MOG 231

SPAL Automotive Srl

 

Organisation, Management and Control Model pursuant to Legislative Decree No 231 of 8 June 2001

 

Approved by the Board of Directors

of SPAL Automotive Srl

by a resolution of 17 May 2019

GENERAL PART

Foreword

SPAL Automotive Srl (hereinafter “SPAL” or the “Company”), established in Correggio (RE) in 1959, has been operating for over thirty years. It is particularly active in the design, manufacture and marketing of axial and centrifugal electric fans for any type of vehicle.

The production plant, located in Correggio, currently covers a total production area of 66,000 m2, employs some one thousand people and hosts the Engineering, Research and Development and Production departments.

The Company has several automated production lines; the Quality System is constantly updated: SPAL has obtained TS16949 certification and Quality System certification according to the ISO 9001 Standard. The Environmental Management system is also UNI EN ISO14001:2015 certified and meets European Directive 2000/53/EC on end-of-life vehicles (ELV).

SPAL pursues its primary objective of producing quality a and technologically innovative products for an increasingly demanding and differentiated market through massive investments in research and development and a process of integrating and controlling all production processes, from raw materials to sale.

1. ADMINISTRATIVE LIABILITY OF ENTITIES: LEGAL SYSTEM

Legislative Decree No 231 of 8 June 2001 (hereafter, the “Decree”) and subsequent amendments governs the liability of entities for administrative offences dependent on crime, which applies to entities having legal personality and to companies and associations without legal personality, as well as to economic public bodies.

According to the provisions of the Decree, the entity can be held liable for the predicate offences specifically listed in the Decree itself (see the Catalogue of offences in Annex A), if they have been implemented - even in attempted form - in the interest of or to the advantage of the entity itself by natural persons functionally related to the entity and in particular by:

  • persons serving as representatives, or holding administrative or senior executive positions within the body or an organisational unit of that body, and being financially and functionally independent, as well as by persons actually exercising management and control of the body (hereinafter “senior management”);

  • b) by persons under the direction or supervision of one of the persons as per the previous subparagraph (hereinafter “subordinates”).

    The administrative liability of entities with regard to crimes is independent of the criminal liability of the natural person who committed the crime: it does not replace the personal liability of the individual who committed the crime but stands alongside it. In any case, it is excluded if the senior management and/or their subordinates have acted in their own exclusive interest or on behalf of third parties.

    From Article 24 to Article 25 terdecies, the Decree provides an exhaustive list of crimes from which the entity's liability may stem. The cases of greatest interest for the Company will be examined in the Special Part of this Organisation, Management and Control Model (hereinafter “Model”).

1.1. Territorial scope of the Decree

The Decree provides for the liability of the entity that has its main headquarters, i.e. the actual site where administrative and management activities are carried out, in Italian State territory, including with regard to crimes committed abroad by senior management or subordinates linked to the entity, in cases provided for in Articles 7, 8 and 9 of the Italian Criminal Code and provided that the State of the place where the offence was committed does not instigate proceedings against them.

1.2. System of penalties laid down in the Decree

The system of penalties laid down in the Decree in the event of administrative offences relating to crime is as follows:

  • a financial penalty, the amount being determined by the criminal court through a system based on at least one hundred and no more than one thousand “quotas” and the amount varies between a minimum of Euro 258.22 and a maximum of Euro 1549.37;

  • disqualifying penalties, which are applied only in relation to the offences for which they are expressly imposed and provided that at least one of the following conditions is met: the Company has derived significant profit from committing the crime and the offence was committed by persons in senior management positions, or subordinate to the management of others, when, in the latter case, the commission of the crime has been determined or facilitated by serious organisational shortcomings. Disqualifying sanctions are also applied in the event of repeated offences.

    Disqualification measures include the following: suspension or revocation of authorisations, licenses or concessions that enabled the offence to be committed; a ban on entering into Public Administration contracts; exclusion from benefits, loans, contributions or subsidies and the potential revocation of those already granted; a ban on advertising goods or services.

  • seizure of the price or profit of the crime;

  • publication of the judgment.

    If the crime from which the entity's liability stems took the form of an attempt, the financial or disqualifying penalties applicable to the entity are reduced by a third to a half. There is no liability for the institution if it voluntarily prevented completion of the action or fulfilment of the illegal event.

1.3. Requirements for excluding the entity's liability

The Decree provides specific conditions for exempting the entity from administrative liability pursuant to Articles 6 and 7.

With particular reference to the crimes committed by senior managers, Article 6 of the Decree excludes the entity's liability in the event that it provides evidence that:

  1. it adopted and efficiently enacted, prior to commission of the act, organisational and management models which are capable of preventing offences of the type occurring;

  2. the task of overseeing compliance with and updating of the Model has been delegated to a Supervisory Body vested with powers to act on its own initiative and conduct monitoring;

  3. the person committed the offence by fraudulently circumventing the Model;

  4. there has been no omission or insufficient oversight on the part of the Supervisory Body.

    Liability of the entity is excluded when the aforementioned senior managers acted in the exclusive interest of themselves or of third parties.

    To prevent crimes being committed by senior management crimes, the Organisation, Management and Control Model (hereinafter the “Model”) must meet the following requirements:

  5. identify activities in relation to which offences referred to in the Decree may be committed;

  6. for specific direct protocols and schedule training and implementation of decisions by the body regarding offences to be prevented;

  7. identify procedures for managing financial resources, which are fit to prevent the commission of offences;

  8. provide for obligations to disclose information to the organisation tasked with overseeing the working of and compliance with the models;

  9. introduce a new disciplinary system to punish non-compliance with the measures set out in the Model.

    With reference to the crimes committed by subordinate persons, Article 7 of the Decree states that the entity is liable if the crime was committed due to non-compliance with management or supervisory obligations. This non-compliance is, however, excluded if the entity has adopted and effectively implemented an organisation and management Model fit to prevent crimes of the type that occurred before their commission.

    Therefore, to prevent the crimes being committed by subordinate persons, the Model must provide, pursuant to Article 7(3) of the Decree measures in relation to the type and size of the organisation and the type of activity performed, to ensure performance of the activity in compliance with the law and to discover and promptly eliminate risk situations.

    For the effective implementation of organisational models, it is also necessary to periodically verify and modify the Model when significant violations of the provisions are discovered or when changes occur in the organisation and activity; it is also necessary to have a disciplinary system capable of punishing failure to comply with the measures indicated in the Model.

2. ADOPTION OF THE ORGANISATION, MANAGEMENT AND CONTROL MODEL

SPAL is sensitive to the need to disseminate and consolidate a culture of transparency and integrity. It is also aware of the importance of ensuring fair conditions in the conduct of business and in corporate activities to protect its position and image in line with the expectations of its shareholders' and contractual partners. It has therefore set up this organisation, management and control Model pursuant to the Decree, establishing its key principles.

The Model has been adopted in accordance with the provisions of the Decree as well as with jurisprudential, doctrinal and category associations guidelines on the subject. It considers the organisational and hierarchical structure of the Company, characteristic methods of attributing powers and responsibilities and the interaction between the internal control system and the various business processes.

Furthermore, the Model improves on and supplements the set of standards of conduct, principles, guidelines, procedures, operating instructions and internal rules, as well as all existing organisational instruments and internal controls, remaining consistent with the principles already rooted in the Company’s governance culture.

The adoption and effective implementation of this Model therefore meet the Decree's purposes of preventing and avoiding the risk of committing the crimes specifically set forth therein and establishing valid conditions for exonerating the Company from liability.

2.1. SPAL Automotive Srl’s governance Model and organisational structure

SPAL’s corporate purposes is the activity of processing and moulding plastic materials, electromechanical and electronic constructions in general, construction of moulds and wholesale distribution of electronic and electromechanical material in general.

In the above sectors, the Company can also carry out activities of study, research and development, maintenance, assistance, wholesale and retail marketing, import and export, including on behalf of third parties, purchase, sale and obtaining or granting licences for brands, industrial patents, know-how and industrial property rights in general.

To achieve the corporate purpose, the Company may carry out all the necessary actions, upon the exclusive judgment of the administrative body.

The SPAL governance Model and its organisational system are characterised by separation of roles and the division of functions and responsibilities and are entirely structured in order to ensure the Company is able to implement strategies and achieve the defined objectives, as well as maximum operating efficiency and effectiveness.

To this end, the Company has adopted, applies and maintains an accounting administration and control system consisting of a Board of Directors, a single Auditor and a statutory audit Company.

The SPAL governance system is currently organised as follows:

  1. Shareholders' Meeting: represents all the shareholders and is competent to take resolutions on matters determined to be within its competence by law and by the Articles of Association.

  2. Board of Directors: vested with the widest powers for ordinary and extraordinary Company administration. It can carry out all the acts it deems appropriate to achieve the corporate purpose. The Board of Directors is composed of 5 (five) members.

  3. The Board of Directors also approved the appointment of a Managing Director with sole signing authority and powers of representation, granted full powers for ordinary and extraordinary management of the Company.

  4. Sole Statutory Auditor: holds powers and performs duties pursuant to Articles 2403 and 2403 bis of the Italian Civil Code.

  5. Audit Firm: exercises accounting control over the Company.

    SPAL’s organisational structure is characterised by the separation of skills, roles and responsibilities for each Company area in order to ensure the specific definition of functions and maximum efficiency in the implementation of the activities.

    The organisational structure of the Company is currently structured as follows:

  6. Chief Executive Officer and General Manager

  7. Group Human Resources Department

  8. Quality Department

  9. Group Administrative and Financial Department

  10. Relationship & Commercial Relat. - Deputy Chair

  11. Group IT Systems Department

  12. IT Security

  13. Plant services

  14. < >

    Production and Logistics Activity Department

  15. Accident Prevention and Protection Service Manager

  16. Sales Department

  17. Process Engineering Department

  18. Product Engineering and Programme Management Department.

2.2. Objectives and general principles of the Model

The main objective of the Model is to set up a structured and organic system of organisational and operational procedures and control activities, aimed at preventing and avoiding conduct constituting the crimes provided for by the Decree.

Identifying sensitive activities exposed to the risk of crime and providing specific procedures in relation to the said activities serves the purpose of:

  1. ensuring full awareness by all those who operate on behalf of SPAL that they could incur an offence punishable by law, whose commission is strongly censured by the Company, as it is always contrary to its interests;

  2. allowing timely intervention to prevent or counteract commission of such crimes through constant monitoring of the activity.

    The general principles followed for the preparation of this Model are:

  3. identification of business areas potentially at risk of committing the crimes provided for by the Decree, by mapping high-risk assets, with the consequent temporary exclusion of certain predicate offences for which the administration is liable where risk has been evaluated only on an abstract basis but cannot be tangibly estimated;

  4. evaluation of the existing control system for crime prevention and its ability to combat the identified risks, as well as the potential periodic adaptation and updating thereof with the aim of reducing the risks;

  5. dissemination and involvement of all Company levels in the implementation of rules of conduct, as well as internal procedures to prevent and control activities at risk of crime pursuant to the Decree;

  6. identification of a Supervisory Body and the attribution of specific supervisory duties to ensure effective and correct functioning of the Model, as well as the provision of a specific procedure for the management of reports;

  7. definition and adoption of a specific disciplinary system to be applied in cases of violation of the Model;

  8. verification and documentation of each relevant transaction;

  9. definition of responsibilities for approval, transposition, supplementation and implementation of the Model, as well as for verifying its operation and corporate conduct with periodic updating thereof.

2.3. Code of Ethics

SPAL has already adopted a Code of Ethics (Annex B). Its ultimate purpose is to disseminate and make known to all employees, partners, professionals and, in general, anyone who must communicate the Company's values, which they are bound to abide by. Honesty, integrity, compliance with laws, regulations and ethical codes are the core values of the Company’s organisational development and the activity it carries out.

The Model assumes compliance with the provisions of the Code of Ethics, and both make up an integrated body of internal rules aimed at fostering a culture based on business ethics and transparency.

The present version and all future reformulations of the Company Code of Ethics is understood to be fully referred to here and constitutes the essential foundation of the Model, whose provisions supplement the provisions therein.

2.4. Identification of areas at risk of crime

Areas at risk of crime pursuant to the Decree were mapped by analysing the characteristics of SPAL in terms of its organisational structure and its operations, in order to identify:

  • areas of activity at risk and the methods through which significant adverse events could occur pursuant to the Decree;

  • types of offence with abstract relevance to the Company.

    After identifying areas at risk and relevant types of crime, sensitive activities were identified within each risk area, or activities associated with a risk of committing crimes pursuant to the Decree.

    High-risk activity areas include those with direct relevance as activities that could incorporate criminal conduct but also indirect relevance for the commission of predicate offences due to being instrumental to the commission of such offences. In particular, instrumental activities are activities where de facto conditions could arise making it possible to commit predicate offences.

    Furthermore, the analysis also covered the possibility that the offences considered could be committed abroad, or in an international manner.

    At present, reserving the right to add to the list of categories of crimes to which the Company is demonstrably at risk, potential risks have been identified with regard to the following offence categories covered by the Decree:

  • Offences committed in relations with the Public Administration pursuant to Articles 24 and 25;

  • Computer crimes and unlawful data processing pursuant to Article 24 bis;

  • Offences against industry and trade, referred to in Article 25 bis1;

  • Corporate crimes, referred to in Article 25 ter;

  • Offences of culpable homicide and serious or very serious culpable injuries committed in violation of rules on the protection of health and safety at work pursuant to Article. 25 septies;

  • Crimes of receiving, laundering and using money, goods or utilities of illicit origin, as well as self-laundering pursuant to Article 25 octies;

  • Crimes of inducement not to make statements or to make false statements to judicial authorities pursuant to Article 25 decies;

  • Environmental crimes pursuant to Article 25 undecies;

  • Offences related to the employment of third-country nationals whose residency is irregular pursuant to Article 25 duodecies;

  • Offences concerning the infringement of copyright pursuant to Article 25 novies.

    With regard to other types of crimes not specifically examined in the Special Section of the Model, the Company has also introduced a set of organisational and procedural controls aimed at ensuring the correct performance of Company activities and therefore also designed also to minimise the risk of committing such offences. In this regard, the first point of reference is the principles set out in the internal Company procedures system.

    In any case, SPAL undertakes to carry out constant monitoring of its activity in relation to the crimes currently considered to be irrelevant and the Company will supplement this Model if these become relevant or other newly introduced cases emerge.

2.5. Management and Control System for areas at risk

The management and control system adopted is based on compliance with:

  • rules of conduct designed to guarantee the performance of Company activities in compliance with laws and regulations;

  • procedures, instructions or internal documents aimed at controlling processes in which the cases described in the Decree could occur. These procedures ensure:

  • regulation of methods and timing for carrying out the activities;

  • traceability of deeds, operations and transactions and the authorisation, registration and verification thereof;

  • clear definition of corporate responsibilities; formalization and proper dissemination of the Company procedures in question;

  • authorisation levels with assignment of powers and responsibilities in the organisational structure;

  • adequately documented control and supervision activities over Company reports;

  • monitoring of data protection activities and Company assets.

