Glaston Italy S.p.A. Model of organisation, management and control pursuant to Legislative Decree 231/2001 Bregnano, 16.12.2011
CONTENTS 1. Legislative Decree no. 231 of 08 June 2001. 1.1 The administrative liability of legal entities, companies and associations 1.2 The type of criminal and administrative offences 1.3 The models of organisation, management and control 2. Model of organisation, management and control pursuant to Legislative Decree 231/2001 of Glaston Italy S.p.A. 2.1 Adoption of the Model 2.2 Model and Ethics Code of Conduct 3. Recipients of the Model 4. Adoption and amendments to the Model 5. The Supervisory and Control Body 6. Disciplinary System 6.1 General criteria for the imposition of sanctions 6.2 Middle Managers and Employees 6.3 Managers (dirigenti) 6.4 Persons in top positions 6.5 External staff subject to supervision 6.6 Board of Statutory Auditors 7. Sanction proceedings 8. Information and training 2
1. Legislative Decree no. 231 of 08 June 2001. 1.1 The administrative liability of legal entities, companies and associations On 8 June 2001 Legislative Decree no. 231 (hereinafter "Decree" or "Legislative Decree" 231/2001") was issued, entering into force the following 4 July, under the name "Administrative liability of legal entities, companies and associations including those without legal personality"; the Decree introduced for the first time in our legislation (conforming to certain international Conventions, to which Italy has long since adhered) a system of administrative liability - largely related to criminal liability - of entities for certain crimes or administrative offences committed, in the interest or for the benefit of such entities, by: (i) individuals who hold positions of representation, administration or management of those entities or their organisational units with financial and functional independence, as well as persons who exercise, even de facto, the management and control of those entities (top management); (ii) individuals under the direction or supervision of one of the aforementioned individuals. The entity's liability is in addition to and does not replace that of the individual who materially committed the offence, who, therefore, is subject to ordinary criminal law. This extended liability aims at involving in the repression of certain criminal offences the entities that have benefited from the commission of the offence or in the interest of which the offence was committed. Thus the Decree's objective is to build a Model of liability of entities in compliance with safeguarding principles, but with a preventive function (the "Model"): in practice, by envisaging a liability of the company, the Decree intends to encourage the latter to organize its structures and activities in such a way as to ensure appropriate conditions to safeguard the interests protected under criminal law. The sanctions that can be imposed to the entity are both of pecuniary and interdictory type, among which the most serious are the suspension of licenses and concessions, disqualification from contracting with the Public Administration, debarment from carrying on business, ineligibility or withdrawal of loans or government grants, prohibition to advertise goods and services. Interdictory measures - where there are serious indications of the entity's liability and there are substantial and specific elements that make likely a possible commission of offences of the same nature - can be applied, at the request of the prosecutor, even on a precautionary basis, already during investigations. The liability under the Decree also applies in relation to offences committed abroad, provided they are not subject to direct proceedings by the State of the place where the offence was committed. The liability introduced by Legislative Decree. 231/2001 only arises in cases where the criminal offence is committed in the interest or for the benefit of the entity: therefore, not only when the wrongful act resulted in a benefit, financial or otherwise, for the entity, but also where, in the absence of such a tangible result, the reason for the offence is 3
represented by the interest of the entity. There is no entity's liability, instead, where the offenders who committed the criminal or administrative offence acted in their own interest or that of third parties. 1.2 The type of criminal and administrative offences With regard to the type of offences resulting in the application of the above system of administrative liability of entities, Legislative Decree 231/2001, in its original version, referred to a series of offences committed in dealings with the Public Administration, such as: undue receipt of grants, loans or other funds from the State or other public authority; fraud against the State or other public authority; aggravated fraud for the purpose of obtaining public funds; computer fraud against the State or other public authority; bribery regarding an official duty; bribery regarding an act contrary to official duties; bribery in judicial proceedings; inducement to bribery; extortion; misappropriation against the State or other public authority; The original text was supplemented by subsequent legislation that broadened the range of offences the commission of which may determine the administrative liability of entities. In fact, in addition to Articles 24 (Undue receipt of funds, fraud against the State or a public authority or to obtain public funds and computer fraud against the State or a public authority) and 25 (Extortion and bribery), the following were subsequently introduced: - Article. 25-bis which aims at punishing the offence of "counterfeiting money, public paper and revenue stamps" - Article. 25-ter, which extended the administrative liability of entities also to the commission of "corporate offences" (such as, for example, false accounting, false corporate communications, market rigging, obstructed control, transactions to the detriment of creditors, etc.), albeit limiting the sanctions to those of a pecuniary nature; - Article. 25-quater, which refers to "terrorist offences and subversion of democratic order"; - Article. 25-quinques, which aims to suppress certain "offences against the person" (such as, for example, reduction or maintenance in slavery or servitude, prostitution and child pornography, possession of pornographic material, human trafficking, etc..); - Article. 25-sexies with particular reference to both criminal and administrative offences of "insider trading" and "market manipulation". It should be added that failure to disclose a conflict of interest by, inter alia, a director or a member of the management board of a company with listed securities has been included among corporate offences, while, following the repeal by Law 262/2005 of Article. 2623 of the Italian Civil Code, the offence of false prospectus (now provided in Art. 173-bis of 4
