct that does not comply with the provisions of the Model itself and with those of the Code of Ethics, even before such violations have been individually ascertained and contested, shall incur a fine not exceeding four hours' pay;
• the measure of suspension from service and pay, for a period of between 1 and 10 days, shall be applied to any worker who - in violating the internal procedures envisaged by this Model or adopting, in the performance of activities in areas at risk, conduct that does not comply with the provisions of the Model itself and with those of the Code of Ethics, as well as performing acts contrary to the interests of the Company, causes damage to SPAL Automotive or exposes it to an objective situation of danger to the integrity of the Company's assets. In addition, the same sanction applies to any worker who violates the measures envisaged for the protection of persons who report offences, as well as to anyone who reports offences which then prove to be unfounded (see "whistleblowing" procedure);
• the measure of dismissal with notice shall be applied to any worker who adopts, in the performance of activities in areas at risk, conduct that does not comply with the provisions of the Model and of the Code of Ethics, aimed at committing an offence among those directly attributable to the Company pursuant to the Decree;
• the measure of dismissal without notice shall be applied to any worker who adopts, in the performance of activities in areas at risk, conduct clearly in breach of the provisions of this Model and/or of the Code of Ethics, such as to determine the effective application against the Company of the sanction measures envisaged by the Decree.

No action may be taken against the worker without first having notified the charge in writing and without having heard his/her defence. The worker shall be notified of the contestation within 15 days from the date on which the company became aware of the contested fact.

The worker, within a period of 5 days from the date of receipt of the notification, may request to be heard in his/her defence, with the right to be assisted by a representative of the trade union association to which he/she belongs or to which he/she grants mandate.

The disciplinary sanction shall be communicated by the Company to the worker no later than 20 days from receipt of the written justification or from the date on which the employee was heard in his/her defence.

The type and quantum of the above-mentioned disciplinary sanctions are established on the basis of:

• the intentionality of the conduct or the degree of negligence, imprudence or inexperience with regard to the foreseeability of the event;
• the overall behaviour of the worker, with specific regard to disciplinary precedents, if any, to the extent permitted by the law;
• the duties performed by the worker;
• the functional position of the persons involved in the facts constituting the disciplinary breach;
• any other specific circumstance which accompanies the disciplinary violation.

The assessment of the aforementioned infractions, disciplinary proceedings and the imposition of sanctions are the responsibility of the Human Resources Division.

The disciplinary system is constantly monitored by the SB.

Executives

In the event of violations, by executives, of the internal procedures envisaged by this Model or of the adoption, in the performance of activities in areas at risk, of conduct that does not comply with the provisions of the Model itself or of the Code of Ethics, the Human Resources Division will apply, vis-à-vis those responsible, the most appropriate measures in accordance with the matters envisaged by the National Collective Labour Agreement for Industrial Company Executives.

Directors

In the event that one or more directors violate the procedures laid down in the Model or adopt conduct that does not comply with the provisions of the Model and/or the Code of Ethics when carrying out activities in areas at risk, the SB will independently assess the reports to be made.

If it is a minor irregularity, the Board of Directors, in agreement with the SB, shall adopt the measure of a written reprimand vis-à-vis the perpetrator or perpetrators of the violation.

If it is a more serious irregularity, the Board of Directors shall call a Shareholders' Meeting, which:

• may revoke the mandate due to just cause of the individual director perpetrating the violation of the Model and/or Code of Ethics.

This shall be without prejudice to the Company's rights in respect of any claims for damages caused to it by the perpetrator of the violation of the prevention system.

Other members of the intended audience

Any inobservance of the rules of conduct indicated in the Model, as well as any violation of the provisions and principles established in the Code of Ethics by associates, consultants, suppliers and other third parties, may determine, in accordance with the matters disciplined in the specific contractual relationship, the termination of the same; this is without prejudice to the right to claim compensation for damages incurred as a result of such unlawful conduct, including those resulting from the application by the criminal court of the measures envisaged by Italian Legislative Decree No. 231/2001.

In the event of professionals and external consultants for whom there is no written contract, a declaration is required in which they certify their actual knowledge of the Model and the Code of Ethics and their commitment to comply, within the scope of their work, with the provisions contained therein.

