Download Center

Select chapters to download

0.00kb
6,13 MB


0.00kb

0.00kb

Ethics and compliance

dnf_icon
globo
The Italgas Group operates on the basis of a Corporate Management System comprising an Organisational System and a Regulatory System that defines roles, responsibilities, powers and rules of conduct to be upheld in going about the corporate business. The Corporate Management System is updated continuously with a view to guaranteeing the effectiveness and efficiency of processes, safeguarding the company’s assets and ensuring compliance with legislation, thereby allowing Italgas to also direct the management and coordination of the subsidiaries.

The correctness and transparency of business management aim not only to ensure a correct management model and dialogue with stakeholders, but also to prevent corruption.

The Code of Ethics

On 18 October 2016 the Board of Directors approved its Code of Ethics1, which represents a general principle from which no derogation can be made, of the Model 231.
It is a collection of the values that the Company recognises, accepts and shares and the responsibilities it assumes within and outside of its organisation. It also contains the general principles of business sustainability and responsibility, as well as recalling the principles which should be complied with on the subjects of the workplace, relations with stakeholders and suppliers and the matter of personal data protection.

The Code of Ethics applies with regard to “Italgas people” or directors, auditors, management and employees of Italgas, as well as all of those who work to achieve the objectives of Italgas, each within the scope of their functions and responsibilities. The representatives indicated by Italgas on the corporate bodies of affiliates, consortia and joint ventures promote the principles and contents of the Code of Ethics within their areas of responsibility. The Supervisory Body acts as guarantor of the principles set forth in the Code of Ethics, reporting back once every six months to the Control and Risks Committee and the Board of Statutory Auditors.

Organisational and management model pursuant to Legislative Decree 231/2001

The Model 231 is a support tool aiming to prevent the administrative liability of the entity and is intended for members of Italgas corporate bodies, management and employees, as well as those operating to achieve Italgas objectives.

On 18 October 2016 the Italgas Board of Directors approved its organisational, management and control model pursuant to Legislative Decree no. 231 of 8 June 2001 (the “Model 231”), intended for members of Italgas corporate bodies, management and employees, as well as those operating to achieve Italgas objectives.

The Italgas Model 231 is updated constantly as legislative reforms are implemented, which alter the list of predicate offences relevant in accordance with Italian Legislative Decree 231/2001.

In application of its Model 231, Italgas appoints a Supervisory Body consisting of three external members, one of whom, acting as Chairman, was chosen from scholars and professionals with proven expertise and experience on legal and corporate issues and corporate economics and organisation. The term of office of members of the Supervisory Body is aligned with that of the Board of Directors which appointed them. The term of office of the members expires on the date of the Shareholders’ Meeting called for the approval of the financial statements for the last year of their office, although they continue to carry out their functions over the ad interim period, until new members of the Supervisory Body are appointed.

Each Subsidiary independently adopts its own Model 231 and constantly updates it according to the specific needs of the corporate context, although the main point of reference is the principles of Italgas’ Model 231 and it must take into account the indications and implementation methods laid down by Italgas with regard to the organisational and operating structure of the Italgas Group. Additionally, each Subsidiary sets up an autonomous and independent Supervisory Body.

The Model 231 may be consulted on the Company website (https://www.italgas.it/export/sites/italgas/italgas-gallery/ Documenti_it/07-governance/03-controllo-interno-e- compiance/02-responsabilita-amministrativa-231/ItalGas_ modello231.pdf).

Anti-corruption

Italgas operates in fighting and preventing any form of corruption both nationally and internationally. The relevance of the corruption risk for the company’s activities is specifically analysed and managed in Model 231.

Anti-corruption measures are contained in a specific Procedure that provides a systemic framework for Italgas regulatory instruments in this area, inspired by the principles of conduct set out in the Code of Ethics. The Procedure combines the regulatory instruments Italgas has adopted to prevent any form of corruption in relations with third parties, Public Officials and private individuals, both nationally and internationally, to protect the integrity of the business and the reputation of the Group.

The Procedure applies to Italgas S.p.A. and its subsidiaries as part of the management and coordination activities performed by the Group’s corporate body. Adhesion to the anti-corruption measures is also required by suppliers, intermediaries and any subject that may claim liability of Italgas.

ISO 3711

 

At the end of 2020, Italgas S.p.A. and the subsidiary Italgas Reti S.p.A. have achieved, for the third year running, certification in accordance with standard UNI ISO 37001:2016 that certifies the conformity of the management system for the prevention and fight of corruption.

In addition, during the year, the activities were carried out required prior to obtaining certification of the management systems for the prevention and fight against corruption adopted by Italgas Acqua S.p.A., Seaside S.r.l., Medea S.p.A., Toscana Energia S.p.A. and Gaxa S.p.A. The audits carried out at said companies were completed successfully and certification in accordance with UNI ISO 37001:2016 was therefore also achieved for all the management systems for preventing and combating corruption adopted by the other Italgas Group companies on the dates indicated below: (i) Italgas Acqua S.p.A. (15 July 2020); (ii) Seaside S.r.l. (28 September 2020); (iii) Medea S.p.A. (2 October 2020); (iv) Toscana Energia S.p.A. (4 November 2020); (v) Gaxa S.p.A. (18 November 2020).