2.6. Recipients of the Model

This Model is addressed at:

  • those who carry out, even on a de facto basis, management, administration, management or control functions in SPAL, as well as those who perform disciplinary, consultative and proactive functions in the Company or in an independent organisational unit;

  • those who hold powers of Company representation;

  • employees of the Company, even if seconded abroad to perform activities;

  • anyone who works with the Company in a quasi-subordinate employment relationship, such as project-based staff, temporary workers and interns;

  • third parties, i.e. those who do not belonging to the Company but operate on its mandate or on its behalf (technical experts, consultants, etc.), as well as those acting in the interest of the Company because they are linked to it by contractual legal relationships or other business agreements.

    With regard to third party Recipients, the person in charge of the area to which the relationship refers  determines which relationships should be subject to the provisions of the Model based on the nature of the activity performed, having consulted the Supervisory Body if necessary.

    The Model’s intended Recipients are required to comply with all its provisions and implementation procedures with the utmost diligence, while fulfilling duties of loyalty, accuracy and diligence stemming from legal relations established with the Company.

    SPAL disapproves of and punishes any conduct that conflicts with the law, the provisions of the Model and Code of Ethics, even if the conduct is carried out in the interest of the Company or with the intention of the Company’s gain.

2.7 Violation of the Model

 

Any conduct by one or more Recipients of the Model constitutes a violation of the Model if it is not compliant with:

  • the provisions set out in the Model;

  • the Code of Ethics;

  • general principles of prevention;

  • specific prevention and control protocols contained in the Special Section;

  • relevant Company procedures in which specific prevention and control protocols have been implemented;

  • rules governing information flows to the Supervisory Body described in section 3.4 of this Model.

    Any infringement of Company procedures expressly referred to in the Special Section of this Model that is not merely formal and episodic also constitutes a violation of the Model.

3. Supervisory Body

Pursuant to Article 6 of the Decree, the entity can be exempted from the consequent liability and commission of predicate offences if the governing body has, among other things, entrusted the task of supervising the operation and observance of the Model and its updating to a body within the entity with independent powers of initiative and control (hereinafter “Supervisory Body” or “SB”).

The Supervisory Body defines and carries out the activities for which it is competent according to the rule of collegiality and its operation is governed by means of a specific Regulation.

The Supervisory Body is authorised, pursuant to Article 29 of GDPR 679/2016, to process data of which it becomes aware in the exercise of its functions. The Data Controller, SPAL Automotive Spa, instructs members of the Body in writing to comply with the privacy regulation, observing the Company policies and organisational and technical measures taken by the Data Controller.

The autonomy and independence of the Supervisory Body are guaranteed by the necessary subjective requirements of integrity, autonomy and independence, professionalism and continuity of action of its members, as well as the fact that the activities carried out by the SB are not conducted by any other body or Company structure, and it reports only to the Board of Directors.

3.1. Appointment, cases of ineligibility and revocation

The Supervisory Body is composed of three members, one internal and two external. Between them they appoint one member as Chair of the Supervisory Body.

The members of the SB are chosen from figures of proven competence and experience in legal and corporate issues and their term of office lasts three years.

The Body meets whenever the Chairman of the Supervisory Body requests it and, in any case, at least every two months.

The best type of body for the performance of supervisory functions has been identified as a collegial structure, composed of:

  • Alberto Pallicelli (Chartered Accountant and Auditor)

  • Elena Martelli (Lawyer with experience in the sector, already a member of Supervisory Bodies of other companies)

  • Andrea Tasselli (internal member)

3.2. Functions, powers and budget of the Supervisory Body

The duties of the Supervisory Body are based on timely and effective supervision of the Model’s operation and observance, and they specifically involve:

  1. supervising the effectiveness of the Model; monitoring of activities in areas at risk of crime and updating the Model;

  2. verifying the actual effectiveness and adequacy of the Model to prevent the unlawful conduct provided for by the Decree;

  3. analysis to ensure the Model’s requirements of soundness and functionality are maintained over time and prompt the Board of Directors to carry out the necessary updating;

  4. drawing up a programme of periodic checks on the effective application of Company control procedures in areas at risk of crime and on their effectiveness;

  5. preparation, on at least a six-monthly basis, of an information report on verification and control activities carried out on the results thereof for the Board of Directors and for the Company’s control bodies;

  6. taking care of information flows with Company departments, as well as reporting established violations of the Model to the Board of Directors, for the purposes of taking appropriate measures;

  7. any other task assigned by law or by the Model.

    In carrying out the tasks assigned, the Supervisory Body has access to Company information for the activities of investigation, analysis and control and processes personal and specific data solely to perform its task of corporate surveillance, collecting only enough relevant data. In particular, the Body must comply with the principle of data minimisation: if it becomes aware it holds more information than is necessary for processing purposes, it must not record it.

    Any Company function, employee and/or member of the corporate bodies is bound to provide information in response to requests from the Supervisory Body or following the occurrence of relevant events or circumstances, for the purpose of carrying out the activities for which the Supervisory Body is competent.

    The Supervisory Board is also granted autonomous and appropriate spending authority within the limits of an annual budget approved by the Board of Directors, on the proposal of the Body, which the Supervisory Body can use for any purpose useful for the performance of its functions, including the appointment of external consultants.

    If it needs to carry out actions requiring financial resources exceeding € 15,000.00 per year, this requirement is promptly communicated to the Board of Directors of the Company.

3.3. Information flows from the Supervisory Body

The Supervisory Body reports on the implementation of the Model and the emergence of any critical aspects and communicates the outcome of the activities performed in the exercise of its conferred functions. As far as possible and where compatible with the functions it performs, the Body monitors processes and observes procedures and ensures they are fit for purpose with minimal data processing.

The Supervisory Body notifies the Chief Executive Officer whenever it believes that elements are worthy of information and assessment within the scope of this Model.

In any case, every six months, the Supervisory Body will prepare a report concerning work done to be sent to the Chief Executive Officer, reporting the outcome of checks, new legislative requirements concerning the liability of entities and possible updating of the mapping for sensitive activities. The half-yearly report is sent to the Chief Executive Officer and information is given to the Board of Directors and to the Company's control bodies.

 

3.4. Information flows to the Supervisory Body

For the purposes of operating and observing this Model, the Supervisory Body must be promptly updated by Model Recipients about facts that could lead to SPAL's liability pursuant to the Decree.

In particular:

  1. The Chief Executive Officer and the Sole Auditor provide constant and periodic information, at least once a year, certifying that activities carried out within the respective functions have been aimed at ensuring that the performance of the activities at risk of crime are in line with the provisions of relevant Company procedures. These specific roles must then promptly inform the Supervisory Body of any facts that may, due to their criminal relevance, involve SPAL as far as the Model and the Decree on the liability of entities in general are concerned;

  2. each department manager (e.g. those in charge of health and safety in the workplace and the environment, personnel manager, administrative manager, etc.) must make him or herself available for oral interviews by members of the Supervisory Body at least every six months, and provide information regarding Model implementation status and the implementation of controls in relevant procedures; they must also collect any reports relating to conduct, acts or events that could lead to violation and avoidance of the Model, associated procedures and rules of conduct, contacting the Supervisory Body;

  3. any employee becoming aware through the performance of his or her duties of conduct not in line with the contents and principles of the Model, based on specific, consistent facts, or violations of the Model, may submit detailed reports of to protect the integrity of the entity;

  4. persons who do not belong to the Company but operate upon its mandate or on its behalf (technical experts, consultants, etc.), as well as those who act in the interest of the Company having been engaged to do so by contractual legal relationships or by other agreements of a business nature report on their activities with SPAL directly to the Supervisory Body; the Supervisory Body assesses the reports received and the activities to be carried out.

    Whistle-blowers acting in good faith are guaranteed against any form of retaliation, discrimination or penalisation and in any case the confidentiality of the informant's identity will be ensured, without prejudice to legal obligations and the protection of the rights of the Company or of persons accused wrongly or in bad faith.

     

    The following communication channels have been set up to facilitate the flow of communications and information to the Supervisory Body:

  5. Ordinary mail : Organismo di Vigilanza - SPAL Automotive Srl via per Carpi, 26/b - 42015 Correggio (RE)

  6. E-mail: odv231@spal.it

    Any information, notification, account or report pursuant to the Model is kept by the Supervisory Body in a special paper and/or computer archive whose technical preparation is the responsibility of and organised by the Data Controller. The latter is responsible for the technical and organisational measures taken, from every technical and organisational point of view, putting in place appropriate measures for the body to operate freely, securely and independently.

4. DISCIPLINARY SYSTEM

The effective implementation of the Model adopted by SPAL requires the adoption of a disciplinary system designed to penalise any violation of the Model by its Recipients. It is applied independently of the conduct and outcome of any criminal proceedings that may be initiated by the judicial authority.

The identification and application of penalties must ensure that penalties are applied in a graded manner in relation to the severity of the violation and consider principles of proportionality and adequacy with respect to the alleged violation and ensure an adversarial process by involving the interested party.

The Supervisory Body reports violations of the Model to the competent departments and constantly monitors the disciplinary system and application of the relevant penalties with the Human Resource Management.

The following circumstances are relevant for the purposes of potentially imposing penalties:

  • type of alleged offence;

  • specific circumstances in which the offence occurred;

  • how the conduct was committed;

  • seriousness of the violation, also considering the subjective attitude of the agent;

  • possibility that the conduct involved committing multiple violations;

  • possibility that several persons were involved in committing the violation;

  • possibility of a repeat offence.

4.1. Measures against managers

If the Model is violated by managers and, in particular, by those who hold positions of responsibility with powers of representation, administration, or management over a single organisational unit, the Company will apply the most appropriate measures to those responsible. This will be appropriate to the provisions of the law and the Collective National Labour Contract in force over the Company's managerial staff, considering the criteria described in Section 4. If violation of the Model determines the loss of the relationship of trust between the manager and the Company, the penalty will be dismissal for just cause.

Measures against employees

If the Model is violated by employees, the Company will impose penalties against the managers, taking into account the criteria described in Section 4, the penalties referred to in the current National Collective Labour Agreement for employees of the Company, in respect of procedures provided for by Article 7 of Law No 300 of 30 May 1970, (Workers' Statute) and any applicable special laws or contracts.

An employee responsible for actions or omissions that are against the rules established by the present Model is subject to the following disciplinary sanctions in proportion to the seriousness of the non-compliance and the number of times it is repeated, and the damage caused to the Company or to third parties:

  • verbal report or warning;

  • written warning;

  • < >

    suspension from work without pay;

  • dismissal without notice but with severance pay.

4.2. Measures against third parties in relation to the Company

Violations of relevant parts of the Model by third parties referred to in section 2.6 of the General Part of this Model, in the context of relations with the Company, will allow the Company to terminate the contractual relationship.

5. DISSEMINATION AND UPDATE

In order to effectively implement the Model, SPAL will ensure proper disclosure of its contents and principles within and outside its organization. As an initial, general measure implemented to ensure everyone is aware of Organizational Model 231, SPAL Automotive Srl provides for publication of the full text, complete with attachments on its website: www.spalautomotive.it. This measure allows persons entering into a relationship with the Company to be aware of the procedures and protocols on which their work is to be modelled.

Communication and training activities are diversified according to the Recipients to whom they are addressed, but are in any case based on principles of completeness, clarity, accessibility and continuity in order to allow the various Recipients to be fully aware of the Company provisions they are required to respect and the ethical standards on which their conduct must be based.

5.1. Communicating with staff and training

The Model is officially communicated to all personnel, who receive a copy (if applicable, only in electronic format) and sign the associated declaration of acknowledgement and acceptance (Annex C). The Model is also posted on Company notice boards.

The Company human resources department also prepares a training and updating plan on OMC Model 231 that is delivered by including a dedicated module in courses provided on safety, or compliance with privacy regulations.

5.2. Communication to third parties

Upon its first effective contact with third parties entering into contractual relationships of any nature and entity, the Company notifies them in writing of the existence of the OMC Model (in an e-mail, in a sales proposal, in a quote, in an order, etc.), and of its publication on the official Company website, specifically mentioning the link where it can be viewed and inviting third parties to view it.

Hits are tracked by means of a special computer system.

In any case, contracts governing relations with these parties must include specific reference to this Model and specific clauses indicating the obligations of contracting parties and consequent responsibilities regarding failure to comply with the Code of Ethics and this Model, as well as the potential obligation to comply with requests for information or the submission of documents by the SPAL Supervisory Body and to report violations of the Model or procedures established for its implementation directly to the SPAL Supervisory Body.

5.3. Approval, update and adaptation of the Model

The first version of this Model was approved by the SPAL Board of Directors by means of a resolution dated 17 May 2019.

The Board of Directors of the Company approves the updating of the Model and its adaptation due to changes and/or additions that may be necessary after consultation or upon the proposal of the Supervisory Body which in any case maintains specific tasks and powers regarding Model curation, development and promotion of constant updating.

The following is a non-exhaustive list of examples considered for the purposes of updating or adapting the Model and its effectiveness:

  • legislative changes regarding regulation of the liability of entities for administrative offences dependent on crime;

  • deficiencies and significant violations of the provisions of the Model identified following checks on its effectiveness;

  • significant changes in the Company’s organisational structure or business sectors;

  • business changes or implementations, probably involving the identification of additional risk areas.

    The Model is in any case subject to periodic annual review.

     

     

    ?

 

SPECIAL PART

Foreword

In the structure of SPAL’s Organisation, Management and Control Model, this Special Part concerns the detailed application of the principles referred to in the General Section with reference to the types of crime set out in the Decree that the Company has considered due to the characteristics of its business.

The following were identified in the context of each of the relevant main crime areas covered by the Decree:

  • sensitive areas and activities where the risk of committing each group of crimes is highest;

  • principles of general conduct, i.e. rules of conduct that must underlie the conduct of Model Recipients in order to prevent the commission of individual groups of crimes;

  • specific prevention protocols aimed at planning training and implementation of the Company's decisions regarding crimes to be prevented.

    The provisions contained in the Special Part of the Model supplement and complement the principles of conduct contained in the other Company procedures and in the Code of Ethics and provide the Supervisory Body and the other cooperating Company department heads with executive tools for effective control, monitoring and verification activities.

     

     

    ?

 

1. CRIMES REGARDING PROTECTION OF HEALTH AND SAFETY AT WORK

In regulations governing the administrative liability of organisations, Article 25 septies of the Decree, introduced with Law No 123 of 3 August 2007 and subsequently amended by Legislative Decree No 81/2008, provided for the presumed crimes of “Manslaughter and Serious Personal Injury or Grievous Bodily Harm, committed in violation of rules on accident prevention and the protection of hygiene and health at work”.

The types of crime included in Article 25-septies concern cases where the event was determined not only by generic fault (and therefore due to inexperience, imprudence or negligence and non-compliance with laws and/or regulations), but also by specific fault, which requires that the event occurs due to non-compliance with health and safety at work regulations.

