06

Compliance and Risk Management

ETHICS AND COMPLIANCE

The Abertis Group is fully committed to conducting its activities with honesty, integrity and in compliance with the law, in its relationships with all its stakeholders.

STRATEGIC GOALS

  • Develop an organizational culture based on ethical principles
  • Reject all forms of corruption
 
211
Reports received in 2017 (-11.3%)
 
84%
Resolved

CODE OF ETHICS

The Abertis Group is fully committed to conducting business with honesty, integrity and in accordance with the law, be it in its relations with its employees or with the rest of the individuals that are part of its stakeholders.

These guidelines of conduct are reflected in the Code of Ethics of the Abertis Group, a core code of the Group, whose principles are deployed in all the internal regulations. This Code of Ethics captures the principles and values that must guide the behavior of employees, as well as suppliers, customers, distributors, external professionals and representatives of governments.

The Group does not tolerate any act that is contrary to the Code of Ethics and formally and expressly condemns any form of corruption and its firm commitment to comply with the law. Any infringement carries penalties of a contractual nature for infringing employees, as well as sanctions of a commercial or administrative nature for the rest of the individuals who are part of the stakeholders.

The Ethics and Criminal Prevention Committees are entrusted with managing ethics and the criminal prevention model. The design, implementation and supervision of regulatory compliance processes and the rollout of the criminal prevention model are carried out by the Compliance functions of the Abertis Group. Abertis’ Audit and Control Committee regularly monitors all complaints and irregularities arising in all Group companies.

MAIN INITIATIVES IN 2017

• Training:
–  delivered in-person, covering workplace harassment aspects.
–  delivered online, on the improper use of information by nonexecutive staff.
–  reminder campaigns in matters related to corruption, conflicts of interest, ethics channel, ethics and criminal prevention committees of the Abertis Group, workplace harassment and information management.

• Deployment of a common methodology for the assessment of criminal risks.

• Streamlining of the Criminal Prevention model in all of the Group’s business units.

• French companies have adapted to the requirements of the Loi Sapin II Act.

• Preparation of Abertis’ risk and legal enforcement matrices with respect to Environment, Labor and Prevention of Occupational Risks, which reinforce responsible management and the respect for the environment and the physical safety of employees and suppliers.

• Improvement and permanent updating of the Group’s policies and rules as per Compliance requirements.

ETHICS CHANNEL

All Group companies, except Italy and India, have mechanisms for reporting irregularities of any kind that guarantee confidentiality in the investigation and the analysis of all communications received.

The corresponding Ethics and Criminal Prevention Committees are responsible for investigating and proposing solutions in the event of any complaint or question regarding the Code of Ethics of the Abertis Group and / or its Local Codes of Ethics.

Abertis’ ethics channel as well as the Group’s Code of Ethics and Compliance standards are available at the company’s website www.abertis.com

Brazil Integrity Program

In 2017 Arteris launched its Integrity Program (Compliance) with the aim of guaranteeing and promoting an ethical environment in the company, among its collaborators and third parties. The program is structured into five pillars that support the set of measures, instruments and responsibilities for preventing, detecting and extinguishing or mitigating potential risks. The launch of the program has been accompanied by an awareness campaign and mandatory training on the Arteris Code of Conduct.

COMPLIANCE MANAGEMENT MODEL

REPORTS RESOLVED BY TYPE OF RESOLUTION

The reduction in the number of complaints received and discarded with respect to 2016 indicates an improvement in the level of knowledge about the use of the system and the implementation of awareness and training procedures related to the Code of Ethics.

During the course of 2017 and in addition to the resolution of all reports received during the year, all reports that were still pending from the previous fiscal year have also been handled. Of these, 85.7% have already been resolved.

BREAKDOWN OF REPORTS

BREAKDOWN OF REPORTS RECEIVED BY COUNTRY


RISK CONTROL

The Abertis Group has implemented a risk management model in all countries where it operates.
RISK TYPE MAIN RISKS CONTROL MEASURES
Context and regulatory risks and risks deriving from the specific nature of the Group’s business • Decrease in demand due to the economic situation of some countries.

• Creation of alternative infrastructures.

• Risks deriving from the integration of acquired businesses.

• Mobility changes.

• Entry of new competitors in some sectors of activity.

• Regulatory changes and socio-political changes.

• Catastrophic risks.
• Internationalization and selective growth policy and Investment Committees.

• Collaboration with governments.

• Efficiency plans.

• Coordination for ensuring adequate compliance with the existing local legislation and anticipation to regulatory changes.

• Insurance coverage.
Financial risks • Foreign exchange risk.

• Liquidity risk.

•Cash flow interest rate risk.

• Debt refinancing risk and credit rating variations.
• Interests rates and foreign exchange rates management policy.

• Monitoring and extension of debt maturity and monitoring of potential impacts on credit ratings.
Industrial risks • Client and employee safety.

• Adaptation risks and rapid response to technological changes in operational systems and the onset of new technologies.

• Control risks in construction projects.

• Risks associated with the correct maintenance and quality of infrastructures.

• Training and talent retention risks.

• Supplier dependency.

• Business disruption.

• Environmental risks.
• Specific policies, procedures, plans and control systems for each area.

• Investment program monitoring and control (opex and capex committees).

• Road safety, operations and management system improvement plans (traffic, tunnels).

• Risk monitoring and analysis and implementation of Corporate insurance programs.

• Environmental management system.
Financial information risks, fraud and compliance • Integrity and security of financial and operations related information.

• Information manipulation fraud, corruption and embezzlement.

• Tax.

• Legal compliance and compliance with internal and contractual regulations.
• Internal Financial Information Control System (IFICS) organizational and supervision model.

• Compliance model en vez de function implemented at the Group.

MAIN RISKS AND INTERNAL CONTROL

The Abertis Group faces different risks that are inherent to the different countries where it operates. Therefore, it has implemented a risk management model – approved and monitored by the Audit and Control Committee – that applies to all business and corporate units in all countries where it operates.

COMPREHENSIVE RISK CONTROL

The members of the company’s Government bodies commit to ensuring that all company-relevant risks are duly identified, appraised and prioritized. As well, they are commited to establish the mechanisms and basic principles required to achieve a level of risk that allows a sustainable growth of our share value and shareholder remuneration, protect the Group’s reputation, promote good Corporate Governance practices and provide quality service in all infrastructures operated by the Group.

In 2017, the main materialized risks are those related to: political and social instability in some of the countries in which the Group operates (mitigated by internationalization and geographical diversification), the persistence to restrict availability and the public and private financing terms of some countries (mitigated by strict financial discipline), damages as a result of adverse climatic conditions (mitigated by a corporate policy of insurance coverage and contingency plans), and the reduction of the average life of road concessions (mitigated through the achievement of new public-private agreements in most of the countries in which the Group operates).

RISK CATEGORIES BY VOLUME

RISK ASSESSMENT BY CATEGORY

ABERTIS RISK CONTROL AND MANAGEMENT MODEL