The management systems for the prevention of and fight against corruption were certified upon completion of in-depth audits during which the commitment and collaboration was seen of the corporate departments and representatives, supervised by the department for conformity for the prevention of and fight against corruption, in the implementation and observance of the measures adopted in order to assure the adequacy and suitability of each management system for the prevention of and fight against corruption in accordance with standard UNI ISO 37001:2016.

Antitrust

On 18 October 2016 the Board of Directors approved its Antitrust Code of Conduct (the “Antitrust Code”) which defines the guidelines of the behaviour which all employees of Italgas and Subsidiaries should conform to in order to guarantee the compliance of Italgas and its Subsidiaries with the principles dictated by the applicable regulations on antitrust issues.

The Antitrust Code applies to the entire Italgas Group as part of Italgas’ management and coordination activities and is one of the initiatives aimed both at protecting competition as part of the business culture and at implementing suitable procedures and systems for minimising the risk of violations of antitrust laws, under the broader umbrella of the compliance initiatives of the Italgas Group.

The adoption of the Antitrust Code is part of the broader antitrust compliance programme promoted by the Italgas Group, which develops, inter alia, the establishment of an antitrust department within the Legal Department, which anyone in the Group can apply to for communications concerning the interpretation and application of the Antitrust Code and whenever a situation with potential antitrust risk arises.

By virtue of the evolution that involved the structure and organisation of the Italgas Group, on 27 July 2020, the Board of Directors approved the update of the Antitrust Procedure (“Antitrust and Consumer Protection Code of Conduct”), which is published on the Italgas website. This update was preceded by an assessment aiming to verify how up-to-date, in light of the criteria laid down by the Antitrust Authority Guidelines, the Antitrust Compliance Standard already in force for the Group companies effectively was.

A duly updated Antitrust and Consumer Protection Manual is attached to the Antitrust and Consumer Protection Code of Conduct, which also provides an overview of the most important decision-making practices of the Italian Competiton Authority. This Manual is a more in-depth instrument available to Italgas Group to carry out training and for any analysis that the Antitrust Oversight may be called to carry out in the exercise of its duties.

Information and personal data security

As part of its continuous update and development strategy of an effective system of security governance relating to both physical and intangible assets, Italgas S.p.A. has defined a model that involves the different corporate structures, which are assigned roles and responsibilities with a view to guaranteeing the maintenance of conformity with regulations and the constant monitoring of reference standards and instructions given by the competent authorities.

As regards the security and classification of information, the Organisational Model implemented by the Company establishes that the Group Security Department shall collaborate with the ICT Department to verify the effectiveness of the security measures applied to the relevant areas, both managed internally and by means of the support of third parties, identifying opportunities and areas for improvement and promoting the evolution of security measures on information, platforms and applications within scope.

In 2020, Italgas S.p.A. implemented a process revising and reassessing information in protection of the company’s information assets and in support of the assessment of security events potentially impacting critical systems and relevant processes, through the introduction of best practices and the pursuit of security improvements.

All activities and initiatives in progress are in line with the instructions and requirements in respect of the confidentiality, integrity and availability of information indicated by the series of standards ISO/IEC 27000.

The risk linked to the theft, loss or alteration of information and company assets is monitored cyclically by the Enterprise Risk Management Unit within the global portfolio of corporate risks.

In addition, the Group Security and ICT Departments collaborate constantly towards the definition, monitoring and reporting of indicators on Information Security in support of the implementation of the Information Security Management System (SGSI), with the aim of assessing the efficiency of the technical/organisational measures implemented by Italgas S.p.A. and promoting the continuous improvement of security maturity levels.

For the relevant topics, on 7 May 2018, Italgas S.p.A.’s Board of Directors approved its Data Protection Organisational Model defined in the Compliance Data Protection Standard, identifying the key figures of the personal data processing system, defining the related roles and responsibilities in relation to the processing of the data, and appointing the Data Protection Officer (“DPO”), identified as the Internal Audit Department, entrusting the same with information and consulting duties, as well as those for overseeing the observance of Directive 95/46/EC (the “GDPR”), co-operating with the Supervisory Authority, all of which furthering the culture of the protection of the data within the company, supporting the assessment of the data protection aspects of each new project which may have an impact on the protection of the data, coordinating the training activities on Data Protection, identified as the Internal Audit Department.

In 2020 Italgas and its subsidiaries continued their process to adapt to the provisions of (EU) Regulation No. 2016/679 “relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data, and which repeals the GDPR directive, which became applicable in all Member States of the European Union from 25 May 2018.

All the subsidiaries, at the time of their Board Meetings, defined and formally approved a Data Protection Organisational Model consistent with the standards which inspired the Italgas Data Protection Organisational Model albeit designed in accordance with their specific requirements and their organisational structure and identified and appointed the DPO.