Legislative Decree 58/1998), is no longer part of the corporate offences relevant for the purposes of Legislative Decree 231/2001. The scope of offences relevant for the purposes of Legislative Decree 231/2001 was subsequently expanded with the introduction of the following articles: - Article. 24-bis which punishes the commission of offences falling within the category of "computer crimes and unlawful data processing", introduced by Law 48/2008; - Article. 25-septies, concerning offences of "manslaughter and grievous or extremely grievous personal injury committed in violation of laws on accident prevention and the protection of health and safety at work", introduced by Law 123/2007; - Article. 25-octies, relating to the offences of "receiving, laundering and using monies, property or benefits of unlawful provenance", introduced by Legislative Decree 231/2007; - Article. 24-ter which punishes the commission of "organised crime" introduced by Law 94/2009; - Article. 25-bis.1., in relation to "offences against industry and commerce "introduced by Law 99/2009; - Article. 25-novies, concerning "offences related to the infringement of copyright" introduced by Law 99/2009; - Article. 25-decies, concerning "inducement not to make statements or to make false statements to judicial authorities", introduced by Law 116/2009; - Article. 25-undecies, concerning "offences to the detriment of protected wildlife and environmental offences", introduced following the entry into force of Legislative Decree 121/2011; - Article. 25-duodecies, concerning employment of foreign workers illegally staying in Italy, introduced following the entry into force of Legislative Decree 109/2012. 1.3 The models of organisation, management and control Article 6 of Legislative Decree 231/2001, while introducing the system of administrative liability, provides, however, for a specific form of exemption from such liability if the entity proves that: a) prior to the commission of the offence, the governing body of the entity had adopted and effectively implemented "models of organisation and management" designed to prevent offences similar to those occurred; b) the task of supervising the operation of and compliance with the models as well as their updating had been entrusted to a body of the entity with independent powers of initiative and control ; c) the offenders committed the offence by fraudulently circumventing the above models of organisation, management and control; d) there was no omission or insufficient supervision by the body referred to in letter b) above. Legislative Decree 231/2001 also stipulates that models of organisation and management should meet the following requirements: 1) identify the activities in the context of which the offences provided for in the Decree may be committed; 5
2) envisage specific protocols aimed at planning the definition and implementation of the entity's decisions regarding the prevention of offences; 3) identify appropriate methods for managing financial resources in order to prevent the commission of these offences; 4) establish information obligations vis à vis the body in charge of overseeing the functioning of and compliance with the Model; 5) introduce a suitable internal disciplinary system to punish non-compliance with the rules indicated in the Model. The essential characteristics specified by the Decree for the set-up of the Model of organisation and management relate, after all, to a typical corporate risk management system. Legislative Decree 231/2001 also states that the models of organisation and management can be adopted, ensuring the requirements listed above, on the basis of codes of conduct drawn up by trade associations, and communicated to the Ministry of Justice which, in consultation with the competent ministries, may submit, within thirty days, comments on the suitability of the models to the prevent the offences. 2. Model of organisation, management and control pursuant to Legislative Decree 231/2001 of Glaston Italy S.p.A. 2.1 Adoption of the Model The Model of Glaston Italy S.p.A. ("Glaston" or Company") was prepared in implementation of the Decree and in particular it implements the requirements contained in Article 6, paragraphs 1 and 2. The Model aims to set up a comprehensive and structured set of procedures and control activities, designed to prevent the commission of the offences set forth in the Decree. This objective was achieved through the identification of the processes at risk as existing in Glaston. Through the identification of these processes, the activities inherent thereto and the subsequent establishment of a control system, the company intends to make aware all those who work in the name or on behalf of Glaston, that they may incur a punishable offence, the commission of which is strongly censored by the Company; enable the Company to prevent and combat the commission of these offences through the constant monitoring of activities at risk. The qualifying principles of this Model are: - identification of business processes and mapping of company's activities exposed to risk; - establishment of a Supervisory Body (so called "SB") with financial independence and powers of initiative and control to ensure the operation, effectiveness and compliance with the Model. -verification of corporate conduct and documentation for each relevant transaction; -adoption of a suitable disciplinary system to punish non-compliance with the requirements 6