In particular, the Model is based on the provisions of Article 30 of the Consolidated Law on Safety in the Workplace, which provides for exemption from liability for entities which effectively implement the Management and Organisation Model provided for by the Decree, ensuring a Company system for the fulfilment of all legal obligations mentioned therein

1.1. Relevant cases

  1. Manslaughter (Article 589 of the Italian Criminal Code, with the aggravating circumstance set out in section 2 of the same Article)

    The crime occurs when a person unintentionally causes the death of a person in the workplace, due to a fault involving violation of the rules on accident prevention and protection of hygiene and health at work.

  2. Culpable personal injury (Article 590(3) of the Italian Criminal Code)

    The offence occurs whenever a person, in violation of the rules for the prevention of accidents at work, causes serious injury or serious injury to another person.

    Two types of crime are envisaged which differ only in the extent of the injuries that occur:

  3. serious injuries, if the event results in a disease that endangers the life of the injured person, i.e. a disease or inability to attend to ordinary occupations for more than 40 days or if the event gives rise to the permanent weakening of a sense or an organ;

  4. grievous injuries, if the event results in a disease that is certainly or probably irremediable, the loss of a sense, the loss of a limb, or a mutilation that renders the limb useless, or loss of the use of an organ or capacity to procreate, or a permanent and serious speech impediment or facial deformation, i.e. permanent scarring of the face.

1.2. Identification of areas and activities at risk of crime

Activities at risk of accident and occupational disease are identified and regulated by the Risk Assessment Document adopted by the Company, to which reference is made.

Purely as an example (the list is not exhaustive), sensitive activities include:

  • use of machines and/or work equipment for which specific training, information and training is required;

  • use of hazardous chemical substances;

  • vehicular traffic in workplaces and appurtenant areas, courtyard areas, linking areas and paths outside the production plant and offices, as well as areas affected by movement of heavy vehicles and natural persons;

  • adoption of collective and/or individual protection measures;

  • office activities;

  • emergency management and first aid activities.

    By way of example only, and without prejudice to the fact that the risk of accidents is present in every area of the Company, the most sensitive areas are as follows:

  • tooling department;

  • plastics moulding department;

  • assembly departments;

  • warehouse, dispatch and goods receiving;

  • plant services;

  • research and Development Laboratory;

  • other technical and administrative offices.

    With respect to the risk areas described above, the organisation and management Model adopted and implemented by SPAL ensures a Company system for the fulfilment of legal obligations regarding:

  • compliance with legal technical and structural standards related to equipment, facilities and workplaces;

  • risk assessment and preparation of prevention and protection measures;

  • activities of an organisational nature, such as emergencies, contract management, periodic safety meetings;

  • definition of procedures and operating instructions for risk control in terms of worker safety;

  • health surveillance activities;

  • information and training activities for workers;

  • acquisition of mandatory documentation and certifications;

  • periodic checks on the application and effectiveness of procedures adopted.

    With regard to the documentation referred to in section h), SPAL also guarantees correct management and recording for traceability purposes.

1.3. General principles of conduct

While not replacing the prerogatives and legal responsibilities regulated with regard to individuals identified by Legislative Decree No 81/2008, this Model provides for additional overseeing of control and verification of the existence, effectiveness and adequacy of the organisation and management system implemented by the Company for the protection of safety and health in workplaces.

For the purpose of preventing the occurrence of crimes of murder and culpable injury, all Recipients of the Model, as identified in the General Section, adopt a form of conduct consistent with the principles set out in the Model, in the Company's Code of Ethics, in procedures, in internal regulations and in any other document relating to the protection and safety of workplaces (including the Risk Assessment Document and emergency management procedures).

Recipients of the Model must:

  • in accordance with their own training and experience, as well as the instructions and methods provided or prepared by the employer, avoid imprudent conduct and behave in a way intended to safeguard their own health and safety and that of others. To this end, it is forbidden to carry out operations or manoeuvres on one's own initiative that are not within one’s competence, in particular when specific training is required, or that may compromise one's own safety or that of other workers;

  • comply with the internal Company regulations and procedures relating to collective and/or individual protection, exercising in particular any appropriate controls and activities designed to safeguard the health and safety of external collaborators and/or outsiders who may be present in the workplace;

  • correctly use machinery, equipment, tools, dangerous substances and preparations, vehicles and other work equipment, as well as safety devices. In particular, it is forbidden to remove or modify safety, signalling or control devices without authorisation;

  • use protection devices provided appropriately;

  • immediately report to area managers any anomalies in vehicles and devices referred to in the previous points, as well as any other dangerous conditions they become aware of;

  • intervene directly if a danger is detected and only in cases of urgency, in accordance with one's own skills and possibilities;

  • undergo the required health checks;

  • take the training courses provided;

  • contribute to fulfilling all the obligations imposed by the competent authority or in any case necessary to protect the safety and health of workers when at work.

1.4. Specific prevention protocols

This Model identifies the specific protocols indicated below to prevent the commission of crimes concerning health and safety at work:

  1. Risk assessment and preparation of prevention and protection measures:

  2. Identification of risks and risk assessment is carried out under the responsibility of the employer, who calls on the support of the Head of the Prevention and Protection Service, as well as of delegated department managers, external consultants and subject specialists;

  3. Data and information collected for risk assessment and identifying protection measures are characterised by truthfulness, completeness and accuracy;

  4. Accidents at work and the related causes are recorded, monitored and analysed by the Prevention and Protection Service for updating and ongoing risk assessment;

  5. The Risk Assessment Document and prevention and protection measure plan are drafted in compliance with the criteria defined by Article 28 of Legislative Decree No 81/2008.

  6. Definition of resources, roles and responsibilities to ensure activities designed to ensure workers implement working procedures and instructions in safety:

  7. When defining the organisational and operational tasks of Company management, Managers, Persons in charge and Workers, tasks relating to safety activities for which they are competent are also explained, as well as responsibilities associated with the exercise of those activities and workers’ health and safety inspection, verification and surveillance tasks;

  8. The functions and duties of the RSPP [Accident Protection and Prevention Service Manager], of the emergency management staff, as well as the tasks and responsibilities of the Competent Doctor must be documented and made known to all Company levels;

  9. Roles who manage matters relating to safety and health in the workplace meet technical and professional requirements before they are appointed to their positions and these requirements must be maintained over time;

  10. Persons provided for by legislation on hygiene and safety in the workplace are properly appointed. Specific responsibilities are assigned on a set date in written form, exhaustively defining the characteristics and limits of the assignment;

  11. Identification and management of collective and/or personal protection measures:

  12. Following risk assessment, activities are identified for which the obligatory use of prevention and protection measures, specifically PPE, is required;

  13. The PPE to be used is chosen by verifying whether the devices are fit to prevent or limit the risk identified during the assessment phase and their compliance with technical standards in force;

  14. Delivery and PPE storage procedures are defined ;

  15. A schedule is in place to ensure the maintenance of protection requirements.

  16. Procedures and operating instructions for the control of particular risks:

  17. Management of emergencies (e.g. fire, flood, earthquake) is implemented through a specific internal Emergency Plan - to which reference is made for relevant procedures - which identifies situations of potential emergency and defines methods of prevention and/or limitation of the negative consequences in terms of health and safety;

  18. Evacuation routes and methods for implementing signalling and emergency management measures by staff are identified;

  19. A sufficient number of persons responsible for emergency interventions who have been trained according to legal requirements of law are identified from among the staff;

  20. The efficiency of plans is guaranteed through periodic testing activity, aimed at ensuring that all staff are fully aware of the correct behavioural measures and the adoption of suitable recording tools to provide evidence of test results and of activities for verifying and maintaining devices provided;

  21. Any specific risk areas are appropriately signed and, if necessary, made accessible only to properly trained and protected individuals.

  22. Health surveillance activities:

  23. The assignment of any specific task to a worker is subject to a necessary check to ensure technical and health requirements are met;

  24. Verification to ensure fitness for a specific task is carried out by the Company's competent doctor;

  25. The competent doctor cooperates with the employer and the Prevention and Protection Service Manager in preparing measures to protect the health and mental and physical integrity of Workers;

  26. According to the type of processing required and based on the outcome of the preliminary visit, the Competent Physician defines a health surveillance protocol for the Worker, establishing, updating and maintaining a special health and risk record with the employer.

  27. Expertise, information, training and awareness of workers:

  28. Company staff receive appropriate information and training on safety at work, with regard to the correct procedures for carrying out their duties, Company-specific risks and their consequences, as well as prevention and protection measures adopted, personal devices to be used and made available to workers, and the possible consequences of failing to comply with these measures pursuant to the Decree;

  29. Training activities are documented. Documentation relating to the training of personnel is recorded and is also used for the purpose of assigning new tasks;

  30. Training needs connected with the performance of activities are identified and specific training activities are considered to satisfy these needs;

  31. Training activities are progressively updated based on technological changes, new safety measures and thus new regulations.

  32. Acquisition of documents and certifications required by law:

  33. Equipment, machinery and equipment are purchased following assessment and quality-control of suppliers, as well as prior assessment of compliance with health and safety requirements;

  34. Equipment, machinery and installations must comply with the provisions of current legislation and their commissioning may be subject to initial examination or approval procedures;

  35. Before giving out new equipment, machinery or systems, the worker in charge must be appropriately trained, including with regard to the use and maintenance manual, in order to be able to knowingly report any anomalies or request assistance;

  36. Constant availability, storage and updating of documentation of internal and external origin is assured (e.g. documentation relating to products and substances);

  37. Specific work instructions or operating procedures, together with documentation concerning the use of machinery and equipment and substance safety documentation, must be accessible to the worker.

  38. Periodic checks on the application and effectiveness of procedures adopted:

  39. The Company ensures constant monitoring of preventive and protective measures prepared for the management of health and safety in the workplace, including by outsourcing to resources with a high level of specialization;

  40. Any accident at work that has occurred must be analysed in depth in order to identify any shortcomings in the health and safety management system and to identify any corrective action to be taken promptly;

  41. The system of procedures adopted by the Company regarding health and safety of workers is subject to periodic review by the employer or its delegate in order to establish that the system is properly implemented and guarantee the achievement of the set objectives. Documentary evidence must be provided of the review activity and its outcomes.

     

    The traceability of the decision-making paths is ensured through the proper management of documentation and the adoption of appropriate recording systems.

    ?

 

2. IT-RELATED CRIMES

Article 24-bis of the Decree entitled “IT-related crimes and unlawful processing of data”, extends the entity’s administrative responsibilities to the following types of crime.

2.1. Relevant cases

  1. Forgery of electronic documents, laid down in Article 491-bis of the Italian Criminal Code cases of material or ideological forgery concerning a public IT document having evidential value, i.e. a document that constitutes an electronic representation of legal acts, facts or data;

  2. Unlawful access to a computer or telematic system: , laid down in Article 615-ter of the Italian Criminal Code: this crime is committed when a person unlawfully gains entry to a computer or telematic system protected by security measures or remains there against the express or tacit will of those who have the right to exclude them;

  3. Unlawful possession and distribution of access codes to computer or telecommunication systems, laid down in Article 615-quater of the Italian Criminal Code, punishes anyone who, in order to procure a profit for himself or others or to cause damage to others, illegally appropriates physically, reproduces, disseminates, communicates or delivers codes, passwords and other appropriate means of accessing a computer or electronic system, protected by security measures, or in any case provides indications or instructions intended for the aforementioned purpose;

  4. Distribution of equipment, devices or computer programs designed to damage or interrupt a computer or communication system, laid down in Article 615-quinquies of the Italian Criminal Code, occurs when an individual obtains, produces, reproduces, imports, disseminates, communicates, delivers or in any case makes available to others computer equipment, devices or programs in order to unlawfully damage an IT or telematic system, the information, data or programs contained within in it or relevant to it or to promote the total or partial interruption or alteration of its operation.  In order to be punishable, such conduct, must aim to unlawfully damage or disrupt a computer or telematic system; the sole purpose of the individual committing the crime makes the event criminally unlawful;

  5. Unlawful tapping, obstruction or interruption of computer or telematic communications, laid down in Article 617-quater of the Italian Criminal Code, punishes the conduct of persons who fraudulently intercept (i.e. capture the contents of) communications relating to an IT or telematic system or intercurrent between multiple systems, or obstruct or interrupt them or anyone who reveals all or part of the content of the above communications by any public information means;

  6. Installation of equipment designed to tap, obstruct or interrupt computer or telematic communications, laid down in Article 617-quinquies of the Italian Criminal Code: the offence takes the form of installing instruments capable of intercepting and obstructing or interrupting communications relating to an IT or electronic system; their actual operation is not necessary, unless the technical devices are absolutely incapable of achieving any interference;

  7. Damage to information, data and software programs, laid down in Article 635-bis of the Italian Criminal Code: the offence takes place if anyone destroys, deteriorates, deletes, alters or suppresses the information, data or computer programs of others;

  8. Damage to information, data and software programs used by the State or other public entity or in any case of public interest, laid down in Article 635-ter of the Italian Criminal Code represented by the conduct of those who commit an act aimed at destroying, deteriorating, cancelling, altering or suppressing information, data or computer programs used by the State or another public body or pertinent to them, or in any case of public interest, unless the event constitutes a more serious crime;

  9. Damage to computer or telematic systems, laid down in Article 635-quater of the Italian Criminal Code: the offence occurs when an individual destroys, damages, renders computer or telematic systems of others wholly or partly unusable or seriously hinders their operation through damaging conduct, or through the introduction or transmission of data, information or programs;

  10. Damage to computer and communication systems of public interest, laid down in Article 635-quinquies of the Italian Criminal Code, punishes the conduct described in the above Article 635-quater of the Italian Criminal Code, where this is aimed at destroying, damaging, rendering computer or electronic systems of public interest wholly or partly useless or seriously hindering their operation;

  11. Computer crime by the certifier of a digital signature, laid down in Article 640-quinquies of the Italian Criminal Code, punishes persons who provide electronic signature certification services and occurs when such persons violate legal obligations for issuing an approved certificate in order to procure unfair profit for themselves or others or to cause damage to others.

2.2. Identification of areas and activities at risk of crime

Activities which, if improperly carried out or omitted, may promote the commission of the crimes pursuant to Article 24 bis of the Decree, with consequent liability for the Company, are as follows:

  1. Use of Company IT systems, electronic mail services and Internet access;

  2. Protection of corporate computer data;

  3. Preparation and management of accesses, accounts and profiles with credentials and passwords;

  4. Activities carried out by staff in charge of IT systems (for example, administrators or system operators, programmers, etc.) involving the management of data and information pertaining to the Company or personal data of employees or third parties.

2.3. General principles of conduct

All Recipients of the Model adopt rules of conduct in compliance with the principles contained in the Code of Ethics of the Company and in the document entitled “Regulation of the Employment Relationship in the Company and the use of IT systems” adopted by the Company, which is understood to be fully referred to herein, as well as the general principles of conduct set out below in order to prevent and prevent the occurrence of computer crimes.