In 2020, the commitment is highlighted of both Italgas and its subsidiaries in defining and implementing organisational and technological measures with reference to the provisions of Regulation (EU) 2016/679 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” and which abrogates the GDPR.

The Data Protection Organisational Model is made operative by the Data Breach Management standard, which aims to identify and assess potential incidents that may harm personal privacy and freedom.

The measures implemented in this area managed to avoid physical-logical incidents in 2020 that could be classified as data breaches or the compromising of corporate systems.

Cyber security

The Group Security and Cybersecurity Departments work together, implementing policies and procedures relating to the security of the business. The respective roles and responsibilities are defined through a shared RACI23 matrix, which allows for the harmonisation of efforts to protect the company’s information assets.

Our internal procedures establish that at least once a year, the Group Security Officer (GSO) shall report to the Board of Directors and Control Bodies on the level of conformity with national and international regulations on cybersecurity and the corporate policies on technical-organisational measures able to manage risks and prevent cyber incidents. In addition, the GSO updates the CEO directly and constantly on the topics of interest.

The risks connected with cybersecurity are monitored by the Enterprise Risk Management Department within the corporate risks portfolio. The risks are updated once a quarter, half-year or year, depending on their relevance.

In addition, as regards events or updates relative to Italian and international legislation, specific information sessions are organised towards corporate governance bodies.

Following the commitments established in the strategic plan, the digital transformation and the growing importance of the management of information and data, in addition to defining adequate security policies, staff have also been trained on cyber risks with a series of interactive courses and specific awareness-raising campaigns; at the same time, the alerting system has also been strengthened, with mass dispatch of reporting e-mails in the case of malicious or phishing campaigns. The awareness-raising package also includes courses delivered on the correct
management of corporate assets and how to use them outside the company premises.

The activities carried out regarded the following aspects:

  • Early Warning & Reporting towards the corporate governance bodies; 
  • countermeasures, preparation in the case of an event and management of any data breaches or cyber-attacks to manage the increasing risk of loss of relevant information for the company;
  • Processes for Infosharing and reporting to top management for the timely reporting of cybersecurity events and threats to IT which could have a potential impact on the interests and activities of the Italgas Group,
  • implementation of processes and solutions for the protection, monitoring and correlation of events from different sources to detect potential cyber security threats.

Through a process of continuous improvement and in order to create a system, the Security and Cybersecurity Units have also prepared organisational and operational

Main Key Performance Indicators

dnf_icon

Internal Control System

In 2020, 34 audits were completed of which 8 scheduled, 2 special operative audits and 22 independent monitoring audits. During the first few months of 2020, 2 interventions envisaged by the 2019 audit plan were also completed.

Reports

In 2020, 13 reports were received, of which 12 regarded the internal control system and 1 administrative liability pursuant to Italian Legislative Decree no. 231/2001.
As at 31 December 2020, all reports received during the year had been properly processed and of these, 12 had been closed.

 UNITS MEASUREMENT201820192020
Total reports receivedn.8713
of which relating to the internal control system n.6212
of which relating to other matters (Code of Ethics, mobbing, thefts, security, etc.)n.250
dof which relating to administrative liability pursuant to Legislative Decree 231/2001n.001
Reports closedn.6612
Reports pendingn.211*

* Report concerning the internal control system that will be closed in 2021.

Standard gri 205-2 communication and training about anti-corruption policies and procedures

COMMUNICATION AND TRAINING ABOUT ANTI-CORRUPTION POLICIES AND PROCEDURESU.m.2018201920203
Anti-corruption training*ore2093673.849
Equity investmentsn.783022.914

* The training considered covers the following subjects: Code of Ethics, Model 231, Anti-corruption, Antitrust and Data Protection.


Standard gri 205-3 confirmed incidents of corruption and actions taken

In 2020, as already pointed out in 2019, no incidents of corruption took place (see the table below). 

STANDARD GRI 205-3 CONFIRMED INCIDENTS OF CORRUPTION AND ACTIONS
TAKEN
U.m.2018*2019*2020
Total confirmed incidents of corruptionn.000
Confirmed incidents of corruption with employee dismissal/disciplinary
measure
n.000
Confirmed incidents of corruption with termination/non-renewal of
contracts with business partners
n.000

* The data reported for FYs 2018 and 2019 refer to the companies Italgas Reti and Italgas S.p.A. only.

1The Italgas Code of Ethics is available on the Company’s website https://www.italgas.it/export/sites/italgas/italgas-gallery/Documenti_it/07-governance/02-etica-dimpresa/01-il-codice-etico/ItalGas_CodiceEtico.pdf.
2 The RACI matrix (responsibility assignment matrix) specifies the type of relationship between the resource and the asset: Responsible, Accountable, Consulted, Informed. This instrument is used to indicate “who does what” within an organisation.
3 In 2020, training hours on anti-corruption increased following the start of an eLearning training course for the whole of the Italgas Group population.