and procedures provided for in the model; dissemination at all levels of the organisation of the rules of conduct and procedures. The Board of Directors by means of resolution dated [ ], chose to assign supervision to an individual body consisting of an external professional operating in the legal sector. 2.2 Model and Ethics Code of Conduct Glaston has an Ethics Code of Conduct intended as an instrument of general application that summarizes the set of values and rules of conduct to which the company intends to make constant reference in the performance of its business activities. The Code has been adequately circulated within the Company and it moreover constitutes a document to which specific reference has to be made when entering into contracts with third parties. In implementing the contents of the Confindustria Guidelines, a close integration between the Model and the Ethics Code of Conduct has been implemented, in order to form a corpus of internal rules that are intended to encourage the culture of ethics and transparency in the company. The Ethics Code of Conduct is an integral part of the Model. The Company shall not start any business relationships with third parties that do not intend to conform to the principles of the Ethics Code of Conduct nor shall it continue such relationships with those who infringe those principles. Therefore, employees responsible for corporate functions that enter into and maintain business relationships with third parties are obliged to inform them about the adoption of the Ethics Code of Conduct and ensure that the principles therein contained are accepted and applied. 2.3 Activity carried out for the drafting, updating and management of the Model The following business areas were involved in the preparation of the Model: - General Management - Administration and Finance - Human Resources - Sales and Sales Support - Machines Delivery - Tools Delivery - Service - Quality - Research and Development - Marketing & Communication - Product Marketing use was also made of external opinions and advice. 7
These activities can be summarized as follows: Identification of processes and mapping of risks relating to Legislative Decree 231/2001 A complete analysis of business processes was carried out, identifying those activities from which the risks of committing the offences covered by the Decree may potentially arise. The degree of risk was defined on the basis of the actual "probability of occurrence of the offences" that could be committed by the various business functions when carrying on the activities under their responsibility. Subsequently, an assessment was performed of the control environment related to the activities carried out by the individual business functions, evaluating existing control tools. 8
Drafting and adoption of protocols and procedures identified during risk assessment On the basis of the results obtained in the assessment of the risk of offences, the principles to be followed by the internal procedures prepared by the Company were identified. These principles are contained in "Rules of Authorities" prepared and issued by the Glaston Group, as amended on 11 January 2010, which form an integral part of the Model and which the Administration/Finance and Human Resources Departments shall localize and communicate. The Rules of Authorities include Group Policies, specifically the Capital Expenditure Policy, the Risk Management Policy, the Credit Management Policy and the Treasury Policy. On the basis of the Company s system of delegation and powers of attorney, its organization chart and the Rules of Authorities system, in order to be effective the procedures must: - identify for each process activity the persons who act, those who control and those who decide; - include the traceability of the persons who acted, those who controlled and those who decided (documentary traceability of transactions carried out); - be updated in case of: - organisational changes, - proven ineffectiveness, - introduction of new offences relevant for the purposes of the Decree. and be brought to the attention of recipients through training and information sessions. Drafting and adoption of the penalty system To ensure the effective implementation of the Model as set forth in Art. 7, paragraph 4, letter b) of the Decree, a specific Disciplinary System was adopted. 3. Recipients of the Model The recipients of the Model's provisions in Glaston are: - The members of the Board of Directors, the General Manager if appointed; - All employees of the Company, External Staff, Consultants and attorneys, whether employees of the company or otherwise, as individuals subject to the direction of others; - The Supervisory Body (the "Recipients"). All recipients must comply with the provisions of the Model and the Ethics Code of Conduct as well as with the laws and regulations in force, The individuals in top positions, in particular, shall: - ensure information, training and awareness of those under their direction with regard to the conduct they have to adopt in the performance of their duties; - conform to the principle of transparency when making business decisions; - perform control and supervisory functions with respect to persons under their direction. 9
- ensure full respect of individual rights. - evaluate the option of terminating a contract with a third party if they become aware of behaviours that fall within the scope of Legislative Decree. 231/2001. 4. Adoption and amendments to the Model In compliance with the provisions of the Decree, the adoption of the Model is the responsibility of the Board of Directors. The Board of Directors is also responsible for approving the amendments and updates to the Model prepared and proposed by the SB. Any review or update of the procedures fall within the responsibility of the Managing Directors, or the persons appointed by them. The corporate bodies and all employees are committed to compliance with the laws and regulations in force in all the countries where the Company operates. The corporate bodies should be aware of the laws and regulations cited above, and the resulting behaviour to be adopted. The corporate bodies and all employees are committed to compliance with company procedures and they follow the principles of the Ethics Code of Conduct in any decision or action relating to the management of the Company. Department managers must ensure that: all employees are aware of the laws and consequent conduct and, where they have doubts on how to proceed, they are adequately guided; an adequate program is implemented to provide training and to continuously raise awareness on issues relating