In particular, when carrying out the activities considered at risk, Recipients must:

  • refrain from engaging in conduct that, considered individually or collectively, could constitute the types of crime referred to in and considered by the Decree in the context of computer crimes;

  • use the Company's IT resources and passwords assigned to them correctly and keep access codes and credentials strictly confidential;

  • refrain from installing and using unauthorised software on the Company's computer systems other than that officially installed by IT system personnel on behalf of SPAL and/or which could lead to damage, alteration, counterfeiting or destruction of third party IT systems or data;

  • refrain from accessing the Company network through an alternative connection to that made available by the Company, in order to elude its protected access system;

  • refrain from disclosing information relating to the Company's IT systems;

  • refrain from illicit use of material protected by copyright.

    The Company, in turn:

  • regulates the use of IT systems and access to them by Recipients based on purposes related to activities carried out by Recipients;

  • provides the Recipients with adequate information and training regarding the correct use of corporate IT resources and the risk of committing the computer crimes provided for in the Decree;

  • performs periodic checks on the Company's computer network, including sample checks, in order to identify anomalous conduct in compliance with the legislation on the protection of personal data;

  • provides adequate protection for the servers and, in general, for their IT resources;

  • ensures the traceability of all operations relating to sensitive activities through adequate registration, with the possibility of deleting or destroying records made in cases and using methods regulated by the Company in compliance with current legislation on personal data protection .

2.4. Specific prevention protocols

The specific preventive measures to be adopted when using IT tools are indicated in the “Regulation of the Employment Relationship in the Company and the use of IT systems” adopted by the Company and updated in April 2019, to which full reference is made.

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  1. Use of Company IT systems, e-mail service and Internet access;

  2. Users are responsible for the physical devices (desktop and laptop PCs, mobile phones, smartphones, tablets etc.) assigned by personnel in charge of IT systems which must be used properly. This means no removal, no destruction and prompt reporting of any failure or malfunction according to the procedure laid down by SPAL in the event of security incidents;

  3. The use of personal physical computerised devices is not permitted ;

  4. The use of programs other than those officially installed by the Company is not permitted;

  5. Unless expressly authorised to do so by IT staff, users are not permitted to change the settings on their PCs, or install storage, communication or other devices;

  6. Personal data or data unrelated to the working activity cannot be saved, stored or even transit through the assigned devices;

  7. PCs must be switched off every evening before leaving the offices or in the event of prolonged absences from the office, except in particular situations, such as night-time reprocessing or activities that do not end at the end of the working day, when an exemption is made;

  8. Users must make sure that outsiders cannot observe data in order to guarantee information confidentiality;

  9. Data remaining on the computer, such as temporary files on the desktop and in local areas, must be deleted if they are no longer needed;

  10. Users must immediately inform the Data Controller/Data Processor if they realize that they have access to data and programs that are not their responsibility and refrain from processing them;

  11. Laptop PCs are subject to the rules laid down for desktop workstations; it is also necessary to work in the utmost confidentiality at all times when using the portable PC in public. It should not be connected to the internet (even wi-fi) when it is outside the Company if it is not possible to assess the degree of connection security and periodically connect the device to the internal network to allow synchronization of documents with the server and security software update;

  12. Persons who are assigned e-mail mailboxes are responsible for their proper use;

  13. It is forbidden to modify and/or alter the configuration of the dedicated e-mail management software;

  14. Any personal use of the mailbox is forbidden, including messages between colleagues and Company personnel with personal content and not relevant to the working activity;

  15. Users must always take care to check the recipient’s address is correct;

  16. Files attached to e-mail messages must be opened with the utmost care, thus avoiding the download of suspicious or unknown files and operating in accordance with the instructions of the competent IT function at the slightest suspicion, if possible, placing the message/file in quarantine temporarily;

  17. Access to the Internet is permitted as part of the performance of one's professional activities, never for personal purposes;

  18. It is not permitted to establish connections alternative to the Company connection to access the Internet from one's own workstation (for example, through the use of a modem and a private subscription to an Internet Service Provider);

  19. Personal and/or Company data must not be provided to sites that are not of professional standing or sufficiently reliable;

  20. The Company adopts a specific automatic blocking or filtering system to prevent browsing of sites not strictly related to the working activity;

  21. All removable magnetic media containing sensitive data or information constituting corporate know-how must be treated with care and diligently safeguarded;

  22. The use of removable personal media is prohibited;

  23. The use for personal purposes of; landlines, mobile phones, smartphones or Company tablets is prohibited unless expressly authorised;

  24. The latter must be kept in a safe place;

  25. Users must always be aware of the information stored on these tools, which must always be used in the strictest confidence, avoiding connection to external networks;

  26. The user must set a PIN code and a lock code for these devices;

  27. Each worker must always take care not to leave documents of a work-related and/or confidential nature and/or containing personal details, lying around on fax machines, network printers or photocopiers;

  28. Protection of corporate computer data:

  29. Each user must behave appropriately in order to reduce the risk of attack on the Company computer system by viruses or any other malware and in particular:

  30. It is necessary to check that the antivirus program is correctly installed, constantly updated and always active;

  31. It is forbidden to open suspicious files or files behaving suspiciously;

  32. If the antivirus software detects the presence of a virus, users must immediately suspend all ongoing activities without shutting down the computer and promptly report the incident to staff in charge of IT systems;

  33. Each magnetic device originating from outside the Company must be checked using an antivirus program before use and, if a virus is detected, it must be promptly handed over to staff in charge of IT systems;

  34. Preparation and management of accesses, accounts and profiles with credentials and passwords:

  35. Authentication credentials (i.e. User ID and private password) for accessing the network are assigned to staff using the system by persons in charge of IT systems, following a notification from the Human Resources Department;

  36. Authentication credentials cannot be disclosed and must be kept by the user with the utmost diligence (e.g. they must not be shared and must not be written down or left in places where they could be easily discovered);

  37. Users must change the assigned password upon the first access. In particular it must consist of an alphanumeric code of at least 8 characters, it must be easy to remember but not easy to guess (e.g. it must not contain common names or phrases or be in any way connected to the user’s private life, such as the name or surname of relatives, car registration number, date of birth or city of residence);

  38. The password must be changed at least every 3 months, except in cases where the system/application does not require it periodically. Each new password must also be different from the last 10 used;

  39. If there is a suspicion that third parties have come into possession of the password for access to the corporate network, the user must report this without delay to the person in charge of authentication credential safekeeping, i.e. to staff in charge of the Company’s IT systems;

  40. Accesses by users, by any method, to data, systems and the network are subject to periodic checks.

  41. Activities carried out by staff in charge of IT systems (for example, administrators or system operators, programmers, etc.) involving management of data and information pertaining to the Company or personal data of employees or third parties:

  42. staff in charge of IT systems are authorised to perform operations on the Company computer system intended to guarantee security and safeguard the system as well as for additional technical and/or maintenance reasons (for example, updating/replacing/implementing programs, hardware maintenance etc.);

  43. staff in charge of IT systems work on individual PC workstations for the purposes described above exclusively at the request of users or, in cases of objective need, following the technical identification of problems in the IT and telematic system;

  44. Checks on IT tools are carried out by the Company in full compliance with the fundamental rights and freedoms of users, as well as current legislation on personal data protection. In particular, preliminary anonymous controls must be preferred; the Company may reserve the right to carry out individual checks to identify unlawful conduct only in the event of persistent abnormal use of IT tools. In any case, compliance with current legislation on the protection of personal data must be ensured.

    ?

 3. ENVIRONMENTAL CRIMES

Article 25 undecies of the Decree extends the entity’s liability to the environmental crimes described below.

3.1. Relevant cases

  1. Environmental pollution, laid down in Article 452-bis of the Italian Criminal Code: this offence occurs when there is a significant and measurable impairment or deterioration of water, air, extensive and significant portions of the soil or subsoil (1), of an ecosystem or of biodiversity, including that of agriculture and or flora or fauna (2).

    The law provides for an increase in the penalty if the pollution arises in a protected natural area or an area subject to environmental, historical, artistic, architectural or archaeological limitations, or is to the detriment of protected animal or plant species.

     

  2. Environmental disaster, as laid down in Article 452-quater of the Italian Criminal Code: this is intended to punish those who illegally cause an environmental disaster, meaning irreversibly altering the balance of an ecosystem or altering the balance of an ecosystem whose elimination is particularly onerous and achievable only through exceptional measures or an offence against public safety due to the relevance of the event as a result of its harmful effects or the number of people injured or exposed to danger;

  3. Premeditated crimes against the environment, laid down in Article 452-quinquies of the Italian Criminal Code, which states “If any of the events referred to in Articles 452-bis and 452-quater is committed through negligence, the penalties envisaged by the Articles are reduced from one to two thirds. If commission of the events referred to in the previous paragraph gives rise to the danger of environmental pollution or environmental disaster the penalties are further reduced by one third”;

  4. Trading and dumping highly radioactive material, as laid down in Article 452-sexies, this is intended to punish the conduct of anyone who illegally sells, buys, receives, carries, imports, exports, procures for others, holds, transfers, dumps or unlawfully disposes of highly radioactive material;

  5. Organised crimes intended to commit an offence against the environment as laid down in Article 452 octies of the Italian Criminal Code: this situation applies if the criminal association envisaged by Article 416 of the Italian Criminal Code is direct, exclusive or concurrent, for the purpose of committing one of the aforementioned crimes against the environment;

  6. Crimes related to discharging industrial wastewater containing dangerous substances laid down in Article 137, paras 2, 3, 5, 11 and 13, of Legislative Decree No 152 of 3 April 2006. Such crimes arise when the conduct of business activities involves discharging industrial wastewater containing dangerous substances in concentrations that do not comply with legal requirements or the activities themselves are carried out against provisions laid down by the authorities;

  7. Crimes relating to waste management laid down in Article 256, paras 1, 3, 5 and 6, Legislative Decree 152/2006; these offences arise due to the collection, transport, recovery, disposal, trade and intermediation of hazardous and non-hazardous waste without a specific authorisation; illegal temporary deposit at a hazardous medical waste production site; building or managing an unauthorised landfill site, which may be intended for hazardous waste; unauthorised waste mixing activities;

  8. Crimes relating to site remediation, laid down in Article 257, paras 1 and 2, Legislative Decree 152/2006; such offences arise when pollution of the soil, subsoil, surface water or groundwater is caused by exceeding risk threshold concentrations and the competent authorities are not notified within the time limits required by law or site remediation has not been carried out in accordance with requirements laid down in the project approved by the competent authority;

  9. Drawing up or use of a waste analysis certificate indicating false information as laid down in Article 258, paragraph 4, Legislative Decree 152/2006 this punishes those who, when preparing waste analysis certificates, provide false information about the nature, composition and chemical and physical characteristics of the waste and those using fake certification during transportation;

  10. Illegal trafficking in waste, as laid down in Article 259, paragraph 1, Legislative Decree 152/2006 and which punishes anyone who makes a shipment of waste that constitutes illegal traffic pursuant to Article 2 of Regulation (EEC) No 259 of 1 February 1993, or makes a shipment of waste listed in Annex II of the aforementioned regulation or in violation of Article 1, paragraph 3, letters a), b), c) and d) of the Regulation;    

  11. Organised activities for the illegal trafficking of waste, laid down in Article 260, paras 1 and 2, Legislative Decree 152/2006, which punishes anyone who sells, receives, transports, exports, imports or otherwise illegally manages large quantities of waste, in order to obtain an unfair profit by carrying out operations and preparing organised media and activities,;

  12. Falsification of a waste analysis certificate used within the waste traceability control system, use of a certificate or a paper copy of a fraudulently altered SISTRI form, as laid down in Article 260-bis, paras 6, 7 and 8, Legislative Decree 152/2006; these criminal offences punish anyone who provides false information on the nature, composition and chemical and physical characteristics of waste materials when preparing a waste analysis certificate used as part of the waste traceability control system, includes a false certificate in data to be provided for the purposes of waste traceability, as well as making use of a waste analysis certificate containing false information on the nature, composition and chemical and physical characteristics of transported waste during transport. The crime also punishes any shipping agent who accompanies transported waste with a paper copy of a fraudulently altered SISTRI - Handling Area form;

  13. Violation of maximum emission limit values when operating a plant, as laid down in Article 279, paragraph 5, Legislative Decree 152/2006, which arises when emissions into the atmosphere lead to air quality limit values established by current legislation being exceeded;

  14. Offences relating to the protection of the ozone layer, laid down in Article 3, paragraph 6, Law No 549 of 28 December 1993; such offences arise in the event of illegal activities related to: production, consumption, importation, exportation, possession, use for productive purposes and marketing of substances damaging to the atmospheric ozone layer.

3.2. Identification of areas and activities at risk of crime

Activities and processes in which the commission of crimes pursuant to Article 25 25 undecies of the Decree may abstractly arise are as follows:

  1. Procurement of goods and services from suppliers and contractors;

  2. Management of emissions of volatile substances into the atmosphere;

  3. Waste management;

  4. Management of acoustic emissions;

  5. Management of hazardous substances;

  6. Management of environmental emergencies;

  7. Machine and plant maintenance.

    When managing sensitive activities other than those listed, they must be conducted in compliance with general principles of conduct, principles set out in the Code of Ethics, regulations and internal organisational documentation.

    The Head of the Environmental Management System (RSGA) is responsible for promptly reporting changes and/or additions to the sensitive areas and activities to the Supervisory Body, in compliance with provisions set out in the General Part of the Model.

3.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with Company procedures and regulations, operating instructions, and any other document that regulates activities falling within the scope of the Decree, including the “Quality and Environment Manual” adopted by SPAL and updated on 2.10.2017, to which full reference should be made.

For the prevention of environmental crimes, the essential premises of the Model require compliance with some general principles, and in particular:

  • Formulation of a corporate organisational structure: operating procedures, roles, responsibilities and the hierarchical reporting structure must be clear and properly formulated;

  • Documentation of operations: methods of authorisation, execution, recording and verification of operations carried out and of the individuals involved must be properly documented ;

  • Separation of functions: every activity and every process must be managed by several identified individuals and cannot be managed independently by a single individual within the Company;

  • Control of the activities: satisfactory documentary evidence must be ensured for all activities;

  • Staff information and training: the Head of the Environmental Management System (RSGA) develops an appropriate training programme, with different frequencies and content according to the different levels of responsibility of Recipients, periodically verifying the training needs of the workers involved in sensitive activities. The training activity delivered is documented and maintained by the Head of the Environmental Management System.

3.4. Specific prevention protocols

The specific preventive measures to be adopted when carrying out activities at risk of crime are indicated in the “Quality and Environment Manual” and in the relevant Reference Documentation adopted by the Company, to which full reference is made.