The latter also takes care of any updating of the precautions described above, in agreement with the competent company Division.

 

 

6 Selection and training of the staff

 

6.1 Training and divulgation of the Model

For the purpose of efficiently implementing the Model, the Company ensures the correct divulgation of the contents and principles of the same within and outside its organisation. The Company's objective is to communicate the contents and principles of the Model also to persons who, although not formally employees, operate - even occasionally - for the achievement of the Company's objectives by virtue of contractual relations.

The Company, in fact, intends to:

•  determine, in all those who work in its name and on its behalf in “sensitive” activities, the awareness that they may incur, in the event of violation of the provisions herein, an offence punishable with sanctions;
• inform all those who operate for any reason in its name, on its behalf and in any event in its interests that the violation of the provisions contained in the Model will result in the application of appropriate sanctions or the termination of the contractual relationship;
• reiterate that the Company does not tolerate unlawful conduct, of any kind and regardless of any purpose, since such conduct (even if the Company were apparently in a position to benefit from it) is in any case contrary to the ethical principles to which the Company intends to adhere.

The training activities aimed at spreading knowledge of the regulations pursuant to Italian Legislative Decree No. 231/2001 is differentiated, in terms of content and delivery methods, according to the recipients' position, the risk level of the area in which they operate, and whether or not they represent the Company.

The Company takes care of the adoption and implementation of an adequate level of training by means of appropriate disclosure tools such as:

• classroom information;
• on-line training;
• disclosure material.

Training must focus on the complete knowledge and understanding of the following areas:

•  Italian Legislative Decree No. 231/2001: the general principles, the offences envisaged (including those referred to in Italian Law No. 146/2006) and the sanctions applicable to the Company;
•  the standards of conduct contained in the Model and in the Code of Ethics;
• the powers of the Supervisory Body, as well as the disclosure obligations vis-à-vis the same;
• the disciplinary system;
• the system for reporting offences (so-called whistle-blowing).

 

6.2 Members of the corporate bodies, employees, executives and middle management

The Company intends to ensure correct and complete knowledge of the Model and the content of Italian Legislative Decree No. 231/2001 and the obligations arising therefrom.

Training and disclosure is managed by the Group Human Resources Division assisted by the SB, in close coordination with the heads of the areas/units involved in the application of the Model.

This training and disclosure effort is also extended to all those who, although not belonging to the corporate structure, could abstractly operate in the interests and/or to the advantage of the Company.

However, only communication and information activities concerning the Code of Ethics are aimed at third parties.

The adoption of this document is communicated to all those working for and in the name of SPAL Automotive at the time of its adoption.

All employees and senior management must sign a special form certifying that they are aware of and accept the Model, a copy of which is available in hardcopy or on computer medium.

New employees are given an information set containing the Model, including the Code of Ethics and the text of the Decree, by means of which knowledge considered of primary importance is ensured to them.

Standard contractual clauses are included in contracts entered into with external professionals and consultants, which commit them not to adopt conduct that is not in line with the principles of conduct and ethical values which the Company aspires to. By contrast, in the contracts or relationships in place with suppliers of services/equipment/tools, a disclosure note is provided informing these parties that SPAL Automotive has adopted a Model, a Code of Ethics and a Supervisory Body. This disclosure also informs suppliers that they will be required to comply with the General Section of the Model and the Code of Ethics.

Continuous training and refresher activities are organised by the competent corporate units under the supervision of the Supervisory Body, by means of compulsory periodic meetings, modulated in content and frequency, depending on the qualification of the recipients and the function covered by them.

If deemed necessary by the SB, external professionals with specific expertise on the subject of offences attributable to the Company, the analysis of organisational procedures and processes, as well as the general principles of compliance legislation and related controls will attend the meetings.

 

6.3 Other members of the intended audience

The activity of communicating the contents and principles of the Model shall also be addressed to third parties that have contractually regulated collaboration dealings with the Company, with particular reference to those that operate within the sphere of activities deemed sensitive pursuant to Italian Legislative Decree No. 231/2001.