to the Ethics Code of Conduct. when participating in tenders issued by the Public Administration and in general in any dealings with the latter, all employees must act in compliance with the laws and regulations in force and good business practice. Managers of departments that may be conducting business in contact with the Public Administration must: provide their staff with directions on practical conduct to adopt in formal and informal contacts maintained with the various public authorities, according to the peculiarities of their own sphere of activity, transferring knowledge about regulations and awareness of situations exposed to the risk of crime; ensure adequate traceability mechanisms are in place in relation to the information flows towards the Public Administration. All consultants, suppliers and generally any third party acting on behalf of the Company are committed to compliance with the laws and regulations in force in all the countries where the Company operates; no relationship is started or continued, with those who do not intend to be in line with this principle. The appointment of such persons to act on behalf and/or in the interests of the Company must be given in writing and include a specific clause obliging compliance with the principles of ethical conduct adopted by the Company. Failure to comply with the foregoing may result in termination for breach of contract. 10
All consultants, suppliers and generally any third party acting on behalf of the Company are identified and selected with absolute impartiality, autonomy and independence of judgment. In their selection, the Company carefully assesses their expertise, reputation, independence, organizational skills and suitability for the proper and timely execution of contractual obligations and the tasks assigned. All consultants, suppliers and generally any third party acting on behalf of the Company must operate, at all times and without exception, with integrity and diligence, in full compliance with the principles of fairness and legitimacy provided for in the ethical codes as they themselves may have adopted. When requesting the State or other public authorities or the European Community subsidies, grants or loans, all those involved in these procedures must: behave honestly and truthfully, using and submitting statements and documents that are complete and relevant to the activities for which the benefits may be lawfully obtained; after obtaining the requested funds, allocate them to the purposes for which they were requested and granted. The heads of the administrative/accounting departments must ensure that each transaction is: legitimate, consistent, reasonable, authorised, verifiable; correctly and properly recorded so as to allow for a verification of the decision, authorization and performance processes; accompanied by appropriate documentary support so as to allow, at any time, the controls on the characteristics and rationale of the transaction and the identification of those who authorized, performed, recorded, and checked the transaction. All employees involved in preparing the financial statements or other similar documents must behave properly, give full cooperation, ensure the completeness and clarity of information provided, verify the accuracy of data and processing and report any conflicts of interest. The Directors shall notify the Board of Directors and the Board of Statutory Auditors of any interest which, on their own behalf or on behalf of third parties, they may have in a transaction involving the Company, specifying the nature, terms, origin and scope thereof. The Directors and their staff: when drafting the financial statements, market disclosures or other similar documents must present the financial and equity position and operating results in a truthful, clear and complete manner; they must promptly comply with requests for information by the Board of Statutory Auditors and facilitate in every way the conduct of control or audit activities legally assigned to shareholders, other corporate bodies or auditing firms; submit to the Shareholders Meeting acts and documents that are complete and correspond to accounting entries; provide supervisory authorities accurate and complete information on the financial and equity position and operating results. 11
Only authorized employees can liaise with the press, making sure that the information they disclose on the Company is truthful and in accordance with the laws and regulations in force. A reporting obligation to the Supervisory Body is in place with regard to, by way of example: any infringement or suspected infringement of the Organisational Model and/or the Ethics Code of Conduct. These reports must be provided only in a non-anonymous form. measures and/or information from the criminal police or any other authority, of which official knowledge is acquired, concerning offences and/or alleged offences under the Decree that could have an impact on the business. In dealings with representatives of the Public Administration, both Italian and of other countries, it is prohibited to: promise or offer them (or their relatives, kindred, friends, etc..) cash or gifts, except in the case of gifts or items of modest value; examine or propose employment opportunities to representatives of the Public Administration (or their relatives), and/or business opportunities or any other type of opportunity which could benefit them personally; promise or offer to representatives of the Public Administration (or their relatives) the provision of advice and/or other services that could benefit them personally; make unjustified entertainment expenses for purposes other than the mere promotion of the company's image; promise or provide, including through third parties, works/services that provide a personal benefit (e.g. renovation of buildings owned or enjoyed by them, or owned or enjoyed by their relatives); provide or promise to provide, solicit or obtain confidential information and/or documents or information/documents otherwise likely to affect the integrity or reputation of either or both parties; These actions and behaviours are prohibited if carried out both directly by the Company through its employees, and by non-employees acting on behalf of the Company. In addition, with respect to the Public Administration, it is prohibited to: produce false or altered documents/information; subtract or omit original documents; omit information in order to unduly guide the Public Administration's decisions in one's own favour; adopt a behaviour in any way directed at unduly influencing the decisions of the Public Administration; be represented by consultants or third parties when this can result in conflicts of interest; in general, it is forbidden to employ in the Company former employees of the Public Administration who had agreed to the requests made by the Company to the Public Administration. 12