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  1. Procurement of goods and services from suppliers and contractors:

  2. Suppliers are identified by Purchasing Department staff;

  3. The suitability of the supplier and its structure, possession of quality requirements and compliance with environmental legislation are assessed through a specific check list;

  4. Suppliers are evaluated according to a specific Quality System procedure PR 5-1 entitled “Management of procurement and suppliers”, which is referred to here where relevant;

  5. Periodic checks on the maintenance of quality and suitability requirements by the usual suppliers are periodically carried out by the Purchasing Department, if applicable with the cooperation of the Head of the Environmental Management Service;

  6. The Plant Services Manager ensures that contractors and suppliers who operate in the Company are properly informed of the regulations, procedures and operating instructions to be respected.

  7. Management of emissions of volatile substances into the atmosphere:

  8. Compliance with current legislation on atmospheric emissions is ensured, as well as valid authorisation provisions provided for by sector legislation;

  9. Emissions and compliance with the relative authorisations are subject to periodic monitoring by the Company management, which may use supervisors and other employees for these checks;

  10. The results of periodic monitoring of emissions into the atmosphere are documented, compared with applicable emission limits and appropriately archived by the RSPP and Plant Services Manager;

  11. Sampling and emission testing is conducted by an external laboratory; the constant traceability of activities related to the management of atmospheric emissions is in any case ensured.

  12. As part of the activities described below, full reference is made to environmental procedures adopted by SPAL, which describe specific Company protocols relating to:

  13. Process waste management, with particular reference to:

  14. collection and communication of waste stock;

  15. production of new waste;

  16. storage and control of waste status;

  17. updated authorisations;

  18. Management of acoustic emissions, with particular reference to:

  19. planning of internal and external noise monitoring activities and documentation of activity results;

  20. constant traceability of activities related to the management of acoustic emissions.

  21. Management of hazardous substances, with particular reference to:

  22. handling of hazardous materials;

  23. use of hazardous substances.

  24. Machine and plant maintenance.

  25. Management of environmental emergencies.

 

?

4. CRIMES AGAINST INDUSTRY AND TRADE

Article 25-bis1 of the Decree entitled “Crimes against industry and trade”, extends the entity’s administrative responsibilities to the following types of crime.

4.1. Relevant cases

  1. Disruption of the freedom of industry or trade (Article 513 of the Criminal Code): the offence occurs when a person uses violence against things or fraudulent means to prevent or disturb the exercise of an industry or a trade.

    This occurs in cases of unfair competition aimed at hindering or blocking the activity of the competitor through the use of means designed to mislead or creating a devious and unfair attitude that tends to hide its unlawful nature by deception.

  2. Unlawful competition through threat or violence (Article 513 bis of the Criminal Code): the offence occurs in the case of acts of competition committed through the use of violence (that is, using any means capable of depriving the victim of freedom of determination and of action) or threat (any conduct intended to arouse fear and to arouse concerns about unjust damage, thus inducing the victim to do, tolerate or omit something).

  3. Fraud against national industries, as laid down in Article 514 of the Criminal Code: the offence takes place in cases where an individual causes damage to the national industry by selling or circulating industrial products on national or foreign markets with counterfeit or altered names, trademarks or distinguishing marks.

  4. Frauds in the exercise of trade (Article 515 of the Criminal Code): the offence occurs when an individual, in the exercise of a commercial activity or in a shop open to the public, delivers to the buyer one moveable thing instead of a another, i.e. is a thing that differs from the one declared or agreed upon by virtue of its origin, quality or quantity.

    For example, the crime occurs when selling products with a designation alluding to certain ingredients that are not actually present in the product composition, or if the geographical origin is falsely indicated on the label.

  5. Sale of industrial products with misleading signs (Article 517 of the Criminal Code): the crime occurs if a person puts intellectual works, industrial products, brands or national distinguishing marks on the market or in circulation to mislead the buyer about the source, origin or quality of the work or product.

  6. Production and sale of goods produced by usurping industrial property rights (Article 517 ter of the Criminal Code): this crime is committed in the case of the manufacture or industrial use of objects or other goods, usurping an industrial property title or violating the above protection.

  7. For the sake of completeness, the rules laid down in Article 25 bis1 of the Decree cover situations of counterfeiting geographical indications or designations of origin of agri-food products (Article 517 quater of the civil code). No examination of this topic is necessary here since it is not relevant to the activity carried out by SPAL.

4.2. Identification of areas and activities at risk of crime

Activities in which the commission of crimes pursuant to Article 25 bis1 of the Decree may abstractly arise are as follows:

  1. Design and implementation of new products, solutions, technologies and tools;

  2. Acquisition, claiming, registration and management of trademarks, patents, designs, models or other securities or industrial property rights;

  3. Purchase and sale of products.

    Corporate areas of the Process Engineering Department and the Product Engineering and Programme Management Department, as well as the Commercial Department and the Purchasing area, each within the respective powers, are therefore considered to be at risk.

4.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of high-risk activities, must comply with Company procedures and regulations, operating instructions, and any other document that regulates activities falling within the scope of the Decree.

For the prevention of crimes against industry and trade the essential premises of the Model require compliance with some general principles, and in particular, as an example:

  • scrupulous compliance with all laws in force on the subject, with particular reference to the rules on competition, to those inherent to intellectual and/or industrial property and to the rules concerning geographical indications and the quality of the goods placed on the market;

  • a ban on resorting to violence, threats or the use of fraudulent means to hinder the industrial or commercial activity of others or to perform acts of competition in the exercise of a business activity;

  • the obligation to refrain from conduct intended to cause damage to national industries by selling or in any case putting into circulation, on national or foreign markets, industrial products with counterfeit or altered names, trademarks or distinguishing marks;

  • a commitment not to deliver to the buyer, in the exercise of the commercial activity, a product whose source, origin, quality or quantity is different from the one declared or agreed upon;

  • adequately informing Recipients of the Model on methods of conduct to be adopted to prevent and/or mitigate the risk of carrying out activities at risk of crime;

  • timeliness, accuracy and good faith in communications provided to the departments responsible for the management of patents, trademarks, original works and distinguishing marks;

  • management and constant monitoring of the competent corporate functions, as better specified below, with regard to activities connected to the implementation of activities at risk of crime;

  • ensuring traceability of operations for management and control of areas at risk through adequate documentation of activities and filing thereof for the purposes of verification by the Company when required;

  • periodically reporting the performance of the aforementioned activities, as well as immediate reporting of any irregular situations to the Supervisory Body by the aforementioned Company functions.

4.4 Specific prevention protocols

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  1. Design and development of new products, solutions, technologies and tools:

  2. The design and development of new products, technologies and tools for expanding business opportunities related to technological and market developments is carried out under the responsibility of the Process Engineering Department and the Product and Programme Engineering Department Management, each within their respective powers, in compliance with national and international regulations in force, including those applied to protect intellectual or industrial property;

  3. It is expressly forbidden to use third-party patents for which a license is not held as part of the production process.

  4. Acquisition, claiming, registration and management of trademarks, patents, designs, models or other securities or industrial property rights:

  5. Recipients of this Model who are involved in sensitive activities relating to crimes against industry and commerce are required to use trademarks, distinguishing marks, patented goods, models and designs only after verifying that their use does not violate the rights of third parties and in general does not fall into the types of crimes provided for by the Decree and indicated in this Special Section;

  6. Before the registration of each trademark, logo or distinguishing mark and before the patenting of inventions, designs and other inventions, a check is run to ensure no identical prior registrations or patents exist at national, European or international level under the responsibility of the Process Engineering Directorate and the Product Engineering and Program Management Department, each within their respective competencies;

  7. Any distinguishing marks or original works owned by third parties are used by the Company only after drawing up a regular license contract: the use of distinguishing marks and/or intellectual works that SPAL does not own or hold a license for is therefore precluded;

  8. It is expressly forbidden to counterfeit or alter brands and distinguishing marks whose ownership can be attributed to third parties.

  9. Purchase and sale of products:

  10. Commercial activities are developed under the responsibility of the Commercial Department and the Purchasing area in compliance with the principles expressed in the Company's Code of Ethics, avoiding any form of direct or indirect unfair, intimidating, blocking or distorting market competition;

  11. It is not forbidden to circulate industrial products with counterfeit or altered names, trademarks or distinguishing mark on domestic or foreign market;

  12. Products are sold by ensuring that they are not put into circulation with counterfeit names, trademarks or distinguishing marks such as to mislead with regard to the source, origin or quality of the product;

  13. Products must be purchased after verifying the absence of counterfeit names, trademarks or distinguishing marks that are such as to mislead with regard to the source, origin or quality of the product itself;

  14. Adequate evidence of the above verification must be provided through documentation and filing for the purposes of checking by the Company, if required.

 

5. OFFENCES CONCERNING THE INFRINGEMENT OF COPYRIGHT

Article 25-novies of the Decree extends the entity’s administrative responsibilities to the following types of crime.

5.1. Relevant cases

  1. Making a protected intellectual work available, through telematic network systems (Article 171 comma 1, point A-bis and para 3 of Law No 633/1941 as amended);

  2. Duplication, sale or possession for commercial or business purposes of programmes not marked by the SIAE [Italian Society of Authors and Editors] (Article 171 bis of Law No633/1941 as amended);

  3. Duplication, transmission, dissemination or distribution of intellectual works (Article 171 ter of Law No633/1941 as amended);

  4. Omitted or false communication to SIAE (Article 171 septies of Law No 633/1941);

  5. Sale, installation, use of decoders for conditional access transmissions (Article 171 octies of Law No 633/1941 as amended).

5.2. Identification of areas and activities at risk of crime

Business areas identified as at risk are those using tools and technologies connected to the information system of the Company to carry out their activities.

In particular, activities in which the commission of crimes pursuant to Article 25 novies of the Decree could abstractly occur are as follows:

  1. Management and protection of information systems (e.g. through the purchase and/or renewal of licenses and software covered by copyright);

  2. Publication of content on the Company's website.

5.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with Company procedures and regulations, operating instructions, and any other document regulating activities falling within the scope of the Decree.

For the prevention of crimes relating to the infringement of copyright the essential premises of the Model require compliance with some general principles, and in particular:

  • It is not permitted to carry out any conduct that may amount on an abstract basis to the relevant cases already described in this Special Section of the Model;

  • Compliance with internal, European and international laws protecting copyright must be ensured;

  • Preventive and periodic verification to ensure online content complies with current copyright legislation and rights connected to the use of protected intellectual works;

  • Only software with a user license must be used, within the limits and under the conditions established by current legislation and by the license, with the exception of those programs which are free to use, always under the conditions and within the limits established by law or by the holder of authorship rights and other rights related to its use;

  • Traceability of software management activities is ensured through the preparation and filing of documentation regarding such activities for the purposes of verification by the Company if required;

  • Appropriate information must be provided to Recipients of the Model on methods of conduct to be adopted for the correct use of corporate IT resources (in this case reference is made to the principles of conduct and specific protocols referred to in § 2) and to the lawful use of software in use;

  • The Company must scrupulously adhere to administrative formalities related to the use of works protected by copyright in the management of the corporate information system, as well as in the use of the Company website.

    5.4. Specific prevention protocols

    This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  • Management and protection of computer programs:

  • It is only permitted to use software for which a license has been obtained under the conditions set by the license and by current legislation, or to use software intended for free use, always under the conditions established by current legislation;

  • Software licenses are purchased only from certified sources that guarantee the originality and authenticity of programs;

  • The number of software installations must not exceed the number of copies authorised by the license;

  • Only the installation of software provided and authorised by the Company is permitted;

  • Users of computer systems receive appropriate training in the use of software and are informed that they are protected by copyright law and the associated penalties in the event of violation;

  • It is forbidden to use Company assets for conduct that violates the legislation on copyright;

  • Any data, images and/or software developed by the Company and of strategic value for the Company are protected through industrial secrecy;

  • Staff in charge of the IT Security Department of the Company carry out periodic checks on the correct use of the software and update licenses and software in use;

  • The Company IT Security manager ensures that adequate documentation is prepared on the above control activity by performing a specific survey on software used by the Company;

  • The Company IT Security manager verifies that any publications, reproductions or transcriptions of original works comply with the regulations in force and have the relevant authorisations;

  • The Company IT Security manager regularly reports to the Supervisory Body regarding the performance of the aforementioned activities.

  • Publication of content on the Company's website.

  • With particular reference to the management of the Company's website, it is not permitted to disseminate and/or transmit works by third parties protected by copyright in the absence of agreements with the respective owners or in violation of the previous conditions.

  • Staff in charge of the IT Security department verify the content published on the Company's website to ensure their compliance with the legislation on copyright.

  • In particular, IT Security staff periodically check for any unauthorised content or content infringing copyright on the Company website and, if necessary, remove it.

 

6. PROPERTY CRIME

Article 25-octies of the Decree extends the entity’s administrative responsibilities to the following types of crime.

6.1. Relevant cases

  1. Handling stolen goods, laid down in Article 648 of the Criminal Code: the crime occurs when an individual, to procure a profit for himself or others, buys, hides or concealed money or things from any crime or, in any case, interferes to ensure they are bought, received or concealed.

  2. < >, laid down in Article 648 bis of the Criminal Code: the offence occurs when a person replaces or transfers money, goods or other benefits deriving from a non-culpable crime, or performs other associated operations in such a way as to hinder the identification of their criminal origin;

    Use of money, assets or benefits of illegal origin laid down in Article 648 ter of the Criminal Code: outside the cases described above, the crime occurs when an individual uses money, goods or other benefits obtained from crime in economic or financial activities;

  3. < >laid down in Article 648 ter 1 of the Criminal Code: the crime occurs when an individual, after having committed or conspired to commit a crime, employs, substitutes or transfers money, goods or other utilities from such a crime to economic, financial, entrepreneurial or speculative activities, in order to specifically hinder the identification of their criminal origin.

    Management of financial flows (collections and payments);

  4. Management of product and services purchases.

    All business areas that may involve the use of money, proceeds and/or assets deriving from offences due to the activities they perform, including, for example, the Purchasing area, the Commercial Department, the Administrative and Financial Department, the Relationship & Commercial Relationship area, are considered to be at risk.

6.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with any existing Company procedures and regulations, operating instructions, and any other document or established Company practice that regulates activities falling within the scope of the Decree.

For the prevention of the property crime described above the essential premise of the Model require compliance with some general principles, and in particular, as an example:

  • It is not permitted to carry out any conduct that could on an abstract basis amount to the situations described above in this Special Section of the Model;

  • Recipients of the Model are required to uphold proper and transparent conduct, in compliance with the national and supranational laws in force and the Company procedures, in all activities aimed at managing the registry of suppliers, customers, partners, as well as in activities relating to the circulation of cash and the receipt and/or issue of cheques;

  • A specific procedure is in place to govern, in particular, the management of purchases and the movement of financial flows in general;

  • The roles and responsibilities of the functions involved in the purchasing process are clearly identified;

  • Suppliers are properly selected;

  • The use of anonymous tools for the transfer of significant amounts is not permitted;

  • Transparency and accuracy of accounting documents and associated financial flows, as well as the truthfulness of the data prepared, is ensured;

  • Constant monitoring of the Company's financial flows is ensured, and their traceability is also guaranteed through appropriate documentation and filing activities;

  • The transparent management of supplies, goods and services is ensured;

  • Adequate training programmes are adopted for staff considered to be exposed to the risk of money laundering pursuant to Article 16 para 3 of Legislative Decree n. 231/2007.