in the course of civil, criminal or administrative proceedings, it is forbidden to undertake, directly or indirectly, any unlawful action that could favour or harm one of the parties involved Directors are prohibited from: returning capital contributions to shareholders or releasing them from the obligation to execute them, except in cases of legitimate reduction of the share capital, and from making share capital reductions or mergers with other companies or demergers, in violation of legal provisions protecting creditors; distributing profits or advances on profits not actually earned or which by law are to be allocated to a reserve, or distributing reserves that are non-distributable pursuant to the law; causing the Company to acquire or subscribe shares or quotas issued by the Company or its parent company, except in the cases permitted by law; falsely establish or increase the share capital of the Company by means of transactions not permitted by law. In general, it is prohibited to: hinder the control functions of shareholders, the independent auditors, the Supervisory Body and the Internal Audit responsible for internal controls; damage the integrity of the company's assets and carry out transactions to the detriment of creditors; influence the Shareholders' Meeting, disseminating false information about the Company. Directors, Statutory Auditors and employees are prohibited from: buying, selling or performing other transactions on financial instruments, directly or indirectly, on one's own behalf or on behalf of third parties, using inside information (intended as - pursuant to Art. 181 of Legislative Decree no. 58/1998 - information of a precise nature which has not been made public, relating directly or indirectly, to one or more issuers of financial instruments or one or more financial instruments, which, if disclosed, could have a significant impact on the prices of those financial instruments); recommending or encouraging others to carry on the above on the basis of inside information; disclosing inside information to third parties outside ordinary business activities; in general it is also forbidden to disseminate false or misleading information or engage in simulated transactions or other expedients that may cause a significant change in the price of financial instruments or to provide false and misleading indication with respect to the above financial instruments. Employees and consultants, suppliers and generally any third party acting on behalf of the Company shall refrain from any conduct detrimental to the image of the Company. All consultants, suppliers and generally any third party acting on behalf of the Company is required to avoid any situation of conflict of interest with the latter, undertaking, in the event of conflict, to report it immediately to the Company. 13
It is forbidden to all consultants, suppliers, and in general to any third party acting on behalf of the Company to perform any act which is or may be deemed in conflict with laws and/or regulations, even if such conduct results in or could result, even if only in the abstract, in any benefit or personal interest to the Company. 5. The Supervisory and Control Body The exemption from administrative liability - as governed by Art. 6, paragraph 1, letter. b) and d) of Legislative Decree no. 231/2001 - also provides for the mandatory establishment of an entity's body, having both an independent power of control (which allows it to oversee the operation of and compliance with the Model) and an independent power of initiative, to ensure the constant updating of the Model. For the purposes of an effective and efficient implementation of the Model, this body must also have the following characteristics: (i) autonomy and independence, which are fundamental to ensure the body is not involved in management activities that are subject to its own inspection and enforcement activities; (ii) professionalism, i.e. possessing specific expertise in the field of advisory services of inspection and control, necessary for performing the delicate tasks assigned to it as well as a thorough knowledge of the corporate and business organizational structure, and, finally; (iii) continuity of action, i.e. devoting itself constantly and full time to supervising compliance with the Model, ensuring the implementation and periodic updating thereof. Requirements The members of the SB must meet integrity requirements similar to those of the directors of the Company and professionalism requirements adequate to the role involved; furthermore they should not have, in general, reasons for a conflict of interest with other functions and/or corporate offices. The Board of Directors of the Company shall, from time to time, ascertain that these subjective requirements are met and continue to be met, both prior to appointment and during the period in which the members of the SB remain in office. Failure to meet the above requirements during the period of office shall result in disqualification from such office. The judgment of conviction (or plea bargaining) that has become definitive is also a cause of ineligibility or revocation for just cause of members of the SB. The removal of members of the SB is the responsibility of the Board of Directors of Glaston. In case of removal or disqualification, the Board of Directors of the Company shall promptly appoint a new member replacing the revoked one, subject to prior verification of the subjective requirements listed above. The SB expires following the removal or disqualification of all its members. In this case the Board of Directors of the Company shall, without delay, reconstitute the SB. Duties and responsibilities In carrying out its activities, the SB is supported mainly by the Internal Auditing Department, and - where necessary - it can rely on the support of other business functions (such as, for example, the Legal Affairs Department, the Corporate Affairs Department, the HR Department, Organization and Services, etc..) or external consultants. The SB has the following responsibilities: 14
(i) monitoring compliance with the requirements of the Model by the parties involved, reporting any non-compliance and the areas that are most at risk, given the violations occurred; (ii) monitoring the effectiveness of the Model and its actual efficacy in preventing the offences referred to in Legislative Decree no. 231/2001, in relation to the individual corporate units and the activity carried out; (iii) ensuring that the Model's requirements of soundness and functionality are maintained over time; (iv) monitoring the appropriateness of an update of the Model, where an adjustment need is identified in relation to changed regulatory or business -related conditions; (v) obtaining from all the Recipients of the Model the business documents and information considered useful for the fulfilment of its responsibilities; (vi) reviewing the adequacy of information and training initiatives carried out on the principles, values and rules of conduct contained in the Model, and of the level of knowledge achieved. (vii) ensuring that appropriate information and training initiatives are undertaken on the principles, values and rules of conduct contained in the Model and the related level of knowledge, including on the basis of requests for clarification and recommendations received; (viii) carrying out activities of reporting to the corporate bodies. In order to fulfil its responsibilities, the SB may at any time, within its autonomous and discretionary power, carry out audits on the application of the Model, to be performed jointly or severally by each of its members. More specifically the following audits are envisaged: (i) checks on specific business operations: to this end, the SB will regularly check the acts and/or contracts relating to "areas at risk" according to the timing and procedures identified by the SB itself; (ii) checks on procedures/rules of conduct adopted: to this end, the SB will periodically check the effectiveness and the actual implementation of procedures/rules of conduct relating to the Model. Following these audits, any changes in regulations occurring from time to time and the identification of any new areas at risk, the SB points out to the responsible business functions the need for the Company to adapt and update the Model. The SB checks, through follow-up activities, that any recommended corrective actions are taken by the qualified company departments. In the event of interpretation issues or questions on the Model, the Recipients may contact the SB for appropriate clarification. For the specific supervisory and monitoring duties assigned to it, the SB is provided annually with adequate financial resources, which are adjusted from time to time depending on the specific needs that may arise, in order to allow it to perform the duties described above with full financial and managerial autonomy. Operation of the SB The Board of Directors appoints and dismisses the SB. The SB may appoint a secretary, whom may also be chosen from among non-members of the SB. The SB shall meet at least monthly and whenever one of its members deems it necessary, at the registered office of the Company. 15
Minutes shall be drafted for each meeting to be signed by all the members. Decisions are taken unanimously. Further operational aspects regarding the operation of the SB will be covered in an ad hoc regulation. Information Flows towards the corporate bodies With reference to the reporting activity to the corporate bodies, the SB, by means of written reports issued at least every six months, reports to the Board of Directors - on the implementation of the Model - and the Board of Statutory Auditors. The SB can be accessed at any time by the above bodies to obtain information on the operation of the Model or specific situations or, in case of special needs, it can directly inform the corporate bodies on its own initiative. Information flows to the SB The Recipients of the Model are required to provide the information requested by the SB, according to the contents, methods and frequency from time to time defined by the latter. The Recipients transmit to the SB the information concerning measures issued by the Judiciary, the Criminal Police or other Authorities, from which it appears that investigations or prosecution is ongoing in relation to one of the offences covered by Legislative Decree. 231/2001 with respect to the Company and/or the Recipients. Furthermore, in case the Recipients of the Model become aware of facts that constitute the commission of offences under Legislative Decree 231/2001, they shall promptly inform the SB. The Supervisory Body shall assess the information received and take the necessary measures, giving reasons in writing of any decision not to conduct internal investigations. Any information and reporting received by the SB is kept under its responsibility according to suitable rules, criteria and conditions of access to the data that ensure the integrity and confidentiality thereof. 6 Disciplinary System The disciplinary system is adopted by the Board of Directors pursuant to Art. 6, paragraph 1, letter e) and Art. 7, paragraph 4, letter h) of Legislative Decree 231/2001. Any violation of the Ethics Code of Conduct and the principles contained in the Model and the procedures/rules of conduct relating thereto determine the application of sanctions to the Recipients. These violations, in fact, may result in disciplinary actions against those involved, regardless of any criminal proceedings that may be brought against them depending on whether their behaviour constitutes a criminal offence. The disciplinary system defines the general criteria for imposing the sanctions and identifies the disciplinary measures and/or the precautionary measures applicable to the recipients. 6.1 General criteria for the imposition of sanctions In each individual case, the type and extent of the specific sanctions applied shall depend of the degree of seriousness of the misconduct and, anyway, on the following general criteria: - subjective element of the behaviour (wilful misconduct or negligence, the latter due to lack of duty of care, carelessness or inexperience); - relevance of the obligations breached; - potential damage caused to the Company or the possible application of the sanctions provided for by Legislative Decree 231/2001 as amended and supplemented; - hierarchical or technical level of responsibility; 16