6.4. Specific prevention protocols

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  1. Management of financial flows

    In the management of financial flows, carried out under the responsibility of the Administrative and Financial Management of the Company:

  2. The Company payment methods and the rules for the use of payment instruments must be clearly identified and formalized in line with the reference legislation for financial traceability;

  3. Documentary evidence must be provided for any collections through sums of cash, bank cheques, bank transfers or other means of payment;

  4. This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  5. Cash payments can only be made within the limits allowed by law; no payment can be made in kind;

  6. Full matching of Recipients/payers and the counterparties actually involved in the transactions is assured. To this end, it is forbidden to receive payments through non-authorised intermediaries for any reason or through the interposition of third parties that make it impossible to identify the individual providing payment;

  7. Proper execution of tax obligations is constantly and periodically verified, as the completeness of tax statements and Company obligations;

  8. Traceability is provided for the aforementioned activity through documentation and filing for the purposes of verification by the Company, if required;

  9. Formal and substantial checks are carried out on Company financial flows, with reference to payments to third parties;

  10. It is expressly forbidden to use sums in economic, financial or business activities in violation of the Company's Articles of Association;

  11. Supervisory activity is carried out on the correctness of General Accounting management, guaranteeing adequate segregation of roles. In particular, separation by functions within the administrative department is assured in order to allow two tiers of controls in terms of proper accounting and tax dealings and cash flow;

  12. Transactions that seem suspicious with regard to the legitimacy of origin of sums involved in the transaction or to the reliability and transparency of the counterpart, as well as any irregularities found regarding events or circumstances that may be relevant to the commission of crimes covered by this Special Section must be reported to the Supervisory Body;

  13. Management of product and services purchases.

    When managing product and services purchases, under the responsibility of Purchasing and Supplier Quality:

  14. The commercial and professional reliability of suppliers and commercial and financial partners is verified, with particular regard to their subjective profile, conduct, geographical location, economic characteristics of the transaction and the purpose of the transaction;

  15. It is forbidden to purchase goods and services from persons (natural or legal) who do not exercise their professional activity;

  16. The purchase of goods or services is governed by a written contract specifically agreeing the price of the good or service - also defined within the purchase order - as well as the price determination criteria;

  17. Prior assessment and authorisation of the manager of the function requesting the asset or service is required for purchase contracts of significant value;

  18. Transparency and traceability of agreements with other companies over investments are ensured, under the responsibility of the Process Engineering Department, the Purchasing Department and the Group's Administrative and Financial Department;

  19. The persons (natural or legal)with whom the Company concludes contractual relationships or transactions of a financial nature are identified and the relevant data are properly documented and archived;

  20. If considered necessary, agreements with suppliers and commercial partners may include a contractual clause whereby the counterpart undertakes to operate in compliance with the principles of the Decree, otherwise the contract allows the Company to terminate the contract;

  21. Traceability of the service delivery process is guaranteed during the stage when the goods enter the warehouse, during the shipment and during filing of the related documentation.

 

7. OFFENCES RELATED TO THE EMPLOYMENT OF THIRD-COUNTRY NATIONALS WHOSE RESIDENCY IS IRREGULAR

Article 25-duodecies of the Decree extends the entity’s administrative responsibilities to the following types of crime.

7.1. Relevant cases

  1. Temporary and permanent self-employment as laid down in Article 22, comma 12 bis of Legislative Decree No286 of 1998 as amended: this provides for punishment of an employer who employs foreign workers without a residence permit, or workers whose permit is expired, revoked, cancelled or not renewed in accordance with the law. In particular, penalties are increased if the number of workers employed exceeds three; if the employed workers are minors who are too young to work; if the employed workers are subject to other particularly exploitative working conditions;

  2. Provisions against illegal immigration laid down in Article 12, paras 3, 3 bis and 3 ter of Legislative Decree No286 of 1998 as amended: the offence occurs when an individual, in violation of the provisions of Immigration Law, promotes, directs, organises, finances or transports foreigners into State territory or performs other acts aimed at illegally obtaining their entry into the territory of the State or that of another State of which the person is not a citizen or resident;

  3. Provisions against illegal immigration laid down in Article 12, comma 5 of Legislative Decree No286 of 1998 as amended: the crime occurs when an individual promotes a foreigner’s stay in State territory in violation of the provisions of the Immigration Consolidation Act in order to derive an unfair advantage from the foreigner's condition of illegality.

7.2. Identification of areas and activities at risk of crime

Activities in which the commission of crimes pursuant to Article 25 duodecies of the Decree may arise on an abstract basis are as follows:

  1. Recruitment and hiring of staff;

  2. Conclusion of procurement contracts with particular reference to those with companies employing staff from non-EU countries.

7.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with Company procedures and regulations, operating instructions, and any other document that regulates activities falling within the scope of the Decree.

For the prevention of crimes relating to the employment of third-country nationals whose residency is irregular the essential premise of the Model requires compliance with some general principles, and in particular:

  • Compliance with the legislation in force over the selection and recruitment of third-country national workers;

  • Prohibition of discrimination in the selection process: in particular, equal opportunities for access to job offers are guaranteed to all candidates without distinction of sex, religion, political opinions, ethnicity, language, nationality, sexual orientation, personal and social conditions within the framework of applicable laws;

  • Traceability and transparency of the recruitment process;

  • Possession, by workers from third countries, of a regular residence permit from the moment of employment and throughout the employment relationship;

  • Timely reporting of cases of termination, suspension or revocation of conditions of regular residence to the Human Resources Department manager;

  • Reporting to the competent authorities of any violations of current legislation on the employment of third-country nationals;

  • Selection of counterparts intended to provide particular services through the use of unskilled labour following an assessment of their reliability for the purpose of preventing crimes concerning the employment of irregular foreign workers.

7.4. Specific prevention protocols

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  1. Recruitment and hiring of staff:

  2. Departments requiring staff recruitment and hiring are required to submit an official request to the Human Resources Department;

  3. The request is authorised by the Human Resources Department according to internal procedures;

  4. A special procedure is in place for the hiring of foreign workers;

  5. During the recruitment phase, a copy of a valid residence permit is given by the candidate to the Human Resources Department manager;

  6. The Human Resources Department verifies the expiry of the residence permit held by any worker hired by the Company in order to monitor its validity during the employment relationship;

  7. The entire process of recruiting and hiring third-party workers is properly tracked: for this purpose, the documentation collected during the selection and recruitment phase is filed by the Human Resources Department manager, which allows any necessary checks relating to deadlines and/or renewals of residence permits within the limits of and in compliance with the data processing regulations.

  8. Conclusion of procurement contracts with particular reference to those with companies that employ personnel from non-EU countries. Although the Entity bears no administrative liability if the Company performing the work commits the offence of employing irregular workers pursuant to the Decree, even with regard to the contractor, it seems advisable, as a precaution, to provide for compliance with certain specific principles in cases where the entity makes use of companies that employ staff from non-EU countries or temporary workers using the service of specialized agencies.

    In addition to the general principles of conduct indicated above, this Model adopted and implemented by SPAL therefore identifies the specific protocols indicated below:

  9. Preliminary verification of the technical and professional fitness of the Company’s executives and self-employed workers who access the Company pursuant to the provisions of Article 26, paragraph 1, point a) of Legislative Decree No 81/08 and subsequent amendments (Consolidated Safety at Work Act);

  10. Acquisition of an updated list of employees present in the Company for the execution of the works entrusted to the executing Company and relevant checks to ensure documents are in order;

  11. Supervision of the actual staff of the executing Company present in the Company, cross-checking particulars or data indicated in the identification cards against those declared and officially communicated through the above list;

  12. Appropriate traceability through documentation relating to tenders and subcontracts and the filing thereof for the purposes of verification by the Company, if required;

  13. Reporting of any irregular or anomalous situations to the administrative body of the Company by the competent corporate functions;

  14. A periodic check on activities linked to processes at risk of crimes regarding the employment of irregular workers by the Supervisory Body, which can access and consult the relevant documentation and make call on the cooperation of the necessary business departments.

 

8. CRIME OF INDUCEMENT NOT TO MAKE STATEMENTS OR TO MAKE FALSE STATEMENTS TO THE JUDICIAL AUTHORITIES

Article 25-decies of the Decree extends the entity’s administrative responsibilities to the following types of crime.

8.1 Relevant case

Inducement not to make statements or to make false statements to judicial authorities pursuant to Article 377 bis of the Criminal Code: the offence occurs when a person induces a person called on to make declarations that can be used in criminal proceedings before the judicial authority not to make statements or to make false statements through violence or threats, or by making an offer or promise of money or other benefits, when the latter has the right to remain silent.

8.2. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with Company procedures and regulations, operating instructions, and any other document that regulates activities falling within the scope of the Decree.

Prevention of the crime of inducement not to make statements or to make false statements to judicial authorities pursuant to the essential premises of the Model requires compliance with some general principles, and in particular, as an example:

  • It is not permitted to carry out any conduct that may also amount on an abstract basis to the relevant cases already described in this Special Section of the Model;

  • It is not permitted to coerce individuals called to make statements or induce them to avail themselves of the faculty not to reply to the judicial authority in any form or manner;

  • It is forbidden to induce the aforementioned individuals to make false statements;

  • It is forbidden to give, offer or promise money, gifts or other advantages to individuals called to make statements before the Judicial Authority.

8.3. Specific prevention protocols

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  • in relations with the Judicial Authority, it is necessary to ensure that suspects or defendants in criminal proceedings, especially in the case of proceedings in which the Company may be directly or indirectly involved, can freely describe their own version of events if they decide to submit to questioning;

  • it is necessary to ensure that the Supervisory Body is notified of any violence or threat, pressure, offer or promise of money or other benefit, received in order to induce individuals to alter statements to be made to the Judicial Authority or refrain from making them;

  • those who carry out control and supervision functions over the conduct of the aforementioned activities must pay particular attention to the implementation of the obligations and report any irregular situations immediately to the Supervisory Body.

 

9. OFFENCES COMMITTED IN RELATIONS WITH THE PUBLIC ADMINISTRATION

Articles 24 and 25 of the Decree extends the entity’s administrative responsibilities to the following types of crime.

9.1. Relevant cases

  1. Misappropriation against the State, laid down in Article 316-bis of the Criminal Code: this offence occurs if an individual outside the Public Administration obtains contributions, subsidies or loans intended to sponsor initiatives aimed at carrying out works or carrying out activities of public interest from the State or other public body or from the European Union but does not assign them to the purposes for which they were intended;

  2. Undue receipt of funds to the detriment of the State, laid down in Article 316- ter of the Criminal Code: the offence occurs when an individual unduly obtains, for himself or others, contributions, loans, subsidized loans or other disbursements of the same type, however they are designated, granted or disbursed by the State, by other public bodies or by the European Union through the use or submission of false declarations or documents or evidence of things that are not true, or through the omission of due information;

  3. Fraud against the State or other public body, laid down in Article 640 of the Criminal Code, comma 2, No 1 of the Criminal Code: the offence is committed by those who, through artifice or deception, induces someone to erroneously procure for themselves or others an unjust profit to the detriment of others, if the fact is committed to the detriment of the State or another public body;

  4. Aggravated fraud for the obtaining of public funds or grants, laid down in Article 640-bis of the Criminal Code: the offence takes place if an individual, through artifice or deception, obtains contributions, financing, subsidized loans or other disbursements of the same type, offered or granted by the State, other public bodies or the European Union;

  5. Computer fraud against the State or other public bodies, laid down in Article 640-ter of the Criminal Code is committed by those who, by altering in any way the operation of a computerised or telematic system, or unrightfully carrying out any action on data, information, or programs contained in a computer or telematic system, or pertaining to it, derives an unfair profit for themselves or others, to the detriment of the State or other public body;

  6. < >, laid down in Article 317 of the Criminal Code is committed by public officials or persons in charge of a public service who abuse their position or powers to force someone to give or unduly promise him or a third party money or other benefits;

    Corruption in the exercise of a function, laid down in Article 318 of the Criminal Code is committed by public officials who, through the exercise of their functions or powers, unduly receive, for themselves or third parties, money or other benefits or promise to do so;

  7. Corruption due to acting contrary to office duties, laid down in Article 319 of the Criminal Code committed by public officials who, by omitting or delaying or having omitted or delayed an official action, or by performing or having performed an action contrary to their official duties, receives money or other benefits for themselves or a third party, or agrees to do so;

  8. Corruption in legal proceedings, laid down in Article 319-ter of the Criminal Code amounts to an act of corruption, if committed to benefit or damage a party in a civil, criminal or administrative process;

  9. Improper inducement to give or promise benefits, laid down in Article 319-quater of the Criminal Code is committed by public officials or public service representatives who, unless their action amounts to a more serious offence, abuses their position or powers to induce someone to give or promise money or some other utility unduly to themselves or to a third party, and also applies to the person who gives or promises the money or other benefit;

  10. Corruption of an individual in charge of a public service, laid down in Article 320 of the Criminal Code, reflects the conduct referred to in Articles 318 and 319 of the Criminal Code if committed by a public service officer;

  11. Penalties for persons offering bribes, within the meaning of Article 321 of the Civil Code, provides that the penalties established in Articles 318, paragraph 1, 319, 319-bis, 319-ter and 320 of the Criminal Code in relation to cases set out in Articles 318 and 319 of the Criminal Code, also apply to those who give or promise a public official or the person in charge of a public service money or other benefits;

  12. Instigation to corruption, laid down in Article 322 of the Criminal Code: the crime is committed by anyone who offers or promises money or other benefits not due to a public official or a person in charge of a public service for the exercise of his functions or powers, or to induce him to omit or delay an official action or to carry out an act contrary to his duties, if the offer or promise is not accepted.

9.2. Identification of areas and activities at risk of crime

Activities at risk of commission of the crimes referred to in Article 24 and 25 of the Decree are the following:

  1. Management of relations with the Public Administration for legal compliance purposes (for example, declarations, authorisations, communications) and for carrying out inspection activities.

  2. Management of public funding

  3. Management of the process of purchasing goods and services and of consulting assignments

  4. Management of gifts and entertainment expenses

9.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with Company procedures and regulations, operating instructions, and any other document that regulates activities falling within the scope of the Decree.

For the prevention of crimes that could occur on an abstract basis relating to the relations with the Public Administration the essential premises of the Model require compliance with some general principles, and in particular:

  • It is not permitted to carry out any conduct that may amount on an abstract basis to relevant cases already described in this Special Section of the Model;

  • It is expressly forbidden to engage in any situation of conflict of interest with the Public Administration;

  • Relations with the Public Administration, as well as with the judicial authorities in the context of proceedings of any nature, are managed exclusively by persons with appropriate powers or by those who have been delegated by them;

  • It is expressly forbidden to present false declarations and/or documents or to omit information due to national and foreign public bodies for obtaining public financing, as well as to carry out acts that could mislead a public entity for the purposes of granting payments or provisions of any kind;

  • Amounts received by the State or by another national or foreign public body by way of contribution, subsidy or financing cannot be destined for purposes other than those determined;

  • It is expressly forbidden to give or promise, directly or indirectly, undue payments or any other advantage, interest, promise, or utility to representatives of the Public Administration (or to a public official or a person in charge of a public service), as well as to adopt forms of influence, deception or pressure over such representatives for the conclusion of their administrative activity;

  • It is expressly forbidden to assign tasks to individuals reported by the Public Administration to obtain loans, authorisations or other advantages and benefits;

  • It is not permitted to give gifts or presents other than those provided for by Company practice (i.e. any form of gift offered exceeding normal commercial or courtesy practices or for festive occasions, or in any case aimed at acquiring preferential treatment in the conduct of any business activity). In particular, any gift to Italian and foreign public officials or their family members, which may influence their independent judgment or induce them to secure any advantage for the Company, is prohibited. Permitted gifts are always of low value and their distribution must be properly documented in order to allow checks by the Supervisory Body;

  • Any explicit or implicit requests for benefits by public employees, irrespective of their categorisation as a public official or public service employee, for themselves or for third parties (e.g. joint proxies) must be rejected and immediately and reported to their immediate superiors;

  • Anyone who receives gifts and presents other than those provided for by Company practice must notify the Supervisory Body, which assesses the donation so ensure it is appropriate;

9.4. Specific prevention protocols

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

  1. Management of relations with the Public Administration for compliance with the law (for example, declarations, authorisations, communications) and for carrying out the inspection activity).

  2. Relationships with representatives of the Public Administration are managed exclusively by persons with appropriate powers or those delegated to do so

  3. Management of public funding

  4. Management of the process of purchasing goods and services and of consulting assignments

  5. Management of gifts and entertainment expenses

 

10. CORPORATE CRIMES

Article 25 ter of the Decree extends the administrative responsibility of the entity to corporate crimes under the Italian Civil Code.

10.1. Relevant cases

At present, without prejudice to the fact that the list of offence categories that could entail the Company being exposed to risk could be extended, potential risks have been identified with regard to the following cases envisaged by Article 25 ter of the Decree:

  1. Corruption between private individuals, laid down in Article 2635, comma 3 of the Italian Civil Code: the crime occurs when a person, even through a third party, offers, promises or gives money or other benefits not due to persons who, act as administrators, general managers, editorial managers of corporate accounting documents, auditors and liquidators within a Company or private bodies, as well as to persons who are subject to the management or supervision of one of the above parties.

    By way of example (the list is not exhaustive), the offence may arise in the event that an employee or exponent of SPAL, for any reason, receives an undue promise or donation of money or benefits:

  2. in return for concluding commercial agreements for the supply of goods and services at unfavourable economic conditions for the Company;

  3. in return for acquiring new customers or new supplies indicated by the corrupting party or due to preferring a supplier over other competitors;

  4. for performing acts of unfair competition;

  5. in return for concluding consulting or partnership contracts with entities indicated by the corrupting party;

  6. in return for recruiting staff within the Company linked to the corrupting party through particular ties (e.g. family relationship, affinity or similar);

  7. promise or donation of gifts or gratuities that are not of modest value and exceed normal business practices or courtesy.

  8. Instigation to corruption between private individual, laid down in Article 2635 bis of the Italian Civil Code: the crime occurs when a person offers or promises money or other undue benefits, and such an offer or promise is not accepted, to directors, general managers, managers in charge of drafting corporate accounting documents, auditors and liquidators of private companies or entities, as well as to those who work in them with the exercise of managerial functions, to incite them to perform or omit an act in violation of the obligations inherent to their office or of their obligations of loyalty.

    Such an offence is also committed if the aforementioned individuals solicit for themselves or for others, even through a third party, a promise or donation of money or other benefit for performing or omitting an act in violation of the obligations inherent to their office or of their obligations of loyalty, if the solicitation is not accepted.

    The offence of instigation to corruption is deemed to take place in all the examples described above, particularly when the promise or offer of money or other benefits has not been accepted.

10.2 Identification of areas and activities at risk of crime

Activities in which the commission of crimes pursuant to Article 25 ter of the Decree may occur on an abstract basis are as follows:

  1. Management of sales and purchasing and contractual activities in general.

  2. Management of financial resources and gifts, donations and sponsorships

10.3. General principles of conduct

All Recipients of the Model, as identified in the General Section, must conduct themselves in accordance with principles set out in the Company's Code of Ethics and, insofar as they may be involved in the performance of sensitive activities, must comply with Company procedures and regulations, operating instructions, and any other document that regulates activities falling within the scope of the Decree.

For the prevention of corporate crimes that could occur on an abstract basis the essential premises of the Model require compliance with some general principles, and in particular:

  • it is not permitted to carry out any conduct that may also amount on an abstract basis to cases already described in this Special Section of the Model;

  • it is expressly forbidden to carry out operations that cause a conflict of interest with private parties or interfere with impartial decision making in the interests of the Company;

  • it is not allowed to unduly promise or give money or other advantages and/or benefits of any nature to private individuals;

  • it is not permitted to distribute or promise donations and gifts that are not of modest value to parties outside the Company, in violation of Company practices and procedures, as well as principles of correctness, transparency and good faith provided for by the Code of Ethics, in order to influence or repay an action due to them by virtue of their office or to obtain favourable treatment in the conduct of any business activity;

  • all forms of donations that serve the purpose of promoting the image of the Company and/or its goods and services must be authorised and properly documented;

  • no payment is made in kind and any cash payments must be authorised and justified by appropriate documentation;

  • the identities of those who take or implement decisions, those who are bound to provide accounting evidence and those who are required to carry out audits required by law and internal control procedures are separate;

  • the tasks assigned to suppliers and contractors are drafted in writing, indicating the agreed fee for the type of activity to be carried out and including clauses stating a commitment to comply with the provisions of the SPAL Model;

  • traceability of the aforementioned activity is ensured through documentation and filing in paper and electronic form for the purposes of verification by the Company, if required;

  • the corporate functions delegated to carry out the aforementioned activities report regularly to the Supervisory Body and also inform it of any irregular situations.

10.4. Specific prevention protocols

This Model adopted and implemented by SPAL identifies the specific protocols indicated below for preventing the activities at risk of crime identified above:

 

  1. Management of sales and purchase activities

  2. In sales activities, relationships with customers are officially ensured through sales orders and/or the signing of contracts;

  3. Constant monitoring of sales activities is provided for, as well as subsequent verification of the completeness and accuracy of sales orders, with particular reference cross-matching sales orders, the service performed, and invoices issued for the service;

  4. The identities of the corporate departments managing and recording invoices and those managing and processing receipts are separate;

  5. With reference to purchasing activities, compliance with the Company supplier search and selection procedure is ensured, including through a specific supplier qualification and assessment process;

  6. Relationships with suppliers are officially ensured by drawing up specific contracts;

  7. Constant monitoring of purchasing activities is provided for, as well as subsequent verification of the completeness and accuracy of the orders, with particular reference to compliance of goods and services received, both in terms of quality and quantity.

  8. Management of financial resources, gifts and other donations:

  9. compliance with Company practices and procedures is ensured with regard to management of gifts, gratuities and other donations;

  10. it is expressly forbidden to offer gifts, gratuities or other donations to private individuals in order to influence private individuals or interfere in the adoption of decisions by such individuals in the interests of the Company;

  11. the offer of gifts, gratuities and other donations must be authorised in advance by the CEO;

  12. a periodic check is made on expenses incurred for the giving of gifts and donations, by laying down procedures and Company instructions governing methods of verifying donation recipients and checking that financial transactions arranged match the relevant supporting documentation;

  13. traceability is provided for the above activity through documentation and filing in paper and electronic form for the purposes of verification by the Company, if required;

 

 

GLOSSARY

  • TRAINING EXERCISES: a set of activities aimed at allowing workers to learn the correct use of equipment, machines, systems, substances and devices including those used for personal protection and work procedures;

  • SENSITIVE AREAS: Areas of Company activity in which the risk of committing crimes covered by Legislative Decree No 231/2001 may actually arise;

  • SENSITIVE ACTIVITIES (or sensitive processes): activities carried out by the Company in which a potential risk of committing the crimes set out in Legislative Decree n. 231/2001 arises;

  • CODE OF ETHICS: code of conduct that the Company adopts in carrying out its activities, taking laws, regulations of countries of reference and internal rules as its guiding principles, within a framework of ethical values ??of correctness, confidentiality and in compliance with regulations on competition, environmental protection and the health and safety of workers;

  • CONSULTANT: a person outside the Company who carries out non-continuous and fully independent professional activity for the Company based on a specific contractual agreement;

  • CORPORATE GOVERNANCE: the corporate governance Model, i.e. the set of rules governing the management of the Company, including relations between the various parties involved who hold an interest in the Company and its business objectives;

  • LEGISLATIVE DECREE 231/01 ( Decree): Legislative Decree No 231 of 8 June 2001 on the “Rules governing the administrative liability of legal persons, companies and associations, including those without legal status, pursuant to Article 11 of Law No 300 of 29 September 2000”, and subsequent amendments and supplements;

  • EMPLOYER: entity responsible for the employment relationship with the workers or, in any case, the entity that, according to the type and structure of the organisation in which the workers offers their services, holds responsibility for the organisation itself or for the production unit due to exercising decision-making and spending powers;

  • RECIPIENT: person to whom the Organisational and Management Model is addressed, imposing certain operational protocols, rules of conduct, prohibitions or activation obligations. Recipients are persons who perform, including on a de facto basis, Company management, administration, management or control functions, employees of SPAL Automotive, of any grade and by virtue of any type of contractual relationship, even if posted abroad to perform the activity as well as persons who, although not belonging to the Company, operate on its mandate or in its interests and are bound to the Company by collaboration, consultancy or other relations;

  • MANAGER: person who implements the employer's directives, organising work activity and supervises it by virtue of the professional skills and hierarchical and functional powers appropriate to the nature of the task assigned to him or her;

  • < >entity with legal personality, companies and associations even those without legal personality;

    TRAINING COURSE: educational process used to transfer knowledge and procedures useful for acquiring skills for the safe performance of respective tasks in the Company and for risk identification, reduction and management to workers and other Company prevention and protection system staff;

  • PUBLIC SERVICE MANAGER: pursuant to Article 358 of the Criminal Code is a person who, for whatever reason, performs a public service, meaning “an activity regulated in the same ways as a public function, but characterised by lacking the typical powers of the latter and excluding simple tasks of order and merely material work provision”;

  • < >set of activities aimed at providing knowledge useful for identifying, reducing and managing risks in the workplace;

    INTEREST: undue enrichment, sought by the entity as a consequence of the administrative offence, whose existence must be assessed by considering the situation prior to the commission of the disputed conduct and, therefore, independently of its actual implementation;

  • < >individual who, regardless of the type of contract, carries out a job in the organisation of a public or proven employer, with or without pay, even for the sole purpose of learning a trade, art or profession, excluding domestic and family service workers;

    Supervisory Body (or SB): entity in charge of evaluating the adopted Organisation, Management and Control Model and related procedures/protocols, checking the effective functioning and observance thereof as well as updating the Company regulations and disseminating to all interested parties;


  •  

  • PERSON IN CHARGE: a person who supervises working activity and guarantees the implementation of guidelines received by virtue of his or her professional skills and within the limits of hierarchical and functional powers appropriate to the nature of the task assigned to him or her, controlling the proper execution of activities by the workers and acting on his or her own initiative;

  • < >set of Company governance rules to be applied in the performance of a specific Company activity;

    Public Administration: set of bodies and entities (State, ministries, regions, provinces, municipalities, independent or supervisory authorities or agencies, body governed by public law, concessionaires, contracting authorities, joint ventures, etc.) and all other roles who perform a public function in the interest of the community and therefore in the public interest;

  • PUBLIC OFFICIAL: defined directly by the lawmaker in Article 357 of the Criminal Code, which states that “for the purposes of criminal law, those who exercise a public legislative, judicial or administrative function are public officials”, specifying also that “for the same purposes, an administrative function governed by public legal rules and characterised by the formation and manifestation of government will or its deployment through authoritative or certification powers is public”;

  • PREDICATE OFFENCE: the unlawful conduct expressly provided for by Legislative Decree No 231/2001, committed by senior managers or subordinates within the Company, whose implementation may give rise to the administrative liability of the entity;

  • ADMINISTRATIVE RESPONSIBILITY: a form of liability introduced into Italian law by Legislative Decree No 231/01 to be paid by entities with legal personality as well as companies and associations, even those without legal personality, which occurs when a senior or subordinate individual working for them commits one of the crimes specifically and exhaustively listed in the Decree (“predicate crime”) and the entity derives an advantage or benefit from the crime;

  • DISCIPLINARY SYSTEM: system regulating conduct related to possible cases of violation of the Model, penalties considered to be applicable in an abstract sense and the imposition and application procedure;

  • < >SPAL Automotive Srl;

    SENIOR MANAGER: individuals representing the entity, its administration or management or one of its organisational units with financial and functional independence as well as individuals who perform management and control functions for the entity, including on a de facto basis;

  • < >an individual dependent upon and subject to the supervision and control of one or more individuals in a senior position;< >effective and real economic utility that the institution has benefited from as an immediate and direct consequence of the crime. The advantage must be ascertained after commission of the crime.?