- existence of aggravating or mitigating circumstances, with particular regard to prior work performance and disciplinary record in the last two years; - possible sharing of responsibility with other workers who have helped in determining the wrongdoing. If several offences, that are subject to different sanctions, are committed by means of one act only, the more severe sanction shall apply. Repeating the offence within the same two year period, shall automatically result in imposition of the most severe sanction of the applicable type. Principles of timeliness and immediacy require that the disciplinary sanction be imposed regardless of the outcome of any criminal proceedings. 6.2 Middle Managers and Employees Scope Pursuant to the combined provisions of Articles 5, letter b) and 7 of Legislative Decree 231/2001, without prejudice to prior reprimand and the procedure provided by art. 7 of Law No 300 of 20 May 1970 (so called Workers' Statute), Middle Managers and Employees of the company are punishable in the following cases: a) failure to comply with the procedures and requirements of the Model aimed at ensuring that the activity is carried out in accordance with the law and at identifying and quickly eliminating risk situations, pursuant to Legislative Decree 231/2001; b) lack of, incomplete or untrue documentation of the activities carried out with regard to the way in which acts relating to procedures are documented, kept and controlled with a view to hinder the transparency and verification of such procedures; c) violation and/or avoidance of the internal control system, effected through the removal, destruction or alteration of procedural documents, or by preventing control or access to information and documentation to the parties responsible, including the SB; d) failure to comply with the rules contained in the Ethics Code of Conduct; e) failure to comply with the provisions relating to signing authority and system of delegation, especially with regard to the provisions relating to the way in which they can be combined; f) breach of the obligation of disclosure to the SB and/or line manager about inappropriate and/or abnormal and/or irregular behaviour of a which a person has direct and certain evidence, and false or unsubstantiated reports, subject to good faith, relating to violations of the Model and the Ethics Code of Conduct; g) failure of line managers to supervise compliance with the procedures and requirements of the Model by their subordinates in order to verify their actions in the areas at risk of offence and, anyway, in the performance of activities related to business processes exposed to the risk of crime; h) lack of training and/or failure to update and/or failure to inform the personnel operating under their direction in areas at risk, about the procedures and requirements of the Model. Sanctions For the conduct falling within the scope of the Decree the Middle Managers and employees of the Company, in accordance with the general criteria for the imposition of 17
sanctions, shall be punished with the following disciplinary measures: - verbal warning; - written warning; - fine not exceeding four hours of basic pay plus cost of living allowance or minimum wage plus cost of living allowance; - suspension from work without pay up to a maximum of 10 days; - dismissal without notice. Where the above employees have been granted power of attorney with the authority to represent the company vis à vis third parties, the most severe sanction shall also cause the automatic withdrawal of the powers of attorney. Verbal warning The sanction of verbal warning shall be applied in the following cases: a) in cases of negligent violation of the principles of the Ethics Code of Conduct and/or the procedures and requirements laid down by the Model, b) recurrent breach, having no impact outside of the company, of the negligent violation of the principles of the Ethics Code of Conduct and/or the procedures and requirements prescribed by the Model and/or procedural errors due to negligence of the worker. Written warning The sanction of written warning shall be applied in the event of recurrent breach, having an impact outside of the company, of negligent violation of procedures and/or requirements referred to in the preceding paragraph (scope) and/or procedural errors due to negligence of the worker. Fine In addition to the recurrent commission of offences which may lead to the application of the written warning, a fine will be applied in cases where, aggravating circumstances exist, or where, given the hierarchical or technical level of responsibility, the wrongful and/or negligent conduct may undermine, if only just potentially, the effectiveness of the Model, including without limitation: a) failure to comply with the obligation of disclosing to the SB and/or the line manager inappropriate or unusual conduct of which one has direct and certain evidence; b) repeated failure to comply with the processes described by the procedures and requirements indicated in the Model, in cases where they concern or involve procedures where one of the parties is the Public Administration. Suspension from work without pay The sanction of suspension from work without pay shall be imposed for a maximum period of 10 days in cases of recurrent commission of offences which may lead to the application of fines as well as in cases of serious breaches of procedures and requirements such as to expose the Company to liability to third parties. For example, the sanction of suspension from work without pay shall be applied in the event of: a) failure to comply with the requirements regarding signing authority and the system of delegation granted in respect of acts and documents vis à vis the Public Administration; b) failure of line managers to supervise compliance with the procedures and requirements of the Model by their subordinates in order to verify their actions in the areas at risk of 18
offence and, anyway, in the performance of activities related to business processes exposed to the risk of crime; c) false or unsubstantiated reports of violations of the Model and the Ethics Code of Conduct. Dismissal without notice. The sanction of dismissal without notice shall be applied for misconduct that is so serious as to preclude the continuation, even temporary, of the employment relationship (just cause), including without limitation: a) wilful or negligent breach of procedures and requirements of the Model having an impact outside of the company and/or fraudulent avoidance achieved through a behaviour unequivocally directed at committing one of the offences included among those envisaged by Legislative Decree 231/2001, as amended, such as to break the trust relationship with the employer; b) violation and/or avoidance of the internal control system, effected through the removal, destruction or alteration of procedural documents, or by preventing control or access to information and documentation to the parties responsible, including the SB, in such a way as to prevent the transparency and verification thereof; b) lack of, incomplete or untrue documentation of the activities carried out concerning the way in which acts relating to procedures are documented and kept with a view to hinder the transparency and verification of such procedures; If the worker has committed one of the wrongdoings referred to in this Article, the Company may order his/her precautionary suspension with immediate effect. In the event the Company decides to carry on the dismissal, this shall take effect on the day the precautionary suspension had begun. 6.3 Managers (dirigenti) Scope Pursuant to the combined provisions of Articles 5, letter b) and 7 of Legislative Decree 231/2001, in accordance with the procedure laid down by art. 7 of Law No 300 of 20 May 1970, the Managers of the company are punishable in the case of: a) failure to comply with the procedures and requirements of the Model aimed at ensuring that the activity is carried out in accordance with the law and at identifying and quickly eliminating risk situations, pursuant to Legislative Decree 231/2001; b) lack of, incomplete or untrue documentation of the activities carried out concerning the way in which acts relating to procedures are documented, kept and controlled with a view to hinder the transparency and verification of such procedures; c) violation and/or avoidance of the internal control system, effected through the removal, destruction or alteration of procedural documents, or by preventing control or access to information and documentation to the parties responsible, including the SB; d) failure to comply with the rules contained in the Ethics Code of Conduct; e) failure to comply with the provisions relating to signing authority and system of delegation (especially with regard to the provisions relating to the way in which they can be combined); f) breach of the obligation of disclosure to the SB and/or line manager about inappropriate and/or abnormal and/or irregular behaviour of a which a person has direct and certain evidence, and false or unsubstantiated reports, subject to good faith, relating to violations of the Model and the Ethics Code of Conduct; 19
g) failure to supervise, control and monitor the behaviour of their subordinates, in order to verify their actions in the areas at risk of crime; h) failure to inform the line manager and/or the SB on non-compliance with procedures and requirements of the Model of the functionally assigned persons; i) lack of training and/or failure to update and/or failure to inform the personnel under their direction in the areas at risk about the procedures and requirements of the Model. Where the managers have been granted power of attorney with the authority to represent the Company vis à vis third parties, the application of the written reprimand shall also cause the automatic withdrawal of the powers of attorney. For the purpose of identifying the sanction to be imposed, the circumstance that the manager, given the function or position held, belongs to the category of individuals in top positions shall be considered as an aggravating circumstance. Written reprimand The penalty of written reprimand shall be applied in cases of negligent violation of the procedural rules laid down in the Model or procedural errors due to negligence of the manager. Dismissal without notice. The sanction of dismissal without notice shall be imposed in cases which may give rise to irreparable breach of the relationship of trust and do not allow for the continuation, albeit temporary, of the employment relationship, including without limitation: wilful or negligent breach of procedures, having an impact outside of the company, and/or fraudulent avoidance achieved through a behaviour unequivocally directed at committing one of the offences included among those envisaged by Legislative Decree 231/2001, as amended and supplemented, such as to break the trust relationship with the employer; violation and/or wilful or negligent avoidance of the control system, effected through the removal, destruction or alteration of procedural documents or by preventing control or access to information and documentation to the parties responsible, including the SB; lack of, incomplete or untrue documentation of the activities carried out concerning the way in which acts relating to procedures are documented and kept with a view to hinder the transparency and verification of such procedures; failure to supervise, control and monitor the behaviour of their subordinates, in order to verify their actions in the areas at risk of crime; inappropriate and/or abnormal and/or irregular behaviour of a which a person has direct and certain evidence. If the Manager has committed one of the wrongdoings for which the sanctions referred to in this Model apply, the Company may order his/her precautionary suspension with immediate effect. In the event the Company decides to carry on the dismissal, this shall take effect on the day the precautionary suspension had begun. 6.4 Persons in top positions Scope Pursuant to the combined provisions of Articles 5, letter a) and 6 of Legislative Decree 231/2001, the Person in Top Positions are subject to sanctions in the event of: 20