     

    ANNEX A - LIST OF OFFENCES LAID DOWN IN THE DECREE AND ASSOCIATED PENALTIES

     

    ARTICLE

    LEGISLATIVE DECREE

    231/01

    PREDICATE

    OFFENCE

    SOURCE

    FINANCIAL

    PENALTY

    A (no of quotas)

    DISQUALIFICATION PENALTY (type and duration)

    ARTICLE 24

    improper receipt of funds, fraud against the State or a public body or for the purpose of obtaining public funds and IT-related fraud

    against the State or a public body

    • misappropriation to the detriment of the State
    • improper receipt of funds to the detriment of the State
    • fraud
    • aggravated fraud to obtain public funds
    • computer fraud
    • Article 316 bis of the Criminal Code

     

    • Article 316 ter of the Criminal Code

     

     

     

    • Article 640 of the Criminal Code
    • Article 640 bis of the Criminal Code

     

     

     

    • Article 640 ter of the Criminal Code

     

     

     

     

     

     

     

    From 100 to 600

    • ban on entering into government procurement contracts
    • exclusion from benefits, loans, contributions or subsidies (possible revocation of those granted)
    • ban on advertising goods or services for 3 to 24 months

    ARTICLE 24 BIS IT-related crimes and unlawful data processing

    • Unauthorised access to a computer or telematic system
    • Unlawful tapping, obstruction or interruption of computer or telematic communications
    • Installation of equipment designed to tap, obstruct or interrupt computer or telematic communications
    • Damage to information, data and

    IT programs

    • damage to computer or telematic systems
    • unlawful possession and distribution of access codes to computer or telematic systems
    • Article 615 ter of the Criminal Code

     

     

     

    • Article 617 quater of the Criminal Code

     

     

     

     

     

    • Article 617 quinquies of the Criminal Code

     

     

     

     

     

     

    • Article 635 bis of the Criminal Code :

     

     

     

     

     

    • Article 635 quater of the Criminal Code

     

     

    • Article 615 quater of the Criminal Code

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    From 100 to 500

    Articles 615 ter, 617 quater, 617 quinquies, 635 bis,

    635 ter, 635

    quinquies of the Criminal Code:

    • Ban on trading
    • Suspension or

    revocation of authorisations, licences or concessions used to commit the unlawful act;

    • ban on

    advertising

    goods or services

     

    Articles 615 quater and

    615 ter of the Criminal Code:

    • suspension or revocation of authorisations, licences or concessions used to commit the unlawful act;
    • ban on advertising goods or services

    ARTICLE 24 TER

    Organised crime offences

    • criminal association aimed at committing crimes against the person, Articles 600 bis, 600 ter, 600 quater, 600 quater 1, 600 quinquies, 609 bis, 609 quater, 609 quinquies, 609 octies and 609 undecies of the Criminal Code
    • mafia-type association
    • political-mafia-style vote exchange;
    • kidnapping for ransom
    • Article 416, para 6 of the Criminal Code

     

     

     

     

     

     

     

     

     

     

     

     

    • Article 416 bis of the Criminal Code :

     

     

    • Article 416 ter of the Criminal Code

     

     

    • Article 630 of the Criminal Code

     

     

     

     

     

     

     

     

     

     

     

     

    From 300 to 1000

    Article 9, paragraph 2 of Legislative Decree 231/01 + definitive disqualification from trading (if Company is permanently used for the sole

    or prevalent purpose

    of allowing/facilitating

    and committing

    the above crimes)

    ARTICLE 25

    Extorsion, improper inducement to give or promise benefits and corruption

    • corruption for the exercise of a function;
    • incitement to corruption
    • corruption due to an act contrary to official duties;
    • corruption in judicial proceedings;
    • extortion
    • corruption concerning the transfer of public employments, salaries, pensions or the signing of contracts pertaining to the Public Administration, with the attainment of a substantial profit;
    • improper inducement to give or promise benefits
    • Article 318 of the Criminal Code;

     

     

    • Article 322 of the Criminal Code;

     

    • Article 319 of the Criminal Code;

     

    • Article 319 ter of the Criminal Code;

     

    • Article 317 of the Criminal Code;
    • Article 319 bis of the Criminal Code:

     

     

     

     

     

    From 100 to 800

    Article 9 para 2 D.

    Legislative Decree 231/01

    12 to 24 months

    ARTICLE 25 BIS

    Counterfeiting of money, public credit cards, revenue stamps and identification instruments

    • counterfeiting of money, spending and bringing into the country, with complicity;
    • adulteration of money;
    • counterfeiting watermarked paper used to manufacture public credit cards or revenue stamps;
    • manufacture or possession of watermarks or equipment intended to counterfeit money, revenue stamps or watermarked paper ;
    • spending and bringing counterfeit money into the country, without complicity;
    • forging of revenue stamps, introduction, purchase, possession or circulation of forged revenue stamps into the Italian State;
    • counterfeiting, adulteration or use of distinctive marks of intellectual works or industrial products;
    • introduction into the State and trade in products with forged marks;
    • spending forged money received in good faith;
    • use of counterfeit or adulterated revenue stamps;
    • Article 453 of the Criminal Code;

     

     

     

     

     

     

    • Article 454 of the Criminal Code;

     

    • Article 460 of the Criminal Code;

     

     

     

     

     

    • Article 461 of the Criminal Code;

     

     

     

     

     

     

     

    • Article 455 of the Criminal Code;

     

     

     

    • Article 459 of the Criminal Code;

     

     

     

     

     

     

     

    • Article 473 of the Criminal Code;

     

     

     

     

     

     

     

    • Article 474 of the Criminal Code;

     

     

     

     

     

    • Article 457 of the Criminal Code;

     

     

     

    • Article 464 of the Criminal Code

     

     

     

     

     

     

     

     

     

     

     

     

     

    From 100 to 800

    Article 9, paragraph 2 of Legislative Decree 231/01 from 3 to 12 months

    ARTICLE 25 BIS1

    Crimes against industry and trade

    • disruption of the freedom of industry or commerce
    • fraud in the exercise of trade
    • sale of non-genuine foodstuffs as genuine
    • sale of industrial products with misleading marks
    • production and sale of goods produced by usurping industrial property rights
    • counterfeiting of geographical indications and designations of origin of food products;
    • unlawful competition with threats or violence.
    • Article 513 of the Criminal Code

     

     

    • Article 515 of the Criminal Code

     

     

    • Article 516 of the Criminal Code

     

     

    • Article 517 of the Criminal Code

     

     

     

    • Article 517 ter of the Criminal Code

     

     

     

     

    • Article 517 quater of the Criminal Code

     

     

     

     

     

     

     

    • Article 513 bis of the Criminal Code

     

     

     

     

     

     

     

     

    From 100 to 800

    Article 9, paragraph 2 D

    Legislative Decree 231/01 from 3 to 24 months

    ARTICLE 25 TER

    Corporate crimes

    • false corporate communications;
    • false corporate communications to the detriment of the Company, shareholders or creditors;
    • misrepresentation in financial statements
    • misrepresentation in the reports or communications of audit firms;
    • use of counterfeit or adulterated revenue stamps;
    • obstruction of auditing activity;
    • fictitiously paid-up capital stock;
    • improper repayment of contributions;
    • unlawful transactions on shares, listed shares or of the parent Company;
    • unlawful distribution of profits and reserves;
    • transactions to the detriment of creditors;
    • improper allocation of corporate goods by liquidators:
    • unlawful influence on the general shareholders' meetings
    • insider trading;
    • failure to disclose a conflict of interest;
    • obstructing public supervisory authorities from exercising their functions
    • Article 2621 of the Italian Civil Code

     

     

    • Article 2622 of the Italian Civil Code

     

     

     

     

     

    • Article 2623 of the Italian Civil Code
    • Article 2624 of the Italian Civil Code

     

     

     

     

     

    • Article 2625 of the Italian Civil Code

     

     

    • Article 2632 of the Italian Civil Code

     

    • Article 2626 of the Italian Civil Code

     

    • Article 2628 of the Italian Civil Code

     

    • Article 2627 of the Italian Civil Code

     

    • Article 2629 of the Italian Civil Code

     

     

     

    • Article 2633 of the Italian Civil Code

     

    • Article 2636 of the Italian Civil Code

     

     

     

    • Article 2637 of the Italian Civil Code

     

    • Article 2629 bis of the Italian Civil Code

     

     

     

     

     

    • Article 2638 of the Italian Civil Code

     

     

     

     

     

     

     

     

     

     

     

     

    From 300 to 1000

    No disqualifying penalty

    ARTICLE 25 QUATER

    Crimes for the purpose of terrorism or subversion of the democratic order

    • Crimes punished with imprisonment for under 10 years;
    • Crimes punished with imprisonment for over 10 years;

    International Convention for the Suppression of the Financing of Terrorism, New

    York, 9.12.1999

    From 200 to 1000

    Article 9, paragraph 2 of Legislative Decree 231/01 from 12 to 24 months

    ARTICLE 25

    QUATER 1

    Female genital

    mutilation

    practices

    • Female genital mutilation practices

    Article 583 bis of the Criminal Code

    From 300 to 700

    Article 9, paragraph 2 of Legislative Decree 231/01 from 12 to 24 months

    ARTICLE 25

    QUINQUIES

    Offences

    against

    individuals

    • Reduction to or maintenance in a state of slavery or bondage;
    • People trafficking;
    • Purchase and sale of slaves;
    • Child prostitution;
    • Child pornography;
    • Tourist initiatives aimed at profiting from child prostitution;
    • Possession of pornographic material.
    • Article 600 of the Criminal Code

     

     

     

    • Article 601 of the Criminal Code
    • Article 602 of the Criminal Code

     

     

    • Article 600 bis of the Criminal Code

     

     

    • Article 600 ter of the Criminal Code

     

     

    • Article 600 quinquies of the Criminal Code

     

     

     

     

    • Article 600 quater of the Criminal Code

    From 200 to 1000

    Article 9 para 2 D.

    Legislative Decree 231/01 from 12 to 24 months

    ARTICLE 25

    SEXIES

    Market

    abuse

    • Abuse of insider information and manipulation of the market

    Consolidation Act on Finance, Articles 184- 187

    From 400 to 1000

    No disqualifying

    penalty

    ARTICLE 25

    SEPTIES

    Manslaughter or

    serious or grievous

    injury

    committed with

    Violation of rules on the protection of health and safety at

    work

    • Manslaughter with violation of rules on the protection of accidents at

    • work
    • Culpable personal injury.
    • Article 589 of the Criminal Code

     

     

     

     

     

    • Article 590

    Para 3 of the Criminal Code

    From 100 to 1000

    Article 9 para 2 D.

    Legislative Decree 231/01 from 3 to 12 months for manslaughter

    and from 3 to 6 months for

    injuries

    ARTICLE 25

    OCTIES

    Receiving stolen goods,

    laundering and

    use of money, assets or benefits of illegal origin and self-laundering

    • Receiving stolen goods;
    • Laundering;
    • Use of money, assets or benefits of illegal origin;
    • Self-laundering
    • Article 648 of the Criminal Code
    • Article 648 bis of the Criminal Code
    • Article 648 ter of the Criminal Code

     

     

     

     

     

    • Article 648 ter 1 of the Criminal Code

    From 200 to 1000

    Article 9 para 2 D.

    Legislative Decree 231/01 from 3 to 24 months

    ARTICLE 25

    NOVIES

    Crimes related to

    copyright infringement

    • infringement of copyright and other rights related to its exercise
    • Law 633/1941

    From 100 to 500

    Article 9, paragraph 2 of Legislative Decree 231/01 from 3 to 12 months

    ARTICLE 25

    DECIES

    Inducement not to make statements or to make

    false statements

    to

    the judicial authorities

    • Inducement not to make statements or to make false statements to judicial authorities
    • Article 377 bis of the Criminal Code

    From 100 to 500

    No disqualifying penalty

    ARTICLE 25

    UNDECIES

    Environmental

    offences

     

     

     

     

    • Discharge of industrial wastewater;
    • Construction and management of unauthorised landfill for hazardous waste;
    • Illegal handling of waste;
    • Illegal handling of highly radioactive waste;
    • Wilful pollution caused by ships;
    • Particularly serious negligent pollution, affecting water quality, animal or plant species or parts thereof;
    • Wilful pollution by ships with permanent or particularly serious damage;
    • Discharge of industrial wastewater;
    • Unauthorised waste handling activities;
    • Pollution of soil and subsoil involving exceeding risk threshold concentrations;
    • Forging of a waste analysis certificate;
    • Illegal trading in waste;
    • Altered or missing SISTRI certificate;
    • Exceeding of emission limit values ??and air quality limit values;
    • Killing, destruction, capture, collection, and possession of specimens of protected wild animal or plant species;
    • Destruction or deterioration of habitats within a protected site;
    • International trade in endangered animal and plant species;
    • Forging or alteration of certificates, licenses, import notifications, declarations and communications.
    • Consolidation Act on Environment, Article 137
    • Consolidation Act on Environment, Article 256

     

     

     

     

    • Consolidation Act on Environment, Article 260

     

     

     

     

     

     

    • Legislative decree 202/07 Article 8

     

    • Legislative decree 202/07 Article 9

     

     

     

     

     

     

    • Consolidation Act on Environment, Article 137
    • Consolidation Act on Environment, Article 256

     

     

     

     

    • Consolidation Act on Environment, Article 257

     

     

     

    • Consolidation Act on Environment, Article 258

     

    • Consolidation Act on Environment, Article 259

     

    • Consolidation Act on Environment, Article 260 bis

     

    • Consolidation Act on Environment, Article 279

     

     

    • Article 727 bis of the Criminal Code

     

     

     

     

     

     

     

     

     

     

    • Article 733 bis of the Criminal Code

     

     

     

     

    • Law 150/92 Article 1

     

     

     

     

     

    • Law 150/92 Article 3 bis

    From 100 to 800

    No disqualifying penalty

    ARTICLE 25

    DUODECIES

    Employment of citizens from third countries whose stay is irregular

    whose residency

    is irregular

    • Employment of foreign workers without a residence permit
    • Consolidation Act on Immigration, Article 22 para 12 bis

    From 100 to 200 (within the limit

    of € 150 thousand)

    No disqualifying penalty

    ARTICLE 25

    TERDECIES

    Racism and

    xenophobia

    • Activities aimed at inciting hatred or discrimination
    • Law No 654 of 13 October 1975

    From 200 to 800 quotas

    Article 9 para 2 D.

    Legislative Decree 231/01 +

    Definitive penalty

    disqualifying

    from exercising

    the activity

     

     

    ANNEX B - CODE OF ETHICS

    ANNEX C - MODEL ACKNOWLEDGEMENT AND CONSENT STATEMENT

     

    Acknowledgement and Consent Statement for Organisation, Management and Control Model pursuant to Legislative Decree 231/01 adopted by SPAL Automotive Srl

    This statement acknowledging and consenting to the Model demonstrates the effectiveness of disseminating the Organisation, Management and Control Model, pursuant to Legislative Decree 231/01 and subsequent amendments, by SPAL Automotive Srl, to Recipients of the Model and of the Code of Ethics contained therein. Acceptance of both documents is a sign of each person’s individual commitment to act responsibly on behalf of the Company.

     

    The undersigned ____________________________________, born in ______________, on _______________, in the capacity of __________________________


     

    hereby

    • acknowledges the adoption by SPAL Automotive Srl of an Organisation, Management and Control Model pursuant to Legislative Decree No. 231/01;

    • having read and familiarised himself/herself with the contents of the organisational Model and of the Code of Ethics pursuant to Legislative Decree No 231/01 present within the Model;

    • undertakes to comply with the rules, procedures and principles contained in the Model and the Code of Ethics and to promptly inform the Supervisory Body of SPAL Automotive Srl by means of a personal notification to be sent to the address of SPAL Automotive Srl - Via per Carpi, 26 / b - 42015 Correggio (RE) of any action, fact or conduct of which her or she becomes aware in the execution of assigned tasks, which may amount to offences falling within the scope of Legislative Decree No 231/01 and involve the administrative liability of SPAL Automotive Srl;

    • agrees to ask for information if in doubt about the proper conduct to be adopted by the Supervisory Body of SPAL Automotive Srl;

    • states that he or she is aware of the fact that failure to comply with the aforementioned principles may determine the application of disciplinary penalties referred to in the Model.

       

      For acceptance.

       

      (place and date of signature)

       

       

      (legible signature of the declarant)